Cyber Liability - Protecting Against Security Breaches in Medical Practices

Now that physicians are learning to work with the new provisions of the Accountable Care Act, many are taking the time to look at some of the issues that have arisen, specifically regarding cyber insurance and risk management.

A major issue for physicians and their patients’ confidentiality is cyber liability. For many, this issue covers everything from a security breach due to a hacker, to an employee leaving a business laptop open at a restaurant.  Cyber liability is not only something that is now emerging, but poses a real potential danger to most businesses, including medical practices.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires most allied health professionals to follow certain rules, regulations, and guidelines in order to protect their clients' and patients' privacy and medical information.  According to HIPAA, nearly 21 million Americans have had their medical records lost or stolen since 2009. Still, some physicians who are conscientious and cautious about other areas of their practice haven't let their risk management programs catch up with the new and emerging ways that patient data can potentially be breached.

In today’s fast-paced, electronic society, most physicians use smart phones; however, they may not be using sophisticated security features to protect patient files, messages, or other data that is sent to them. If a smart phone is lost or stolen, falls into unauthorized hands, or even hooks up to the wrong Wi-Fi network, patient data may be compromised.

Many small businesses these days store data in the “cloud”, even if it's just for backup purposes. It's important to realize that your data isn't always protected by the “cloud” provider's policy, and a breach in their security means a breach in your security.

Despite these real risks, some in the medical community believe cyber insurance can be avoided by simply attempting to manage the exposure more effectively. The first and most important line of defense is to manage your risk immediately and to take every possible precaution. Cyber insurance is an important and affordable risk-management tool for physicians and practices interested in defending themselves, and their patients, against the risk of security breaches. Medical practices, like any good business, must take responsibility for risk management and have the right insurance coverage in place, whether it’s purchasing insurance coverage for your office building and equipment, or your professional liability exposure. 

Cyber-insurance coverage is neither automatically included in your General Liability policy, nor automatically covered in your Medical Malpractice policy. Cyber insurance policies are separate products and are available with various deductible options and limits of liability. Cyber insurance is a good example of an insurance product providing more than just payment if a claim occurs. The real value of cyber insurance is the available response services. These services allow a policyholder, a medical practice for example, to quickly and efficiently respond to a security breach. If you are a small to mid-sized medical practice, do you have staff that can drop everything they are doing in running your day-to-day practice and immediately reach out to all patients, inform them of a breach, answer their questions, search for and contract with a company to monitor patients' credit profiles for up to a year or more, and coordinate with your attorney? There are also additional measures that need to be taken while following state and federal regulations. Most practices aren't in a position to take on all of this extra responsibility, all while keeping the office running smoothly and continuing to generate revenue. 

Listed below are a few areas to think about and how they would impact your day-to-day practice in the event of a security breach:

  • The value and peace of mind in a having a single point of contact for the policyholder to quickly notify the patients and satisfy any regulatory requirements.
  • The ability to reassure your patients, while providing a qualified and knowledgeable third party to answer their questions.
  • The need to find the source of the breach and quickly correcting it to prevent future breaches.
  • The need to provide coverage for third-party liability and indemnify third parties who have been damaged.
  • Having regulatory coverage in the event of fines, penalties from the state or federal government.
  • Offering risk-management tools, like educational programs and webinars for your staff. 

Responding effectively to a security breach can mean the difference between your practice staying in business or closing its doors.  Patients will trust the practice if it can show a quick and seamless response to a security breach. Offering credit monitoring and other measures to reassure patients will also be of benefit to a medical practice and its patients.

In reality, people will continue to find new ways to access/hack confidential data, and human error and disgruntled employees will also never go away. To protect the practice and cover areas that could be affected by a security breach (ie: financial, regulatory, reputation, legal), physicians should speak with a trusted insurance agent who understands medical-practice issues and cyber-insurance options. Being educated and knowledgeable about cyber risk is only half the battle. Protecting your practice and the confidentiality of your patients’ medical records by implementing effective risk management practices and purchasing the recommended cyber insurance coverage will provide you with peace of mind that you have taken the appropriate steps to mitigate your liability. 

At Meadowbrook Insurance Group, we continually look for proactive ways to help your practice mitigate these risks.  As a valued member of Michigan Physicians Society, you will receive free access to Safetysurance, our online risk management platform, which contains a multitude of cyber-risk resources.  

by Meadowbrook Insurance Group

Contact MPS today for your complimentary Comprehensive Insurance Review and you access to Safetysurance, an online risk management platform, which contains a multitude of cyber-risk resources.  FREE to all MPS members!

Make Angel Investments That Go 10x, Unleashing Monster Returns for a Family Juice Business

I look for angel investments that have the potential to produce a 10x return on my investment in 5 years. Startup investing is one of the more risky investment categories. Therefore, you should expect these businesses to have the possibility of doing well. If you invest in 10 businesses, and nine of them fail, the remaining business needs to give you a 10x return just to break even. Ideally, you will do better than that and enjoy healthy returns.

Build Your List of Potential Investors, Pitch Investors Properly, How Kevin Systrom Raised $500,000 in Two Weeks to Launch InstagramFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 12

Most startups need funding at some point. Once you have the addressed all of the items in the previous episodes, it is time to build your list of potential investors and start the conversations. They can be friends, family, social network, social media contacts, work colleagues, people in the business industry, etc. Try to put together a list of at least one hundred people. A list of one hundred potential investors may seems like a lot, but the more people you have on the list, the better your chances are of success.

Making Money With Your Business, Profit and Cash Flow, Five Sustainable Companies That Make a Lot of MoneyFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 10

It is time to make money! You have been through a couple of rounds of market testing now you feel like you are on to something. The next step is to run the numbers to make sure that the business is sustainable. There are two sides to making money, profitability and cash flow.

Why Competition Is Good For Entrepreneurs and How Blockbuster’s $50 Million Mistake Helped Reed Hastings and Netflix Destroy a $6 Billion Empire Find Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Epis

When battling for resources or investment, early-stage entrepreneurs may believe that competition is a bad thing. On the surface, they are correct. There are a limited number of angel investors willing to provide a finite amount of venture capital to founders.

Upscaling and Scaling Business Ideas into Reality – Jeff Bezos takes Amazon from Online Bookstore to Global DominanceFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 4

Congratulations, your market testing worked and you were able to find customers, or at least one customer. Your beta test was successful and you are confident that you are ready for more. What do you do when you start getting customers or users? I recommend you do some scaling or upscaling.

What Kind of Business Should You Start? – How Mark Zuckerberg Pivoted From Rating Hotness to FacebookFind Angel Funding & Venture Capital for Business Startups, Entrepreneurs, & First Time Founders – Episode 1

When it comes to brainstorming startup ideas, new entrepreneurs and even seasoned ones scratch their heads in confusion. Living in the information age, you can scan the current market and see countless new business ideas. With so many options out there, how do you know which one is right for you?

Why Would a Doctor Abandon a Steady Paycheck to Become an Entrepreneur?

As physicians, we are expected to be compliant with rules, restrictions, and regulations. We are expected to be risk averse. We are expected to be “providers,” but not necessarily innovators or leaders. As the healthcare system becomes increasingly consolidated into large overcrowded clinics, we are required to perform to the standards set by bureaucrats and clinic managers. These rules are often at odds with the best interests of patients and with our sanity.
Page: 1234 - All