Medical offices throughout the country are being targeted for the conversion of their data for illegal purposes. Most of what we hear about in the news concerns data breaches experienced by large corporations, involving information belonging to millions of individuals. Although these breaches affect many more people, they make privacy efforts of individual and group practitioners no less important.
Every medical office has, within its medical records and computer systems, personal information about every patient seen in their office. Once compromised, that information can lead to a lifetime of efforts to restore a patient’s identity, credit rating, and monetary benefits.
In addition to information such as birth dates and social security numbers, many patient records contain credit card and banking information, private health information, and information about the patient’s family, employment, and medications.
Medical offices must have installed on their computers data privacy protocols and safety protection systems that comply with federal and state privacy requirements.
Also, it is important to recognize that not all data breaches are computer-based. Data breaches can result from an actual hack of your computer system, improperly disposing of hard copy records, or a stolen laptop or cell phone.
Under federal and state law, data breaches require action — potentially exposed patients must be notified and credit monitoring provided to them. An analysis must be undertaken to determine how the breach occurred and an action plan developed to prevent a reoccurrence.
In all cases, a preemptive analysis of a practice’s potential exposure is well advised. We highly recommend practices determine whether to purchase Cyber Liability Insurance to offset some of the excessive costs of complying with all the post-breach requirements.
No medical practice can function without patient data, but that very same data can become its downfall if not properly protected and compliant with applicable laws.