Healthcare Industry Takes $6.5B Hit Over Poor Information Security

Technology’s supposed to make us more efficient; more productivity for each hour we invest in a project. It also means less cost associated with the effort. Without the cost benefit, after all, why bother with efficiency?

During the last year or so we’ve seen the evidence of this productivity increase with each new round of earnings reports. This has been a fantastic year for corporate profits, even as the grass roots economy remains in the toilet. While unemployment remains stubbornly above 9 percent nationally, and with even more people out of work but off the books, companies are making record profits making and selling their products and services without adding payroll.

If you are among the un/under-employed, you might not think it’s a very fair shake, but we’ll leave that debate to the Occupy protesters and their foes in D.C. and on Wall Street. For business managers, however, it’s a pretty good deal – invest in new technology and see profits rise.

Yet a study released today by my friends at the Ponemon Institute, sponsored by ID Experts, shows that not every industry seems to understand that the cost savings isn’t just about reducing workforce, but it’s about investing in the right resources. Yes, I’m looking at you, healthcare.

For industries and organizations that deal with large volumes of sensitive information, information security is not an option, yet it seems many healthcare and related companies are trying to cut costs by ignoring their obligations to safeguard patient data and comply with regulations. They are operating in the digital age and a world of mobility and Big Data, but with antiquated policies created for a time when information moved largely on paper. According to Ponemon, the costs of poor information security and inadequate data management cost the healthcare industry $6.5 billion last year.

As the press release announcing the study points out, that $6.5 billion would have been enough to employ more than 81,000 nurses – or to equip the overworked medical administrative staffers with the right tools and training to do their jobs in a manner befitting the trust their patients put in them each day – trust, by the way, that is rapidly eroding. Hey, if you are going to spend that $6.5 billion anyway, why not invest it in the tools to protect information, preserve trust, and provide operational efficiency rather than pay fines, legal fees, and audit costs?

Do it right and the costs might actually decline next year. But I won’t be holding my breath; if I pass out, I might end up in the hospital, and I don’t trust them to keep my information safe.