Electronic data breach insurance for physicians has emerged in the past few years, as state and federal authorities set down notification requirements and fines for noncompliance, according to a report by the American Medical News.
A $1 million policy for a practice of five or fewer physicians averages $5,000 a year, covering notification costs, credit monitoring for those affected, a PR agency for reputation rebuilding, an investigation into the breach, legal defense and any compensatory damages, judgments and settlements. However, boilerplate policies do not cover fines. The report did not discuss data breach insurance for hospitals.
In any breach involving 500 or more patients, the federal HITECH act requires hospitals, practices and other healthcare providers to notify affected patients, HHS and local media. The law also sets penalties of up to $1.5 million per violation for noncompliance. However, a provider is not required to take these actions if data is encrypted.
The costs of a data breach have risen to more than $200 per patient for notification and loss of income. A Dec. 2010 survey of practices that have not yet installed electronic medical records found 30 percent do not use anti-virus software, 34 percent do not use network firewalls and 28 percent do not encrypt their networks.
Read the American Medical News report on data breach insurance.
Read more coverage on data breaches.
- 10 Hospitals and Health Systems That Reported Data Breaches in 2010
- Fraud Solutions Company Forecasts Top Security Issues for 2011
- Laptop Stolen From Dean Clinic Physician Had 3K Patients' Information
A $1 million policy for a practice of five or fewer physicians averages $5,000 a year, covering notification costs, credit monitoring for those affected, a PR agency for reputation rebuilding, an investigation into the breach, legal defense and any compensatory damages, judgments and settlements. However, boilerplate policies do not cover fines. The report did not discuss data breach insurance for hospitals.
In any breach involving 500 or more patients, the federal HITECH act requires hospitals, practices and other healthcare providers to notify affected patients, HHS and local media. The law also sets penalties of up to $1.5 million per violation for noncompliance. However, a provider is not required to take these actions if data is encrypted.
The costs of a data breach have risen to more than $200 per patient for notification and loss of income. A Dec. 2010 survey of practices that have not yet installed electronic medical records found 30 percent do not use anti-virus software, 34 percent do not use network firewalls and 28 percent do not encrypt their networks.
Read the American Medical News report on data breach insurance.
Read more coverage on data breaches.
- 10 Hospitals and Health Systems That Reported Data Breaches in 2010
- Fraud Solutions Company Forecasts Top Security Issues for 2011
- Laptop Stolen From Dean Clinic Physician Had 3K Patients' Information