How a HIPAA Breach Can Negatively Impact Your Business

According to the Ponemon Institute’s 2011 Benchmark Study on Patient Privacy and Data Security, data security breaches cost the U.S. healthcare industry an estimated $6.5 billion a year, up 10 percent from last year. About 29 percent of the providers reported that one consequence of data breaches was medical identity theft.

The major causes of healthcare data breaches include lost or stolen devices (nearly 50 percent), third party/business associate mistakes (46 percent) and unintentional employee actions.

According to the Ponemon Institute’s 2011 Benchmark Study on Patient Privacy and Data Security, data security breaches cost the U.S. healthcare industry an estimated $6.5 billion a year, up 10 percent from last year. About 29 percent of the providers reported that one consequence of data breaches was medical identity theft.

The major causes of healthcare data breaches include lost or stolen devices (nearly 50 percent), third party/business associate mistakes (46 percent) and unintentional employee actions.

The prevalence of business associates as the source of a data breach highlights the importance of vetting your vendors thoroughly for HIPAA compliant hosting – although passing a HIPAA audit of their own does not make your organization completely compliant, it does mean your data hosting solution and provider has the proper technology, policies and procedures in place to protect your company from a data breach.

The use of mobile devices in the healthcare industry is another contributor to data loss – while 80 percent are using them to gather, transmit and store patient information, half of them are not securing them.

How can your organization secure sensitive protected health information (PHI) during transfer, storage and transmittal? Online Tech recommends data encryption, virtual or dedicated firewalls, offsite backup and antivirus to meet HIPAA/HITECH standards and keep data safe.

The study also reports that fifty-five percent of respondents agreed that concerns about the ongoing HIPAA audits enforced by OCR and the onsite investigations have affected changes in their patient data privacy and security policies and procedures.

Negative Impacts of Data Breach

What are the consequences of a data breach that healthcare organizations must suffer?

• 81% Diminished productivity and lost time
• 78% Brand or reputation diminishment
• 75% Loss of patient goodwill
• Potential result of consequences: patient churn, representing an average loss of $113,400 per customer/patient, an increase from $107,580 from last year’s study.

How are these data breaches discovered?

• 51% Employees
• 43% Audit/Assessment
• 35% Patient compliant

Although investing in the proper HIPAA compliant technology, policies and procedures can be a costly, time-consuming process, the study also shows that healthcare organization are at risk of non-compliance, based on their current practices. The study also shows a significant financial loss and other serious consequences that can negatively impact business survival.

Need more HIPAA hosting information and recommended best practices to meet compliance? Answer questions like What services from Online Tech help make me compliant? and What’s the best way to encrypt PHI? in our informative HIPAA FAQ. Or read up on a few HIPAA hosting case studies that detail real companies with real HIPAA challenges, and their solutions that helped them be successful today.

Sources:
Second Annual Benchmark Study on Patient Privacy & Data Security, Ponemon Institute
Healthcare Data in Critical Condition
Health Data Breaches Cost $6.5 Billion Annually