HIPAA by the Numbers

17,000 patient records breached per day, on average.

(September 2009 to Present, HHS.gov)

 

$ 188 average cost per breached record.

(Ponemon 2014 Cost of a Data Breach Survey)

 

Black-market Value:

• $ 50 per medical record 
• $ 1 per credit card number 

(FBI Health Care Risk Notification, April 2014)

 

Healthcare organizations 81% permit BYOD personally-owned devices connecting to their networks but only 21% scan BYOD devices  prior to connection to network.

(Ponemon Survey of Healthcare Organizations)

 

HIPAA Penalties:

• $ 1.5 million  for a lost unencrypted laptop 
• $ 1.7 million  for a lost unencrypted laptop 
• $ 1.7 million  for a lost unencrypted hard drive

63% of healthcare institutions experienced a reportable data breach.

(Ponemon 2013 Economic & Productivity Impact of IT Security on Healthcare)

 

91% of healthcare organizations are
using cloud-based services. 47% are not confident in the ability to keep data secure in the cloud.

(Ponemon Survey of 80 Healthcare Organizations, December 2012)

 

#1 Health Care IT Vulnerability:

“The biggest vulnerability was the perception of IT health care professionals’ beliefs that their current perimeter defenses and compliance strategies were working when clearly the data states otherwise.”           

(FBI Health Care Risk Notification, April 2014)

 

Compliance does not equal security. Organizations may think they’re compliant, but data shows that
they are not secure. 

(2014 SANS Health Care Cyberthreat Report)

 

56% of patients whose data was breached  lost trust and confidence in their healthcare provider.

(Ponemon 2013 Survey on Medical Identity Theft)

 

700,000  HIPAA Covered Entities (providers & payers). 2,000,000 – 3,000,000  HIPAA Business Associates.

(HHS estimates)

 

Only 115 HIPAA Audits 2009 – 2013
(out of 700,000 Covered Entities).
Only 100 per month starting in 2014
(of 3.7 million organizations required to comply with HIPAA). But…
13,000 Data Breach Investigations.

(HHS Office for Civil Rights)

 

Health Care: 31% of all reported data breaches.

(EMC/RSA White Paper, 2013)

 

74% are not encrypting data on mobile medical devices.

(HIMSS Security Survey, sponsored by Experian)

Only 43% of healthcare providers have an accurate inventory of employees’ and customers’ personal data.

(Worldwide study by PwC, CIO Magazine & CSO Magazine)

 

HIPAA Penalties:

• $ 6.8 million - Health plan mailing error 
• $ 4.8 million  - Hospital published data 
• $ 1.2 million - Data left in copier drives 
  

Data breaches hurt patients, medical practices and businesses. Breach investigations are much more likely to occur than HIPAA audits. Data breaches can turn into expensive lawsuits. 

Only one federal agency conducts HIPAA audits, while many federal and state agencies enforce data breach penalties. 

For all these reasons Semel Consulting is focused first on protecting you against data breaches, and then we help you with the documentation, programs, and evidence to show you are compliant. Contact us for more information. 

 

Semel Consulting works with Covered Entities, Business Associates, and Subcontractors to properly manage HIPAA compliance.

 

MIKE SEMEL  |  www.SemelConsulting.com