Did you know that resolution of breaches of protected health information on paper or x-rays often is cheaper than breaches of electronic data?

Following an electronic breach, contracting with a forensics investigation firm often is needed to determine what data was compromised. But provider organizations that maintain identification logs of paper records and x-rays sent to storage or destruction makes it much easier to determine the scope of a breach and the individuals affected, says Katherine Keefe, global focus group leader of breach response services at Beazley Group, a liability insurer that also offers breach remediation services.

The cost of a breach also can be higher if the impact is across more than one state because additional attorneys familiar with their state laws may need to be contracted. Costs escalate further if a breach compromises Social Security numbers. There isn’t much that can be done if a thief accesses credit card numbers except run up changes before an affected individual calls the card company and gets the charges dismissed and a new card issued.

But SSNs are a linchpin to identity theft, the filing of fraudulent tax returns and the opening of bank and credit card accounts. Organizations that have a breach of SSNs are not specifically mandated to offer credit and/or ID protection services, but state attorneys general expect that remedy to be made available, Keefe cautions. And, the cost of protection generally ranges from $40 to $70 per person.

Asked what happens to a healthcare organization’s liability insurance following a breach, Keefe says many remain with their current insurer, who will want to see an increased spirit of awareness and compliance. The insurers typically offer a range of services to help providers better protect health information before a breach happens, but many don’t take advantage. “There’s nothing like a big bad breach to get leadership to fund security improvements.”

Since the HHS Office for Civil Rights increased its use of publically announced heavy fines and compliance plans to enforce HIPAA privacy and security rules, a lot of healthcare organizations have started to take notice “and really want to do the right thing,” Keefe adds. Take advantage of the advisory services that liability insurers offer, she counsels.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access