Patient privacy breaches are a serious threat not only because of the regulatory implications and fines, public reporting requirements, and interruptions to the functioning of your clinic. Inappropriate/unauthorized access to patient information puts patients at risk in several important ways that can have disastrous implications.
The Canadian Government lists nine real risks of significant harm to patients who are the subjects of a privacy breach. Let’s examine each type of risk and review how they impact patients.
- Identity theft – Patient records often contain the information needed to assume someone’s identity. Once a criminal has the necessary information, they can acquire credit and purchase large ticket items that have wide ranging implications for patients.
- Humiliation –The nature of healthcare information is that it is private and personal. Certain diagnosis and treatment details may cause patients humiliation if made public. It’s not up to a clinic to decide which conditions are and aren’t embarrassing.
- Bodily harm –There are many ways patients might experience bodily harm in the event of a breach. If someone is impersonated in a healthcare setting as a result of a breach, their patient record will be contaminated which might impact the care they receive which can exacerbate conditions or cause complications. The fact that they are injured may encourage others to (even jokingly) agitate the injury.
- Loss of employment – Certain conditions or medications may disqualify patients for employment. They may also be discriminated against for their condition because it is seen as a threat to others, misunderstood as a disability, or interpreted as a threat to productivity.
- Financial loss –Beyond loss of employment, patients can experience financial loss through identity theft that can put them on the hook for obligations they didn’t commit to, and destroy their credit rating. Even the cost of on-going identity monitoring is additional hardship imposed on patients following a privacy breach.
- Damage to reputation or relationships – Patients whose privacy has been breached can be subject to biases about their condition that impact their standing in the community, with family and friends, as well as professionally.
- Business or professional opportunities – Knowledge of medical conditions or healthcare treatment can impact business decisions such as choosing not to hire a contractor known to have battled cancer or suffered a heart attack.
- Damage to or loss of property – There are many ways in which property could be subject to loss following a breach of patient privacy. For example, if it got out that a patient is on opioids, their house could be targeted for break-in by thieves or addicts. Expensive medical equipment required for their care could inspire similar actions.
- Negative effects on credit record – Patient information is often all that’s required to assume someone else’s identity and was it to acquire credit that can ruin a patient’s ability to operate financially.
Any of these risks make a privacy breach reportable. That means patients and the government must be notified so that proper steps can be taken including investigation into cause and compliance at the clinic where the breach occurred.
It is critical that all patients be protected from these risks with complete privacy breach prevention systems in all clinics. Clinics or healthcare organizations that suffer breaches because they failed to take the steps necessary to protect their information are often found liable and subject to fines.