A penalty of $1.5 million from the Office for Civil Rights is a long way from imaginary; in any case, the aggregate cost of adjusting HIPAA issues and tending to all security issues can be significantly higher than the cost of the fine, as Blue Cross Blue Shield of Tennessee as of late found.
The safety net provider was the business’ initially organization to get a fine to violate the HIPAA and was issued the most extreme punishment of $1.5M for the monster information rupture that uncovered the Protected Health Information of over a million of its policyholders in 2009. The break happened when 57 hard drives were stolen from its offices in one of the biggest ever HIPAA information ruptures answered to date.
The fine was issued for rupturing the Privacy and Security Rules. The cost of bringing the organization’s strategies, arrangements and programming fully informed regarding HIPAA and the Privacy and Security Rules has been significant. The aggregate cost of agreeing to HIPPA and managing the information break has been ascertained to be $18.5 million.
The True Cost of HIPAA Compliance
The activity for that the wellbeing guarantor consented to take after included conveying the greater part of its frameworks in the know regarding current directions and actualizing some measures to secure information and avert additionally ruptures.
The safety net provider spent roughly $6 million on information encryption administrations to include an additional layer of security as required by HIPAA, and an aggregate of £17 million dollars was spent on exploring the episode and issuing break notices to a million or so of its policyholders.
While the cost of bringing the organization’s strategies and methods fully informed regarding HIPAA and encoding persistent information was unavoidable, had steps been taken quickly to guarantee consistency before the due date passed, the safety net provider could have spared a few million dollars.
The information break should fill in as a stern cautioning to all medicinal services associations that have not directed an intensive hazard examination and tended to all security vulnerabilities recognized. On the off chance that a break happens or the OCR conducts a review, the expenses of remedy are probably going to be well in overabundance of the fine for the HIPAA infringement.