Exclusive: ACR Convergence 2024| Focus Rheums

An official publication of the ACR and the ARP serving rheumatologists and rheumatology professionals

Cyber Risks: A New Area of Liability for Medical Practices

  |  Issue: December 2015  |  

A good cyber policy will include payments for breach response, a major concern given HIPAA and other laws affecting healthcare providers. Among these are:

  • Notification services to efficiently contact patients as required by HIPAA;
  • Medical record and/or credit monitoring for affected patients;
  • Forensic services to find and plug the hole, as well as establish the size and scope of the breach;
  • Regulatory coverage to pay for fines from state or federal authorities; and
  • Business interruption insurance to pay the costs of maintaining your practice should a breach affect your ability to access your network.

Purchasing Additional Coverage

“You may want to purchase additional coverage, and what you get depends on how much you want to spend and what your needs are,” says Ms. Strapp. “For example, you may want to be covered if someone enters your computer and asks for money to not take down your system or to help bring the system back up after vandalism.”

ADVERTISEMENT
SCROLL TO CONTINUE

Cyber intrusions in healthcare are a newsworthy happening. You may want to include crisis management insurance to pay for press relations professionals to limit or repair damage to the practice’s reputation.

“The reputational impact can be enormous and is especially so in trust-based industries such as healthcare,” says Dr. Ponemon. “If an organization is sloppy in the control of data, what else are they doing that is less than stellar?”

ADVERTISEMENT
SCROLL TO CONTINUE

Companies Require Certain Standards before Issuing Policy

CI is not like other kinds of insurance, because you generally have to show your computer systems are reasonably secure to begin with. If they aren’t up to the standards needed, most insurance companies will suggest consultants to help upgrade systems and procedures to the minimum required.

Ms. Strapp

Ms. Strapp

In addition, insurers are usually aggressive in working with their clients to make sure their defenses are kept up to date. Many companies offer loss-control services providing access at low cost to attorneys and cyber consultants who help in risk mitigation to cyber exposures.

“Our loss-control vendors will help the practice make sure risk mitigation measures are in place,” says Ms. Strapp. “Do they have a business continuity plan? What are their plans to respond to a breach?”

A Good Broker Is Important

Finding a good broker can be a very important part of the CI process.

“Doctors are very busy doing patient care and have neither the time nor the inclination to really understand their cyber policy,” says Mr. Overly. “You should talk to an agent or broker who specializes in this type of insurance. Having this person available to make good recommendations is critical.”

Related Articles

    HIPAA and PHI Cybersecurity Best Practices in the COVID-19 Era

    When the first SARS-CoV-2 case was recorded, it was difficult to appreciate the extent to which cybersecurity concerns, particularly in connection to the protection of patient healthcare data, would enter into main­stream consciousness. Although many practices and healthcare organizations have recently adopted additional measures to safeguard patients’ protected health information (PHI) through expanded cybersecurity monitoring,…

    English Hospitals Divert Ambulances After Ransomware Cyber Attack

    LONDON (Reuters)—Hospitals and doctors’ surgeries across England were forced to turn away patients and cancel appointments on Friday after a nationwide ‘ransomware’ cyber attack crippled some computer systems in the state-run health service. The U.K. National Health Service (NHS) said 16 organizations had been affected by the cyber attack but said it had not been…