How Hospitals Can Tie Cost Reduction to a Solid Data Security Program

ID COALFIRE:4A5E8B7B4418CD855A12778D5F609116
Type coalfire
Reporter The Coalfire Blog
Modified 2019-02-12T21:44:54


When I have conversations with hospitals and other organizations subject to HIPAA, one of the first questions asked is "if I have a data breach, will OCR fine me, and if so, how much?" Many organizations decide to gamble: they opt to save time and money by not implementing a robust information risk and compliance program on the chance that the Office for Civil Rights (OCR) won't fine them in the event of a breach. Although the OCR is the regulatory agency that enforces HIPAA, their fines are only one potential expense an organization incurs for a data breach.