Survey Offers Wise Words of Advice for Handling a Data Breach
By Francie Fernald - June 22, 2012
Francie

Many health care organizations dread the day when a data breach occurs and they have to decide how to handle the situation both in terms of their patients whose data have been lost or stolen and the law, which imposes notification and other requirements on them. The results of a recent survey provide some wise advice for organizations that may help tamp down the negative response cast upon them once customers learn of the breach.

The purpose of the 2012 Consumer Study on Data Breach Notification, which was conducted by the Ponemon Institute for Experian Data Breach Resolution, was to understand consumers’ perceptions about the importance and value of receiving notification after their personal information had been accessed because of a data breach. One of the survey’s findings was that consumers, while concerned about the privacy and security of their personal information, did not pay much attention to whether they received any breach notifications during the year. In fact, only 708 of 2,832 (25%) respondents could definitely recall receiving a data breach notice, and 51% could not recall whether they had received a notice at all. Fifty-seven percent said they did not want to be notified unless the organization was certain of the risk.

Of those who recalled receiving the notice, 62% said that the notice was a form letter, and of those, 36% said the letter looked like junk mail. The letter, according to 72% of respondents, was a disappointment because it did not provide sufficient information about how the breach occurred, what data had been lost or stolen, what the impact on them was and how the organization would protect them from any harm. Perhaps the most disturbing finding was that more than half the consumers who received notice of the data breach said they lost trust and confidence in the organization. Fifteen percent said they would discontinue their relationships with the organization immediately, and 39% said they would consider termination.

Given the dramatic impact a data breach has on a consumer’s perception of an organization, the survey concludes, “Resources spent on personalizing the message, offering assistance to reduce the likelihood of harm, and providing specific information about the incident may help organizations avoid the risk of losing customer trust and loyalty in the aftermath of a breach.”

Where does your organization concentrate its efforts when a breach occurs…on PR damage control or on customer contact? How much information is included in the contact with the customer?

It's quick and easy to sign up for FREE access to AISHealth.com!

Why do I need to register?

About the AIS Bloggers
jbrown's picture
Jill Brown
Executive Editor
View Jill's Profile
sdavis's picture
Steve Davis
Managing Editor, Health Plan Week, Inside Health Insurance Exchanges and The AIS Report on Blue Cross and Blue Shield Plans*
View Steve's Profile
ffernald's picture
Francie Fernald
Managing Editor
View Francie's Profile
jgutman's picture
James Gutman
Managing Editor, AIS’s Health Reform Week and Medicare Advantage News
View James's Profile
amaas's picture
Angela Maas
Managing Editor, Specialty Pharmacy News, Drug Benefit News and AIS E-Media
View Angela's Profile
nyoungstrom's picture
Nina Youngstrom
Managing Editor, Report on Medicare Compliance
View Nina's Profile
pconnole's picture
Patrick Connole
Editor, Health Plan Week
View Patrick's Profile
tdefino's picture
Theresa Defino
Editor, Report on Patient Privacy and Report on Research Compliance
View Theresa's Profile
lkelly's picture
Lauren Flynn Kelly
Editor, Drug Benefit News
View Lauren's Profile
nlearner's picture
Neal Learner
Editor, AIS’s Health Reform Week
View Neal's Profile
bjtaylor's picture
BJ Taylor
Manager, Web and e-Newsletter Content, and Associate Editor, Medicare Advantage News and Health Plan Week
View BJ's Profile