Health Information Exchange Featured Article

October 02, 2012

Hospital Association Purchases Cyber Liability Insurance to Protect Against Breaches

There’s liability insurance to protect against injuring a patient if you’re a healthcare provider, offering a faulty product (medical device makers have plenty of this), even for a fall in your office. 

Cyber liability insurance offers protection for exposures that come from Internet communications. Anyone with a website now has the same legal liabilities as a publisher. That means if you run something written by someone else that is false, or defames a person, you yourself can be sued.

Now, the American Hospital Association (AHA), through its subsidiary AHA Solutions, Inc., has announced that it has selected the Chubb Group of Insurance Companies as the preferred provider of cyber liability insurance for its members.

CyberSecurity by Chubb for healthcare organizations “provides customized protection for data breaches, including coverage for legal defense, crisis management and privacy notification expenses as well as certain regulatory fines and penalties,” according to a statement.

“Hospitals take their responsibility to safeguard patient information very seriously as more and more patient information is stored electronically,” said Anthony J. Burke, president and CEO of AHA Solutions, Inc., in the statement.  “After an extensive due diligence process, we are endorsing Chubb because of its thorough understanding of healthcare organizations and their cyber security vulnerabilities.”

Hospitals are particularly concerned about liability because of the many patient data breaches that have occurred, resulting in the unauthorized release of valuable personal information.

So far this year, 489 health data breaches involving more than 500 patients and affecting over 21 million individuals have taken place, according to a HIP/SAanalysis of OCR data through Sept. 17.

A study by ETC last year found that nearly one-third of all reported data breaches in the U.S. involved healthcare organizations.

The statement noted that, under the Health Information and Technology for Economic and Clinical Health Act (HITECH), a healthcare organization may be fined up to $1.5 million per year as a result of a data breach.

Though, for the first time in seven years, both the organizational cost of data breaches and the cost per lost or stolen record ($214 to $194) have gone down, healthcare organizations need to protect themselves against data breaches because it’s not just money. It’s reputation. And that’s something money can neither buy, nor bring back.

“Health care providers should be prepared for the inevitable data breach—perhaps, the most significant threat they face today,” said Kim Holmes, deputy healthcare product manager for Chubb’s specialty insurance lines, in the statement.

Edited by Brooke Neuman