The Ponemon Institute recently released its annual study on data breach for 2009, Cost of a Data Breach: Understanding Financial Impact, Customer Turnover, and Preventive Solutions.* For the fifth straight year, the average cost of a data breach increased – to $204 per compromised record, increasing the average organizational cost of a data breach to $6.75 million. But perhaps the most compelling departure from the average is within the healthcare industry.

For healthcare organizations, Ponemon found that healthcare and pharmaceutical companies experience a 6 percent post-breach consumer churn rate (turnover of existing and future customers) as compared to the average consumer churn rate of 3.7 percent. This, according to Ponemon, is due to the sensitive nature of the data at risk. Unfortunately, this also translates into a higher than average cost per compromised record within healthcare, which is $294. When used to calculate the cost of a healthcare data breach, this high cost per compromised record would make anyone sick.

This comes as just one more risk factor on top of a pile of others facing healthcare that is, quite literally, just around the corner – on February 17, the Health Information Technology for Economic and Clinical Health Act (HITECH) is enacted, requiring mandatory notification to individuals whose Protected Health Information (PHI) is breached. With the passing of HITECH, healthcare organizations officially became responsible for the “double punch” of notifying consumers of any breach that contained either PII or PHI. HITECH also authorizes increased civil monetary penalties for HIPAA violations.

Data security has always been an important issue within healthcare, but given these compelling new factors, it is now paramount. This is particularly true for organizations making the transition to electronic health records, a move that is loaded with security risks. Healthcare organizations must make security practices, employee education and training, and compliance with legal and regulatory mandates a major initiative for 2010.

*registration is required to download the study from the Ponemon website.

Tags: healthcare data breach, HITECH, Ponemon

Categories: Data Breach.