As the number of healthcare data breaches increase, so will the number of HIPAA violation settlements, according to Adam Greene, a privacy attorney and former regulator at HHS.
In an interview at HIMSS15 in Chicago with Information Security Media Group, Mr. Greene said the HHS' Office of Civil Rights is facing "a significant pipeline of unprecedented settlement agreements," according to Govinfosecurity.
"It wouldn't be surprising for us to start seeing in the latter part of this year some really surprising settlement agreements with respect to potential record-breaking [financial penalties]," Mr. Greene said.
So far in 2015, HHS has not revealed any HIPAA settlement agreements, according to the report. Additionally, settlements for two major data breaches that occurred earlier this year — the hacks on Indianapolis-based Anthem affecting nearly 80 million individuals and on Mountlake Terrace, Wash.-based Premera affecting nearly 40 million individuals — may not be agreed upon for a couple of years, as Mr. Greene said that the timeline from a HIPAA violation happening until the actual settlement agreement takes an average of two or three years.
2014 was the year of the largest HIPAA settlement to date, when NewYork-Presbyterian Hospital and Columbia University in New York paid a combined $4.8 million to settle a 2010 data breach.
More articles on data breaches:
4 tips to improve security after Anthem, Premera hacks
Anthem aftermath: CIOs and IT leaders recall what they did right after the attack
The cost of a healthcare data breach