In a recent article by Howard Anderson of Health Info Security, Howard brings forth an argument by an attorney, Jim Pyles, that if breaches and their high costs are not brought under control, then an “insurance crisis” is likely to be a result.

Does your healthcare organization really want to deal with the high cleanup costs after a security breach? What about the reputation disasters that is not far behind? If these weren’t enough reasons for your organization to start thinking about how to prevent breaches, then what if the insurance industry decides to not insure your organization or drastically increase the coverage costs due to the rising costs and frequencies of security breaches within the healthcare industry? It would be impossible to operate without insurance coverage, never mind an affordable one. 

Protecting patient data is the responsibility of the healthcare organization.  Taking proactive measures by implementing a solution or solutions with security policies and procedures to support the technology is a good step in the right direction.  Reviewing your organization’s privacy and security policies and the nature in which they are handled is critical because there may be some changes that are needed to further mitigate the risk of a breach.  It is up to your organization to take action to further assess what technologies, policies, and procedures will help to prevent a security breach, all while complying with the HIPAA and HITECH Act mandates.  You will be protecting your bottom line as well as your most valuable asset, the patient.