"Professionally
serving
the needs of
the Healthcare
Industry
since 1986"

4835 East Cactus Road, Suite 440
Scottsdale, Arizona 85254

(800) 695-0219 - (602) 230-8200

Fax (602) 230-8207

Email wig@woodinsurancegroup.com
 

Cyber Risk Management Insurance for Healthcare Companies
Urgent Care Clinics
Agents & Brokers
Spot Light Coverages
Wood Insurance Group - Key People
Home Page

The Internet is increasingly becoming a critical delivery channel for health information, referrals, scheduling, billing, research, and prescription fulfillment. Automating traditional workflows can improve care management and operational efficiency. But automation also brings new responsibilities and unprecedented risks.

The accessibility of the Internet increases a healthcare company's vulnerability to the theft, alteration or accidental display of confidential patient information. Such exposures can affect an organization's earnings, reputation and operations.

By enacting the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Congress raised the importance of privacy and security to the national level. HIPAA regulates the electronic possession, transmittal and access to patient health data and provides patients with much more control over the distribution of their information. Laws like HIPAA significantly increase a healthcare provider's exposure to litigation. Since traditional insurance policies do not provide sufficient coverage, network liability and web content privacy insurance are necessary components of a comprehensive risk management program.

What major risks arise out of the Internet and computer networks?

Damage, Theft, or Disclosure of Patient Electronic Medical and Financial Information: Today's criminal can hack into a database and steal large quantities of confidential data in seconds. Disgruntled employees can also use a company's computer network to destroy information or steal it to sell for a profit. Protecting a patient's privacy is paramount - but this risk cannot be managed by firewall technology alone.

Attacks and Malicious Code: Any company connected to the Internet is susceptible to viruses which can result in legal liabilities as well as damage to, or destruction of, patient and other valuable information.

Intellectual Property and Content Infringement: The Internet creates new exposures for content and advertising litigation. Healthcare companies can be liable for misleading or inaccurate medical information.

Unintentional Disclosure of Private Patient Information: Considering the volume and complexity of information handled by today's healthcare providers, there exists a significant risk of unintentional disclosure. Disclosure on a healthcare provider's website could lead to HIPAA violations and the breach of privacy policies.

Is there an insurance product to address these risks?

The Wood Insurance Group has an insurance company that offers a suite of insurance policies designed to address your coverage needs:

  • Network security breaches
  • Cyber terrorism
  • Cyber-related public relations costs
  • Information theft
  • User content
  • Network security business interruption
  • Privacy violations
  • Cyber extortion

These policies are designed to fill in many of the critical gaps in insurance for the on-line activities of healthcare organizations. You can tailor the extent of coverage you need by selecting one of the policies as well as selecting different limit and retention options. We can provide quick indications to meet your clients coverage needs.

How does the coverage address exposures posed by HIPAA?

  • Helps identify areas of vulnerability by providing FREE security assessments and scans for qualified applicants
  • Assists healthcare organizations in demonstrating due diligence
  • May provide coverage for the defense of regulatory actions under HIPAA arising out of covered wrongful acts
  • Provides coverage for patients' lawsuits for covered wrongful acts (based on HIPAA standards)
  • Helps restore the confidence of vital stakeholders should an incident occur, through the post-incident support fund

Does traditional insurance provide coverage for technology-related risk?

No, traditional insurance for healthcare organizations was not designed to address risk related to computer networks and electronic information. Consider the following:

Scenario: Hacker who is a hospital employee, infiltrates a hospital computer system, stealing confidential records of thousands of patients
Crime Insurance: Typically excludes information theft
Commercial General Liability (CGL) and Medical Malpractice (MM): CGL covers only "tangible" property damage, not loss of electronic data. Both CGL and MM policies typically exclude intentional acts of employees (over 50% of network security breaches emanate from insiders).

Scenario: Patient names, addresses, and treatment codes were accidentally posted on a hospital's website without the patient's authorization.
Commercial General Liability (CGL): Advertising and Personal Injury has limited applicability. Exclusions apply that may bar coverage. Territory is limited.

Scenario: A Denial of Service attack, a virus results in a shutdown of your healthcare website - you suffer direct revenue loss and extra expenses, as well as potential litigation.
Property: Property insurers generally exclude coverage for computer virus and terrorism. Policy requires a direct physical loss or damage to covered property to trigger business income and extra expense coverage.
Liability: See electronic information above.

Scenario: Website contains text that allegedly plagiarizes the marketing materials of a competitor.
Commercial General Liability (CGL): A number of exclusions or other limitations may bar coverage for self-publishing web content and advertising goods, products, or services of others through frames, banners, or links.

For more informaion, please contact Jodie Cole, Senior Vice President

Download an application here