When healthcare organizations experience a data breach it is understandable that breach victims will be upset and angry. Information is provided to healthcare organizations in the understanding that safeguards have been implemented to keep that information private and confidential.
HIPAA Journal notes that when patients and health plan members learn that their sensitive, private information has been exposed or stolen, many choose to take their business elsewhere.
According to a study by the credit reporting agency Experian, if the breach response is properly managed and the breached entity is transparent and issues notifications promptly, customer “churn rate” can be kept to an absolute minimum.
The HIPAA Breach Notification Rule requires notifications to be issued to breach victims ‘without unreasonable delay’ and no later than 60 days from the discovery of the breach. However, a majority of patients expect to be notified much more quickly. The Experian study showed that 73% of plan members expect to be notified about a breach within 24 hours of the breach being discovered.