Every year more and more patients’ records are compromised by data breaches. In 2018 over 15 million records were breached.  In February of this year alone there were over a million records reported breached by healthcare organizations.

For incidents disclosed, 58% of healthcare systems breach attempts involved inside actors, which makes healthcare the leading industry for insider threats today. Most healthcare breaches are motivated by financial gain, often using patient data to commit tax return and credit fraud.

Accordingly, as healthcare data breaches become not a matter of “if”, but “when” the industry must become intimately familiar with the Breach Notification Rules.

When there is a data security breach, there are state and federal data breach notification laws that place time limits on when those who are affected must be notified. A failure to make a timely notification of the data breach can be quite costly. Both federal laws like HIPPA and state healthcare privacy laws require covered entities to conduct a risk assessment to determine the probability that Personal Health Information (PHI) has been accessed by an unauthorized person; and if so, then notification of the types of information involved in the breach needs to be provided to the impacted patients.

Hence, once a breach has been discovered there is no time to lose. Healthcare privacy rules are stringent in setting forth specific timeframes in which notifications must be made. For those who fail to meet notification deadlines there are costly consequences. Accordingly, the best way to comply with notification strict deadlines is for healthcare organizations to have in place a cyber-incident response plan that includes a breach notification service provider capable of reviewing the impacted data rapidly, precisely and securely.  A solution that combines cyber-security methodologies, trained personnel and electronic discovery technology to quickly comb through the voluminous amount of records to identify PHI sensitive information.

Ben Friedman, JD is LO2’s Vice President of Client Development, please feel free to reach out to Ben with any questions or comments you might have. ben@legaloutsouring2.com / 561-886-7764