Perspectives Newsletter

Fall 2013

Articles In This Issue

Have you had a data breach?

If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at or call 1 866 751 1323.

Affordable Care Act: Open Enrollment Underlines the Need for Data Security

In an industry already beset by data breaches, what happens when a flood of new data comes into play? For the healthcare industry, it could mean bigger data breaches with bigger lawsuits, fines and financial losses now that open enrollment, running October 1, 2013 through March 31, 2014, in Health Insurance Exchanges (HIE) is here.

Under the Patient Protection and Affordable Care Act (PPACA), millions upon millions of Americans now have unprecedented access to health insurance. With this greater access comes greater data – millions of new Health Insurance Exchange (HIE) accounts and electronic health records (EHR) – and the need for greater data privacy controls.

These three steps in particular are important for every healthcare organization, including the new HIEs and even third-party vendors, to take:

  • Shore up security measures
    A strong security posture is the top way to reduce breach costs, and appointing a Chief Information Security Officer can help to reduce costs by $23 per record.1 When compounded across a large breach population, these savings can add up to millions. Organizations, from hospitals to billing processors, need top-line security procedures to help prevent and detect cyber intrusions and data loss.
  • Train employees in proper data handling
    Lost or stolen devices and accidental data exposure are the top causes of medical breaches,2 meaning training employees on data security is vital. Having the proper access controls and encryption in place is a good way to help prevent both accidental and malicious inside-job breaches.
  • Plan ahead to deal with data loss
    A data breach response plan is the second most effective way to reduce breach costs, with savings of $42 per breached record .1 Planning out what steps to take ahead of time enables faster and more thorough incident response. A response plan helps to ensure that data loss doesn’t escalate further and that important recovery steps aren’t overlooked.

Plus, hospitals, private practices and other healthcare providers can take additional precautions by:

  • Verifying identities
    Ask patients for photo IDs and insurance cards at every visit to discourage the misuse of HIEs and other healthcare plans. Hospitals and physician offices may also want to take a photo of the patient every year to keep in his/her file and help with visual identification.
  • Educating patients on medical identity theft
    Every patient, whether they’re new to health insurance or not, needs to understand the dangers of letting others use their coverage or having their benefits stolen. As medical identity theft crimes continue to increase3, providers can help patients keep prevention top of mind.  To do this, providers can encourage them not to share their insurance information with others and to review their explanation of benefits (EOBs) they receive from their insurers.

From the HIPAA Omnibus Rule to the new HIEs, the healthcare industry is being asked to rapidly adjust to significant changes. Data loss prevention measures and data breach preparedness provide a stable foundation from which to meet these challenges and others that are surely coming down the line.

For help creating a data breach response plan and getting past these challenges, download Experian’s recently updated Data Breach Response Guide for free at


1 2013 Cost of a Data Breach Study: Global Analysis, Ponemon Institute (May 2013)

2 Third Annual Benchmark Study on Patient Privacy & Data Security, Ponemon Institute (December 2012)

3 2013 Survey on Medical Identity Theft, Ponemon Institute (September 2013)

  • © 2018 Experian Information Solutions, Inc. All rights reserved.