Skip to main content
All Posts By

Justin Gibbs

Prepping for the Inevitable: Handling a Healthcare Data Breach

Cluttered desk with two lit monitors and posters hanging on the wall in a dark room with green walls

Did the Colonial Pipeline hack make you think about the vulnerability of your servers? Do you raise an eyebrow when you see headlines about yet another hospital cyberattack?

Good. Now, what do you do to ensure you’re as prepared as possible in the perpetually escalating game of cat and mouse that is data security?

Jarrard Inc. Vice President Justin Gibbs – our resident expert in data breach prep and crisis work – and Lynn Sessions, partner and leader of the Healthcare Privacy and Compliance team at national law firm BakerHostetler, recently offered their insight on dealing with these situations. Sessions is well-versed in the issue, having guided clients through over 700 incidents.

The issue is complex, of course, but her underlying recommendation is to get back to the basics. “What type of security do you have in place?” she asked. Are you doing security risk analysis? Do you have multifactor authentication in place? Are you educating your staff on the risks? It’s nearly the same advice we’ve been giving as long as I’ve been doing this.”

Beyond those basics, Gibbs and Sessions shared how hospitals and health systems should prepare and respond. Whether your organization has already fallen prey to hackers and scammers or is just waiting for the bad guys to attack, Sessions and Gibbs have legal and communications steps you can take today.

“Get prepared now,” said Gibbs. “you know that it’s going to happen. Get your ducks in a row so you can protect the reputation of your organization that you’ve worked so hard to build over the years.”

Note: This is a general conversation, not specific legal advice. For that, contact Sessions.

Before a Breach Happens

  • Know the territory. Recognize the likelihood of an incident.
  • Create an incident response plan. Gather an interdisciplinary group that will include legal, IT and comms, and may include finance and HR. Consider bringing in a legal or forensic firm to simulate a breach and practice your response.
  • Assign roles. Make sure that approvals for various actions are well-defined and clearly owned. If you do have to make a payment, who signs off? What if that payment is demanded in cryptocurrency? How do you work with your board, and what’s their role?
  • As you move forward in your compliance with transparency and interoperability and data blocking rules, talk about the security measures you have in place. Educate patients on how they can protect their PHI.
  • Train your team for the aftermath of a breach. These incidents can require a hospital’s network be shut down for a day or three. Are your clinicians ready to break out the paper charts while your IT team gets your system back online?

When a Breach Happens

It’s a fine line. Patients and employees need to know about a breach, but you don’t want to create panic. Go with responsible transparency. Sharing every detail likely isn’t necessary and could be harmful. What you should do, though, is:

  • Start with the legal requirements. There are specific rules for what needs to be reported. Talk to your legal team and get that out of the way.
  • Acknowledge that this is a very personal, scary event for patients. It’s their information in the hands of, well, someone. And that someone doesn’t have good intentions.
  • Be realistic about what the breach could mean. Don’t act like it’s no big deal.
  • Explain what you’re doing to preserve patient privacy and to continue operations across your organization.
  • Explain what you’ve learned from the incident and how it will inform future IT plans.
  • Stick to a single set of facts. Pull all the information into one place, update it as needed and ensure anyone speaking on the issue gets their talking points only from that central source. Otherwise, you risk conflicting messages and extending the news cycle.

Want to learn more about protecting your reputation during a data breach?

Subscribe to Jarrard Insights & News

Name(Required)

What Democrat-Controlled Washington Could Mean for Healthcare Providers

Text that reads "High Stakes" on a navy background with a lightly shaded stallion horse icon

For the first time since 2008, Democrats are poised to control both chambers of Congress and the White House once Joe Biden is sworn into office. The last time Democrats had complete control of Washington they used their political capital to pass the Affordable Care Act (ACA).

So, should we expect more sweeping change now that Democrats can once again run the field? Probably not.

There are two big differences between 2008 and now: Democrats razor-thin majorities in Congress and the COVID-19 pandemic that will continue to dominate DC.

What can healthcare leaders expect from a Democratic-controlled Washington? Here are a few thoughts:

More and bigger COVID-19 relief. While the idea of $2,000 stimulus checks for most Americans has grabbed headlines, Biden and congressional Democrats are certain to push for a new round of federal COVID-19 relief. That means additional dollars to support cash-strapped healthcare providers and more money to boost the sluggish vaccine rollout. Knowing this, now is the time for healthcare leaders to be in contact with their federal elected representatives to discuss the impact COVID-19 has had on their organization, team and community.

Shoring up the ACA. The thin majorities in the House and the Senate limit Democrats’ ability for large-scale healthcare reform like a public option or Medicare for all. However, expect Biden and congressional Democrats to restore ACA funding that was cut by the Trump administration and push for new exchange subsidies that would lower the overall consumer cost to purchase plans through the exchange.

Additional scrutiny on (some) healthcare consolidation. For months, experts have predicted that the financial challenges created by the pandemic will accelerate health system consolidation. At the same time, president-elect Biden has suggested healthcare mergers, especially mega-mergers, will receive additional scrutiny. Acquisitions of rural hospitals and smaller health systems are unlikely to receive the same attention from federal regulators as the mega-mergers.

Friendlier environment for unions. President-elect Biden has promised to be “the strongest labor president” ever. Additionally, Biden has chosen Boston Mayor Marty Walsh, a former labor union leader, as his Labor secretary. With Biden in the White House and Democrats controlling Congress, look for movement on the PRO Act, a rewrite of the National Labor Relations Act, that would make union organizing easier and weaken right-to-work laws.

With changes expected on both the legislative and regulatory fronts, now is the time for healthcare executives to have a thoughtful conversation with their leadership team about how change in Washington will impact their organizations. And, it never hurts to establish or renew relationships with your elected representatives to ensure your organization’s point of view is known.

Subscribe to Jarrard Insights & News

Name(Required)

Vaccines Are Here: Three Communications Considerations

Large text that reads "Third Wave" with smaller text beneath that reads "vaccinations" on an orange background with a yellow wave

The moment has arrived.

With the UK granting emergency use authorization and Europe and the US FDA close behind, doses of COVID vaccines will be rolling through healthcare providers’ doors in the blink of an eye. And, with healthcare workers at or near the top of the priority list, providers must lay the groundwork now with the media, the public and employees about how they will distribute the vaccine(s) once they arrive and address safety concerns that arise.

Here are the three communications imperatives providers need to consider today. We’ll be picking each of these apart with specific actions over the next couple of weeks:

Get the talk right internally: Your staff needs information just as much as the general public does, both because they can advocate for a vaccine in the community and because they will be asking many of the same questions. If doctors, nurses and other caregivers aren’t comfortable getting vaccinated, we can’t expect patients to line up for immunizations. Now is the time to develop a plan for centralizing all information related to a vaccine, initiating regular updates and equipping leaders at all levels to cascade information to their teams.

Be the voice of authority in your community: Patients will look to their local healthcare providers for reassurance. With vaccines being rolled out in phases, each phase represents a milestone to remind patients, the media and your community about the safety, efficacy and urgency of getting vaccinated. This is work that will unfold over the coming months, but now is the time to identify spokespeople who have the right expertise and empathetic communications skills and who reflect the patient population they’ll be working with.

Prepare for the pitfalls: There are, unfortunately, a host of issues – real and perceived – that could crop up during the vaccine rollout: Security and cold chain logistics, anti-vaxxer activity, helping underserved communities and people of color feel more comfortable receiving a vaccine, to name just a few. In addition, thanks to the (Warp!) speed with which these vaccines were developed, the public and media will be watching closely for any sign of danger. It won’t be a surprise to see any side effects magnified and attempts to link deaths to receipt of a vaccine dose. Providers don’t necessarily need canned responses to every possible issue, but they do need to prepare a framework for how to talk about anything that might come up.

Subscribe to Jarrard Insights & News

Name(Required)

Dealing with the Holiday Message: CEO Words Can Bridge Chasms in Today’s Workforce

Fireworks and light orbs

We may be a divided country, but we are not a divided workplace.

Our political differences are real, but healthcare providers are unified in the mission of caring for people. Two weeks out from a contentious, exhausting election, healthcare CEOs need to bring that urgent message to their organizations. Right now. They cannot allow lingering political tensions to creep into that shared mission and common purpose. Instead, smart CEOs are using their visibility and voice to begin healing any cracks that may have appeared in their workforces.

Healthcare executives should take advantage of our entry into the holiday season and create authentically heartfelt messages of thanks for their teams. Words aren’t everything, but they’re a critical place to start. Here are some thoughts to get you going with yours.

  • We are a divided country. We will not pretend that there aren’t massive political differences among us. Some are elated with the election results, others are terrified.
  • Even so, we are not, and cannot be a divided workplace. We all must stay together to fulfill our mission and to answer our calling.
  • We owe each other respect despite our differences, and we should be kind to each other in the same way that we are kind and caring to all patients.
  • With the world being so uncertain right now, we owe it to each other to create certainty and calmness in the workplace.
  • We know everyone is stressed – it’s a helluva year. We, as leaders, are committed to helping manage that stress by focusing on what we can control. That is, the kindness we show to each other and the care that we deliver to patient.We are asking you to do the same.
  • Questions, concerns, hopes or fears? Tell us. We are here for you. Send us a note/stop by the office.

Subscribe to Jarrard Insights & News

Name(Required)