Intelligence Unit
Special Reports
Special Events
Subscribe
Sponsored
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
Follow Us
HITRUST: HIPAA Breaches Near $1 Billion
Covered entities and business associates reporting breaches of unsecured personal health information (PHI) affecting 500 or more individuals to the Office for Civil Rights (OCR) together could spend nearly $1 billion because of those breaches.
According to a report from the Health Information Trust Alliance (HITRUST), 108 entities submitting the breach reports to OCR since September 23, 2009 could spend up to $834.3 million in total costs to address violations of the Health Insurance Portability and Accountability Act (HIPAA).
HITRUST used the 2009 Ponemon Institute study that found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.
OCR's breach notification website list has grown since the HITRUST report, published this month. As of Wednesday, August 11, 130 entities have reported breaches of 500 or more.
Chris Hourihan, manager of development and programs for HITRUST and the author of the report, says organizations err on the side of caution and provide notice to OCR even if a risk analysis may determine no harm done from their breaches.
The breach notification interim final rule includes a "harm threshold" provision that allows entities to get off the hook from reporting breaches if they determine the incident does not pose significant risk of financial, reputational or other harm to the individual.
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- How Chargemaster Data May Affect Hospital Revenue
- House Lawmakers Grill CMS Over Health Exchange Navigators
- Fortunately, Angelina Jolie Isn't On Medicare
- ED Physicians Key to Half of Hospital Admissions
- Don't Let Nurses Sink Your Bottom Line
- Primary Care Docs Average More Hospital Revenue Than Specialists
- Insurer's App Aims to Lower Healthcare Costs, Securely
- Uncompensated Care Faces a Double Hit in Some States
- 69% of Employers Plan to Offer Healthcare Coverage After 2014
Comments are moderated. Please be patient.
Hipaa world (12/19/2012 at 3:15 AM)
Or if you are unethical and in interested in avoiding the publicity your organization might just cover over the breach. This is what is reported by word of mouth from an MA to another to have happened to a woman who's information was intentionally breached while held within the Promedica systems database. The authorities were less than helpful and indeed minimizing of the damage or certain existence of the breach. The health information became rumor mill and there was still no transparency or formality to the victim's inquiry. That is why the recent case of Somogey v Toledo Clinic was an interesting notion to those of us MA's who know of the intentional breach prior. Perhaps such a response complete with discipline, action and accountability is selective.