Nobody ever said following the rules was cheap. In 2005 organizations will spend nearly $15.5 billion on compliance-related activities, according to a study by AMR Research ( www.amrresearch.com ). The amount could grow to $80 billion over the next five years.
Not surprisingly, the largest line item (for complying with rules ranging from the Sarbanes-Oxley Act of 2002 and Food and Drug Administration regulations to the Health Insurance Portability and Accountability Act of 1996 and document and record retention requirements) was internal staff costs. Technology spending was second; it represented some 42% of HIPAA compliance expenditures. The most expensive initiative? Sarbanes-Oxley, which eats up 39% of all compliance spending.
The high costs have caught some companies by surprise. In 2004 almost two-thirds had to pull money from other areas to help fund compliance projects.