- This story was delivered to Business Insider Intelligence Digital Health Briefing subscribers earlier this morning.
- To get this story plus others to your inbox each day, hours before they’re published on Business Insider, click here.
The US Department of Health and Human Services’ (HHS’) Office for Civil Rights (OCR) announced that it will no longer penalize hospitals or their business associates for disclosing protected health info that could be used to enhance understanding, management, and treatment of the coronavirus, according to Modern Healthcare.
The goal is to ensure that public health officials working to combat the pandemic have quick access to as much data as possible by granting hospitals the ability to pass pertinent information along without worrying about violating any HIPAA rules.
The OCR’s move to ease HIPAA enforcement during the pandemic could provide inundated hospitals with some financial relief — and allow the troves of coronavirus data they’re amassing to be put in the right hands. US hospitals were already up against constricting margins before the coronavirus became severe as it is now in the US — and the pandemic is placing a huge economic burden on many health systems as they’re mandated to cancel nonurgent procedures.
HIPAA violations could make that burden even heavier, considering the average violation slammed health firms with north of $1.2 million in 2019, as noted in HIPAA Journal. Fears of costly penalties could’ve caused hospitals to keep a tighter grip on coronavirus patient data — or avoid working with tech firms that could potentially jeopardize data privacy. But by relaxing HIPAA penalties, and thus ensuring public health organizations have access to the latest metrics and developments, health organizations could better design plans to manage the pandemic and more effectively halt its spread.
But data security worries likely still abound among consumers — and while the suspension of data-sharing penalties could make their worries more severe, the value that new data will provide in the short-term will likely override their concerns.
Tech companies forging into healthcare via partnerships with health systems have long been beleaguered by concerns regarding data sharing and security: 55% of consumers say they trust tech companies “not very much” or “not at all” to handle their health info — up from the 43% that said the same in 2017. So, the decision could spawn some pushback from patients and docs working with hospitals with tech giant tie-ups. However, as the coronavirus intensifies, we think the potential pros of sharing valuable data with the right organizations should put some of these concerns at bay.
And hospitals may still be up against HIPAA penalties for data breaches — which we don’t think will diminish in gravity. The removal of HIPAA violation penalties doesn’t extend to penalties incurred from data breaches, per the OCR — which is bad news for cash-strapped hospitals, considering we don’t see any signs pointing toward a downward trend in cyberattacks.
There were 26 healthcare data breaches in March in the US — and while this lower than in recent months, annual tallies are trending upward: The US healthcare industry was hit with an average of 39 breaches per month in 2019 — up from the 17 per month in 2010. And those breaches come with a big — and growing — price tag: The overall cost of a healthcare data breach has grown from $398 per affected record in 2015 to $429 per record in 2019.
So, we think that if hospitals have to deal with a sustained threat of high-cost breaches throughout the pandemic, they’ll start to get serious about upping countermeasures once outbreaks subside and steadier cashflow returns. In the meantime, we’ll likely hear louder calls for the HHS to cut back on breach-related penalties in the short-term.
Want to read more stories like this one? Here’s how to get access:
- Business Insider Intelligence analyzes the healthcare industry and provides in-depth analyst reports, proprietary forecasts, customizable charts, and more.>> Check if your company has BII Enterprise membership access.
- Sign up for the Digital Health Briefing, Business Insider Intelligence’s expert email newsletter tailored for today’s (and tomorrow’s) decision-makers in the healthcare industry, delivered to your inbox 6x a week.>> Get Started
- Explore related topics in more depth.>> Visit Our Report Store
- Current subscribers can log in to read the briefing here.