I ran across an interesting report this week related to data breaches and their cost to an organization. The 2009 Ponemon Institute Benchmark Study was released and makes for some fascinating and scary information. The study covers many different industries where breaches occurred in 2009, with 45 participants, some of which are healthcare entities. I encourage you to read the entire report as I found it quite interesting.

With breach notification now required if an organization has a breach, it’s important to take steps to protect yourself from this occurring. So what if this happens? What will it cost? Here are some interesting points from the study:

  • The average cost of a breach is $204 per record involved. In the healthcare industry, however, this cost rises to $294 per record, second only to the pharmaceutical industry at $310.
  • The average organizational cost in 2009 was $6.75 million. The most expensive cost was $31 million.
  • The study looked at what percentage the cost of lost customers is due to a breach. This has risen to 3.7% and is listed as the main cost when you have a breach. It is interesting to note that, while the average is 3.7%, in health care that number actually increases to 6%, which is equal in the healthcare, communications, and pharmaceuticals industries.
  • Another important thing to note is that 42% of breaches were listed as due to an external factor, such as using an outsourcing company to provide services. In the healthcare industry, this number rises to 60%.
  • Of the breaches studied, 36% were related to lost or stolen laptop computers or mobile devices. Do you now see a value in being sure your jump drives and external hard drives are encrypted?
  • Also reported was the average cost when the breach was related to a mobile device: $224 compared to $193.
  • Do you have a compliance officer for your organization who manages the process? If not, it may be a good time to rethink your strategy. Those organizations who have one had an average cost per record of $156.73 versus a cost of $235.51 for those who do not.

While a mere $200 may not sound like a lot, remember this is per record breached. Just one breach that involves 500 patients would have a cost of around $102,000. Many of the 131 breaches reported on the HHS website have many more records than 500.

Be sure your compliance program is protecting you from breaches that could end up costing thousands, or millions, of dollars. It is not a place to skimp on in your organization.

Remember, if you are an independent contractor, this weekend is your last opportunity to get the HIPAA4MT sample policies and procedures at a significant discount!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Tagged with:

Filed under: Business AssociatesHIPAAHITECH ActPrivacy RuleSecurity Rule

Like this post? Subscribe to my RSS feed and get loads more!