The white paper, prepared by FairWarning, a St. Petersburg, Fla.-based provider of patient data privacy monitoring products, noted that between April 2003 and July 2010, the Health and Human Services’ Office for Civil Rights had investigated and resolved more than 11 421 cases of patient data privacy violations under the Health Insurance Portability and Accountability Act (HIPAA).
Patient data privacy breaches can be expensive. Privacy breaches detailed in the white paper resulted in fines in excess of $2.25 million and internal management costs of between $6.5 and $15 million for a breach that receives media attention.
Based on information from 300 hospitals and 1400 clinics that have deployed FairWarning’s monitoring products, the white paper estimates that a healthcare provider is likely to have between 25 to 100 patient data privacy breaches per month without a privacy monitoring system in place.
With a monitoring system, along with employee training, incident remediation, sanctions, and risk assessment, a healthcare provider can reduce the number of breaches to between one and three per month, an 85% to 99% reduction, the white paper said.
FairWarning stressed the need for consistent sanctions against offenders who breach patient data privacy.
“A provider must be willing to take action against offenders including physicians who provide a substantial patient draw to the organization because of their specialty and reputation. On a continual basis, privacy and compliance should collaborate with information security to reduce risk exposure and close vulnerability gaps detected by privacy breach monitoring,” the white paper said.