The Cost of HIPAA Non-Compliance

Share this article on:

The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) demands that all covered entities implement the appropriate administrative, physical and technical safeguards to keep PHI secure. Failure to implement those basic minimum standards can lead to more than just a fine from the Department of Health and Human Services’ Office for Civil Rights (OCR). The cost of HIPAA non-compliance is considerable.

The True Cost of HIPAA Non-Compliance

Since the HIPAA Enforcement Act, the OCR has been able to fine organizations that fail to implement the appropriate controls to protect healthcare data and the privacy of patients. Fines of up to $1.5 million can be issued for HIPAA violations, with that number multiplied by the number of years each violation has been allowed to persist.

Multimillion dollar financial penalties have already been issued for non-compliance, but a HIPAA-violation penalty is one of the smaller costs covered entities have to cover. Organizations experiencing even relatively small data breaches can see the cost of a data healthcare data breach spiral.

Tenet Healthcare predicted that its data breach would cost in the region of $32.5 million, while the Anthem hacking incident has been tipped to cost considerably more; conservative estimates start at $100 million.

Breach notification costs cannot be ignored. Printing and mailing millions of letters by first class mail – in addition to sending updates as further information becomes available – sees breach costs soar. The provision of credit monitoring and credit repair services must also be added to the total.

Real Cost of Data Breaches Difficult to Calculate

Recent research conducted by credit agency TransUnion showed that patients and health plan members may even change provider after a data breach. 65% of respondents taking part in the survey said they would consider making the change after a data breach exposed their confidential records. Civil Action lawsuits can also be filed against health plans and healthcare providers for data breaches on the grounds of negligence.

It can take many years after a data breach before the final cost becomes known, and almost impossible to accurately predict how much a data breach actually costs healthcare providers, but if you need to calculate insurance cover, consider the costs detailed in the infographic below:



Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On