Playing it Safe: The Compelling Business Case for Enhancing PHI Security 

We all know safeguarding Protected Health Information isn’t just a good idea; it’s the law and the right thing to do. Yet many organizations continue to put themselves at great financial and reputational risk when it comes to the privacy and security of the data they hold. But why?

Sometimes senior execs just don’t understand the potential impact of a major breach, and as a result, haven’t appropriately funded HIPAA-HITECH compliance initiatives. Other times, it’s simply a lack of awareness about the probability of a breach and realization of these impacts. At Clearwater, we regularly encounter organizations facing far more security risk exposure than they realize.

As co-founders and strong supporters of the PHI Protection Network (PPN), Clearwater is banding with other industry leaders to increase awareness and address these issues.

Leading the Charge

PPN was actually an outgrowth of a collaboration among industry leaders to publish a white paper for ANSI to help organizations better understand what’s at stake, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security. (Mary Chaput, one of Clearwater’s founders and principals, was one of the co-authors.) This report called for enhanced security to safeguard protected health information and spurred the founding of PPN to pursue this goal.

As an interactive group of senior privacy, compliance, and security officers, PPN gathers annually to share best practices and insights and develop tangible, actionable takeaways readily implemented inside attendees’ respective healthcare organizations.

The next PPN Conference is Thursday, April 10, 2014, in Anaheim, California. This event is a powerful forum for organizations truly interested in doing more to strengthen data protection programs. If you’re interested in attending the conference, register here.

Quantifying Risk Exposure

The average cost of a data breach is about $200 per patient, translating into costs that can easily top $2 million for a lost laptop with 10,000 patient records. This does not include the harder-to-calculate costs of lost business or lost productivity.

And have you considered class-action lawsuits? Patients with compromised health records often band together to seek damages. A study by Temple University’s Beasley School of Law found the average settlement award in data breach class-action suits is $2,500 per plaintiff, with typical attorney fees of $1.2 million. The $1 billion lawsuit filed in 2011 against Sutter Health proves the costs can be far higher.

No matter how large your organization, that’s REAL money.

Don’t Be a Target

When discussing issues like the budget deficit, politicians are fond of saying “If you’re not worried yet, you’re just not paying attention.” That expression certainly applies to data breaches, like the recent one at Target which affected millions of customers.

As 2014 promises to be a year of increased enforcement by the Office for Civil Rights, this is clearly not the time to rely on half-measures that don’t fully address your risk profile. Check out the resources available at PPN and double check your current efforts to understand and manage your risk/exposure. The business case for playing it safe is extremely compelling.

The next PPN Conference is Thursday, April 10, 2014, in Anaheim, California. Register here.





Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.