Study on Aftermath of Data Breaches Provides Helpful Insight for HIPAA Breach Notification

A recently published study on The Aftermath of a Mega Data Breach:  Consumer Sentiment was performed by the Ponemon Institute and sponsored by Experian Data Breach Resolution.  The purpose of the study was to explore consumer sentiments following a data breach.  While the report did not focus exclusively on HIPAA Breach Notification, the findings of this study are useful for HIPAA covered entities responding to a HIPAA breach.  Consumers reported that 15% of the breach notifications that they received were from hospitals and clinics.

Some notable aspects of the study include:

  1. 67% of consumers felt that they should be compensated with cash, products or services that the entity makes.  Note that this would not likely be an option for HIPAA covered entities because of the prohibitions on providing inducements to Medicare beneficiaries and similar provisions in private health care contracts.
  2. 63% of consumers felt that the entity should provide them with identity theft protection.
  3. 58% of consumers felt that the entity should provide them with credit monitoring services.
  4. 67% of respondents thought that the company’s breach notification could be improved by providing a better explanation of the risks of harms that the individual would experience as a result of the breach.
  5. 56% of the respondents thought that the company’s breach notification could be improved by disclosing all of the facts.
  6. 32% of respondents ignored the breach notification and did nothing – with only 29% reporting that they accepted offers of theft protection.
  7. The majority of respondents (78%) stated that they would be most stressed if their social security number was involved in the breach.
  8. 42% of respondents said that a sincere and personal apology would prevent them from discontinuing their relationship with the company.

The full report may be accessed at this link: http://bit.ly/ExperianAftermathStudy (note that contact information is required for download).

Speak Your Mind

*