From ADA News:
The U.S. Department of Health and Human Services Office for Civil Rights said Feb. 1 that it had finalized a $3.2 million civil money penalty against the Children’s Medical Center of Dallas following multiple alleged Health Insurance Portability and Accountability Act violations between 2009-13.
3800 records were exposed when a laptop was stolen. No one reported any actual damages or identity theft. 3.2 million comes out to more than $500 per record.
If you have 3000 patient records on your server and it is stolen an equivalent fine would be 1.5 million dollars. Liability insurance will not pay these fines. What would that do to your business? What would it do to your life? Think about it.