The Hidden Costs of a Data Breach
According to the 2013 Cost of a Data Breach Study: Global Analysis conducted by the Ponemon Institute[1], the average cost of a health record breach to a health care practice is $233 per record.
This average takes into account:
• The cost of notifying each individual;
• The cost of providing credit monitoring services to affected individuals; and
• Other costs of mitigating the breach (i.e., forensics, outsourcing hotline support).
Let’s look at this in real dollars and cents. In 2014, a multi-specialty healthcare group serving eastern Pennsylvania and western New Jersey reported a breach of protected health information (PHI) to the Secretary of Health and Human Services (HHS) that involved 13,900 individuals. The breach was caused by a stolen laptop.
13,900 records X $233 per record = a staggering $3,238,700!
As if it couldn’t get any worse, this cost does not include the potential fines and penalties that could be imposed by the Office for Civil Rights (OCR), nor any lawsuits filed against the practice by patients affected by the breach. Finally, the loss of reputation and negative publicity is difficult to measure, but could have a lasting impact on patient retention and the future growth of any health care practice.
HHS Breach Portal
The HITECH Act requires the HHS Secretary to post a list of breaches by healthcare providers that involve 500 or more individuals. This “Wall of Shame” is a long list, growing longer every day, and one which no health care practice wants to find itself on. The Breach Portal can be found at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.
What to Do?
We can help. As a full-service compliance company, inUnison Consulting, LLC provides a comprehensive HIPAA Program, but you may also choose only the elements you need, including:
• A practice-specific HIPAA Policies and Procedures Manual (with the required templates for implementation),
• Onsite employee training (facilitating staff interaction and Q & A), and
• An onsite facility survey and Security Risk Analysis that provides risk levels (as required by the Rules) and prioritizes action steps.
Here’s the Difference in Value.
With other HIPAA companies, you are often on your own when it comes to administering your program – you are given a HIPAA manual, maybe employee training, but very little guidance or support.
Our experienced compliance specialists will come to you and help you implement your HIPAA Program, explaining the manual and Rules in plain language. We’ll survey your facility to look for issues that need addressing and even help you fill out the required forms and templates, ensuring that you are in full compliance. We also provide you with support and guidance in the event of an OCR HIPAA audit.
With prices starting at $395, you’ll be pleasantly surprised at how affordable our products and services are.
Give us a call today at 877.222.2027, or visit us at www.inunisonconsulting.com.
[1] A global research and educational institute whose mission is to conduct independent empirical studies affecting the management and security of sensitive information.