• linkedin
  • Increase Font
  • Sharebar

    5 steps to take after your practice suffers a data breach

    Perhaps you thought it would never happen to an office your size, or that you were protected, but it’s happened anyway: your practice’s computer systems have been compromised and patient protected health information (PHI) may be at risk. Here are five steps to take if your practice experiences such an incident:

    1. Call for help

    At the first sign of unusual computer activity—frequent crashing, slow servers, files that won’t open—get help. Unless you have a full-time IT pro who’s well-versed in computer forensics and HIPAA regulations, you’re going to need outside experts.

    “You’d never recommend do-it-yourself surgery,” says Lee Kim, JD, CISPP, director of privacy and security at the Healthcare Information and Management Systems Society North America. “Retain a consultant that has a forensics background.”

    But don’t make the call yourself. Call your attorney instead, and have him or her engage the tech team, says Mark Dill, a longtime HIT professional and principal consultant at TW-Security. 

    “If the lawyer formalizes the engagement, the work is oftentimes considered part of attorney-client privilege,” Dill says. That may allow your response to the breach to remain confidential during potential litigation.


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Latest Tweets Follow