Chapter 2: How Insurance Can Save Your Medical or Healthcare Practice Millions
Part 2: Cyber Liability Insurance for Allied Health Professionals
According to a study commissioned by Hartford Steam Boiler and the Ponemon Institute , 55 percent of small businesses have experienced at least one data breach. When your medical practice stores electronic protected health information (ePHI), Social Security numbers, and credit information on its computers, these breaches are more than a small inconvenience — they could cost your practice thousands in HIPAA / HITECH fines, investigation costs, notification expenses, and credit monitoring services.
55% of small businesses have experienced at least 1 data breach.
Cyber Liability Insurance (also known as Cyber Risk Insurance or Data Breach Insurance) is designed for health practitioners operating in the digital age. If your data is stolen or leaked by a hacker or a virus, this coverage gives your business the funds it needs to combat the damages.
Your Cyber Risk Insurance may cover the cost of…
- Notifying affected parties about the breach. The new HITECH Act says HIPAA-covered entities (such as medical practitioners and health insurance providers) must notify individuals when unsecured protected health information has been breached. You also have to notify regulatory authorities of the breach. This step alone can cost thousands of dollars and countless hours. Many states require notification be sent through the mail. You may have to set up a call center if enough individuals are affected. Sometimes, medical practices create a website solely for the purposes of helping patients find resources to handle potential consequences of the incident.
- Buying credit and identity-monitoring services. Your Cyber Liability policy may pay for recovery services so affected individuals can avoid healthcare fraud and identity theft. The price of a full year of credit or identity monitoring for each data breach victim can quickly become a burden for your small practice, which is Cyber Liability Insurance is so valuable. Some policies only offer credit monitoring, while others cover both credit and identity services. Be sure to read your policy carefully to ensure you're receiving the protection you need.
- Repairing your reputation. After a data breach and the subsequent notifications, word gets out quickly that your practice dropped the ball on keeping private information safe. Fortunately, your coverage can provide the funds to launch a PR campaign to help rebuild your practice's credibility after a breach tarnishes your public image.
- Financial negotiations. If a cyber extortionist holds your data hostage or threatens an attack, your Data Breach coverage can cover the "ransom" amounts.
- Regulatory fines and penalties. Some policies include coverage for fines to pay the U.S. Department of Health and Human Services (HHS) to settle violations of HIPAA's Privacy and Security Rules.
The HITECH Act strengthens the civil and criminal penalties outlined under HIPAA. Before HITECH, HHS could not impose a penalty greater than $100 per violation or $25,000 for all identical violations in a year. The new act increases civil penalty minimums to a $100-to-$50,000 range, depending on severity, and increases the maximum penalty to $1.5 million per year. That means your private medical practice can be fined at the very least $100 for each violation to protect digital health information.
Next: Data Breach Examples: It Could Happen to You