Cyber Insurance for the Health Care industry
Being HIPAA compliant is no longer sufficient for health care providers. The Department of Human Health and Services is now levying huge fines and penalties on covered entities that do not have a comprehensive IT security system and company-wide technology policies and procedures in place. The Omnibus Final Rule- drafted by HHS- that went into affect September 23, 2013 stipulates that both healthcare covered entities and their business associates comply with the following three sub rules:
- SECURITY RULE – requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information
- PRIVACY RULE – establishes national standards to protect individuals’ medical records and other personal health information- applies to physical records.
- BREACH NOTIFICATION RULE – establishes required protocol for notifying individuals and the media depending on the size of a security breach.
Failure to follow these rules can result in fines that total $1.5 million per violation. While this doesn’t seem like a large number, keep in mind that one security breach can result in multiple violations and therefore potentially millions of dollars in penalties. Keep in mind that the government can go as far back in time as it desires to ensure every rule was followed to a “T”, which is why most healthcare companies that discover breaches end up settling for millions instead of being subjected to the time consuming -and potentially damning- audit process.
Unlike most cyber insurance policies, ECBM’s proprietary insurance policy will cover these fines and penalties in addition to all other costs and fees associated with the aftermath of a security breach.
SYSTEM DAMAGE + BUSINESS INTERRUPTION BREACH NOTIFICATION CYBER + PRIVACY LIABILITY MEDIA LIABILITY REGULATORY PRIVACY ACTIONS CYBER EXTORTION COURT ATTENDANCE COSTS CRISIS COMMUNICATION COSTS
SYSTEM DAMAGE + BUSINESS INTERRUPTION
CYBER + PRIVACY LIABILITY
REGULATORY PRIVACY ACTIONS
COURT ATTENDANCE COSTS
CRISIS COMMUNICATION COSTS