Data Breach - Steves Blog

Few other industries emphasize and value reputation more than healthcare, especially when it concerns patient care quality and experience. When a provider organization discloses Protected Health Information (PHI) to an unauthorized party, that organization’s reputation can suffer significant damage. Reputational damage is just one of the elements that I described in my last post about the financial risks of a PHI breach, but I wanted to focus on it exclusively in this post because the consequences are so far reaching beyond financial penalties.

I also want to emphasize that healthcare organizations can help prevent the lingering reputational damage associated with a breach by partnering with a PHI disclosure management vendor that offers state-of-the-art technology and a highly trained and knowledgeable staff who are experts in HIPAA compliance and avoiding breaches.

Patients key stakeholders for reputational risk

A “negative reputation event,” such as a data breach, can cause a “loss of brand value” for healthcare providers, according to a group of healthcare and life sciences executives who were surveyed recently by consulting firm Deloitte.

The survey also found that customers (patients for healthcare organizations) were the “most important stakeholders for managing reputational risk.” Although patients can easily find out about a PHI breach in the news, smaller breaches, which are much more common, can also be damaging to hospitals’ reputations. Word of a breach can spread online through social media, such as Facebook and Twitter, through consumer rating sites, such as Yelp, and even through Google results when someone searches for the hospital. These online assessments are increasingly influencing patients’ expectations, Deloitte reported.

Patients sharing experiences with others online about hospitals and providers is also another reflection of how patients are even more so becoming healthcare consumers with much more mobility and choice over where they seek their care. If patients don’t trust providers with their PHI, they are more likely than ever before to move their healthcare dollars elsewhere.

Establishing a culture of compliance

Decreased patient volume due to reputational damage is just one of the financial impacts of a PHI breach. But the lingering effects of reputational damage, I believe, are more long lasting and difficult to quantify in terms of dollars and cents. Apart from the loss of patient trust, breaches can impact employee morale, providers’ confidence, and degrade the overall culture of the organization to one of instability and confusion.

By instilling a culture of adherence to HIPAA-compliant PHI disclosure policies and procedures, and offering employees the support and tools they need to comply, organizations can avoid these breach-caused negative reputation events and their impacts.

A trusted PHI disclosure management partner that has already established a culture of HIPAA compliance and knowledge, supported by technology to prevent improper disclosures, can be a significant advantage to an organization in protecting its reputation and its bottom line.

To learn more about the financial and reputational impacts of a PHI breach, please download our white paper: “Mitigating breach risk in an era of expanding PHI disclosure points and requests for health information.”