Cyber Liability and HIPAA Compliance

December 30, 2020 •

Every day the world becomes more digitized as we move more and more data into the cloud. All industries gain efficiency, automation and increased performance. This is especially true in healthcare where patient records have become more accessible to providers, allowing them to give us better care and improve health outcomes. We welcome the efficiency but must remain aware of the risks that are assumed when going digital. Any organization that stores patient data is exposed to a potential data breach.

In 2018, the US saw a spike in data breaches and exposed records. The number of exposed records was 471 million, and almost 1,257 data breaches were recorded. According to the 2020 Thales Data Threat Report conducted by International Data Corporation, almost half of companies in the US have faced data breaches at some point. We can see that as more organizations are making use of electronic devices to store and transmit data and conduct tasks efficiently, the number of data breaches are surging.

What Happens If A Data Breach Occurs?

If your healthcare organization experiences a data breach, not only will you have to deal with the same inconveniences as other types of companies – things like data recovery/restoration expenses, costs of informing your customers, and reputational harm – but you will have to face the regulatory consequences of HIPAA – the Health Insurance Portability and Accountability Act. According to HIPAA, you must notify the public health department immediately and notify patients whose data was stolen or unsecured. Failing to communicate in a timely manner will result in increased fines.

HIPAA Protects Patients and Customers, Not Healthcare Organizations

HIPAA was enacted in 1996 with the goal of protecting patients and their personal data from being mishandled either by mistake or deliberately. This data includes identifying information, personal health information, credit card numbers, social security numbers, and more; and is extremely valuable to hackers. HIPAA motivates organizations to take the utmost precaution in handling patient data while assuring patients their data will be kept private and safe, with major consequences if there is a violation.  A violation can severely affect the organization’s credibility and financial standing, while triggering fines, civil court cases and even criminal cases.

Read more: What is the cost of a HIPAA violation?

Due to the staggering increase in data breaches, and the increased vulnerability of health data compared to other types, healthcare businesses must protect themselves with cyber liability insurance. It provides a financial safety net as well as assistance from experts when dealing with the fallout of being the victim of a cybercrime.

Healthcare Small Businesses are at Risk

Small business healthcare organizations- such as med spas, dentists, privately owned physical therapist or doctor offices- might think they would fly under the radar of cybercriminals due to their size, but this is far from the truth. Small businesses are a major target because hackers know they have weaker cyber security defenses, typically more lax procedures when it comes to transferring and handling data, and less money to spend on fighting cyber-crimes when they do occur.

When it happens, HIPAA is not your friend. Remember, HIPAA is to protect patients, not covered entities. Fines will be due and lawsuits will begin at the same time you may be trying to recover data, conduct forensic investigations and answer to the media. Because of the potential exposure and damaging effects brought on by one data breach, it is crucial for these small businesses to have a detailed plan for their cyber security that includes a cyber liability insurance policy.

What does Cyber Liability Insurance do for healthcare organizations?

Cyber coverage assists the insured organization following a data breach by covering their costs, guiding them in handling lawsuits or restoring their credibility as a business, and helping to communicate the breach to clients.

A good cyber policy is tailored to the needs of the business, so you pay for only the coverage you need. A small med spa or private dentist office has wildly different needs than an entire hospital system. NOW Insurance provides three different coverage levels to meet the needs of a variety of healthcare clients.

At a minimum, your policy should cover data breach expenses, network security, privacy liability and regulatory fines and penalties. Additional coverages smaller business find necessary are business interruption costs, data recovery/restoration expenses and network extortion (due to the rise in ransomware attacks).

You Still Need Professional Liability (and Probably General Liability)

It’s important to note that cyber coverage will cover the costs of a virtual cyberattack and the associated HIPAA fines may also fall under the cyber coverage. However, you must still carry professional liability to protect your business from internal errors and omissions and any HIPAA violations not related to a cyber breach. Accidental emails sent, physical copies of patient records left out for anyone to see or take, and even maximum disclosure of a patient record when minimal disclosure was required. These are just a few examples of simple mistakes that can turn into a big HIPAA headache. A NOW Insurance Professional Liability policy automatically include a $25,000 HIPAA sub-limit to provide peace of mind for healthcare organizations and on individual policies for nurses, nurse practitioners and other medical personnel who purchase a policy for themselves.

Cyber Risk Assessment for Healthcare Organizations

Every company should take stock of their cyber risk. We have a free cyber risk assessment tool that will help quantify, benchmark and mitigate the financial impacts of a cyber-attack on your healthcare company. The findings can help guide you in making immediate improvements to your online systems, and in choosing the appropriate level of cyber security insurance.

Get a quote in minutes with our simple online cyber application. You might be surprised at how affordable it is with NOW Insurance.

Compare our professional and general liability quote to your current policy. We tailor your policy exactly to your needs, so you don’t pay for extra coverage you don’t need.

Learn more about NOW Insurance.