With the surge of malware, ransomware, hackers and theft the likelihood of a data breach is more possible than ever before. No one wants to deal with a data breach and why would they? Dental practices must be prepared for a data breach and plan accordingly.
If you suspect a data breach in your practice:
Stop the data from being stolen
Repair the damage so it doesn’t happen again.
Take these steps to stop your data from being thieved and quickly restore operations:
Reduce confusion with an Incident Response Plan
Protected Health Information (PHI) on desktop computers, servers, portable devices, smartphones and internet access has its perks. However, with computer viruses and spyware on the rise, it is only a matter of time before a security incident will occur.
By now, you should have an Incident Response Plan in place that lays out what your practice, staff, and third parties should do in the event of a data breach.
Make sure your staff knows about the plan and are trained to take immediate action once a breach is identified. Without a plan, staff members can panic and make mistakes. Having an incident response plan will help prepare your practice before, during and after a data breach.
Preserve the evidence
In a breach, your instincts may tell you to start deleting. Just like a crime scene, ensure any evidence of the breach is kept. This may help prove what happened and who is responsible.
Make sure to journal every detail since they will be helpful for upcoming investigations.
Contain the breach
Don’t delete infected systems – you should contain them. Isolate the trouble areas so the rest of the practice isn’t affected. Do the following:
- Contact your IT service providers immediately.
- Disconnect from the internet
- Disable remote access capability
- Maintain firewall settings
- Change access control credentials
Manage public communications
Consult with legal counsel to determine the best way to notify the public and your patients of the breach. It’s best that the public is notified by you directly versus staff members announcing the breach. Delaying the inevitable does no good and could taint your reputation if it seems like you are hiding something.
Investigate and restore systems
Establishing how you were breached is the only means of preventing it from happening again. Scan your systems for exploitable software and hardware vulnerabilities. If your IT service provider identifies and fixes the problem, make certain they document everything. In the event of an OCR investigation they will ask the cause of the breach and the steps taken to prevent further incidents.
Final word
Data breaches are costly in many ways! It is not unusual for a breach to affect your practice from weeks to months. Not to mention potential loss of reputation and fines associated with HIPAA violations. Additionally, 500 or more records will force you to report the breach to the Office for Civil Rights and a trip to the WALL OF SHAME
HIPAA regulations are designed to help fend off the bad guys and protect the privacy of your patients. Electronic records and security go hand in hand as a ADT security system protects your facility. Besides caring for your patients oral health, embracing compliance shows your commitment to their privacy and protecting their health information.
