There are a number of Data Protection Laws, depending on country and jurisdiction. Examples of EU and US Data Protection Laws:
The GDPR (General Data Protection Regulation) was passed by the European Union (EU) in 2018 to control data privacy and security within the EU. GDPR extends to any country which collects data related to people in the EU. Not complying with GDPR, will impose high fines and reputational damage.
The HIPAA (Health Insurance Portability and Accountability Act) has a narrower scope. It is a federal law and extends to US entities, protecting sensitive PHI (Patient Health Information) from being disclosed without the patient’s prior authorization or knowledge.
HIPAA Privacy rules applies to all PHI (Protected Health Information). Covered entities that are subject to the Privacy rules are Healthcare Providers, Health Plans, Healthcare clearinghouses and Business associates.
The HIPAA Security rule covers e-PHI (electronic Protected Health Information). When sending Private identifiable health information electronically, entities need to ensure files and information is sent in an encrypted environment to prevent threats of compromising the data
HIPAA healthcare Fines and Data Breaches
HIPAA has a Tier system for violation penalties. The fines depend on whether an individual was unaware of the violation or violated on purpose and the time it took to correct the violation.
As per HIPAA journal, the 2020 Healthcare Data Breaches saw an increase of 25% in 2020 compared to the year before. More than 29 million Health care records were breached. IT incidents and hacking accounted for 67% of the data breaches.
Some of the larger HIPAA settlements in 2020 were:
Health Insurer Premera Blue Cross – Settlement of $6,850,000.00.
Data breach caused by hackers who obtained more than 10 million individual Protected Health Information (PHI)
CHSPSC LLC – Settlement of $2,300,000.00
Company suffered a cyberattack back in 2014, which saw over 6 million individual ePHI stolen.
Athens Orthopaedic Clinic – Settlement of $1,500,000.00
Company suffered a cyberattack in 2016, where the hacker stole a database containing PHI of about 200,000.00 patients.
In all the above three cases, each company was in non-compliance with the HIPAA rules. All had failed to conduct a comprehensive risk analysis and had not implemented security procedures or appropriate measurements to reduce risk to e-PHI.
The effects of breaching HIPAA can be severe indeed as you see above. The risk of being non-compliant with HIPAA rules can, apart from the financial risk, cause reputational risk due to the damage that is caused by not complying with data governance.
That is why selecting a technology partner specializing in HIPAA Compliance Hosting for healthcare is extremely critical.
The serious implications of failing to comply with GDPR
The penalties for non-compliance with GDPR are eye-watering. Being in breach of GDPR can impose fines of up to EUR20 million or 4 % of the annual global turnover, whichever is greater.
These fines demonstrate that complying with GDPR is necessary and that GDPR is not to be ignored.
Perhaps the biggest consequence of failing to comply with GDPR is the harm to the credibility of your business, which can often be beyond repair.
The five biggest GDPR fines in the year 2020 are:
- Google EUR50mm – fined due to a lack of transparency on how data was harvested.
- H&M (Hennes & Mauritz) EUR35mm – a technical error caused the company’s network drive to be published to everyone in the company for a short while, which highlighted how the company collected sensitive personal data
- TIM (Italian Telecommunications operator) EUR27,800,000.00 – the company contacted non-customers in an aggressive marketing strategy while violating personal information
- BA (British Airways) EUR22,000,000.00 – the company did not process personal data with sufficient security measures was not protected sufficiently against cyber attacks
- Marriott International EUR20,450,000.00 – sufficient security measures not in place and was the target of a cyber-attack.
What is the Compensation for Damages?
Individuals are also entitled, under the GDPR, to seek compensation for any material and/or non-material harm arising from a violation of the regulation. A high volume of lawsuits, which can be extremely expensive, could result in the most serious data breaches. Take, for example, the Ashley Madison data breach.
In 2015, the extramarital relations website fell victim to a cyber-attack that leaked the data of 36 million user accounts. Some victims of the hack requested compensation because of the sensitive nature of the website and the potential detrimental effects on the personal relationships of those users whose data was released.
Although there are a variety of consequences associated with failure to comply with GDPR, perhaps the most important are the above. The overarching message from the ICO (Information Commissioner’s office) itself is to ensure that you take the appropriate measures to show compliance, but that you are not unduly concerned about significant financial penalties.
Complying with data protection regulations can be overwhelming as it has many specific guidelines and rules that should be followed by every business dealing with personal sensitive data.
In addition, if any business deals with personal information from users from different jurisdictions, such a company will have to comply with the regulations of the user’s jurisdiction.
What can be done?
Using secure and encrypted storage and file transfer system like Fortknoxster is the alternative solution to in-house sensitive data and documents storage and management.
Fortknoxster guarantees full compliance with document requests made from business to clients and also guaranteeing integrity and preventing any form of unauthorized access to sensitive data.
Providing peace of mind for compliance officers, Fortknoxster Transfer is the right tool for requesting, transferring, and storing any sort of sensitive data.
FortKnoxster Messenger is an alternative to massively used messaging services, often used as a tool for data mining and business.
Request your 7-day FREE trial, NO CREDIT CARD NEEDED.