What is HIPAA Compliance and who does it pertain to?
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Health data is highly sensitive information, and organizations within the Healthcare and Medical Industry need to ensure that this data is secure at all times. Most commonly, patient data is stored in both electronic and paper file formats.
HIPAA was enacted to outline specific security standards that protect sensitive medical and patient data. Every organization that deals with protected health information, otherwise known as PHI, is required to have a structured variety of networks, processes, and physical security procedures that they must comply with in order to assure their HIPAA compliance. Any individual who either acts as a provider of care, treatment, payment, and operations or acts as a business associate in the healthcare network and has access to patient data must comply with HIPAA.
What affects the cost of HIPAA compliance?
There are multiple variables that affect HIPAA compliance cost. Below we have listed the variables that we believe must be evaluated when calculating the cost for any unique healthcare organization.
- Type of the organization:
- Different types of healthcare organizations carry differing amounts of protected health information (PHI). For example, a large hospital may carry larger amounts of PHI than a small private practice, assuming a higher risk level.
- Size of the organization:
- Size is a major factor in the price consideration for obvious reasons- the more employees, programs, and processes within the organization, generally the higher the cost of compliance.
- Environment of the organization:
- Each type and size of organization utilizes a unique array of technology devices – dependent upon what type of healthcare they are providing and to whom. A lesser-known fact is that computers, firewalls, and backend servers of different makes increases complexity and will affect how much an organization will pay for HIPAA compliance
The cost of a data breach
As stated earlier, Protected Health Information (PHI) is highly sensitive information, making any possible data breach detrimental to the healthcare organization and everyone involved. This type of data breach is one that not many healthcare organizations have the ability to fully bounce back from.
Below are some costs and possible penalties and fines that can be incurred from a data breach that go without consideration.
- Class action lawsuits are $1,000/record
- State attorney generals are $150,000,000 – $6.8 million
- HHS fines can be up to $1.5 million per violation per year
- Lawyer fees start at a minimum of $2,000 depending on severity and need
- Patient loss can be around 40%
- Federal Trade commission fines are $16,000 per violation
- ID theft monitoring comes to be $10-$30 per record
- Free Credit monitoring for those who are impacted is about $10-$30 per record
- Notifications of beaches cost $1,000+
- Technology repairs are $2,000+
- Business association changes are $5,000+
The total volume and sum of fines, penalties, and costs paid by organizations is dumbfounding and accentuates the importance of complying with HIPAA and also having a protection method in place to securely store this data.
The best way to stay compliant with HIPAA is to check with your IT department and make sure they have a process in place to ensure that health data is fully protected.
Want to know if you are compliant? Contact Armada Cloud today!