Home Care Firms Response to a Data Breach

Data breaches and identity theft continue to have an impact on United States industries, with home care firms and organizations now a primary target. The Medical/Healthcare industry accounted for over 40 percent of breaches in 2014, according to an Identity Theft Resource Center report. This same report indicates that these numbers coincide with a three-year trend, validating the idea that these types of attacks on medical organizations and home care firms will continue to occur. With the number of breaches steadily increasing and patient Protected Health Information (PHI) now valuable to criminals, it is more important than ever for home care firms to have the necessary tools in place to respond to a breach.

Data breaches can potentially cost millions of dollars to impacted firms and threaten to jeopardize patient PHI, making it imperative that preparation occurs prior to an attack. For home care firms, developing a Data Breach Preparedness plan can be the difference between a swift response and panic when the worst happens. This plan includes assembling a response team, with the varying responsibilities and specific steps required of each member clearly defined ahead of time. This team can include decision makers, IT and security, legal, public relations and customer care, according to Experian’s Data Breach Response Guide. Having a specified response plan in place will ensure your home care firm can spring into action and mitigate risk when a data breach does occur. It also ensures that every important aspect of a breach is being thoroughly and responsibly covered, as breaches can often be very complicated and impact businesses and their clients in a variety of ways.

The ways in which a team responds in the first 24 hours of a data breach can be critical for the overall limiting of data loss and damage. When a data breach is first detected, immediate precautions must be taken, according to Experian’s Response Guide. Notifying all necessary parties, recording the date and time, documenting everything known about the data breach, preventing further data loss and securing the area where the breach occurred are imperative steps in maintaining all the information necessary to fixing the specific issue and mitigating risk. In depth interviews with those involved, notification of law enforcement if necessary and a forensics investigation will then move the response forward to solving the issue altogether.

For home care firms working in the healthcare industry, many of the breaches being dealt with will regard patient PHI. Some important things to consider when assessing a PHI breach include determining where the PHI was used and what for, who was accessing the PHI, was this person authorized, and has the risk been dealt with, according to Experian’s Response Guide.

Below are brief descriptions of some of the continued efforts required of a response team during the breach response process, according to Experian’s Response Guide.

  1. Fix the issue– Employ the specific parts of your response team assigned to specifically dealing with the threats to eliminate it. Document everything.
  2. Backup Measures- Ensure this part of the team continues to assess if any future threats exist, puts in place strong preventative measures and prepares for public notification.
  3. Legal Obligations- Review data breach regulations specific to your firm and situation. Notify required parties according to regulations.
  4. Continue to Assess- Look at the issue from every angle and identify any potential issues with your response to the breach.

Home care firms must continue to develop protective measures as the number of cyber attacks on the healthcare industry increase. Aside from the obvious risk of financial loss, the reputation and reliability of your organization are at stake if your preparation efforts for data breaches and identity theft do not remain ahead of the curve.

At Manchester Specialty Programs, we understand how complicated it can be to do business in today’s electronic environment.  We offer specialty insurance products that can assist in the prevention and control of losses, especially in the cyber area as relates to HIPAA.  Our professional liability, management liability with regulatory audit coverage, and miscellaneous medical suite programs can be purchased to include coverage to help you respond to a data breach.  For more information, you or your local insurance broker can call us today at 1-855-972-9399.

 

Sources:

  • Experian Data Breach Resolution

https://www.experian.com/assets/data-breach/brochures/response-guide.pdf

  • Identity Theft Resource Center

http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html