The Financial Impact of Breached Protected Health Information, prepared by the American National Standards Institute, Shared Assessments and the Internet Security Alliance, March 5, 2012.
From the abstract: "The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security explores the reputational, financial, legal, operational, and clinical repercussions of a protected health information (PHI) breach on an organization, and provides a 5-step method – PHI Value Estimator (PHIve)- to assess specific security risks and build a business case for enhanced PHI security. This tool estimates the overall potential costs of a data breach to an organization, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach. A detailed example of costing a PHI breach using the PHIve method is provided." Read more (registration may be required)