Healthcare and Technology news
51.5K views | +3 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

6 Communication Tips to Regain Patient Trust After a Medical Record Breach

6 Communication Tips to Regain Patient Trust After a Medical Record Breach | Healthcare and Technology news | Scoop.it

Even with a perfect cybersecurity strategy and implementation, including performing all required steps to be HIPAA compliant, your medical practice could still be hacked by cybercriminals. 

Doctor’s offices and other businesses who collect private customer information (payment information, addresses, personal health details, and more) to deliver services are regularly targeted by cybercriminals.

 

In the third quarter of 2018, the Protenus Breach Barometer reported 117 health data breaches with 4.4 million patient records compromised.

 

It’s important to note that doctors and other healthcare providers aren’t the only businesses that need to comply with HIPAA regulations. Other businesses that work with protected health information (PHI) must also comply with HIPAA privacy requirements. These include businesses such as billing companies, lawyers, and financial consultation services to mention a few.  Such companies are usually contracted by covered entities and are known as business associates.

 

A critical and often overlooked aspect of a cybersecurity strategy is knowing what to do if you do experience a data breach and, secondly, what you can do to regain the trust of your patients. It is best to be prepared and have a strategy for how you will address the incident. An incident response plan provides the steps a business will take if a hacker successfully penetrates their defense, resulting in a medical records breach. 

 

Beyond the legally required steps that covered entities must take, taking the necessary steps to rebuild trust with customers is an equally important component of recovering from a data breach. 

Trust: A Key Component for Any Successful Business

People do business with companies they trust. A successful data breach of PHI can cause patients to lose trust in your practice. Once trust is lost, customers often will take their business elsewhere. 

A survey by SAP found that “abuse of customer data could cause 80% of consumers to abandon your brand.”

A HIPAA data security breach is a serious matter than can seriously impact any covered entity’s bottom line and longevity.

Report the Breach to Authorities and Explain What Happened to Your Patients

For any covered entity this step is mandatory because it is legally required. For an overview of notification procedures, read How do I report an unsecured Protected Health Information (PHI) Breach?

Any company that experiences a security breach should explain to their customers what happened. This is near-universal advice given for how to handle a breach. Covered entities need to contact affected individuals via First Class Mail or email (if they have permission). 

 

Email is faster and will give affected individuals a better chance to protect themselves from identity theft and other financial harm in a timely manner. 

 

Beyond simply alerting individuals, explaining what happened helps to rebuild trust. Research indicates that honesty and openness is good business. In a study on brand recalls and the effect on customer loyalty by The Relational Capital Group, a link between honesty and continued loyalty was evidenced in two noteworthy findings:

 

  • 91% of consumers agreed that companies make mistakes that lead to product recalls.
    • 87% agreed with the statement that they are “more likely to purchase and remain loyal to a company or brand that handles a product recall honorably and responsibly, even though they clearly made mistakes that led to a safety or quality problem.

Have Your Facts Correct

While it is important to contact your patients quickly, a mistake many companies make is to respond too quickly. Move quickly, but thoroughly to investigate the facts of the matter so that you do not over or under-report the number of affected individuals or other details. 

Communicate in Plain Language

The healthcare industry uses a lot of jargon and acronyms. Minimize jargon when explaining the data breach to your patients. All communications must be simple, clear, and concise. 

Your patients have had their personal information stolen. Now is not the time to use language to “obfuscate” (or in other words, “hide”) what happened and what they should do next. 

Empathize

Healthcare communication often lacks personality and is clinical. When delivering post-op instructions to a patient, it is important to impart the information in a direct, non-emotional manner. 

In a data breach, that is typically not the right approach. Tailor your message for your audience and be sympathetic to the additional aggravation the breach of their personal data has caused in their lives. 

Share Security Tips and Advice

For covered entities, this is required. For any other business, it is good advice. In your notification to affected individuals, include suggested steps to help them secure their information, such as paying extra attention to fraudulent charges on credit cards, changing passwords, etc. 

Get Your Employees Involved

Providing thorough, ongoing information security training for employees is essential. Not all PHI breaches are via cybercriminal hacking attacks. Human error and carelessness can also result in costly HIPAA violations. 

Cybersecurity should be an evolving program, requiring continuous tweaking and updating which includes regularly reminding employees of how important a security culture is and training them on the correct procedures.

Medical Record Data Breaches: A Matter of When, Not If

Many companies and cybersecurity professionals believe that hacks are inevitable. Whether because of ingenious hackers, employee errors, a missed patch, or any of a multitude of other reasons, a PHI data breach could happen to you.

Creating a cybersecurity plan in accordance with HIPAA compliance regulations will keep your office as secure as possible. Following the steps and suggested tips in this post will help you keep or regain your patients’ trust if your network is hacked and a PHI breach occurs. 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

How health IT is a barrier to patient satisfaction

How health IT is a barrier to patient satisfaction | Healthcare and Technology news | Scoop.it

I was recently talking to a patient about having some extra help at home when she left the hospital with home nursing services. The elderly lady — highly intelligent and fiercely independent — politely declined with the reply: “No, I’m fine thanks Dr Dhand — all they’ve done before is just come in with their computers, barely talk to me, enter a few things on their keyboards and then leave.”


This reply really struck a chord with me (as someone who has written extensively on all that we need to do to improve the use of information technology at the frontlines of medicine). We then engaged in a brief conversation about all the changes she’s seen over the years and how medicine now seems so fragmented and impersonal. I finished with a strong feeling inside that I really couldn’t blame her for declining additional “robotic” services, and that she was talking absolute sense about her experiences.


Her reply is typical of dozens, if not hundreds, of similar complaints I’ve heard over the years about how doctors (and nurses) are simply too pre-occupied with their keyboards and screens and barely look at a patient nowadays. This problem particularly affects the more generalist medical specialties — including primary care — which should be the cornerstone of all health care. The last decade has seen the proliferation of information technology, mainly due to meaningful use and the government’s incentives for the computerization of the health care system.


Let me pause right here and say that I am far from advocating a return to the paper chart or the archaic days of yesteryear. Many of the aims and goals behind meaningful use are noble ones. We simply need to redesign the current systems so that they are fully optimized for frontline medicine, and design them to be as seamless and efficient as possible so that doctors and nurses can get back to where they belong: with their patients talking face to face. Likewise, doctors and nurses need additional training on how better to use the information technology so that it doesn’t come in-between them and their patients.


A study published not so long ago in the Journal of General Medicine showed that medical interns now spend only around 10 percent of their day engaging in direct patient care in hospital and almost half their time with computers. That’s a shocking statistic and an unfortunate imbalance. I’m sure if a comprehensive study was done on primary care doctors, and how long they spend looking at actual patients versus their screens, the results may be even more disappointing.

If it were expanded, the same study would probably also show that one of patients’ biggest let-downs would be when their doctor keeps glancing in between them and their screens. So if we are really serious about improving patient satisfaction and the health care experience, how can we let this situation go on?


I hope that in the not too distant future the world of frontline medicine, IT, and hospital administration, can all get together to solve this problem. I gave a presentation last year in Boston titled: “Healthcare IT: What the frontline of hospital medicine really needs.” The audience was a mixture of entrepreneurs, techies and clinicians. The biggest round of applause I got was from the clinicians when I opened with the provocative statement that health care IT has done more to destroy the doctor-patient relationship over the last five years than any other one single thing. I stand by that statement and hope that we can change things. Until that happens, we continue to massively let down our suffering patients.


No comment yet.