Doesn't HIPAA Protect Practices Against Cyber Liability Insurance Claims?
Examining how a cyber liability insurance policy is a necessity for most medical practices.
Online access has taken over our culture. Almost everyone has Internet access,
a cell phone that can instantly send and receive data, and the option to communicate at the tip of our fingers. Medical offices are no different, and as our world turns more to technology for communication and data storage, our views on privacy and protection of personal information must also shift. Medical professional liability insurance has long protected physicians and other healthcare professionals from malpractice insurance issues. There are broad policies that include some aspects of a cyber liability insurance policy, but in order to ensure that your practice is fully protected, it's best to get a separate and dedicated policy altogether.
Doesn't HIPAA Cover Us?
The Health Insurance Portability And Accountability Act addresses the security and privacy of medical and health data. Within the policy, it is explained that healthcare practices must protect or encrypt private health information and verify the true identity of the people they are speaking to; it also explains use of the National Provider Identifier (NPI) to identify and verify covered healthcare providers. The HITECH Act deals specifically with the electronic transmission and storage of private health information. Practices are required to inform patients when a technological breach has occurred, to ensure they are aware of any potential risks to their identity or access to their personal health records.
While some healthcare practices may think that the regulations and restrictions that HIPAA places upon their offices are sufficient to ensure that their patients' records stay secure, this is not the case. HIPAA is there to protect not the healthcare provider, but the patient. The regulations are meant to provide procedural guidance and expectations for how private information should be secured, but physicians, hospitals, practices, and other practitioners can easily be sued.
How Serious Does It Have To Be?
For a claim, the infraction that causes the leak could be seemingly and incredibly insignificant. A single wrong key pressed for an email address can inform the wrong person of private lab results. Specific patient details written on an employee's private blog can identify a real patient, who then has the right to make a cyber liability insurance case. Even an email communication between two employees that specifically discusses a particular patient can fall into the wrong hands and spark a lawsuit.
Many cyber liability coverage options that are included as a small section of a broad policy are nowhere near sufficient enough to cover realistic damages from this type of suit. Many patients, especially those with serious illnesses or sensitive medical issues, do not want their information shared in any way, shape or form. The patient has HIPAA on their side, but what do the providers have? Malpractice cases rely on medical professional liability insurance, whereas Internet and technology issues require dedicated cyber liability plans.
For more information, talk to your healthcare insurance provider today. Simply call and ask for detailed information on a cyber liability insurance policy, or check the existing coverage for this new but unavoidable threat.