Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Privacy & Network Security Insurance for Healthcare Industry


Privacy & Network Security Insurance for Healthcare IndustryNumber of Healthcare Breaches Calls for Broad Insurance Coverage

San Diego-based Identity Theft Resource Center last month released a report citing that the number of data breaches so far this year is at 411, which is a 20.5% increase over the same time period last year. What’s more, healthcare breaches continue to account for the largest percentage of the overall breaches, at 44.5%, or 183 breaches. The number of breaches occurring in the healthcare segment is further underscored by the U.S. Department of Health and Human Services (HHS), which reports that a total of 804 large breaches of protected health information (PHI) affecting over 29.2 million patients have been reported to the agency since the 2009 HiTech Act (Health Information Technology for Economic and Clinical Health) went into effect. In fact, data breaches are costing healthcare organizations an estimated $5.6 billion annually, according to the Ponemon Institute.

In 2009, the HiTech Act broadened the original HIPAA privacy and information security rules and became effective March 26, 2013, with compliance required by September 2013. Under the HiTech Act, liability of business associates of hospitals, physicians and other HIPAA-covered entities was expanded if data was released in ways that violate a patient’s privacy. It also clarified when breaches of information must be reported to the Office for Civil Rights and established new rules on the use of patient-identifiable information for marketing and fundraising. As a result, the potential for HIPAA violation following a breach are varied and numerous.

To date, the most common cause of healthcare data breaches has been the theft or loss of unencrypted portable computing devices (laptops) or digital media containing PHI. Moreover, theft was the largest cause of PHI breaches in 2013 by an overwhelming margin. Stolen devices made up over 45% of incidents reported and impacted 83.2% of all patient records breached. Other causes include the failure to erase data from the hard drives of leased office equipment and malicious hackers of networks.

The costs of a PHI breach can be significant to a health care provider regardless of how the breach occurs. You have first-party breach response costs, defense costs associated with regulatory investigations, and defense and indemnity for third-party claims. In addition, a breach can result in substantial fines and penalties for violations of the HIPAA privacy rule, the information security rule or the data breach notification rule. As a result, it’s essential that health care providers secure the proper insurance program to provide them with the resources required to respond in the event of a breach.

The type of coverage needed is Privacy & Network Security insurance (Cyber Liability), specifically designed for a healthcare organization. This includes having coverage for three types of exposure: regulatory fines and penalties, class action lawsuits and response costs. Many data breach insurance plans will cover privacy regulatory defensive penalties, including penalties or sanctions imposed by a federal, state or local regulatory body, up to a certain limit. Similar to regulatory fines or penalties, a policy can be designed to cover claims or lawsuit costs up to an amount in the event a data breach causes harm to individuals or the information breached was sensitive.  Response costs may include forensic analysis, notification and communication to affected individuals and identity and monitoring services.

In addition, security and privacy controls are critical for healthcare providers. Not only do they safeguard the data to minimize the risk of a data breach, but also they can affect cyber liability insurance premiums.

At Axis Insurance Services, we can design a Privacy & Network Security insurance program for your healthcare organization. We specialize in Cyber Liability, Errors & Omissions and Directors & Officers insurance coverage for the medical community. Give us a call at: (877) 787-5258.

Sources: PLUS, Hospital CIO, Identity Theft Resource

Comments

comments

Blogged on: August 14, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions