Our Outlook

Filter Posts

Clear Filters
« Return to List

Posted on 04.13.2010

Healthcare Marketers: Get to Know Your CIO


The HITECH Act has significant implications for communicators A whole new area of risk is coming to the fore as the country rapidly moves to digitized personal health information (PHI). Physicians and hospitals will soon receive enhanced reimbursements for using electronic medical records and earn incentives for sending electronic prescriptions. As usage of electronic PHI grows, there are new risks for breach of that very sensitive data, and healthcare communicators need to be ready. Since new notification regulations went into effect on February 22, fifty-six data breaches have been reported in which the PHI of 500 or more people has been put at risk. I know this because it is posted on the HHS web site mandated by the HITECH ACT. But for even more information on the subject all I have to do is turn to HealthInfoSecurity.com and the Open Security Foundation, both of which search primary and online news sources to gather information on new data breaches and further spread the news. It is easy research to do…for me or for a reporter. Professional healthcare communicators know that a large PHI breach requires at least a substantive and reassuring press release and similar notification for affected individuals. But did you know that there are now regulations for exactly what that press release and personal notification must include, when they must occur, and what resources must accompany them? If you post an announcement on your web site, utilize a 1-800 number, or make resources available online, there are additional guidelines that must be followed. As communicators charged with restoring your organization’s reputation once a crisis has occurred, this may be an opportune time to go have lunch with your CIO, become familiar with the security safeguards that are in place for PHI, and learn about the regulatory requirements. Think of it as business continuity or disaster planning. The potential costs are real. The Poneman Institute conducts an annual study across industries to measure the real costs of data breaches including legal expenses, the cost of investigation and consultants, loss of customers, and other factors. In 2009, the average cost per compromised record was $204 -- which adds up very quickly since any breach generally impacts large numbers of records. 2009 incidents studied by Poneman ranged in cost from $750,000 to nearly $31 million. And, predictably, they observed more volatility around healthcare customer churn than in any other industry. Here are some steps you can take now to prepare for a possible PHI breach in the future:
  • Understand the potential cost to the organization’s brand, to patient loyalty, and in actual expended dollars.
  • Work with your I.T. department to conduct a technical risk assessment and understand the scope of data that might be affected.
  • Learn about the security safeguards already in place in your organization and get a high level understanding of how the data systems are structured. Draft some talking points in advance for quick reference.
  • Assist employee training efforts to prevent inadvertent data breaches. As a professional communicator and steward of the organization’s brand, you should be the perfect person to develop the messages regarding what is at stake.
  • Get a working knowledge of the regulatory language around data breach notification to individuals and to the media.
  • Develop a quick reference plan encompassing practical steps and regulatory requirements for what to do after a breach.
So far, planning for HITECH has stayed in the CIO’s court, but it is time for Communications to get in the game as well. Don’t wait for a breach to happen before learning about your data systems and related regulations. Just think how much easier it will be to translate it all into English now rather than waiting until you are in the crunch. Andrea White specializes in communications issues related to health information technology and the HITECH Act. Look for more blog entries on this subject in coming weeks!

Latest Blog Post

In the know: Five communication tips for keeping health system board members informed and engaged

Consider the following five strategies to help your C-suite elevate its board communication and engagement efforts...

Read More

News Update

December 2018 Newsletter

Tips for Keeping Board Members Informed and Engaged Want Coverage? Show Me The Data!...

Read More