HIPAA prevention standards are not new. However, the expectation of patient and client data security has ramped up recently. Very public reports of breaches brought the issues directly to consumers. The expectation is to protect private health information (PHI) against any reasonably anticipated threats or hazards. The first step is the required yearly risk assessment, but knowing your risk is not enough. Steps must be taken to fix issues and prevent data loss. CyberCompass® was specifically designed to fulfill all these requirements with step-by-step action items in an easy to use dashboard. Identifying and staying on top of your risks could prevent an issue like this.
The Breach
The University of Rochester Medical Center (URMC) recently agreed to a $3,000,000 settlement with the Office of Civil Rights (OCR). URMC reported data loss in 2013 when an unencrypted flash drive was lost. They again reported a breach when a personal laptop with unencrypted ePHI was stolen from a treatment facility. The fine may seem steep when you think that only 43 patients’ data was on the stolen laptop. The bigger issue, however, was the lack of progress in breach prevention from the first to the second incident.
The Cost
Beyond the fine to the OCR, breaches can cost a company much more. According to the IBM Security Cost of a Data Breach Report 2019, healthcare is the industry with the highest average cost at $6.45 million, not including fines. Lost business was the largest contributing factor to this total, accounting for 36% of the total cost. Other factors include detection and reporting, notification of affected parties and post breach clean up.
Corrective Action looks like HIPAA Prevention
The list of requirements mandated by the OCR look very similar to the actions that are expected to prevent the breach in the first place.
- Conduct a Risk Assessment
- Implement a Risk Management Plan
- Implement customized Policies and Procedures
- Train your staff
- Create and maintain a body of compliance evidence
Paired with one of our consulting distributors, CyberCompass® provides all of these capabilities including automated cyber risk management.
HIPAA Prevention is always cheaper
URMC is facing a guaranteed loss of $3,000,000 plus other expenses in breach clean up and potential loss of business. CyberCompass® puts you in charge of your cyber risk, cybersecurity and compliance while saving you 70% of the typical cost, time and effort.
See the CyberCompass difference and what it can mean for your organization.
You can read the full report on the URMC case on the HHS website.
