Cyber Liability - Protecting Against Security Breaches in Medical Practices

Now that physicians are learning to work with the new provisions of the Accountable Care Act, many are taking the time to look at some of the issues that have arisen, specifically regarding cyber insurance and risk management.

A major issue for physicians and their patients’ confidentiality is cyber liability. For many, this issue covers everything from a security breach due to a hacker, to an employee leaving a business laptop open at a restaurant.  Cyber liability is not only something that is now emerging, but poses a real potential danger to most businesses, including medical practices.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires most allied health professionals to follow certain rules, regulations, and guidelines in order to protect their clients' and patients' privacy and medical information.  According to HIPAA, nearly 21 million Americans have had their medical records lost or stolen since 2009. Still, some physicians who are conscientious and cautious about other areas of their practice haven't let their risk management programs catch up with the new and emerging ways that patient data can potentially be breached.

In today’s fast-paced, electronic society, most physicians use smart phones; however, they may not be using sophisticated security features to protect patient files, messages, or other data that is sent to them. If a smart phone is lost or stolen, falls into unauthorized hands, or even hooks up to the wrong Wi-Fi network, patient data may be compromised.

Many small businesses these days store data in the “cloud”, even if it's just for backup purposes. It's important to realize that your data isn't always protected by the “cloud” provider's policy, and a breach in their security means a breach in your security.

Despite these real risks, some in the medical community believe cyber insurance can be avoided by simply attempting to manage the exposure more effectively. The first and most important line of defense is to manage your risk immediately and to take every possible precaution. Cyber insurance is an important and affordable risk-management tool for physicians and practices interested in defending themselves, and their patients, against the risk of security breaches. Medical practices, like any good business, must take responsibility for risk management and have the right insurance coverage in place, whether it’s purchasing insurance coverage for your office building and equipment, or your professional liability exposure. 

Cyber-insurance coverage is neither automatically included in your General Liability policy, nor automatically covered in your Medical Malpractice policy. Cyber insurance policies are separate products and are available with various deductible options and limits of liability. Cyber insurance is a good example of an insurance product providing more than just payment if a claim occurs. The real value of cyber insurance is the available response services. These services allow a policyholder, a medical practice for example, to quickly and efficiently respond to a security breach. If you are a small to mid-sized medical practice, do you have staff that can drop everything they are doing in running your day-to-day practice and immediately reach out to all patients, inform them of a breach, answer their questions, search for and contract with a company to monitor patients' credit profiles for up to a year or more, and coordinate with your attorney? There are also additional measures that need to be taken while following state and federal regulations. Most practices aren't in a position to take on all of this extra responsibility, all while keeping the office running smoothly and continuing to generate revenue. 

Listed below are a few areas to think about and how they would impact your day-to-day practice in the event of a security breach:

  • The value and peace of mind in a having a single point of contact for the policyholder to quickly notify the patients and satisfy any regulatory requirements.
  • The ability to reassure your patients, while providing a qualified and knowledgeable third party to answer their questions.
  • The need to find the source of the breach and quickly correcting it to prevent future breaches.
  • The need to provide coverage for third-party liability and indemnify third parties who have been damaged.
  • Having regulatory coverage in the event of fines, penalties from the state or federal government.
  • Offering risk-management tools, like educational programs and webinars for your staff. 

Responding effectively to a security breach can mean the difference between your practice staying in business or closing its doors.  Patients will trust the practice if it can show a quick and seamless response to a security breach. Offering credit monitoring and other measures to reassure patients will also be of benefit to a medical practice and its patients.

In reality, people will continue to find new ways to access/hack confidential data, and human error and disgruntled employees will also never go away. To protect the practice and cover areas that could be affected by a security breach (ie: financial, regulatory, reputation, legal), physicians should speak with a trusted insurance agent who understands medical-practice issues and cyber-insurance options. Being educated and knowledgeable about cyber risk is only half the battle. Protecting your practice and the confidentiality of your patients’ medical records by implementing effective risk management practices and purchasing the recommended cyber insurance coverage will provide you with peace of mind that you have taken the appropriate steps to mitigate your liability. 

At Meadowbrook Insurance Group, we continually look for proactive ways to help your practice mitigate these risks.  As a valued member of Michigan Physicians Society, you will receive free access to Safetysurance, our online risk management platform, which contains a multitude of cyber-risk resources.  

by Meadowbrook Insurance Group

Contact MPS today for your complimentary Comprehensive Insurance Review and you access to Safetysurance, an online risk management platform, which contains a multitude of cyber-risk resources.  FREE to all MPS members!

Cutting Healthcare Spending - Big Data, Hospital Costs, and Outcomes

According to the federal Agency for Healthcare Research and Quality (AHRQ), inpatient hospital costs account for nearly 30% of healthcare spending in the United States and are increasing by about 2% per year over inflation. This cost issue is a focus of the Affordable Care Act, which is accelerating the move away from fee-for-service to a single, diagnosis-related comprehensive payment, similar to Medicare reimbursement. Such payment systems punish unnecessary testing, prolonged hospitalization, and readmissions.

Is Medical Science Dead? - Art, Science, and Quackery

On April 8, 1966, Time Magazine caused a national commotion when the issue’s cover was emblazoned with the question, “Is God Dead?” The Time article was a measured consideration of how society was adapting to the diminishing role of religion in an age of stunning scientific advances. The writer posited that people would no longer believe things out of received doctrine, but faith would steadily succumb to the scientific method as mankind unraveled the truths of the physical world at the expense of the myths of the metaphysical.

IMPACT OF ICD-10 - Increases Billing Accuracy, Headache for MDs and Patients

I strongly suggest that a pledge to read a synopsis of the philosophy of the 13th century Franciscan William of Ockham on a weekly basis be inserted in the oath of office taken by every government employee. Clearly highlighted should be his nominalist doctrine, Ockham’s razor, which avows that the best solution to a problem is usually the simplest. Pare to a minimum the number of confounding variables.

How do we treat pain? - Unrealistic Goals Leading to Opioid Addiction

In the weekend review from ACEP, two articles caught my attention. The first one was on new guidelines from the American Society of Addictive Medicine on the use of prescription medication to treat opioid addiction. These guidelines were created soon after the Centers for Disease Control and Prevention (CDCP) declared opioid use and resultant death as an epidemic. The second article refers to a study showing that pain is underdiagnosed and undertreated in the ED. This is the challenging dichotomy we live and work in.

Drowning in the Fountain of Youth - Genetic Predisposition

Recently I read in a New York Times magazine article that the 130th richest man in the United States wants to match his age with his Forbes magazine wealth ranking. His riches have not bought him a unique, scientifically-formulated elixir for immortality; nor is he a wacky proponent of perpetual hyperbaric oxygen chambers or cryogenics.

Yelp May Not Help

Concomitant with the metamorphosis of the practice of medicine into the business of healthcare delivery, patients have been transformed into customers. Healthcare providers compete not only on the basis of outcomes, best practices, centers of excellence, advanced technology and cost, but also on customer service

Find and Replace: Genetic Engineering in Science and Medicine

Shakespeare’s Hamlet proclaimed, “What a piece of work is a man,” but now, almost half a millennium later, this could be amended to what a set of sequences is man. The nobility, reason, infinite faculty and admirable form can be attributed to the 20,000 or so genes that contain the chemical code for specific protein formation

HIPAA Protects Millions with Unintended Consequences

The Health Insurance Portability and Accountability Act (HIPAA) was endorsed by Congress in 1996 and was the last significant legislative legacy of Senator Ted Kennedy. It is enforced by the Office for Civil Rights and mandates nationally recognized regulations for use and/or disclosure of an individual's health information by a “covered entity”. Such an entity is a health plan, healthcare clearinghouse or healthcare provider.

Studies Prove Communication and Teambuilding Training a MUST for Surgical And Hospital Staff

Although individual judgment and technical dexterity are obviously important, best surgical outcomes, particularly for complex procedures, reflect the performance of many medical providers before, during and after an operation. Professionalism and a competitive business environment both stimulate medical centers to continuously focus on quality assurance programs, and to improve patient safety.

Death Rates Plunge Due to Following Protocols, Not New Technology

We are regaled in the lay press about new medical breakthroughs a novel cholesterol-lowering drug mimics the effects of a genetic mutation and improves lipid profiles when conventional treatment is ineffective; new cancer therapies are tailored medications designed to specifically attack tumor cells without the nonspecific toxicity of conventional chemotherapy; hepatitis C can be cured by short-term oral agents, not prolonged courses of parenteral infusions; mitral valves can be repaired percutaneously without the potential risks of extracorporeal circulation.

How to Grow Your Medical Practice Online

Here at Michigan Physicians Society, we’re dedicated to the financial betterment of physicians by providing continuing education and technology, along with an extensive network of other like-minded professionals in our space....
Page: 1234 - All