A HIPAA break carries a massive fiscal fine and one the level of which lately impacted Anthem Inc., is thought to cause costs of several tens of millions of dollars.
Anthem has an insurance plan from the American International Group to safeguard against cybercrime and data revelations and is protected for damages up to $100 million. Yet this sizeable amount might be used with the latest data break.
The total damage, which is not likely to be known for several months, might surpass the 100M fence when the cost of delivering breach notices, paying OCR fines, applying new security measures, as well as, fighting litigations are taken into consideration.
Additional expenses should also be included to alleviate any damage caused, like providing credit checking services to victims free of cost. Anthem initially offered one year of credit checking services, however, has since prolonged this to 2 years. If 80 million people have been impacted, damage alleviation expenses alone will take up a considerable portion of the insurance expense.
Already the OCR has declared that it’s looking into the break as a privacy breach, and could possibly penalize Anthem equal to $1.5 million if the underwriter is found not to have applied enough controls to safeguard the data it has on its plan participants. If the OCR makes a decision to carry out a thorough compliance audit, additional fines might also be imposed for any non-compliance problems it finds out.
In addition to the risk of bans from the OCR, Anthem will additionally have to accept civil suits seeking harms. So far 4 class action litigations have been recorded against Anthem in Indiana, Georgia, Alabama, and California with victims pursuing undetermined compensations. One case argues that applicants would have paid further for coverage to make sure data safety and that they must have been indicted additional charges, and all assert a lack of concentration to security susceptibilities were the cause for the break.
A class action litigation seeking only $100 per person would if effective, cost the business 8 billion dollars even though there should have been some damage or harm suffered for a compensation claim to be fruitful.
But, if a case does win, the possible damages are likely to be more than the $50 per person which is usually seen in lawsuits of credit card number thievery. The revelation of permanent identifiers like medical ID numbers and Social Security numbers might possibly lead to a lifetime danger, and the harms claimed are for that reason likely to be much more.
The message to insurers covered under HIPAA and healthcare providers is that it’s finest to invest in data safety measures compared to cover the expenditure of a break.