I'm not sure doing anything different or better would have a material difference in how much a breach will cost let alone the need to have insurance companies to cover them. Yes it's a lot of buggyman auditing and such, but in the end a breach is a breach and companies will do anything they can do downplay the cost. At least with the rules there is a workflow and process to go through when the breach happens.
When all is said and done it's really the organization. I don't know how many bigcorps I've been at that were just totally inept. The existence or not of HIPAA would not change their ineptness.
When all is said and done it's really the organization. I don't know how many bigcorps I've been at that were just totally inept. The existence or not of HIPAA would not change their ineptness.