2015 has oft been cited as the “Year of the Healthcare Data Breach,” and sure enough the data for the year has been supporting this. More than 91.7 million records have already been breached in 2015. Despite this increase, the regulatory side of things has been quiet for the first part of 2015. The HHS Office for Civil Rights (OCR) Phase 2 audits have yet to begin, and the expected increase in HIPAA-related penalties has yet to materialize. The rest of the year won’t be as quiet on this front.
Privacy Attorney Adam Greene, who formerly worked at OCR, predicts that HIPAA-related financial settlements are coming down the pipeline, likely only delayed due to a chance in leadership at OCR. 2014 saw six resolution agreements, the largest being for $4.8 million. Will the settlements of this year outstrip those?
“We've heard anecdotally that [OCR] has a significant pipeline of unprecedented settlement agreements, meaning particularly high amounts [of financial penalties] and a particularly large number,” predicts Greene.
There is a lag between HIPAA incidents and settlements of 2-3 years, so settlements in 2015 will only reflect incidents of healthcare organizations, not business associates, who became liable under the HIPAA Omnibus Rule, which came into effect in 2013.
Although the number of actual HIPAA penalties is relatively few, given the high number of data breaches per year, healthcare organizations still bear a high cost per security incident. Organizations must swallow the cost of data breach notification, the loss of consumer trust, State-level lawsuits, class action lawsuits, legal fees and costs associated with the investigation of data breaches, both by the OCR and other regulators. The average cost of a data breach is highest in healthcare than in any other industry, up now to $5.9 million per breach.
Healthcare organizations around the world rely on Absolute Software to secure devices and the sensitive patient data they contain. To learn more about how Absolute Software can help mitigate data breach scenarios, visit our website.