Healthcare Data Breach Response Best Practices

Breach Response, Healthcare October 24, 2011
Back to Blog

No, not another article listing data breach to-dos and to-don'ts.... Instead, this article focuses on the framework, or set of best practices in which to place these details.

Most healthcare providers have their patients' well-being at heart, and it's this attitude of caring that can help an organization achieve compliance almost automatically. With the following serving as a foundation you can help your organizations demonstrate that goodwill in tangible, effective ways. Click here to read the full article in part three of the four part series on Government Healthcare IT.

  1. Take a PHI/PII inventory. Outsourcing this to the experts is actually much less expensive than it sounds.
  2. Develop an Incident Response Plan. We discussed IRPs in the first two articles in this series (3 Tips for surviving an OCR breach investigation and 9 steps to take during an OCR data breach investigation). An IRP is an effective, cost-efficient means for helping organizations capture the essence of what is most important.
  3. Meet patients' real needs. That's an obvious one, or is it? It's a costly one, for sure.
  4. Look at data breaches as an opportunity. Believe it or not, data breaches have an upside.

Every data breach is different, but the determination to do the right thing in the face of a data breach should never waver. Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all.

avatar Christine Arevalo, VP Healthcare Fraud Solutions

Christine Arevalo is a founding employee of ID Experts. Since 2003, she has helped healthcare organizations assess their patient-related information risks, communicate with consumers regarding privacy issues, and develop their data breach response strategies. Christine currently leads the development and adoption efforts for MIDAS – the patent-pending Medical Identity Alert System. MIDAS is the first and only member-focused solution to engage health plan members in the early detection and prevention of health care fraud and medical ID theft, which cost taxpayers and insurers tens of billions of dollars annually. Christine serves as founding member of the Medical ID Fraud Alliance (MIFA) and chair of the MIFA institute, the first cooperative public/private sector effort created specifically to unite all stakeholders to jointly develop solutions and best practices for the prevention, detection and remediation of medical identity fraud.