All physical therapists are held to the Health Insurance Portability and Accountability Act (HIPAA) as are all healthcare providers. In the event of a data breach it is important to have a plan of action, even if you never need it! Let's discuss how to prepare for a HIPAA breach.
What is HIPAA & Why is Compliance important?
You should already be familiar with HIPAA, but just in case let's start with a brief refresher! HIPAA stands for the Health Insurance Portability and Accountability Act which is a piece f United States legislation relating to data privacy and security provisions for medical information. HIPAA compliance is very important both for ethical reasons and also to protect your clinic against legal and financial consequences.
Dealing With a HIPPA Data Breach
A data breach of the HIPAA is a worst case scenario for most healthcare professionals, including physical therapists. It could occur as a result of a lost laptop or some stolen patient records – to be perfectly honest it does not really matter how it happened, what matters is how you deal with it! Time is of the essence and you need to be ready to spring into action in order to protect yourself and more importantly, your patients. That means having a data breach plan in place. These are the most important steps :
As a healthcare professional, you have a legal obligation to investigate any suspected data breach. This allows you to determine the extent of the breach including whether or not any patient records have actually been compromised. You will need to answer a series of questions regarding the nature of the breach, the type of data involved, who managed to acquire the data and for what purpose. You also need to establish how many of your patients are affected.
Experiencing a data breach is not what is going to affect your practice's ability to move forward, but rather how you handle it! Your next move could actually be make or break for the future of your physical therapy clinic! You are legally required to notify affected patients of the breach. You may feel like you would rather keep it under your hat, but apart from having to do it, communicating with those involved is the smarter option as it will eliminate any opportunity for the spread of misinformation.
Finally, you will need to deal with the financial consequences of your breach. In an ideal world, you should have an emergency fund in place. However, even then you will find that the cost of investigation, PR services and implementing additional security to address the weakness that allowed the breach in the first place, soon begin to mount up! This is before we even look at potential lawsuits and OCR fines. This is why it is so important to work through the other too steps quickly ans effectively in order to minimize the financial impact.
These are the main steps that you will need to carry out in the event of a HIPAA data breach. This is intended as a guide only and you would need to go into more depth, but this should offer you a good starting point to develop your own strategy so that you are prepared for the worst!
At PatientSites.com, we under the importance of HIPAA compliance and that is why one of the features we offer is full security and data protection. If you want to discuss this in more detail or are interested in any of our other features, please do not hesitate to call us on 866.565.4746 to discuss your needs.