In Healthcare, Compliance is Costly, but Ultimately the Best Medicine

Across industries, organizations face increasing and ever-changing data privacy laws and compliance requirements. The cost of attaining compliance has steadily grown over the last few years, rising 43%* from 2011 to 2017, according to a recent Ponemon report. Some heavily regulated industries, like healthcare, carry large portions of this burden. It showed a 106%* increase in compliance costs for the same time period. While achieving regulation compliance can be complicated and expensive, the alternative is likely more costly.  

Learn more about the True Cost of Compliance with Data Protection Regulation

The Evolving Effects of HIPAA

For healthcare, the Health Insurance Portability and Accountability Act (HIPAA) is one of the most impactful regulations. It is among the top 5 most difficult compliances to achieve*. HIPAA was created in 1996 and requires regulations that protect the privacy and security of certain health information. So is this 20+ year-old regulation still a factor in the current compliance costs increases? The answer is yes, but its effect has evolved.

The growing presence of technology in healthcare contributes greatly to rising compliance costs. Year after year, technology becomes more pervasive. From wearable heart monitors and patient portals to mobile clinics and virtual doctor’s visits, healthcare—and protected health information (PHI)—, are continually merging with technology. Because of this, new privacy and HIPAA-related challenges crop up every day.

Like many regulations, HIPAA compliance is not a one-and-done event. It is an ongoing process. The regulations created by HIPAA remain relevant and continue to evolve with the passage of time, including the HIPAA Security Rule. The manifestations and opportunities for HIPAA compliance multiply as healthcare technology expands.

Securely Accessible Data

To remain compliant, healthcare companies must not only protect PHI, but also must be able to prove that they are doing so. Additionally, the healthcare industry is walking a tight rope of sorts, trying to balance the need to share patient data for better quality of care, with the need to ensure data privacy and security.  

Simultaneously, PHI, like all data, becomes more valuable by the minute and cybercrime continues to increase. Healthcare organizations accounted for more than 36% of data breaches in 2017, according to the 2017 SecurityMetrics Guide to HIPAA Compliance. The pressure is on for healthcare companies to ramp up data security while keeping data appropriately accessible. For many organizations, this means significant system replacements or upgrades.

Resistance is Futile…and Costly

Some companies delay compliance efforts because of the associated costs. In doing so, they risk large fines and losing patient trust just to avoid compliance-related expenditures. This is a short-sighted, high-risk strategy that will likely cost them money rather than save it. While the price of compliance for organizations is sizeable (average cost is $5.47 million*) and on the rise, the cost of non-compliance is 2.71 times higher (average $14.82 million*).

Non-compliance can cost companies in the following ways:

  • Business disruption - Total economic loss that results from non-compliance events or incidents such as the cancellation of contracts, business process changes imposed by regulators, shutdowns of business operations, and others.
  • Productivity losses - Lost time and related expenses associated with the downtime of systems and other critical processes, thus preventing employees from accomplishing their work-related responsibilities
  • Fines and penalties - Monetary and business penalties levied against an organization by regulatory enforcement entities.
  • Settlement costs - Legal or non-legal settlements associated with data protection non-compliance issues. This includes expenditures for legal defense and other experts engaged to help resolve issues associated with compliance infractions and data breach.

(Source: Ponemon Report: The True Cost of Compliance with Data Regulations)

Companies that adopt a wait-and-see attitude toward compliance stand to lose a great deal due to their procrastination. From a business perspective, the ramifications of non-compliance and a potential data breach are far pricier than the cost of compliance. Additionally, there are losses that go beyond monetary value, such as the loss of patient or partner trust. These are intangibles that not only cost your business, but can be very elusive to regain.

Related Resources: See how Globalscape’s Enhanced File Transfer platform benefits healthcare organizations. Visit this page for healthcare-related success stories, infographics and more.

(*Ponemon Report: The True Cost of Compliance with Data Regulations)