Just two weeks ago, a non-profit healthcare provider was slapped with a $50,000 fine from the Department of Health & Human Services (HHS) for violating the HIPAA security rules, after losing an unencrypted laptop containing the sensitive personal information of 441 patients. This is the first HHS penalty for a data breach involving less than 500 victims.

For small healthcare providers, this signals an escalation in the consequence of a data breach, as organizations will be held accountable regardless of size. A fine of $50,000 is a lot of money for a small practice, especially a non-profit provider.

As we’ve discussed in the past, the average cost per record of a healthcare data breach is $240, which is 24 percent higher than average. As fines become more common, healthcare organizations of all sizes need to make sure patient data is managed appropriately.

When it comes to healthcare, accuracy and attention to detail are not only important, they can mean the difference between life and death. Preventing misdiagnoses or mistreatment is taken very seriously.

Today, not only are patient lives on the line, but also, their information is increasingly online—on the hospital’s IT system, on private networks and even on the Internet. Mishandling of this data, or unauthorized use of it, can result in the wrong medical treatment, identity theft, data breaches and more. At the same time, more people need access to this information than ever before and from a variety of devices. The proper administration of healthcare data should be taken very seriously.

Just as clinicians use the “Five Rights of Medication Administration” to ensure proper patient care, the digitization of healthcare records and patient information means healthcare providers need to adopt best practices for ensuring proper security and privacy for patient data. To help organizations better understand their role in the administration of patient data Symantec has outlined specific best practices to ensure that patient information is kept secure regardless of where it is.

A few figures released over the last week paint a dismal picture of the state of information protection in the healthcare industry. More than 20,000 patient medical records were exposed in yet another hospital data breach. A report from the Health and Human Services Department (HHS) found that more than 7.8 million people had their medical information compromised in more than 30,500 breaches since the enactment of HITECH , while a report from the Digital Forensics Association shows that disclosure of health industry data breaches has increased markedly during this same timeframe.

By the numbers, it would seem that the healthcare industry is in crisis when it comes to protecting patient data, and it’s costing them. According to the Ponemon Institute 2011 U.S. Cost of a Data Breach study, sponsored by Symantec, health data breaches cost $301 per lost record, which is 40 percent higher than average. Contributing to the higher cost is compliance with data protection regulations that requires health organizations to do more to find, disclose and fix breach-related problems. In addition to disclosure laws in 49 states, healthcare organizations also must comply with HIPAA and HITECH.