Why Don't You Quote Ponemon?

Why Don't You Quote Ponemon?

Posted by Amy Wood on Aug 8 2016, 11:39 PM

Why Don't You Quote Ponemon?

I've been asked multiple times why I don't use the Ponemon Institute Studies on data breaches in my education or blogs.  The answer is both simple and complex.  In short, the Ponemon studies factor only cost per record, which isn't always proportional for small offices such as yours.  In fact, according to Verizon, who has done its own study for the last 8 years, "the cost per record is not constant and is inversely related to the number of records.  That means small breaches could have costs that skyrocket into tens of thousands of dollars per reoccur, while very large breaches (millions of records) will have their cost per record drop down to just pennies per record.  Therefore, any simple cost per record estimate will greatly underestimate the costs of small breaches and grossly overstate the losses from larger breaches."

Remember -- HIPAA is written to apply to both multi-state hospital chains and solo doctor practices, such as yourself.  The risks you have are both similar and very different than a larger organization.  That doesn't make them any less important to be done, but it does mean that you have less time and money to deal with compliance and you need someone with experience to properly vet vendors and identify all of your risks.  

    Share On

    Leave A Reply

    Please fill all the fields.

    Talk to our experts

    Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!