How Much Could One Data Breach Cost Your Organization?

In light of the recent Equifax data breach which has effected roughly 143 million Americans, protecting personal information has come to the forefront of thought for many people in the United States. To put that number into scale, that is roughly 44% of the United States population that may have had their identity exposed or stolen due to this breach.

Accidental breaches and violations are a risk associated with any industry that deals with sensitive information. However, with changes in technology and HIPAA laws, healthcare is particularly at risk for costly breaches similar to those experienced by Equifax. According to Becker’s hospital review, an average of 1 reported healthcare breach incident per day occurred in the U.S. in 2016 and approximately 90% of hospitals have reported a breach in the past two years.

It should come as no surprise that healthcare related breaches have staggering financial consequences directly affecting the bottom line. Breaches in the U.S. healthcare field cost $6.2 billion each year beyond legal costs and fines, there are many ways a clinic stands to take a hit financially including:

  • An average of $560,000 in breach notification costs: depending on the size and scope of the breach this could include anything from credit monitoring services and setting up a toll-free number for those potentially affected to notifying HHS and the media of breaches.
  • Loss in brand value averaging $500,000: This is the financial quantification of how your organization’s reputation may be effected by the breach.
  • $440,000 average in post-cleanup “housekeeping”: After taking such a substantial financial hit, clinics will of course be looking at ways to not have this happen again. This can be manifested in tangible items like technology upgrades or intangible costs such as staffing changes and turnover.

With devastating consequences both financially and to an organization’s reputation, it’s apparent that one accidental breach could significantly impact an organization. Possibly even resulting in the organization’s demise.

How We Differ

As a business associate – DataFile is acutely aware of the consequences for a large healthcare data breach. We are subject to the same HIPAA laws as covered entities, and assume responsibility should a large healthcare data breach occur within our scope of work. We maintain patient privacy as one of our top priorities, though we know accidents can happen. Be assured that we have a plan in place to protect our clients and their patients.

Our numbers speak for themselves though. In our 2016 Incident Report, our CIO and Manager of Compliance Team here at DataFile stated, “The best part of our compliance program is our people, as evidenced by our excellent training and our low incident rate. Even though DataFile continues to grow, our incident rate has declined for the third consecutive year.”

The proof is in the numbers here at DataFile as though our goal is zero errors, we know accidents can happen, so we have instituted a stringent auditing process of all records that we are releasing. Paying additional attention to areas where mistakes occur frequently within a health record – such as misfiles due to name or date of birth along with our fulfillment team taking special care when fulfilling requested records to ensure that careless errors in addressing or delivering requests are avoided to the best of our ability. With our impressive processes, we are proud to state that our error rate through hundreds of thousands of fulfilled records is a mere .0301%.

What Can You Do

The easiest way to offload liability in the case of an accidental breach or violation is to work with a trusted business associate, like DataFile, to handle tedious and risky processes like release of information. We have spent more than 14 years partnering with organizations nationwide and have become a trusted associate to work with. Contact us today to see how DataFile can assist you with your release of information and assume liability for breaches – so you don’t have to.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *