With the government’s emphasis on the use of electronic health records (EHR) by health care providers, more practices are dealing with not only installing but maintaining expensive new billing and records systems. With EHR, however also come new security concerns, raising the need for cyber insurance.
What is cyber insurance?
Simply put, cyber insurance is a policy that protects the practice from data breaches, which can cause valuable patient data to be compromised, resulting in embarrassment and lawsuits for the practice and loss of peace of mind for the patient.
Cyber insurance pays for out of pocket expenses of hiring forensic cyber experts to find and remedy the cause of a breach, mailing or other expenses involved in contacting those affected as well as providing credit monitoring to reduce the chances of early problems resulting from a possible theft.
What are the consequences of a data breach?
For breaches arising though you practice’s website, expenses can include fines and other costs, especially legal and public relations expenses if patients should be harmed through a careless or malicious employee. In addition, your practice’s reputation could be irreparably harmed as word spreads among patients, costing you revenue far into the future.
What kind of coverage makes a good cyber policy?
A good cyber insurance policy should cover the following areas of a practice:
- Electronic medical records (EHR)
- Online scheduling
- Online prescriptions and ordering
- Breaches in emails between patient and provider
- Loss of income to the provider in the event of a data breach or similar cyber-incident
Isn’t cyber coverage already included in my general liability coverage?
While most medical practice liability policies cover errors and other mishaps directly related to the practice, cyber insurance is usually an add-on item and can be purchased separately, often by the same company who insures the overall practice. Because regular liability insurance often limits cyber coverage to $50,000 (which is still better than nothing) your insurance agent may be able to recommend another cyber-specialty carrier with reasonable rates.
How can a practice minimize cyber risks?
The U.S. Department of Health and Human Service (HHS) site suggests these guidelines in preventing breaches in the first place:
- Create strong passwords – ideally avoiding existing words – and change them on a regular basis.
- Install anti-virus software and update as needed.
- Use a reliable fire wall.
- Control user access to sensitive patient and network information – designate one or two users to minimize too many staffers having access to data.
- Control physical access to the computers and other data storage devices.
- Put an emergency data breach plan in place and practice before the need arises.
- Protect any mobile devices, such as smartphones or tablets, used to store patient data.
- Encourage a culture of security-consciousness among providers and staff.
Are your vendors secure?
Finally, if partnering with a vendor or third party with whom you regularly do business, be sure that their systems are secure and updated regularly. M-Scribe Technologies, LLC, takes pride in their state-of-the-art cyber security measures. Clients are assured of the highest standards of safety, protection and confidentiality of claims, patient data and all documentation. Contact M-Scribe today for a confidential free analysis of how they not only save money by reducing reimbursement rebilling but ensure that your practice is fully compliant for all industry and governmental regulations.