Are you covered?

‘General liability and property insurance don’t necessarily cover a breach’
Friday, March 6, 2015

WASHINGTON – The recent data breach at Anthem should have HME providers assessing the security of their own data, especially patient health records, industry stakeholders say.

“Any time you have a disaster or a loss, it gets people talking and thinking,” said Tim Able, director of sales and marketing for Akron, Ohio-based SeibertKeck Insurance. “Anthem has billions in resources and they couldn’t stop this.”

In February, the insurance giant announced that as many as 80 million customers may have had their account information stolen.

While Anthem joins other high-profile breaches, such as those at Target and Sony, as a healthcare company, its data is protected by the Health Insurance Portability and Accountability Act, which requires another level of protection and outlines steps providers must take in the event of a breach.

“Anthem was mitigating this pretty quickly and putting people on notice,” said Denise Leard, a healthcare attorney with Brown & Fortunato in Amarillo, Texas. “I also think the reason they discovered the breach so quickly was because of their HIPAA policies.” 

In this day and age, data breaches will only become more frequent and providers need to take a hard look at their own businesses, says Leard.

“I think there are still a lot of providers who don’t have the resources to have a robust plan,” she said. “Maybe the IT guy is the owner’s son, so they don’t have a real structured plan.”

It’s not only electronic records that are vulnerable, reminds Able.

“No firewall in the world is going to stop a disgruntled employee from just grabbing 100 files from a cabinet and doing something bad with them,” he said.

Now’s a good time for providers to also assess their insurance policies and consider cyber liability insurance, says Able. A breach can be financially devastating—costs can include notifying all affected parties, offering at least 12 months of credit monitoring services, and putting in place public relations and crisis management plans. 

“General liability and property insurance don’t necessarily cover a breach,” he said. “Cyber liability didn’t even exist seven years ago.”