The federal government levies hefty fines for breaches but doesn't have to follow its own rules.
Why does the cost of healthcare in the United States continue to escalate? One reason is the high cost of protecting against data breaches and insurance to mitigate the risk of potential fines.
Of course, it’s crucial that every healthcare provider, health plan, clearinghouse, and business associate take data security seriously. All stakeholders must do their part to prevent unlawful access—whether unintentional or intentional. But ever-increasing fines are driving up the costs of healthcare for all of us.
My company never stores unencrypted data, does not allow remote access to our computer systems and uses keystroke tracking software to monitor what our employees are doing. Despite these precautions that go well beyond what’s required for minimum protection, our cybersecurity insurance tops $17,000 a year.
Anthem made headlines in early 2015 when records for 74 million patients were breached by hackers. The health insurer made headlines again in June when it agreed to settle a class action lawsuit concerning the breach for $115 million. That’s on top of the $260 million it reportedly has spent to beef up cybersecurity in the wake of the breach. The company just reported yet another breach, this one affecting 18,000 Medicare enrollees, allegedly through the actions of a business associate.
Who’s ultimately going to pay these costs? You and me, of course, in the form of higher premiums.
Yet, while the federal government continues to dictate data protection policies, it does not have to abide by its own rules. Dictating compliance while not being subject to it yourself smacks of preferential treatment.
In the recent Senate debate over whether to repeal and replace Obamacare, many were up in arms over whether Congressional staffers would be exempt from the provisions (they weren’t). But it does appear that the playing field isn’t level between the federal government and industry on data breaches.
Rather than continuing to dictate terms and demand ever-higher fines for breaches, the feds could actually help the industry by offering resources to combat cyber theft, hacking and other data breaches. Offering carrots rather than sticks could help solve this common problem.