Fred C Church

Healthcare organizations that suffer a data breach can take a number of steps afterwards to contain and minimize the damage.

Expert Mahmood Sher-Jan told Healthcare IT News one important step is to ensure that all the right people are involved. It may be necessary to widen the team addressing the issue over time, he indicated, after the initial investigation reveals a breach. This may include bringing in external as well as internal resources.

Aside from bringing appropriate personnel to bear on the problem, it will also be necessary to determine who needs to be notified about the problem. If patient information is compromised, the organization must figure out whose and notify the appropriate parties. This may not be the patients themselves, since some may be deceased, incapable or minors, Sher-Jan noted.

State and federal laws must also be reviewed to properly report and required information, and those laws may impact how patient notifications are conducted. Ensuring compliance and handling the event as well as possible may offset reputational damage and other resulting problems to some extent.

While a data breach is likely to drive up business liability insurance rates, it also underscores the value of such coverage. It would be appropriate to review the applicable portions of a business insurance policy, and proper documentation procedures for both insurance purposes and the government, as well as internal use.