Battling ‘Breach Fatigue’: How to Get Their Attention

more+
less-

Healthcare professionals recently convened at the HIMSS Privacy & Security Forum in Boston to discuss the growing problem of data breaches and compromised patient privacy. Providers clearly need to take a strong approach to protecting patient data – and communications professionals need to keep customers alerted to dangers and breaches.

But communicators also need to note one particular trend: the more often providers informed clients of data breaches, the less meaningful those communications became. It may be that the public is suffering from “breach fatigue” not unlike that suffered by healthcare professionals themselves.

One solution to breach fatigue could simply be to eliminate unnecessary alerts.

But breaches happen and when they do, they must be reported to clients. According to a survey released at the privacy forum, 22 percent of providers had experienced a breach in the previous year. Most providers notified patients affected by a breach in the form of an official letter explaining the situation. But the collective attitude of the survey takers was that clients were unconcerned; perhaps inundated by information from various sources about various privacy issues, they seemed to pay little attention to these notifications.

Patients’ apathy in turn contributes to a similar lack of interest from providers in creating meaningful changes to tighten security. For comparison, according to the HIMSS survey, financial services companies devote eight to ten percent of their budgets to privacy, compared to only one to three percent of provider budgets in the healthcare field.

The financial services industry has developed a few engaging ways to combat these types of breaches over the years – including ranking threats on a severity scale from one to five and providing context for the news about a breach. “I think that if consumers had a category to look to, it would make a difference,” Neal O’Farrell, founder of the Identity Theft Council, told Bank Info Security. “They would know which breaches to pay attention to, and their anger would be shifted to those that fall into a higher category.”

How else can healthcare providers help arm patients with the knowledge they need? The Obama campaign offers an unlikely example. The campaign sent frequent short e-mails to a vast list of recipients. The messages, which almost always said basically the same thing—how about a donation?–were written in a conversational tone and often had subject lines as simple as “Hey.” Those fundraising e-mails were responsible for most of the $690 billion that Obama raised in his reelection campaign.

The success of these efforts suggests that consumers don’t necessarily object to repetition, and that they respond well to messaging and delivery. That’s an important lesson for healthcare providers: communicators can be effective if they create engaging and thoughtful messages.

Topics:  Breach Fatigue, Data Breach, Data Protection, Healthcare, Healthcare Professionals, PHI

Published In: Communications & Media Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Greentarget | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »