If your healthcare facility were to have a data breach tomorrow, how would you go about notifying affected individuals? More importantly, how would you do it in a way that satisfies the HITECH requirements?
The answer isn’t easy. Even without HITECH, notification and subsequent response can take an alarming toll on the finances and resources of an organization.
The following are a few of the federal laws that apply to consumers. Some states have additional consumer rights laws that apply, so be sure employees understand these as well:
Do your frontline employees know what rules apply to your business? Have they been trained to understand consumer rights afforded by federal laws? If not, could they be giving your customers bad advice?
Victims of identity theft related to an existing account often experience confusion, anxiety, fear, and a host of other very emotional reactions. So when customers turn to the entity that issued the account (financial institution or utility provider, for example) for advice, it is a major moment of truth – if the customer receives compassion and helpful, accurate direction, the positive aspects of the event are amplified. If, however, the customer receives bad advice, the negative impact will quite likely be very severe, to the point that the customer may simply terminate the relationship. Taken in those terms, the time spent training your frontline employees – those most likely to be the first point of contact with customers with an alleged account theft or identity theft – makes perfect business sense.
