Small Practices Also at Risk for Data Breaches
Following a data breach, most notifications should occur quickly and no later than 60 days after the discovery of a breach.
HealthDay News — Data breaches can happen to small medical practices, but staff can take steps to prevent them, according to an article published in Medical Economics.
For example, one five-provider group practice had a data breach that made the records of 42,000 patients available. Hackers accessed Social Security numbers, birth records, and other sensitive protected health information.
Under the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, providers are required to notify affected individuals, the U.S. Department of Health and Human Services, and in some cases the media about a breach of unsecured protected health information. Most notifications should occur quickly and no later than 60 days after the discovery of a breach.
Practices should conduct risk analysis to evaluate the current staff and product deficiencies and create corrective measures. Practices can also designate a staff member to train employees on the practice's HIPAA policies and procedures, hire an outside expert to help with compliance support, use anti-phishing protection on computers, and be suspicious of emails asking for verification of personal information through a website or a reply to the message.