The National Law Review reports that the Office of Civil Rights (OCR) recently required two New York healthcare organizations to pay a joint $4.8 million settlement, the largest ever for a HIPAA data breach.
Unlike the Target data breach, this breach didn't involve millions of people, only millions of dollars. While nearly 7,000 people were affected, this number pales in comparison to the victims in other recent data breaches. So why were the legal costs so high? Well, it's an IT thing. Let us explain.
IT Liability in Healthcare: Everything's More Expensive in the Health Industry
After the OCR reviewed these data breaches, it decided to issue the $4.8 million fine because of how the two healthcare organizations bungled their information technology.
The OCR criticized the organizations for the following:
- No recent security audits.
- A failure to follow their own IT protocol.
- A lack of software protections on their servers.
- Insufficient requirements and procedures to authorize access on their servers.
In general, healthcare data breaches are much more costly than breaches in other industries. A Ponemon Institute study found that health-industry data breaches were more than twice as expensive as the average breach. That’s because the industry is heavily regulated: HIPAA and HITECH are two laws that severely punish medical organizations whose data is exposed.
(You can read more about health data laws in our article "HITECH: The Strictest Data Protection Law.”)
In this case, the OCR ramped up the punishment because it saw significant lapses in data security and IT infrastructure that wasn't handled or integrated properly. Imagine how demanding your job would be if more industries had to pay million-dollar fines for having bad IT procedures!
Million-Dollar IT Fines: The Takeaway for Small IT Contractors
While your business has never paid a $4.8 million fine (we hope), this data breach tells a story you're all too familiar with: a client doesn't follow proper data security procedures and uses patchwork IT, ignoring serious data risks. You've had clients like that.
The part of the story that might be unfamiliar is the question of IT liability. Liability is a legal term that refers to your contractual and professional responsibilities. What must IT contractors do to avoid being sued? They have to fulfill these professional responsibilities.
This is easier said than done. Some people think IT is just installing and setting up software. It's much more than that. As this story shows, IT is about how well technology integrates with an organization and whether an organization uses this technology properly and securely. Making sure this happens is one of your professional responsibilities.
Clients can allege that your IT solutions were flawed and didn't fit their companies’ needs and security profile. Even when a data breach occurs because your clients misused technology or failed to follow protocol, you could be sued.
Because of this complex net of liabilities, many IT professionals turn to E&O Insurance to protect their companies from client lawsuits. It's a smart choice as these policies cover lawsuits over a variety of problems, including client data breaches and data backup problems.
We've helped tens of thousands of IT professionals, independent contractors, and startups insure their businesses and protect them from lawsuits. If you'd like a free quote on IT Insurance, fill out an online insurance application. An agent specializing in IT liability will design your quote and email it to you (often within 15 minutes).