Why Medical Practitioners Need Cyber and Small Business Insurance
By Ashley Curren, SEO and Content Marketing Manager at Coverhound & Cyber Policy
Your primary focus as a medical practitioner is on providing quality care to your patients, and your dedication to patients’ health and safety shows in every interaction. It’s an unfortunate reality that complications can occur when it comes to the human body, and that the shift toward electronic patient health records can open small practices to cyber security breaches.
You’ve worked hard to get where you are today, but you could lose your assets—even personal ones—without adequate protection in the face of lawsuits and cyber data hacks. Just as professional liability insurance protects practitioners against malpractice lawsuits, cyber insurance helps minimize damage and offset costs in the face of an electronic security breach.
In 2015, 253 healthcare breaches affecting 500 or more individuals resulted in the loss of over 112 million records, according to information from the U.S. Department of Health and Human Services Office for Civil Rights. Consider this a wake-up call as to why medical practitioners need cyber and small business insurance, and make sure your organization has measures in place to adequately protect your patients and your assets in a rapidly evolving healthcare landscape.
Legal Aspects of Business and Cyber Insurance
Some states legally require medical professionals to carry a certain amount of professional liability coverage just to operate. As the U.S. Small Business Administration outlines, professional liability insurance (also called errors and omissions insurance) “protects your business against malpractice, errors, and negligence in provision of services to your customers.”
Medical practices also have a legal and ethical responsibility to react properly to cyber security breaches that compromise their electronic records. The Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule “requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.” Similarly, the Federal Trade Commission (FTC) issued its Health Breach Notification Rule, which requires breached businesses to notify all affected individuals, the FTC, and media channels if the breach affects 500 or more records.
Costs of Suits and Security Breaches
Being a healthcare provider means doing your absolute best to use your knowledge and skillset to diagnose and treat patients. The field is vast, and even experienced and highly qualified professionals may not be able to achieve the perfect outcome in every case. According to the National Association of Insurance Commissioners, medical professional liability insurance coverage encapsulates bodily injury, property damage, and personal injury liability like mental anguish. Without the right amount of coverage, these claims can rack up quickly and threaten to put you out of business fast.
To provide accurate health care for your patients, you depend on referencing their medical records. But what about third-party hackers who are also trying to access patient information for malicious intent? Your medical practice can ultimately pay the price in the event of a cyber security breach. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data found a 125 percent growth in healthcare-related data breaches over a five-year period. As Modern Healthcare reports based on the Ponemon Institute’s findings, the average cost per personally identifiable healthcare record in the U.S. was $398, compared to $363 worldwide. Both totals dwarf the global average cost per record across all industries of $154. Based on the above information, there’s no denying that patient healthcare records containing personal information are valuable enough to steal, and medical practitioners can end up paying large sums if their organizations are the victims of a data security breach.
What Can Small Business and Cyber Insurance Cover?
Professional liability insurance pays for the cost of legal defense against malpractice claims up to the policy limit, but does not cover losses in the case of dishonest or intentional acts, per the Insurance Information Institute (III). The same source cites that these policies generally have a deductible between $1,000 and $25,000. As court costs can be expensive, it’s crucial for medical practitioners to protect themselves with the right amount of business insurance to mitigate their risk.
How can cyber insurance help medical practitioners handle the aftermath of a cyber breach and offset potential hefty costs? As CIO Magazine outlines, a thorough policy will generally cover:
-Investigation (including finding the scope of the breach and figuring out how to prevent repeat incidents)
-Business interruptions and losses (including coverage against losses resulting from downtime, data recovery, and crisis management)
-Privacy and notification procedures (including following legal guidelines for informing patients and credit monitoring for affected individuals)
-Lawsuits and extortion (including settlements, fines, and other legal expenses)
Notifying patients comes with associated costs. The California Office of Privacy Protection cites one study that found that direct costs like printing, mailing, and legal fees accounted for 34 percent, while 66 percent of costs were indirect and resulted from lost customers. It’s not always possible to completely counteract the effects of a data breach, but taking these proactive measures can help assure patients that you care about doing everything in your power to minimize the damage associated with a security breach. It can also keep your business afloat following a hack and get you back on track.
Healthcare professionals work hard to help their patients, but nobody can foresee every possible scenario. Protect your healthcare business before an unfortunate incident occurs by finding the right professional liability coverage and cyber insurance for your current and future needs.