You certainly don’t want your practice name to precede that headline in your local news paper.
__________Kept Clients in Dark
No two ways about it that is BAD.
Yet we have major players screwing up seemingly straight forward issues.
- Sony with the (repeated) PSP hacks
- Weinergate – need I say more?
- Now we have Citibank
Hindsight is usually 20/20. Let’s use the experience of others and their actions to learn the right and wrong ways to deal with the breach of patient data.
No, none of the above examples deal with PHI.
But, the same premise of beached data still applies…well, maybe not in the Wiener situation, but we sure can learn how not to handle a difficult situation from the way Wiener handled his.
In all the above cases something terrible/embarrassing happened.
In all the above a decision was made to delay the truth.
In all the above situations, the PR mess will be challenging and expensive from which to recover.
Yet, these situations will continue, and the initial responses will again be incorrect, making things worse.
How should your practice deal with an embarrassing and costly data breach like a lost laptop?
Take a look at how LastPass dealt with a potential breach of their system.
LastPass is an online username/password storage system.
I use it and I like it quite a bit.
Last month they noticed something strange on their network. They researched the issue and couldn’t be 100% certain nothing happened. Shortly thereafter, LastPass sent an email to all users telling what happened and gave a few tips on what users should do next.
This is exactly how a medical practice should deal with a breach situation.
- Fess up – be upfront and don’t hide anything
- Contact all patients
- Research the issue further
- If a breach definitely happened, inform everyone and pay for credit report checks. Follow up with what preventative measure are put in place to prevent this from happening again.
Following these basic steps will help defuse this nasty situation.
There will still be some screamers, but that’s fine.
This is the best (and most appropriate) tact for your practice to take. In the end the cost in both PR and out of pocket will be much less than if you denied and lied, as eventually, the truth will come out.