Chapter 2: How Insurance Can Save Your Medical or Healthcare Practice Millions
Part 2: Cyber Liability Insurance for Allied Health Professionals
Data Breach Examples: It Could Happen to You
The cost of HIPAA and HITECH violations is enough to devastate a small business. Take a look at a few of the staggering fines HHS has doled out in the past few years:
- In 2009, Blue Cross Blue Shield of Tennessee was fined $1.5 million by the Department of Health and Human Services for security violations related to a data breach.
- After patients complained about unauthorized individuals viewing their records, the University of California at Los Angeles Health System received a fine of $865,500 in 2011.
- In 2011, Cignet Health in Maryland received a whopping civil penalty of $4.3 million for violating a HIPAA rule. The company denied 41 patients their medical records, which accounted for $1.3 million of the fine. The other $3 million came from Cignet Health's failure to cooperate with the HHS investigation.
- In 2013, WellPoint, Inc. (an Indiana-based company) agreed to pay a $1.7 million fine to the HHS over a breach of its unsecured ePHI.
Though it may seem as though large hospitals make a better target for cyber thefts and security breaches, it's small businesses that are most often the victims. According to a study by Verizon Communications Inc., about 72 percent of the 855 data breaches worldwide in 2011 were at companies with 100 or fewer employees.
72% of data breaches in 2011 happened at small businesses.
The Office of Civil Rights notes that 69 percent of all HIPAA violations of 500 or more items are a result of human error, such as losing a thumb drive with notes about your patients' therapy sessions. Even if you take every precaution to guard your patients' electronic health records, there's always a chance you could make a costly mistake.
That's why it's better to err on the side of caution and have a plan in place (i.e., get covered with cyber liability insurance) to help get you out of a serious financial jam and ensure you do everything in your power to protect your patients' health information. After all, according to HIPAA regulations , protecting patient data is your responsibility.
69% of major HIPAA violations result from human error.
Next: Chapter 3: How to Fill the Gaps Left by Standard Insurance Policies