« What It’s Like on the Back Page | Main | Three Reasons Why Prof. Eric Williams has It Wrong About a Ban on E-waste Exports »

HIPAA Violations Could Cost $834 Million

by Bart Porter on August 17, 2010
A week and a half ago when I wrote a blog about the excessive number of data breaches occurring at healthcare organizations, I wondered how much of a financial impact these incidents had on the entire industry.

I immediately thought of the Ponemon Institute’s research report, 2009 Annual Study – Cost of a Data Breach, which related the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs. By multiplying the $204 total determined by the number of records compromised, I could get a pretty good idea that data breaches can cost healthcare organizations a lot of money.

However, as I prepared the bi-monthly regulatory compliance news edition for Redemtech customers and associates this week, I also wondered how the healthcare industry and related entities were affected by fines for violations of the Health Insurance Portability and Accountability Act (HIPAA), several of which have been prominent in the news this year.

This week I got my answer when a report was released by the Health Information Trust Alliance (HITRUST) that estimated the cost of 108 healthcare entities submitting breach reports to the Office for Civil Rights (OCR) since Sept. 23, 2009, could reach $834.3 million in total costs to address HIPAA violations. Granted, not all HIPAA violators are healthcare companies, but organizations in this industry seem to be most susceptible and garner the most news coverage. HITRUST also used the Ponemon Institute study on the average cost for a compromised record to establish its estimates.

As reported in HealthLeaders Media, the OCR's breach notification website list grew considerably after the HITRUST report was published. At least 130 entities have reported breaches of unsecured personal health information affecting 500 or more people. This seems in line with the Identity Theft Resource Center (ITRC) report that data breaches are occurring at healthcare organizations at a much higher rate than in any other industry. According to ITRC, 113 of 385 U.S. companies and organizations that endured a large data breach in the first half of 2010 were healthcare providers.

As the number of data breaches increases and the costs associated with them rise, so does the need for healthcare and other companies to find better ways to protect data and comply with regulations.

Technorati Tags: , , , , , , , , , , , , , , , , ,

Posted by Bart Porter on August 17, 2010 in Industry Grapevine | Permalink

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.