Healthcare News & Insights

Strategies for protecting your hospital when a data breach occurs

If your hospital hasn’t experienced a data breach, consider yourself lucky and get ready. Odds are it’s going to happen at some point in time.

According to the Ponemon Institute, healthcare breaches increased by 32% in 2011.

Worrying about when a breach will occur, won’t help your facility. But focusing on steps you can take to keep the backlash from a breach to a minimum will help protect your hospital and its reputation.

In a recent issue of the Journal of Healthcare Risk Management, accepting that a breach will happen to your hospital allows a facility to focus on strengthening its policies and procedures for safeguarding protected health information (PHI). Once you do that, you can create a breach response plan.

Often overlooked issues

Here are some things, however, that are often overlooked when it comes to data breach plans:

  • Know that the breach will probably occur on a Friday, after hours, on a weekend or a holiday. When you least expect it, that’s probably when it’ll happen. So have a response plan in place so things will be handled smoothly and no one is running around in a crazed state.


  • Parents tend to be more protective of their children’s medical information. When a data breach occurs, everyone is concerned. But children’s information often is viewed at a lower level of concern by hospital personnel. Parents, however, see it as a betrayal of their trust. They entrusted you to care for their child, and now you’ve allowed their child’s PHI to be stolen. That’s why hospitals have to convey a message to parents that the facility is taking the breach very seriously and that you understand why they are upset and will do all you can to protect them.


  • It’s pretty common for the bigger breaches to involve old stored data on backup tapes and in databases. So if you aren’t required by law to keep old data, by all means get rid of it. However, if you are legally required to keep it, then make sure it is encrypted and stored in a secure place.


  • Implement a social media policy. Last year, several hospital employees disclosed patient information when they were updating their Facebook page or Tweeting. That’s why it’s critical to implement a social media policy that protects patients, but doesn’t improperly restrict your employees’ rights.


  • X-rays are being stolen for their silver. Believe it or not, X-rays are being stolen so thieves can extract their silver content. While the X-ray may not be a big threat to patients’ PHI, the sleeves that contains the X-rays often have PHI written on them. So warn your employees to be on the look out for people who pose as contractors for companies that recycle radiological films. If X-ray sleeves are stolen, you may be obligated to notify the patients of the breach.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.