Reputational Damage is something that few people take into account. I hear a lot of other people in my field speaking and writing about data breach costs. Nearly every article, post, and presentation measures this in dollars. While dollar cost to the practice is certainly the primary concern of owners and managers. The total is generally measured by fines that your practice might face.
I want you to look at the final dollar figure not as fines but as people. Not just the people whose Private Healthcare or Financial information might have been breached but people who have never set foot in your practice, AND NOW NEVER WILL!
Reputational Damage Overlooked
Often overlooked or ignored when evaluating risk is the REPUTATIONAL DAMAGE done to the practice by a data breach. A happy customer will likely tell one or two other people, but an unhappy one will tell ten or twenty. This also applies to healthcare, on a daily basis but especially if there is a data breach.
Recent studies have shown that the total final cost for business’s that have a data breach are 41% for loss of revenue and 41% equally for loss of reputation or brand *. Other informal studies have shown that more than 50% of those surveyed would not seek care from a family practice that had been breached in the past.
Therefore when you weigh the costs of properly securing your PHI and other data. Always take into account the potential for fines, breach notification, litigation, loss of revenue from lost patients, AND loss of future revenue! While there is no 100% method to secure your data 100% of the time with 0 risk. It is vitally important to pursue the best possible security program your practice can afford. Patients you haven’t even met yet depend on it!
*Deloitte 2014 Breach Report