Is Your Business Protected from Data Breach Costs and HIPAA Violations?

Author Chase Hixson, AAI, Human Services Group, Rancho Mesa Insurance Services, Inc.

As technology and the common usage of the internet in business grow, Cyber Crime is an ever increasing exposure for businesses.  Most businesses carry large quantities of sensitive data that if breached, can create a financial and administrative headache.  Many business owners are unaware of the real exposures they have should their information be compromised, whether directly or indirectly.  Here are two of the most common costs:

Required Notifications under HIPAA
Businesses are required to notify affected individuals following the discovery of a breach.  If more than 500 individuals are affected in a given state or jurisdictions, they are required to notify the media as well.  A 2015 article from the HIPAA Journal estimated the average cost per record is $154.  That means if you had a known breach resulting in 100 clients’ information being breached (regardless of what they do with the information) you would be paying roughly $15,000 just to notify the public.  This does not include the added IT costs needed to further investigate/mitigate any losses.

Violations Under HIPAA
Violations vary depending on the degree to which a business is found negligent.  The mildest violation is a Category 1, while the most severe is a Category 4.  In the case of a Category 1 violation, a business will be penalized $100 per violation, even if they were unaware and reasonably could not have avoided a breach.  Category 4 violations can be up to $50,000 per violation.

This is an ever growing exposure that is often overlooked until it happens and then the realization of what’s required hits home.  However, there is a way for companies of all sizes to protect themselves from these exposures by including Cyber Liability coverage as a part of their risk management program.  This coverage is available and will step in and pay some of the costs associated with a breach.  These costs include HIPAA fines, notification costs, credit protection costs and forensic investigation. 

This is such a growing area of concern that we have scheduled a “Cyber Liability” workshop for May 10th where an expert on this topic from Philadelphia Insurance Company will lead the workshop and provide both an overview of the trends and threats as well as answering specific questions.  If you or someone from your company is interested in attending this workshop ,you can register for it below.  

If you have any questions please feel free to contact me directly.