What To Do After A Medical Data Breach
By Adrian Johansen, freelance writer; @AdrianJohanse18.
When most people visit their health professional, they go in confidence that they are in good hands and the confidentiality of their health issues and personal information is protected. After all, who can a person trust more than their doctor? Unfortunately, while patients are safe a majority of the time, there is the chance that a data breach could result in the release of private information.
This breach could be because of a computer hacker, a system breakdown, or even a natural disaster. In any case, the healthcare organization is responsible for keeping patient data secure. If they fail to do so, then they must do damage control and patients must do what they need to in order to protect themselves. Here is a breakdown of what is expected of these companies and what consumers should do in the event of a medical data breach.
The Responsibility of Health Companies
When the Health Insurance Portability and Accountability Act (HIPAA) was officially enacted in 2003, it set a precedent that health organizations must ensure that all patient information is private and confidential. Along with that came the HIPAA security rule, which says that the same organizations must perform risk analysis and have the proper safeguards in place so that data cannot be stolen or leaked to unauthorized individuals.
While many organizations have the proper barriers in place to protect the loss of data, there have been instances where significant breaches have resulted in major leaks. The data leaked in such a breach can include everything from patient names and addresses to Social Security numbers, which can be used to conduct identity theft. If you discovers that a breach has occurred and it affects your patients’ data, then you must take action. You should also prepare for your patients to do the same — often in the form of lawsuits.
Back in 2014, UCLA health was involved in a class-action lawsuit and had to pay out $7.5 million after hackers broke into their system and copied or stole the records of 4.5 million patients. Another such breach took place recently in 2019 when the teaching hospital at the University of Connecticut was infiltrated. In this instance, the hackers accessed employee email accounts, which also potentially contained patient records and Social Security numbers. The related class action suit is still pending.