Whether you’re a doctor in a solo or group practice or in a hospital or clinic, your patients rely on you for quality care and strict privacy when it comes to their personal information. The last thing you or any of them expect is for their social security number, medical history, or other private information to fall into the hands of crooks or that your IT staff will accidentally distribute patient records over the Internet. But as we all know by now, it happens—and with increasing frequency.
This put patients' PHI at risk if it falls in the hands of crooks. But your reputation can also be rattled with a breach due to the loss of patient trust.
In a 2015 report from the Ponemon Institute, criminal attacks in health care are up 125 percent since 2010 and are now the leading cause of data breach.1 And whether through criminal theft or accidental exposure from employee negligence, the costs of exposed Protected Health Information (PHI) has dramatically increased, representing a $6 billion expense to the health-care industry. The Institute’s study noted that 76 percent of companies that experienced a breach of customer data believed it had a moderate or significant impact on their reputation, as well.
PATIENT RISKS AFTER A DATA BREACH
Adding to the stress of a security breach is the anger and anxiety your patients’ experience. They are highly concerned about who has seen their records and who will use them and how. Suddenly they must worry about dishonest people making false insurance claims, accessing their bank accounts, opening credit card accounts, taking out loans, selling their information, and the list goes on and on—all with the potential to ruin their credit scores, possibly impact their insurance rates, employment, and more.
YOUR REPUTATION CAN BE RATTLED WITH A DATA BREACH
Losing your patients’ trust because of a breach not only is heartbreaking, but also goes beyond just the data. Patients may fear that their medical information has been violated in other ways, and their fear may go beyond blaming their doctor for not handling their records according to HIPAA regulations. It can extend to grilling the physician or practice about their third-party relationships, such as billing or IT companies who often handle medical records. For some data breaches, HIPAA regulations require that a notice be published in the local media. And to add to that embarrassment, the Office of Civil Rights has a searchable database— informally known as the “wall of shame”— that publically lists entities that were fined for breaches that meet a 500-patient record threshold. And when news of data breaches hits the papers or online, patients more than likely focus on the doctor, clinic, or hospital, not the outside IT or billing company. Aside from the breach costs that can add up fast, damage control for your reputation requires expert assistance from PR firms that specialize in helping health-care businesses manage crisis communication issues.
PHYSICIANS INSURANCE CYBER COVERAGE CAN PROVIDE VALUABLE ASSISTANCE
New and expanded coverage provided by a Physicians Insurance endorsement on your medical malpractice coverage can help protect you and your patients from risks—whether simple negligence or rogue employees, unencrypted data or outsourced IT. Physicians Insurance includes a basic level of coverage as part of its standard physician and clinic policies, and higher limits for increased protection are available.
Your cyber coverage includes more than a comprehensive insurance policy. In the event of a breach, you have a team of cyber specialists that will quickly help you respond to the incident, address regulatory concerns, and move swiftly to help you restore your practice. Your cyber response team will be led by an expert cyber attorney who is familiar with healthcare- specific privacy matters and has the experience to coordinate the right IT, legal, and PR partners that are aligned around one goal—protecting your practice.
In addition to supporting you in the event of a claim, we also provide extensive resources to help you avoid a claim in the first place. Your cyber insurance policy includes an online Cyber Risk Management web portal, complete with online training material to help you and your staff implement safe patient-data practices. The website also provides valuable information and sample documents to guide you in implementing effective security policies and procedures. These tools are customized to help you and your staff effectively manage patient data, as well as comply with state and federal guidelines.
In brief, the cyber policy covers:
- Breach response costs, such as costs for PR, patient notifications, and patient support/credit monitoring
- Defense costs and damages resulting from liability for privacy or security breaches, including liability resulting from acts of third-party associates
- Defense costs, fines, and penalties for privacy regulatory investigations by a federal, state, or law agency
- Reimbursement for damaged or lost data, income loss, business interruption expenses and other related costs incurred due to acts of cyber terrorism, damage or destruction of hardware or electronic media, or mistakes made by your employees or business associates in the handling of your computer system or data
- Coverage for extortion expenses and extortion monies incurred as a direct result of cyber extortion threats
- Defense costs and damages resulting from liability for copyright/trademark infringement, libel, and plagiarism
Physician Insurance also makes available cyber breach policies with higher limits. We can help you connect with a broker who can supply this additional coverage.
Contact Physicians Insurance for rate information about standard and higher limits coverage at 1-800-962-1399 or visit www.phyins.com/cyber for more information.