EHR Data Breach Notification Letter: ABC Hospitals - Northeast Coast

Verified

Added on 2023/06/11

AI Summary

This document presents a notification letter addressing a recent EHR data breach impacting ten hospitals along the northeast coast. As the Privacy and Security Officer of ABC Hospitals, the letter informs patients about the breach, which compromised various types of PHI, including names, Social Security numbers, dates of birth, addresses, and some account numbers and diagnoses. The letter emphasizes that the situation is under control and suggests steps patients can take to protect themselves, such as using strong passwords, firewalls, and avoiding GPS use. It also highlights the hospital's implemented security measures, including education, firewalls, and encryption. Patients are encouraged to contact the hospital through its website, toll-free number, or email for further assistance.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: NOTIFICATION LETTER FOR AN EHR DATA BREACH
Notification Letter for an EHR Data Breach
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1NOTIFICATION LETTER FOR AN EHR DATA BREACH
Due to the adoption of EHR machines, there has been a mishap leading to the data breach of
many patients’ health information or PHI, impacting upon almost ten hospitals along the
northeast coast. The breach has been identified to be taken place somewhere in the previous
week whereas the identification had been able to be done a couple of day before. This is to
inform you about the latest data breach and to notify you that however the data breach has taken
place, still there is no requirement of being panicked about the PHI being misplaced (Angst et
al., 2017). This is because the situation has been brought under control with the involvement of
authorised personnel.
However, it is a duty of mine, as the Privacy and Security Officer in charge of the hospitals that
have been subjected to the data breach, to inform you that the breach has consisted of various
kinds of PHI or Patients’ Health Information. The information thus compromised has been
identified as the full name of the patients, the Social Security Numbers of the patients, date of
birth for some patients, and home addresses (Gabriel et al., 2018). Few data breaches also
consisted of the account numbers registered as per patient, the method of diagnosis along with
the diagnosed problems of the patients along with few other disability codes of the patients.
As the Privacy and Security officer in charge of the hospitals that have been subjected to the data
breach, there are some steps that I would like to suggest to the patients in order to protect
themselves from any further threats or occurrences of this kind of data breaches. Since the
privacy and the security of information of the patients forms the barrier for entry in any kind of
Electronic Health Recording machine, every patient should have passwords on their respective
devices that contain the records and also should implement firewalls for further protection from
hackers (McLeod & Dolezel, 2018). In addition, it is suggested that the patients use locked

2NOTIFICATION LETTER FOR AN EHR DATA BREACH
locations on their devices, if travelling. The use of GPS or Global Positioning Systems makes
any user prone to being hacked.
The patients are requested not to lose faith in our hospitals since we have implemented all our
might to protect the PHIs from any further breaches (Sousa et al., 2018). We have mitigated
comprehensive education and security plans with firewalls, consisting of encryption and
decryption. In addition, we have established throughout training within all the ten hospitals in the
northeast coast as well as all registered hospitals within our registrations.
If any further information is needed, the patients who believe themselves to be under further
threat of the data breach may contact us for assistance in this regard, on our official website
www.abchospitals.com or our toll free number 180000060004. Any enquiries further can be
conveyed to the hospital’s email address info@abchospitals.com or write to us at our contact
address mentioned in the website portal.
With regards,
Privacy and Security Officer,
ABC Hospitals

3NOTIFICATION LETTER FOR AN EHR DATA BREACH
Reference
Angst, C. M., Block, E. S., D'arcy, J., & Kelley, K. (2017). When do IT security investments
matter? Accounting for the influence of institutional factors in the context of healthcare
data breaches. MIS Quarterly, 41(3), 893-916.
Gabriel, M. H., Noblin, A., Rutherford, A., Walden, A., & Cortelyou-Ward, K. (2018). Data
breach locations, types, and associated characteristics among US hospitals. The American
journal of managed care, 24(2), 78-84.
McLeod, A., & Dolezel, D. (2018). Cyber-analytics: Modeling factors associated with healthcare
data breaches. Decision Support Systems, 108, 57-68.
Sousa, M., Ferreira, D. N. G., Pereira, C. S., Bacelar, G., Frade, S., Pestana, O., & Correia, R. C.
(2018). OpenEHR Based Systems and the General Data Protection Regulation
(GDPR). Building Continents of Knowledge in Oceans of Data: The Future of Co-
Created eHealth.