This month, IBM Security and Ponemon Institute released its 2017 Cost of Data Breach Study. It examines the costs experienced by 63 U.S. companies in 16 industry sectors after those companies experienced loss or theft of protected personal data and the notification of breach victims as required by various laws. It is not a healthcare specific study, but it does include healthcare specific statistics.
Healthcare Breach is Most Costly
This study showed that there has been a 4.7 percent increase in the total cost of data breach. The study also revealed that heavily regulated industries, such as healthcare and financial services, had per capita data breach costs well above the overall mean of $225. In contrast, public sector organizations had a per capita cost of data breach below the overall mean.
Moreover, healthcare breach is the costliest across all industries. These costs include credit or identity theft monitoring for breach victims, forensic and legal fees, and loss of goodwill and of business.
Causes of Data Breach
There are many different causes of data breach, but malicious or criminal attacks continue to be the primary and costliest cause. The study states that 52 percent of incidents involve a malicious or criminal attack, 24 percent are caused by system glitches, including both IT and business process failures, and another 24 percent of incidents are caused by negligent employees.
An example of how employee error can result in breach is in the Release of Information (ROI) process, which involves a variety of manual steps. While this type of risk can be minimized with the proper training and education, human error is inevitable. An error can lead to the wrong patient’s records being released to the wrong party, resulting in breach and damage to an organization’s reputation.
While the type of breaches resulting from mistakes in the ROI process may not effect hundreds of patients at a time, the cost can be just as impactful. And, preventing these types of breaches should not be overlooked. Small breaches like this happen far more frequently than large breaches, and the Office for Civil Rights (OCR) is noted as paying closer attention to them.
Preventing Breach in the ROI Process
Although there are many causes of data breach, there are also many ways to prevent it in the ROI process. The combination of highly trained, knowledgeable staff and state-of-the-art technology can improve PHI disclosure accuracy rates. Employees should undergo specialized training on the most up-to-date HIPAA regulations and Protected Health Information (PHI) disclosure requirements at the federal, state and facility level.
Additionally, by partnering with an experienced and knowledgeable PHI disclosure management partner, organizations can achieve near-perfect accuracy rates and prevent breaches in the ROI process. Innovative ROI vendor partners, such as MRO, utilize technology to identify errors at every step of the ROI process, including optical character recognition (OCR) technology like our IdentiScan®, to ensure there are no comingled records before release.
To learn more about preventing small breaches, complete the form to download our white paper “Mitigating Breach Risk in an Era of Expanding PHI Disclosure Points and Requests for Health Information.”