Data loss in the healthcare industry has become so prevalent that you can find a reported breach everyday in the news. RED flag rules require notification, protocol and action to contain the damage. There are 46 State Laws on the books outlining responsibilities and imposing fines. Companies that are victimized by a data breach run the risk of being non com.pliant. It's not hard to comply, and there is work involved. You should work with consultants to implement breach protocol and best practices.
Insurance to protect your healthcare practice is more affordable than it has been in the past, the terms are better than they have been in the past. Property Insurance can even extend to failure in technology so that the loss of data is partially covered by the property insurance.
The average cost of an organization's data breach just increased 7% to 7.2 Million dollars, the cost per record for early responders to the data leaks is now $268 per record. The insurance industry specialists advise that the best coverage for loss of data is a stand alone policy because the client has a separate limit of coverage. The risk is that you just dont have enought insurance available to cover the cost of recovery and notification. Stand alone policies are written for network and privacy coverage, so the terms, exclusions and definitions are really geared for this type of coverage.
It is okay to include this coverage along with your professional and general liability insurance, the idea is that some insurance for data breach is better than none. However, with cost of compliance increasing, it is compelling to have a separate stand alone policy.
Data breach laws are pressuring healthcare providers to implement programs to detect, prevent and mitigate identity theft. The California and Massachusetts standard requires that if you hold this private, valuable information, you are going to have to develop a plan outlining what you're going to do in case of losing it.
With large losses, like the theft of 1.7 million medical records taken from an unlocked and unattended van, laws like the federal HITECH act are increasingly watched and more likely to be enforced on healthcare providers. Record fines have caught the attention of underwriters. Massachusetts General Hospital was fined $ 1 Million by the U.S. Department of Health and Human Services. In fact healthcare is now in the cross hairs of rogue employees, cyber thiefs and opportunists looking to make a buck selling data to a hungry black market. Cyber liability insurance at approximately 1 Million of coverage per 1,500 annual premium is a smart risk management move for your medical practice.