Healthcare IT professionals are seriously overburdened these days as they try to manage the demands that come with protecting patient data and privacy. The associated challenges were made even more difficult this year as many healthcare providers moved to remote work and the use of telemedicine increased. And while it isn’t getting easier to secure patient health information, the penalties for failure to do so doled out via HIPAA continue to reach new heights.
One study found that the healthcare sector was most targeted by hackers in 2019 and breaches cost the industry more than $2.45 billion. Hackers target healthcare largely because of the high value information they hold. The distributed nature of healthcare also provides them with many possible entries into the system, from phishing emails targeted at employees to the organization’s extensive supply chain and increasingly possible, hacking into IoT medical equipment such as pacemakers.
HIPAA violations contribute a big portion of that billion-dollar price tag, though they vary widely in both cost and root cause. Most recently, the Office for Civil Rights (OCR) fined a Rhode Island health entity for $1.04 million when an unencrypted laptop that wasn’t password-protected was stolen from an employee’s car. The theft compromised PHI of more than 20,000 patients.
In September 2018, three Boston hospitals were ordered to pay more than $1 million collectively for compromising patients’ PHI when they invited film crews on site without first obtaining patient permission. In 2017, a New York hospital was ordered to pay a $387,000 fine for faxing patient health information to the individual’s employer.
Why such costly compliance failure fines? Let’s not forget the primary purpose behind HIPAA:
Protection of your personal health information is a civil right.
The HIPAA Privacy Rule gives individuals’ rights over their own healthcare information. When those rights are violated, the penalty is high.
Also adding to the cost of a data breach is hefty recovery expenses. The 2020 IBM Cost of a Data Breach Report says the average total cost in the U.S. exceeds $3.86 million. More importantly, patients often lose trust in their healthcare provider(s) when their rights are violated. According to one study, 54% of patients say they would be “very likely” or “moderately likely” to change providers after a breach of their PHI. This loss of trust has direct impact on a healthcare organization’s bottom line over the long term.
Absolute helps healthcare organizations protect PHI by securing and managing sensitive healthcare devices, data and applications from a single, cloud-based console, no matter where the devices may be located. IT can stay in control of devices with a persistent, self-healing connection, identify potential HIPAA violations, enforce compliance and be ready for audits at all times.
Learn how Greenville Health System ensures HIPIAA Compliance across 7 hospitals with Absolute and then download our whitepaper, Achieving HIPAA Compliance: Your Guide to Avoiding HIPAA and HITECH penalties.