Dive Brief:
- At the annual conference of the American Society of Healthcare Risk Management, Katherine Keefe, head of Beazley Breach Response Services, which coordinates data breach management for clients, said there are three main perils for providers fighting breaches: contractors, hackers and regulators.
- Since 2009, 26% of breaches reported to the government have involved business associates. Because the value of healthcare records may now be higher than credit card information, hackers also pose a large threat; The mix of information on the records can be used to create false identities or make fraudulent insurance claims.
- The final threat to providers is regulators, who have collected more than $20 million in penalties from 22 healthcare organizations since 2009. The penalties ranged from $50,000 to $4.8 million.
Dive Insight:
"We do not expect to see any reduction in the OCR's level of scrutiny," Keefe said, "particularly given that penalties return to OCR's coffers to fund further enforcement actions." The OCR's budget was held flat between 2013 and 2014, but it has increased by 5% for fiscal year 2015, reaching $41 million.