Smart marketing and communications departments keep a vigilant watch on social media platforms to catch isolated events before they can become a bigger story, but sometimes an issue is so big that an organization has no choice but to put all hands on deck to help manage the message that is eventually going to get out to the media and reach the public.
Such is the case with WellPoint. The Indiana-based insurer admits no liability [PDF], but has agreed to pay a $1.7 million fine to the Department of Health and Human Services to settle HIPAA violations that occurred in 2009 and 2010, when the personal health information of more than 600,000 individuals was breached.
The PHI breach occurred when a vendor was updating the company's online application process. Although the problems have since been fixed, and no one's identity was fraudulently used as a result, the incident continues to be played out in public because of the subsequent fallout.
A PHI breach is one of the most common crises for which healthcare entities must be prepared. In fact, many approach a PHI breach as a "when" instead of "if" situation. Dave Jolley, vice president of public affairs at Geisinger Health System in Danville, PA, which had a PHI breach in 2006, says having a solid plan in place before a breach occurs helps diminish the stress that accompanies a crisis.