Medical identity theft is no longer some obscure phrase spoken primarily in data security circles. It’s quickly becoming a household term for millions of Americans who’ve become a victim or know someone victimized by identity theft.
In fact, 90% of the respondents in a recent study knew the definition of medical identity theft this year, compared with 77% last year, according to the Ponemon Institute.
Awareness of the crime, along with its number of victims, is obviously rising. But interestingly, a majority of victims are either not sure what to do or don’t do anything about having their medical identities stolen. What about your organization? Does it know what to do?
Here are three things you should never do if your organization experiences a data breach that puts patients or consumers at risk of identity theft:
- Ignore the incident thinking no one will find out
- Take one year or longer to notify potential victims. Or even worse, don’t notify them at all if you’re not required to do so by law.
- Don’t offer any compensation or services to help potential victims
So what should you do? Here’s what people expect when their medical records are lost or stolen.
- Reimbursement for the cost of finding another provider. If you’re a doctor, this may seem worse than it actually is, as most victims take no action. But if they do leave, reimbursing them is an act of goodwill that can only benefit your organization in the long run.
- To be notified of the loss or theft within 30 days. It may behoove you to be honest and forthright. Some organizations maintained the loyalty of their patients by issuing a press release and developing a website dedicated to the breach.
- To be provided with free identity protection for one year.
The best remedy for identity theft is to avoid it altogether by taking precautions to protect data and train your staff on security measures. But if you do experience a breach that leads to identity theft, the best thing you can do is help your victims. It’s not only the right thing to do, it’s also the best way to protect your brand and reputation.
What is the best data breach response you’ve ever seen? We’d like to know.