Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Estimating Financial Damage Often Difficult
By D. Kellus Pruitt DDS
Dom Nicastro just posted an article on HealthLeaders Media titled “HITRUST: HIPAA Breaches Near $1 Billion.”
http://www.healthleadersmedia.com/content/TEC-255015/HITRUST-HIPAA-Breaches-Near-1-Billion##
“Covered entities and business associates reporting breaches of unsecured personal health information (PHI) affecting 500 or more individuals to the Office for Civil Rights (OCR) together could spend nearly $1 billion because of those breaches.” Nicastro continues:
“HITRUST used the 2009 Ponemon Institute study that found the average cost for a compromised record to be approximately $144 in indirect costs and $60 of direct costs, for a total cost of $204.”
Fort Worth Star-Telegram
Just days ago, Jan Jarvis described a data breach in the Fort Worth Star-Telegram titled “Fort Worth medical clinic spends $15,000 notifying patients of theft.”
http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html#ixzz0wIaU5AQa
Jarvis writes,
“In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients’ personal information including Social Security numbers and birth dates had been stolen.”
Jarvis reports that 25,000 records were involved, and it only cost $15,000 to notify them. That’s only 60 cents per record instead of 60 dollars each as estimated by the Ponemon Institute. Instead of it costing the clinic $1.5 million for direct costs, it only cost them $15,000. That’s a savings of 99%.
Assessment
So what’s the deal? Is the Ponemon Institute that far off in their estimates?
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Information Technology, Practice Management, Pruitt's Platform, Research & Development | Tagged: Dom Nicastro, eDRs, EHRs, EMRs, Healthcare Data Breaches, HealthLeaders Media, HIPAA, Jan Jarvis, OCR, PHI, Ponemon Institute |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
eMR Costs
I agree with your sentiments above. It is a widely accepted assumption in the healthcare and information technology industries that electronic medical records in hospitals help reduce costs and enhance the quality of patient care.
http://www.thefiscaltimes.com/Issues/Health-Care/2010/08/12/Electronic-Medical-Records-Higher-Costs-Cited-by-Study.aspx
But, this new research on the subject contradicts that conventional IT wisdom. And, that has surprised and disappointed many in the healthcare and IT fields, including the researchers themselves.
Richard
LikeLike
Thanks, Richard.
Like the W. P. Carey School of Business authors of the Fiscal Times article you linked, I also believe eventually eMRs will save money and lives in hospital-based healthcare – even though it will take years longer and will be much more expensive than healthcare stakeholders led us to believe long ago. As Allscripts CEO Glen Tullman assures us, making physicians (read “patients and taxpayers”) invest in his eMR products will help Wall Street as well as Allscripts (MDRX).
Digital systems don’t scale down well, so adoption will take even longer in physicians’ offices than in hospitals, and will cost much more money than estimated in the infamous HIT industry-friendly Rand study that was cited for bias by the article’s authors. Yet eMRs will forever be a bigger danger for doctors and patients than paper records.
As for dentists and their patients, electronic dental records are just as dangerous as eMRs and will never show a return for the dentists’ investment. This means dental patients will pay for eDRs through higher fees, and the non-productive expense of dangerous systems will block access to affordable dental care for many.
To me, that means eDRs are counter to the Hippocratic Oath.
Saving money with information technology in dentistry is impossible for reasons that cannot be denied: The business of dentistry is just too darn simple.
Now if I could only get the American Dental Association to admit they are wrong.
D. Kellus Pruitt DDS
LikeLike
Record health record breaches
These times must be awkward for leaders who confidently promoted EHRs in dentistry while discounting dental patients’ privacy interests.
“More than 30,000 health-records breaches since 2009: HHS” by Joseph Conn.
http://www.modernhealthcare.com/article/20110907/NEWS/110909970/
Darrell
LikeLike
How a health ‘data spill’ could be more damaging than what BP did to the Gulf
The healthcare industry lags when it comes to protecting sensitive personal information, even as medical records are worth orders of magnitude more than other types data.
http://www.govhealthit.com/news/qa-how-health-data-spill-could-be-worse-what-bp-did-gulf?topic=,18,26
A wake-up call could be in the offing.
Nancy
LikeLike
Financial impact of breaches
Free Webinar Invitation
Today, patient privacy attorney Jim Pyles sent a note encouraging me to share with you the link to tomorrow’s “Free Webinar to Highlight Findings from The Financial Impact of Breached Protected Health Information.” (March 21, 1:00 p.m. Texas Time)
http://www.ansi.org/news_publications/news_story.aspx?menuid=7&articleid=3185
Mr. Pyles is one of four participants in the discussion hosted by the American National Standards Institute (ANSI), The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA). The purpose of the Webinar is “to help health care organizations assess security risks and help them build a business case to better secure PHI.”
————————————-
Darrell,
Those who think that electronic health records have not had a major adverse impact on health information privacy, public trust and health care costs, should listen to the free webinar tomorrow and download the free study by ANSI and others on the impact of electronic health information systems on health privacy. You should distribute this report to your colleagues in the world of dentistry. I think they might then understand your views a bit better.
All the best.
Jim
James C. Pyles, Principal
POWERS PYLES SUTTER & VERVILLE PC
1501 M Street NW, Seventh Floor | Washington, DC 20005-1700
—————————————
Done. At this point, I’d do just about anything to be better understood by my dental colleagues.
D. Kellus Pruitt DDS
LikeLike
“2013 at a Glance,” from “Data Breach QuickView – An Executive’s Guide to 2013 Data Breach Trends”
[Sponsored by: Risk Based Security and Open Security Foundation, February 2014]
Click to access 2013-DataBreachQuickView.pdf
– There were 2,164 incidents reported through December 31, 2013 exposing 822 million records.
– A single hacking incident involving Adobe Systems exposed 152 million names, customer IDs, encrypted passwords, debit or credit card numbers and other information relating to customer orders.
– The Business sector accounted for 53.4% of reported incidents, followed by Government (19.3%), Medical (11.5%), Education (8.2%), and Unknown (7.6%).
– The Business sector accounted for 73.9% of the number of records exposed, followed by Unknown at 24.5%.
– 59.8% of reported incidents were the result of Hacking which accounted for 72.0% of exposed records.
– 4.8% of the reported incidents were the result of Web related attacks which accounted 16.9% of exposed records.
– Breaches involving U.S. entities accounted for 48.7% of the incidents and 66.5% of the exposed records.
– 51.1% of the incidents exposed between one and 1000 records.
– Twenty-seven incidents have exposed more than one million records.
– Four 2013 incidents have secured a place on the Top 10 All Time Breach List.
– The number of reported exposed records tops 2.5 billion and the number of reported incidents tracked by Risk Based Security exceeded 11,200.
Darrell Pruitt DDS
LikeLike
Department of Health and Human Services outlines leading data breaches
According to a report from the Department of Health and Human Services:
• Breaches due to providers (63% – 68%)
• Breaches due to health information theft (50%)
• Breaches due to business associates (25% – 27%)
• Breaches due to hacking incidents (8% – 27%)
• Breaches due to unauthorized access (18 – 19%)
• Breaches due to loss of health information (12% – 17%)
• Breaches due to health plans (7% – 10%)
Note: Data from 2011-2012.
Source: United States Department of Health and Human Services
LikeLike
Breaches and class action lawsuits
“CHS Faces More Legal Challenges Following Huge Breach – At least two class action lawsuits have now been filed against hospital chain Community Health Systems following hacking attacks that compromised HIPAA-protected information for 4.5 million patients.”
Joseph Goedert
[HealthDataManagement]
October 13th 2014
http://www.healthdatamanagement.com/news/CHS-faces-more-legal-challenges-following-huge-breach-48985-1.html
If a thousand or so dental patients discover that their identities have been hacked, what is to keep them from filing a class action suit against the dentist(s)? Something to consider before going paperless, Doc.
D. Kellus Pruitt DDS
LikeLike
HIPAA and Data Breaches
“Cost to a HIPAA breach victim is $19,000 – We talk about the cost of HIPAA related breaches for organizations but have you ever wondered how much it costs a victim of a HIPAA related breach? According to Becker’s Hospital Review, the average cost of a HIPAA related breach to an individual is about $19,000.”
HIPAA Secure Now!
Art Gross
November 12, 2014
http://www.hipaasecurenow.com/index.php/cost-hipaa-breach-victim-19000/
“Various Health Entities Report Data Breaches Affecting Thousands” – iHealthBeat, November 13, 2014.
http://www.ihealthbeat.org/articles/2014/11/13/various-us-health-entities-report-data-breaches-affecting-thousands
The breaches keep coming, yet unresponsive American Dental Association officials continue to assure members that “EHRs provide long-term savings, convenience.”
http://www.ada.org/en/publications/ada-news/2013-archive/december/ehrs-provide-long-term-savings-convenience
Shamefully lousy ethics, ADA.
D. Kellus Pruitt DDS
LikeLike
HIPAA breach?
[Armed robbery of physician’s encrypted devices]
Brigham and Women’s Hospital in Boston is working through that question after a doctor was accosted at knifepoint and forced to hand over passcodes to a laptop and phone containing patient data.
http://www.medicalpracticeinsider.com/best-practices/how-does-hipaa-handle-armed-robbery-physicians-encrypted-devices?email=%%EmailAddress%%&GroupID=116654&mkt_tok=3RkMMJWWfF9wsRokuqjLZKXonjHpfsX56O0kXK6zlMI%2F0ER3fOvrPUfGjI4DScZkI%2BSLDwEYGJlv6SgFQ7LHMbpszbgPUhM%3D
This takes security to another level.
Ulrich
LikeLike
Anthem breach could cost more than $100M
Report: Cost of Anthem breach could cross $100M
The hits just keep on coming for Anthem, with a new report speculating that the company’s $100-million insurance policy against cyber attacks may not be enough to pay for efforts to mitigate the damage.” By Anne Zieger for Healthcare Dive, February 17, 2015. (more).
http://www.healthcaredive.com/news/report-cost-of-anthem-breach-could-cross-100m/364814/
Darrell Pruitt DDS
LikeLike