Healthcare News & Insights

5 steps healthcare organizations should take in response to data security breach

Healthcare security breaches have been on the rise in recent years. In 2016 alone, more than several large breaches already logged with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this guest post, Chris Byers, CEO of a company that offers an online form and data-collection platform, offers five steps to take in the event of a data security breach.


Data security breaches can be costly “ especially if they involve HIPAA Breach Notification Rule requires all healthcare organizations that experience an ePHI security breach to adhere to a strict breach notification process. In short, covered entities (and their business associates) must notify all affected individuals and the Secretary of HHS. In addition, facilities are required to notify prominent media outlets in their area if more than 500 individuals may have been affected by the breach.

Notifications must be provided in a timely manner “ within 60 days of the security breach discovery. If an organization doesn self-report a breach, it considered willful neglect. If the unreported breach is discovered during a HIPAA audit, the organization could face a minimum fine of $10,000 per violation.

Health organizations should also be aware of any long-lasting consequences. As mentioned previously, HIPAA violations often lead to costly fines from the OCR. Depending on the circumstances surrounding the breach, criminal penalties (such as jail time) might also be handed down. Additionally, youl have your work cut out for you with regaining patient trust and restoring your reputation. However, if you can smoothly manage the fallout by following these five steps, youl be on your way to repairing relationships and rebuilding trust in your organization.

Chris Byers is the CEO of

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.