The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Editorial: Calculating the Cost of a HIPAA Data Breach

Posted By on Apr 30, 2015

Calculating the cost of a HIPAA data breach is not a straightforward process, at least not until a number of years after a data breach has occurred. Actions must be taken following a breach, and the cost of notification and damage mitigation can spiral. Financial penalties are also being issued with increasing frequency to healthcare organizations fail to implement the appropriate privacy and security measures to protect patient healthcare data.

HIPAA and Breaches of Protected Health Information

The Health Insurance Portability and Accountability Act places a requirement on covered entities to employ the appropriate administrative, physical and technical safeguards to prevent the unauthorized disclosure of Protected Health Information (PHI). Patients must also be allowed access to their healthcare information on request, privacy must be respected and policies developed to de-identify data before it is used for research and marketing purposes.

Business Associates – any vendor required to come into contact with PHI – must also be vetted to make sure they comply with HIPAA Rules. When a Covered Entity (CE) violates these rules, penalties and sanctions can be applied.

When they lead to a data breaches and the disclosure of PHI, there are a number of responses that the CE must make to mitigate any damage and prevent future breaches from occurring. These responses carry a significant cost.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The Cost of a HIPAA Data Breach Can be Significant

The cost of a HIPAA data breach can be offset with breach insurance products, but how much cover is required? To determine that, it is essential to analyze the total potential cost of a data breach. However this is far from a simple task.

Class-action lawsuits may be filed on the grounds of negligence for failing to do enough to protect patient privacy. Breach fines may also be issued by the OCR and attorney generals’ offices.

Researchers have attempted to calculate the cost of a HIPAA data breach; with the Ponemon Institute and Verizon both having devised models to predict the “cost per record” after a data breach. Since many of the costs are hard to predict there is naturally a certain margin of error involved. Reducing that margin of error can save thousands of dollars in insurance costs and will ensure that if a breach does occur; the insurance company will foot the majority of the bill.

Even when breaches have been caused through no fault of the CE there are still costs that must be covered. If you need to estimate HIPAA data breach costs, consider the costs indicated in the infographic below

 

hipaajournal-cost-hipaa-data-breach

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist