According to research provided by the Privacy Rights Clearinghouse, the healthcare industry has seen a marked jump in data privacy breaches over the last 2 years. In 2011 alone, PrivacyRights.org tracked nearly 200 breaches for the industry, more than 2.4 times the next leading industry, Retail/Merchant Businesses. In addition, the latest Patient Privacy and data Security study by the Ponemon Institute, indicates that data losses and security breaches have cost the U.S. healthcare industry approximately $6.5 billion during 2011 with an average economic impact of $2.2 million just for one data breach. Healthcare has certainly become a targeted industry for cyber threats.
With HITECH, we have seen penalties increase and the guidelines enforced. The act permits the U.S. Health and Human Services Department (HHS) to impose a penalty of up to $50,000 per privacy violation with a cap of $1.5 million annually for the same violation. In 2011, we saw HHS impose a $4.3 million fine to a large Maryland medical provider as well as a settlement with a large Massachusetts hospital for $1 Million. Hospital data breaches and loss amounts are a constant headline these days.
While no CIO or CISO wants to find their organization’s name posted on the PrivacyRights data breach timeline, highlighted in the media or face the reputational and stockholder loss associated with a breach, the healthcare industry seems to be slow at focusing on data privacy and information security issues. Medical organizations appropriately put patient safety and quality of care far before the need to comply with government regulations. But as a result, IT organizations are struggling to find the appropriate best practices as well as budget to secure the organization and report on compliance.
We have put together a few tips and tricks to help healthcare organizations collect and archive this crucial log data to comply with the HIPAA and HITECH requirements for operational troubleshooting as well as forensics needs. To learn more about these best practices, please listen to our latest webcast that addresses these topics, download our best-practice white paper or try the WhatsUp Log Management Suite free for 30 days.