A day doesn’t go by it seems where you don’t read or hear about a medical data breach due to the medical office mistreatment of confidential records and information from employees such as lack of computer security policies, improperly stored or placed records, or the use of portable data storage devices such as USB memory sticks, or external hard drives. In many cases these incidents of medical data breaches were accidents (losing a USB memory stick with patient data for example), but none-the-less awareness and protection is necessary now for medical offices.
American Medical News further reports that the costs of medical data breaches to a health care organization are also on the rise. While medical data breach for large corporations continues to make headlines, smaller organizations are also increasingly becoming more susceptible to privacy breaches
The consequences of a medical data breach to the company which caused the privacy breach vary depending on the nature and severity of the breach. That said, the consequences are many and include:
- litigation claims
- job loss
- loss of customers
- damage to company and brand reputation
- lost revenue
- increased costs for customer notifications and personal information monitoring
- decrease in stock price
- increased costs for stepped-up security programse
- fines
Large and small businesses in the healthcare industry should take heed of these financially crippling, potentially business-ending consequences by implementing safeguards to protect against a medical records data breach, including safeguarding all records and equipment in its medical office.
Organizations that handle patient medical records have a responsibility to protect their patients’ personal information, whether in paper or electronic form, from being lost or stolen. All electronic data should be stored and transferred only with encryption. Employees that work in a medical office and have access to patient medical records should have background checks performed. Further, all business partners should sign a non-disclosure agreement that specifies that they cannot misuse patient data. Employees and business partners should be periodically reminded that they have a legal duty to protect patient and customer personal information.
Designed to protect a health care organization (or any organization handling patient medical data) against losses suffered as a result of a medical data breach, data breach insurance coverage covers expenses an organization occurs when a medical data breach occurs. While data breach insurance coverage doesn’t absolve an organization from protecting customer data or adhering to privacy laws, it does offer protection.