A data breach that puts the personal financial and medical records of your patients at risk may not be a large-scale cyber attack by criminals. Patient data may fall into the wrong hands easily.
Data breaches may be caused by something as simple as leaving a laptop in an unlocked car, leaving files behind at a local coffee shop, accidentally throwing away unshredded documents, a common computer virus or stolen electronics. Other common threats include hacked office email accounts and unauthorized access by former employees or vendors.
More than 1,000,000 U.S. patients may be affected by data breaches every month, according to the most current data of the U.S. Department of Health and Human Service Office for Civil Rights.
Data breach coverage may be one way to protect your patients and your practice if your information is compromised. This specialized coverage is typically added to your business owner’s protection policy and may be important to your dental practice for many reasons:
The sensitive nature of medical and financial data may make it more valuable to hackers and criminals and potentially more likely to be targeted. Dental practices may commonly have several types of sensitive patient data to protect including personal information, credit card information and patient medical records.
Credit card information may be used to make fraudulent purchases while personally identifiable information, including birth dates, names, addresses, and social security numbers may be sold and used for identity theft, opening lines of credit, filing fake tax returns, sending spam or phishing and potentially even blackmail. Patient medical records may be used to make fraudulent insurance claims or buy prescription drugs.
In 2015, Forbes Magazine reported that breaches cost the healthcare industry more than $5.6 billion per year. A 2018 IBM study found each compromised record costs an average of $148 for data breach recovery and related expenses.
Common post data breach coverage costs may include:
These services may be included in data breach coverage, making it potentially possible to mitigate these costs in the event of a data breach.
The data breach coverage of some insurance carriers includes prevention measures, to protect patient data and decrease the likelihood of a data breach such as a cyber attack. Consult with an expert in data security in the dental market to assist you.
These prevention measures may potentially include staff training, network security recommendations, backing up data, the use of antivirus software and developing modern data storage best practices that include plans for mobile devices and cloud storage.
Depending on the details of your policy, professional data breach management may be included. While this service may vary, it’s typically understood as fast action to minimize the impact of damage done by the breach, secure patient information again, fulfill regulatory requirements and notify the affected patients.
For breaches involving less than 500 patients, you may be required to notify all the affected patients as well as the U.S. Department of Health and Human Services.
For breaches involving more than 500 patients HIPAA may require a more comprehensive response including a forensic investigation, a call center for patient questions and concerns, identity-monitoring services, record segmentation and publishing a press release in your local newspaper or other media in less than 60 days (also known as good faith advertising).
The Breach Notification Rule of the Department of Health and Human Services details the current HIPAA regulations should you or your practice ever be affected by a data breach.
Including data breach coverage in your business owner’s protection policy may help you to protect your dental practice as part of your comprehensive risk management strategy. Although cyber threats may not be visible to the naked eye, the financial and legal impacts of a data breach may be potentially devastating to an unprotected business, entrusted with the personal and financial information of patients. Any business that handles private business, customer, patient, or employee data is at risk and should consider data breach coverage.
About Treloar & Heisel
Treloar & Heisel is a premier financial services provider to dental and medical professionals across the country. We assist thousands of clients from residency to practice and through retirement with a comprehensive suite of financial services, custom-tailored advice, and a strong national network focused on delivering the highest level of service.
Insurance products offered through Treloar & Heisel, LLC.
Treloar & Heisel and Treloar & Heisel Risk Management are divisions of Treloar & Heisel, LLC.
All policy definitions and examples are meant for general illustrative purposes only. Please refer to the terms of your insurance contract for the governing definitions.
Treloar & Heisel, LLC. does not provide legal advice. Please consult a professional for questions about this topic.