Many healthcare organizations are sharing protected health information, this is a fact. That number is intended to grow. This is not surprising; the volume of health data is growing exponentially. Putting the massive amounts of this data into silos is not the answer. The business of de-identifying this data and using it for secondary purposes is only in its infancy. For research, analytics, monetization and a host of commercial activities, de-identification opens possibilities and invites innovation. But, there is one area that often is ignored. De-identification with strong encryption is an robust pairing with strong encryption to safeguard privacy in the event of a data breach.
At the time this white paper was published, the cost of a data breach was estimated to range from $200 to $217 USD per affected individual. This figure includes investigation, direct notification costs, litigation, redress and compensation, penalties, loss of productivity to deal with the breach, and loss of business. (For a more current calculation, we recommend reading The Ponemon Institute/IBM partnered report, The Global Cost of Data Breach Study.)
However, if a breach occurs and the organization has been proactive in de-identifying its data, then the total cost to deal with the breach will be lower. The organization will still incur a cost of mobilizing an internal team, external counsel, and possible external security consultants to investigate the breach and to confirm that it is not a reportable breach.
We did the math. Make sure to download Calculating the ROI on the De-Identification of Health Data. In In this white paper, we present this case by performing a Return on Investment (ROI) analysis based on a series of typical scenarios. This analysis illustrates that when considering the savings from avoiding a data breach, even modest investments in de-identification produce significant ROI.
