Manage the Damage of Data Breach
Imagine this — It’s a Friday morning and you’re sitting at your desk savoring the last drops of your morning coffee. A call is transferred to your office, so you answer the phone.
Within the next two minutes, you learn that a patient has had her credit card information stolen, and it appears it may have happened in your office. You hear a tone and look down to realize your phone is displaying another call on hold. Almost at the same time, there’s another.
It’s not going to be a normal Friday. In fact, you will probably be working all weekend.
Not only do you have stolen credit card information to deal with, but you also have a HIPAA data breach.
Where do you go from here?
The first place to start is to contact your credit card vendor immediately and alert them to the issue. There is likely a protocol they follow for this situation that should guide you through the next steps to cope with the aftermath of the stolen information.
How do you deal with angry patients and HIPAA?
Here are some Tips:
— Alert your phone operators there may be a surge in calls
Decide in advance what to do if you are hit with a tidal wave of calls.
- Should operators transfer all the calls to you?
- Direct them to a voicemailbox?
- Take messages?
— Prepare a short script for staff interacting with patients
— Start making notes and update them throughout the crisis
Include any relevant information – such as the date and time you discovered the issue and all the steps you take to rectify the situation. Information in your notes should include: the time and date of patient calls reporting the problem, any actions which are made by the credit card company to minimize and remedy the breach, the date and content of any written communications to patients, etc.