I believe we all realize that as the industry moves to electronic health records, patients' PHI is more susceptible to exposure. Last year, in an article on the cost of data breaches, I referenced the a project of the American National Standards Institute (ANSI) and 100 industry leaders who were tackling the big question what can healthcare organizations do to better protect patients' information?
They first needed to understand the value of patient protected health information and then could develop a method for healthcare organizations to estimate breach costs, so they can make appropriate investments to better protect PHI security. The result is their report: The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.
It includes tools to estimate the overall potential costs of a data breach to an organization, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach. A detailed example of costing a PHI breach using the PHIve method is also provided.