Now that physicians are learning to work with the new provisions of the Accountable Care Act, many are taking the time to look at some of the issues that have arisen, specifically regarding cyber insurance and risk management.
A major issue for physicians and their patients’ confidentiality is cyber liability. For many, this issue covers everything from a security breach due to a hacker, to an employee leaving a business laptop open at a restaurant. Cyber liability is not only something that is now emerging, but poses a real potential danger to most businesses, including medical practices.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires most allied health professionals to follow certain rules, regulations, and guidelines in order to protect their clients' and patients' privacy and medical information. According to HIPAA, nearly 21 million Americans have had their medical records lost or stolen since 2009. Still, some physicians who are conscientious and cautious about other areas of their practice haven't let their risk management programs catch up with the new and emerging ways that patient data can potentially be breached.
In today’s fast-paced, electronic society, most physicians use smart phones; however, they may not be using sophisticated security features to protect patient files, messages, or other data that is sent to them. If a smart phone is lost or stolen, falls into unauthorized hands, or even hooks up to the wrong Wi-Fi network, patient data may be compromised.
Many small businesses these days store data in the “cloud”, even if it's just for backup purposes. It's important to realize that your data isn't always protected by the “cloud” provider's policy, and a breach in their security means a breach in your security.
Despite these real risks, some in the medical community believe cyber insurance can be avoided by simply attempting to manage the exposure more effectively. The first and most important line of defense is to manage your risk immediately and to take every possible precaution. Cyber insurance is an important and affordable risk-management tool for physicians and practices interested in defending themselves, and their patients, against the risk of security breaches. Medical practices, like any good business, must take responsibility for risk management and have the right insurance coverage in place, whether it’s purchasing insurance coverage for your office building and equipment, or your professional liability exposure.
Cyber-insurance coverage is neither automatically included in your General Liability policy, nor automatically covered in your Medical Malpractice policy. Cyber insurance policies are separate products and are available with various deductible options and limits of liability. Cyber insurance is a good example of an insurance product providing more than just payment if a claim occurs. The real value of cyber insurance is the available response services. These services allow a policyholder, a medical practice for example, to quickly and efficiently respond to a security breach. If you are a small to mid-sized medical practice, do you have staff that can drop everything they are doing in running your day-to-day practice and immediately reach out to all patients, inform them of a breach, answer their questions, search for and contract with a company to monitor patients' credit profiles for up to a year or more, and coordinate with your attorney? There are also additional measures that need to be taken while following state and federal regulations. Most practices aren't in a position to take on all of this extra responsibility, all while keeping the office running smoothly and continuing to generate revenue.
Listed below are a few areas to think about and how they would impact your day-to-day practice in the event of a security breach:
- The value and peace of mind in a having a single point of contact for the policyholder to quickly notify the patients and satisfy any regulatory requirements.
- The ability to reassure your patients, while providing a qualified and knowledgeable third party to answer their questions.
- The need to find the source of the breach and quickly correcting it to prevent future breaches.
- The need to provide coverage for third-party liability and indemnify third parties who have been damaged.
- Having regulatory coverage in the event of fines, penalties from the state or federal government.
- Offering risk-management tools, like educational programs and webinars for your staff.
Responding effectively to a security breach can mean the difference between your practice staying in business or closing its doors. Patients will trust the practice if it can show a quick and seamless response to a security breach. Offering credit monitoring and other measures to reassure patients will also be of benefit to a medical practice and its patients.
In reality, people will continue to find new ways to access/hack confidential data, and human error and disgruntled employees will also never go away. To protect the practice and cover areas that could be affected by a security breach (ie: financial, regulatory, reputation, legal), physicians should speak with a trusted insurance agent who understands medical-practice issues and cyber-insurance options. Being educated and knowledgeable about cyber risk is only half the battle. Protecting your practice and the confidentiality of your patients’ medical records by implementing effective risk management practices and purchasing the recommended cyber insurance coverage will provide you with peace of mind that you have taken the appropriate steps to mitigate your liability.
At Meadowbrook Insurance Group, we continually look for proactive ways to help your practice mitigate these risks. As a valued member of Michigan Physicians Society, you will receive free access to Safetysurance, our online risk management platform, which contains a multitude of cyber-risk resources.
by Meadowbrook Insurance Group
Contact MPS today for your complimentary Comprehensive Insurance Review and you access to Safetysurance, an online risk management platform, which contains a multitude of cyber-risk resources. FREE to all MPS members!