Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security

March 15, 2012

PPSV principal Jim Pyles was the principal author of The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, recently published by the American National Standards Institute (ANSI) and others. The report is the definitive analysis of the impact of electronic health information systems on health information privacy and resulting liability over the past 15 years since the enactment of HIPAA.

Some of the more significant findings in the report are that:

privacy breaches are occurring electronically on a scale unprecedented in the history of medicine,
the public does not believe their right to privacy is adequately protected by health information privacy laws,
entities regulated by those laws find them difficult to understand and are not allocating sufficient resources to ensure compliance,
stolen health information is more valuable on the black market than stolen social security numbers and other kinds of information,
organized crime has become involved in health identity theft,
health information can now be stolen by individuals who do not have physical access to it and may be beyond the reach of U.S. laws,
health privacy violated electronically, unlike with paper records, can never be restored and the information can appear in an infinite number of locations and cause harm perpetually, and
electronic health information security and privacy breaches are adding an unanticipated cost to electronic health information systems.

The report contains a mechanism for calculating the economic value of various levels of electronic health information privacy protection to assist organizations in deciding how much to invest in privacy and security measures.

The report raises legal questions related to:

Health IT
Health Reform/ Chronic Care Coordination
Audits

For more information, please contact Jim Pyles at 202.466.6550.