things to consider before buying cyber liability insurance

13
WHAT EVERY PHYSICIAN NEEDS TO KNOW: THINGS TO CONSIDER BEFORE BUYING CYBER LIABILITY INSURANCE

Upload: texas-medical-liability-trust

Post on 16-Apr-2017

512 views

Category:

Healthcare


0 download

TRANSCRIPT

WHAT EVERY PHYSICIAN

NEEDS TO KNOW: THINGS TO CONSIDER BEFORE

BUYING CYBER LIABILITY INSURANCE

1 KNOW THE DIFFERENCE

CYBER INSURANCE VS. CYBER SECURITY PROGRAM

Cyber insurance is not a substitute for a good cyber security program, as not all losses can be covered by insurance.

2 UNDERSTAND THE BENEFITS

OF AN EFFECTIVE CYBER RISK MANAGEMENT PROGRAM:

• prevention of cyber losses; • preservation of electronic data; • continuity of business with minimal loss of productivity; • fulfillment of service commitments to patients; • compliance with state and federal privacy and security laws; and• protection of the practice’s reputation.

3 ASSESS YOUR RISK

ALL PRACTICES SHOULD CONDUCT A RISK ASSESSMENT OF THEIR:

Administrative, physical, and technical safeguards, as well as their privacy rule and breach notification policies and procedures.

4 REDUCE YOUR RISK

STAY CURRENT WITH BEST PRACTICES FOR SAFEGUARDING YOUR DATA:

• establish an enterprise-wide security culture;• encrypt data on mobile devices;• back up data in real-time and store it offline;• use a firewall;• immediately install software updates/patches;• use strong passwords and change them regularly;

4 REDUCE YOUR RISK

(BEST PRACTICES CONTINUED)

• use two-factor authentication;• limit network and physical access to sensitive data;• obtain business associate agreements from all service providers

who have access to your practice’s data; and• select your service providers carefully — and assess their data

security to ensure they are HIPAA compliant.

5 LAPTOPS & MOBILE DEVICES

Electronic protected health information (ePHI) is being stored more frequently on portable devices, and there will be more breaches involving these devices.

LOST OR STOLEN DEVICES CONTAINING PATIENT HEALTH INFORMATION ARE OF GREAT CONCERN.

6 ENCRYPTION

ENCRYPTING ePHI DATA REDUCES THE LIKELIHOOD OF BREACH CLAIMS.

Encryption helps a practice maintain insurability and obtain a better price for cyber insurance. All devices, portable and non-portable, should be encrypted.

7 RISK MANAGEMENT STRATEGY

COMPLACENCY IS NOT A RISK MANAGEMENT STRATEGY.

A plan to address cyber risks is good for business. Patients expect their PHI to be secure. A plan protects your practice’s reputation; helps manage downtime; and avoids the potential loss of income and extra expenses.

8 BE PROACTIVE

GUARDING AGAINST CYBER THREATS REQUIRES A PROACTIVE RISK MANAGEMENT STRATEGY.

A proactive risk management strategy focuses on identifying, assessing, and responding to potential risks. It also requires leadership to actively promote policies and procedures, risk controls, accountability, and privacy training.

9 DON’T MAKE ASSUMPTIONS

PROVIDERS OFTEN MAKE FALSE ASSUMPTIONS ABOUT HIPAA LAWS AND REQUIREMENTS.

Many practices mistakenly believe that HIPAA’s required Security Risk Analysis is optional for small providers. They may also believe that installing an EHR fulfills the risk analysis requirement for meaningful use, or that their EHR vendor “took care of privacy and security.” These assumptions are wrong.

10 ASK FOR HELP

BE FAMILIAR WITH THE RESOURCES AVAILABLE.

Like TMLT, liability insurance carriers offer cyber security tools and resources to help policyholders prepare for and mitigate breach incidents. Practices often need external assistance, as cyber attacks continue to grow in sophistication and frequency.

PROTECTION FOR A NEW ERA OF

MEDICINEABOUT TMLT:With more than 19,000 health care professionals in its care, Texas Medical Liability Trust (TMLT) provides malpractice insurance and related products to physicians. Our purpose is to make a positive impact on the quality of health care for patients by educating, protecting, and defending physicians. www.tmlt.org

Find us on:

11