Cyber Liability - Protecting Against Security Breaches in Medical Practices

Now that physicians are learning to work with the new provisions of the Accountable Care Act, many are taking the time to look at some of the issues that have arisen, specifically regarding cyber insurance and risk management.

A major issue for physicians and their patients’ confidentiality is cyber liability. For many, this issue covers everything from a security breach due to a hacker, to an employee leaving a business laptop open at a restaurant.  Cyber liability is not only something that is now emerging, but poses a real potential danger to most businesses, including medical practices.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires most allied health professionals to follow certain rules, regulations, and guidelines in order to protect their clients' and patients' privacy and medical information.  According to HIPAA, nearly 21 million Americans have had their medical records lost or stolen since 2009. Still, some physicians who are conscientious and cautious about other areas of their practice haven't let their risk management programs catch up with the new and emerging ways that patient data can potentially be breached.

In today’s fast-paced, electronic society, most physicians use smart phones; however, they may not be using sophisticated security features to protect patient files, messages, or other data that is sent to them. If a smart phone is lost or stolen, falls into unauthorized hands, or even hooks up to the wrong Wi-Fi network, patient data may be compromised.

Many small businesses these days store data in the “cloud”, even if it's just for backup purposes. It's important to realize that your data isn't always protected by the “cloud” provider's policy, and a breach in their security means a breach in your security.

Despite these real risks, some in the medical community believe cyber insurance can be avoided by simply attempting to manage the exposure more effectively. The first and most important line of defense is to manage your risk immediately and to take every possible precaution. Cyber insurance is an important and affordable risk-management tool for physicians and practices interested in defending themselves, and their patients, against the risk of security breaches. Medical practices, like any good business, must take responsibility for risk management and have the right insurance coverage in place, whether it’s purchasing insurance coverage for your office building and equipment, or your professional liability exposure. 

Cyber-insurance coverage is neither automatically included in your General Liability policy, nor automatically covered in your Medical Malpractice policy. Cyber insurance policies are separate products and are available with various deductible options and limits of liability. Cyber insurance is a good example of an insurance product providing more than just payment if a claim occurs. The real value of cyber insurance is the available response services. These services allow a policyholder, a medical practice for example, to quickly and efficiently respond to a security breach. If you are a small to mid-sized medical practice, do you have staff that can drop everything they are doing in running your day-to-day practice and immediately reach out to all patients, inform them of a breach, answer their questions, search for and contract with a company to monitor patients' credit profiles for up to a year or more, and coordinate with your attorney? There are also additional measures that need to be taken while following state and federal regulations. Most practices aren't in a position to take on all of this extra responsibility, all while keeping the office running smoothly and continuing to generate revenue. 

Listed below are a few areas to think about and how they would impact your day-to-day practice in the event of a security breach:

  • The value and peace of mind in a having a single point of contact for the policyholder to quickly notify the patients and satisfy any regulatory requirements.
  • The ability to reassure your patients, while providing a qualified and knowledgeable third party to answer their questions.
  • The need to find the source of the breach and quickly correcting it to prevent future breaches.
  • The need to provide coverage for third-party liability and indemnify third parties who have been damaged.
  • Having regulatory coverage in the event of fines, penalties from the state or federal government.
  • Offering risk-management tools, like educational programs and webinars for your staff. 

Responding effectively to a security breach can mean the difference between your practice staying in business or closing its doors.  Patients will trust the practice if it can show a quick and seamless response to a security breach. Offering credit monitoring and other measures to reassure patients will also be of benefit to a medical practice and its patients.

In reality, people will continue to find new ways to access/hack confidential data, and human error and disgruntled employees will also never go away. To protect the practice and cover areas that could be affected by a security breach (ie: financial, regulatory, reputation, legal), physicians should speak with a trusted insurance agent who understands medical-practice issues and cyber-insurance options. Being educated and knowledgeable about cyber risk is only half the battle. Protecting your practice and the confidentiality of your patients’ medical records by implementing effective risk management practices and purchasing the recommended cyber insurance coverage will provide you with peace of mind that you have taken the appropriate steps to mitigate your liability. 

At Meadowbrook Insurance Group, we continually look for proactive ways to help your practice mitigate these risks.  As a valued member of Michigan Physicians Society, you will receive free access to Safetysurance, our online risk management platform, which contains a multitude of cyber-risk resources.  

by Meadowbrook Insurance Group

Contact MPS today for your complimentary Comprehensive Insurance Review and you access to Safetysurance, an online risk management platform, which contains a multitude of cyber-risk resources.  FREE to all MPS members!

Making Money With Your Business, Profit and Cash Flow, Five Sustainable Companies That Make a Lot of MoneyFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 10

It is time to make money! You have been through a couple of rounds of market testing now you feel like you are on to something. The next step is to run the numbers to make sure that the business is sustainable. There are two sides to making money, profitability and cash flow.

Why Competition Is Good For Entrepreneurs and How Blockbuster’s $50 Million Mistake Helped Reed Hastings and Netflix Destroy a $6 Billion Empire Find Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Epis

When battling for resources or investment, early-stage entrepreneurs may believe that competition is a bad thing. On the surface, they are correct. There are a limited number of angel investors willing to provide a finite amount of venture capital to founders.

Upscaling and Scaling Business Ideas into Reality – Jeff Bezos takes Amazon from Online Bookstore to Global DominanceFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 4

Congratulations, your market testing worked and you were able to find customers, or at least one customer. Your beta test was successful and you are confident that you are ready for more. What do you do when you start getting customers or users? I recommend you do some scaling or upscaling.

What Kind of Business Should You Start? – How Mark Zuckerberg Pivoted From Rating Hotness to FacebookFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 1

When it comes to brainstorming startup ideas, new entrepreneurs and even seasoned ones scratch their heads in confusion. Living in the information age, you can scan the current market and see countless new business ideas. With so many options out there, how do you know which one is right for you?

Why Would a Doctor Abandon a Steady Paycheck to Become an Entrepreneur?

As physicians, we are expected to be compliant with rules, restrictions, and regulations. We are expected to be risk averse. We are expected to be “providers,” but not necessarily innovators or leaders. As the healthcare system becomes increasingly consolidated into large overcrowded clinics, we are required to perform to the standards set by bureaucrats and clinic managers. These rules are often at odds with the best interests of patients and with our sanity.

The Alienation Of America’s Best Doctors

The best and the brightest simply don’t want to become doctors anymore. Physicians are burning out. They are leaving the profession. They are going bankrupt. They are selling their private practices to big hospitals. They are retiring early. We are facing a growing doctor shortage.

Better to Live and Die in the U.S.A.

The United States healthcare system is often berated for how it treats patients near the end of life. They are purportedly attached to tubes and machines and subjected to unnecessary invasive procedures that cause inordinate pain with no potential benefit, there is underutilization of more compassionate hospice services. This “travesty” is expensive, as the care of dying seniors consumes over 25% of Medicare expenditures. We hear this story so often; it is almost taken as gospel-- but is it actually true? Is it more expensive and invasive to die in America than in other developed countries?

Gun Ownership and Doctors?

According to the Pew Research Center, there are approximately 32,000 gun-related deaths annually in the United States; 19,000 are suicide, 11,000 are homicide, and the rest are accidents, police shootings or of unknown causation. Moreover, there are more than 78,000 nonfatal gun wounds each year. Given the disproportionate number of victims that are less than 40 years of age, the morbidity and mortality of gun violence is significant. Physicians are involved with many types of public health issues, but few are as controversial or divisive as gun safety. Is it really an issue that falls within the medical domain?

O Tempora, O Mores: Affordable Care Act - Big Dream or Big Let Down?

I confess I was a strong proponent of the Affordable Care Act. My reasoning was subtler than the hallowed pantheons of its staunch supporters and the apocalyptic predictions of its detractors. Forty years after graduating medical school I concluded, after many stutter steps, the American healthcare delivery system was economically unsustainable and the citizenry was neither living longer, nor better, despite medical expenditures that dwarf any other developed nation. My career also allowed me to personally interact with cardiac surgeons from all continents and see that their clinical results and research efforts were laudatory by any standards.
Page: 123 - All