This “Data Breach Response – How To” article is part of our larger series by Heather Noonan.
So you want to tell your patients not to panic, everything will be fine, but how do you say that when you need to tell them that your hospital medical records system was hacked by an international hacking ring or that the U.S. Government and Secret Service are involved? Or you are a small town clinic, Mom and Pop dentistry, and your reputation is all you have. Word of mouth is very important at this point. You need to make sure that every patient is considered and what may concern you, may not concern them and vice versa.
Take the analogy of telling your children not to speak to strangers. You need to instill in them some amount of caution and concern, but not scare them so much that they won’t go outside and play. Same thing when communicating with your patients, and you should know them best.
Think about the true facts of the healthcare data breach when addressing the fears of your patients. What really happened, does it make sense that it happened, were you a victim of this incident too? Then address how it is being taken care of and the steps you are taking. Reiterate that their information and care is of your upmost importance, describe in detail the steps you have taken and how this will not happen again. Give them good, adequate resources, explain the resources, provide them with protection or recovery services, provide them something to say “I’m sorry and this is how I would like to make it right”.
I know you will hear me say this a million times, but put yourself in their shoes. You just received this random letter – a healthcare data breach notification letter- Is it a bill? What is this thing and all these words? What in the world is a fraud alert? Will you call in, what questions will you have and will you even care?
I have found over the years that the more honest, humble and forthright you can be, the more positive your outcome is going to be. Sounds true in every form of life, doesn’t it?
Senior Project Manager-Data Breach Response Team