Have you ever wondered how much money a HIPAA breach may cost a hospital or practice? The factors that must be taken into account to determine this number are endless, however, this post will focus on only one important factor – the forensic analysis.

Forensics is the process of determining what happened during a breach. A forensic investigation works to determine what data was breached, who obtained the data, and whether the data was actually acquired or viewed. A thorough analysis will review the log files of every user as well as examine the records themselves to ensure the records themselves weren’t breached. After the investigation has concluded, a report will be written that states whether a breach did occur as well as what records were affected.

The Ponemon Institute estimates that a forensic investigation will cost a healthcare institution approximately $610,000. In 2016, Ponemon found that 15% of the total cost of a hospital HIPAA breach was spent on forensics. This is almost double what it was in 2007 (8%). Ponemon estimates an average breach costs a healthcare institution $402 per record, meaning $60 per record is spent on forensics alone.