(in)security can be expensive
Failing to follow HIPAA rules cost these guys $1.5 million.
Massachusetts Eye and Ear Infirmary, a teaching hospital for Harvard Medical School, and Massachusetts Eye and Ear Associates, Inc., an associated practice, have agreed to pay $1.5 million to settle charges that the institution, collectively known as MEEI, violated HIPAA regulations when 3,600 patient records were stolen in 2010.
See "related posts" in the article for even more pain administered to those who fail to secure patient data.
·Time Warner Cable
That works out to ~$416 per record.
~$416 has a nice sound to it, certainly not a slap on the wrist type of sound.
Whoever underwrites their insurance is probably going to take an active role in their ongoing HIPAA compliance.
If something needs adjusting just have an insurance company make a payout because of a deficiency in the system.
An insurance company will do whatever is necessary to limit their exposure.
said by Snowy:It seems that the liability insurance rates would go up for those who fail to protect HIPAA information, and repeat claims would result in cancellation of policies.
... An insurance company will do whatever is necessary to limit their exposure.
Finally, the costs of failure can be assigned when budgeting for security.