Data breaches cost your hospital $1 million a year

If you think data breaches don't cost your hospital, think again. The impact of a data breach is about $1 million per hospital per year, and the lifetime value of a lost patient is $108,000, according to a study by the non-profit Ponemon Institute, which surveyed executives at 67 healthcare organizations about data breaches over the last two years. Overall, data leaks cost U.S. hospitals $6 billion a year.

"You can't just give patients some sort of discount and win them back," says Ponemon founder Larry Ponemon. "In a trusted industry like healthcare, there's a high expectation of good stewardship of personal information, and when that confidence is lost it leads to customer churn."

It turns out that medical patients are much more touchy about data losses that breach their privacy than customers in other industries. According to Ponemon, the customer losses and brand damage may add up to $471 per customer record leaked, compared to $205 per compromised record for all industry breaches.

Even one year after the passage of the HITECH Act , which widened the privacy and security protections under HIPAA, healthcare organizations are not focusing on protecting patient information. Seventy percent of hospital surveyed stated that protecting patient data is not a priority. And the majority of respondents said they don't believe the HITECH Act significantly changed management practices surrounding patient records. Findings also hint that a significant number of data breaches go undetected and unreported.

About seven in 10 of those surveyed said their healthcare organization did not have enough policies and procedures in place to prevent and quickly detect patient data loss. Another problem most cited was lack of resources.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," Rick Kam, president and co-founder of ID Experts, which sponsored the survey, said in a statement.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

To learn more:
- read the Ponemon press release
- access the report here (reg. required)
- read the Forbes article

Related Articles:
Easily preventable privacy breaches cost hospitals millions
Why toughen HIPAA when nobody enforces it?
Special Report: 10 Egregious Patient Privacy Breaches