The Aftermath of HIPAA Violations and the Costs on U.S. Healthcare Organizations

Abstract

The Health Insurance Portability and Accountability Act (HIPAA) imposes huge burdens on U.S. healthcare organizations in added overhead costs for compliance, as many research studies have documented. This chapter examines the additional high costs healthcare organizations in the U.S.A. incur in the aftermath of a privacy breach. Our study is based on a simple model of the information flow in a typical healthcare organization that must operate under the various policy formulation guidelines of the HIPAA legislation. We first analyze the documented examples of HIPAA enforcement actions by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services. We then examine the specific value of Rasmussen's model of human behavior in identifying the causes of human errors that lead to HIPAA breaches. We conclude the chapter with an overview of cost mitigation strategies and important recommendations for healthcare managers.