What to Do in the Event of a Healthcare Data Breach

According to HIPPA, 2018 was an especially bad year for healthcare data breaches. In fact, as of the end of December, the Department of Health and Human Services Office for Civil Rights received over 350 notifications relating to incidents involving 500 or more healthcare records, equating to over thirteen million exposures of personal health information. 

So what do you do in the event of a data breach? What is the best way to respond? How can you protect yourself from a data incident in the first place? ​

Understanding Data Breaches

​When it comes to healthcare, data breaches occur within hospital, physician, and other healthcare facilities, and typically include unauthorized access to patient medical records. Healthcare breaches therefore not only break federal and state laws, but they also break the Hippocratic oath. (Physicians swear to uphold ethical healthcare standards, including patient privacy, during this oath ceremony before they go into practice.) 

Breaches aren’t always the result of aggressive hacking or exploiting flaws in the system -- the can just as often be the result of phishing or social engineering or other relatively low-tech attacks that take advantage of internal vulnerabilities or lack of education on cybersecurity.

The Best Defense is a Solid Offense

​Data breaches are most likely not going anywhere, which is why tightening security measures, updating software programs, reassessing security protocols and procedures, and remaining engaged in monitoring online activity are ways to keep data breaches at bay. There are laws and regulations specific to protecting personal data that every organization is legally obligated to follow. Most states require that notifications are sent to any type of consumer when their identity is compromised.

“You should never rely solely on others to keep your information secure,” Norton advises.  It’s always important to take preventative measures and keep an eye on your information.”

Get Free Healthcare Data

Strong Measures Are Needed to Protect Healthcare Information

There are many different ways that healthcare organizations can safeguard organizational and patient information. 

• Strong and different passwords are a must. Yes, it may be a challenge to keep track of them, but there are services out there that can help organize them
• Stay attentive to bank accounts and other financial records to ensure that all activity is normal activity
• Act immediately when a breach occurs. The longer action takes, typically the greater the impact.
• Employees should password protect their phone and use two-factor authentication
• Use only updated, quality security software that includes both malware and virus protection.
• Use social media cautiously. Over-sharing can make any organization a target.
• Educate your staff on common phishing techniques and good security protocol, like not clicking links from unknown sources or opening attachments without checking for malware
• Out-source (or in-source if your organization is large enough). Invest in partnering with IT experts that have a proven track record and know how to protect against and react to data breaches

Data Analytic Partnerships Help Organizations with Data Protection

​It is well known that healthcare data analytics have become increasingly important to providers, especially in light of the reimbursement models linking payment to the outcomes. Value-based care has an impact on how healthcare providers are measured and financially compensated by insurance plans sponsoring these programs. Significant investments are being made to measure quality and outcomes, along with more traditional measures of utilization and related cost expenditures. 

Healthcare organizations are investing significantly in tools and capabilities to analyze the vast amounts of data stored in their electronic health record systems, patient relationship management platforms and claims repositories, These emerging competencies in data analytics can also allow organizations to understand the flow of healthcare data that is collected and accessed. 

One of the biggest benefits to emerge from these investments in healthcare data analytics is to potential to limit fraud and abuse. 

When dealing with a security breach, it is important to use IT security partners that understand your organization—its strengths and weaknesses—and can respond to a breach quickly and appropriately.

Healthcare Data Breaches Are a Growing Problem. Be Ready.

​Prevent healthcare data breaches by staying ahead of them. It sounds simple, but it takes a lot of time, effort, and help. If a breach occurs, shut it down as quickly as possible, utilizing the experts that know what they are doing, can figure out why it occurred, and can go back to playing a solid offense.

Want to stay on top of all the trends impacting the healthcare industry? Be sure to subscribe to our blog by clicking the link below.

Subscribe to the Carevoyance Blog

About the Author

Carevoyance contributor Sarah Pike, M.B.A., is a freelance marketing copywriter based in San Diego. She enjoys writing about business, fashion, food, healthcare, leadership, motivation and technology.