Sunday, August 29, 2010

Analysis: Healthcare Breach Costs May Reach $800 Million

According to an analysis by the Health Information Trust Alliance (HITRUST), regulated health care organizations that have reported health information breaches of 500 or more people could cumulatively spend upwards of $1 billion in related costs.

Since the Health Information Technology for Economic and Clinical Health Act or HITECH Act of 2009 came to being, a number of new privacy, security and reporting and non-compliance penalty provisions went into effect. And as summarized by this report from HITRSUT, there have been 108 entities who have reported security breaches since September of last year.

Those breaches comprise about 4 million people and records.
http://www.informationweek.com/blog/main/archives/2010/08/analysis_health.html

MIAOULIS NOTE:  This articles points out an average of $204 per individual breach.

1 comment:

Kamal Govindaswamy said...

The HITRUST Alliance report referred in this article does a good job of analyzing this year's healthcare breaches. However, it doesn't necessarily highlight the surprisingly low number of breaches involving technology/people/process controls as opposed to physical losses.

You may be interested in our post talking about why we may be missing some breach numbers and how we can learn from data breach reports to improve the quality of HIPAA risk analysis and implement better safeguards.

http://rnc2.com/regulatory-compliance/hipaahhitech/you-dont-know-what-you-dont-know-do-we-have-a-detection-problem-with-the-healthcare-data-breach-numbers/