Friday, December 23, 2011

The Costs of a Privacy Breach: Are You Ready?

In “First-Hand Experience with a Patient Data Security Breach,” the CEO of an implementation services company discusses the impact of a data breach on his company and the patient practices it serves, and the resultant costs. While the loss stemmed from the loss of a laptop rather than from insider actions, an analysis of the response process and the expenses incurred provides rare insight into an effective breach response program “under fire,” as well as how costly breaches of PHI can be. For a data breach involving the compromise of over 14,000 records (which ultimately resulted in the PHI of 1,000 patients placed at risk), the total cost of breach investigation and response was a staggering $288,000. After legal fees, the single largest component of the cost was staff time, estimated at $125,000. The diversion of staff time because of the manual processes needed to determine the extent of damage added significantly to the total.

It seems that many health care providers would find themselves financially exposed in the event of a serious data breach. HealthLeaders.com cites a survey indicating most healthcare organizations are not ready for a privacy and security audit:
"HCPro's survey results show that only 17% of responding organizations said they are fully prepared for an OCR privacy and security compliance audit. "It is very hard to get your staff to understand how important this is," one compliance officer said. "
Through our own research and conversations with health care executives, we have found that a key best practices for curbing intentional privacy breaches involves:
  • effective training in privacy standards
  • explicitly communicating the sanctions for misbehavior
  • ensuring staff know that the means of audit and detection are reliable
Download a white paper on medical records privacy breach detection as a service. Learn about a service that proactively identifies unauthorized breaches of patient privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) First-Hand Experience with a Patient Data Security Breach - HIStalkPractice.com, December 3, 2011
(b) Most Providers Unprepared for HIPAA Audit - HealthLeaders Media



No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.