HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Trust can be Regained with Prompt Data Breach Notices

Disgruntled patients will be lost to other healthcare providers/insurers after a data breach; however there will not necessarily be a mass exodus provided the breach is managed properly. Get the breach response right and it can go a long way towards rebuilding patients’ trust in an organization.

Survey Indicates Americans Want the Truth about Data Breaches


A new survey conducted by Qualtrics, a company specializing in email data protection, indicates the general public is aware that data breaches are now a part of life; however trust in a retailer or healthcare provider is being lost after personal data is exposed. Trust in a HIPAA-covered entity may be lost, but it can be regained. The survey results suggest the best way to do this is with openness, honesty and the issuing of prompt data breach notices.

The study was conducted on a sample of 500 Americans aged between 18 and 75, with respondents asked their thoughts about data breaches and how their behavior has changed since the threat of a data breach has risen.

The data shows Americans want to be told the truth about data breaches. If a HIPAA-covered entity or retailer exposes data – through negligence or by accident – the public wants to know, and quickly. 84% of respondents believe a company suffering a data breach should “notify them [breach victims] right away and provide a high level of contact.”

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Customers Want to Know a Company’s Data Breach History


The size of a data breach should have no bearing on the breach response according to the survey results. 92% of respondents said that all individuals whose data is stored by a company should be notified if a breach occurs, regardless of whether that person has been personally affected.

It would not be practical or cost effective to issue breach notifications to all individuals after every potential breach; but the survey shows that is the expected response. Americans want to know about data breaches – even if they are not personally affected – as the security record of a healthcare provider or retailer is important to them.

Furthermore, the public is staying abreast of data breaches and many people are taking an interest in the efforts companies are making to keep data secure. 70% of respondents said they keep up to data with data breach news, although only 51% said that they were knowledgeable about data security issues.

Opinion Divided on Where Responsibility for a Data Breach Lies


The public is divided over who should accept responsibility for a data breach. 48% of respondents believed the company suffering a data breach should take responsibility for it, and that the blame should lie with the IT department.

The survey was focused on the retail sector and indicates consumers are changing their shopping habits as a result of data breaches. 37% of individuals that have yet to become a victim of a data breach have already taken action and started shopping at stores they deem to be safer. 48% of individuals said they believed all retailers were vulnerable, and consequently there was no need to change their habits.

Whether the same feelings are felt when a healthcare provider exposes Social Security numbers and private healthcare data is another matter.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.