• linkedin
  • Increase Font
  • Sharebar

    4 steps to take after suffering a data breach

    What to do if someone gets hold of valuable patient information.


    At times, a forensic data analysis can determine whether or not the information was accessed, viewed, acquired, altered, transferred or otherwise compromised. This step, combined with the other three, can help you determine whether a breach actually occurred.

    4. Evaluate the extent to which the risk to the PHI has been mitigated

    All risks to the PHI should be mitigated in order to reduce legal implications and protect the information. In the previous example of the “incorrect email” to another covered entity, the responsible covered entity could request a letter of attestation that the PHI was destroyed.

    Related article: The terrifying threat ransomware poses to your dental practice

    This step depends a lot on the third party’s actions following the data breach and their willingness to cooperate with efforts to mend the situation.

    After all four steps have been considered and documented, the covered entity or business associate must, in good faith, make the determination whether there was a low probability that the PHI was compromised. If the covered entity or third party can’t make that determination, then breach notification is required. 

    Dr. Lorne Lavine
    Dr. Lorne Lavine, founder and president of Dental Technology Consultants, has more than 30 years invested in the dental and dental ...


    Add Comment
    • No comments available