things to consider before buying cyber liability insurance
Post on 16-Apr-2017
Embed Size (px)
WHAT EVERY PHYSICIAN
NEEDS TO KNOW: THINGS TO CONSIDER BEFORE
BUYING CYBER LIABILITY INSURANCE
1 KNOW THE DIFFERENCECYBER INSURANCE VS. CYBER SECURITY
Cyber insurance is not a substitute for a good cyber security program, as not all losses can be covered by insurance.
2 UNDERSTAND THE BENEFITSOF AN EFFECTIVE CYBER RISK MANAGEMENT
prevention of cyber losses; preservation of electronic data; continuity of business with minimal loss of productivity; fulfillment of service commitments to patients; compliance with state and federal privacy and security laws; and protection of the practices reputation.
3 ASSESS YOUR RISKALL PRACTICES SHOULD CONDUCT A RISK
ASSESSMENT OF THEIR:
Administrative, physical, and technical safeguards, as well as their privacy rule and breach notification policies and procedures.
4 REDUCE YOUR RISKSTAY CURRENT WITH BEST PRACTICES FOR
SAFEGUARDING YOUR DATA:
establish an enterprise-wide security culture; encrypt data on mobile devices; back up data in real-time and store it offline; use a firewall; immediately install software updates/patches; use strong passwords and change them regularly;
4 REDUCE YOUR RISK(BEST PRACTICES CONTINUED)
use two-factor authentication; limit network and physical access to sensitive data; obtain business associate agreements from all service providers
who have access to your practices data; and select your service providers carefully and assess their data
security to ensure they are HIPAA compliant.
5 LAPTOPS & MOBILE DEVICESElectronic protected health information (ePHI) is being stored more frequently on portable devices, and there will be more breaches involving these devices.
LOST OR STOLEN DEVICES CONTAINING PATIENT HEALTH INFORMATION ARE OF GREAT CONCERN.
6 ENCRYPTIONENCRYPTING ePHI DATA REDUCES THE LIKELIHOOD
OF BREACH CLAIMS.
Encryption helps a practice maintain insurability and obtain a better price for cyber insurance. All devices, portable and non-portable, should be encrypted.
7 RISK MANAGEMENT STRATEGYCOMPLACENCY IS NOT A RISK MANAGEMENT
A plan to address cyber risks is good for business. Patients expect their PHI to be secure. A plan protects your practices reputation; helps manage downtime; and avoids the potential loss of income and extra expenses.
8 BE PROACTIVEGUARDING AGAINST CYBER THREATS REQUIRES A
PROACTIVE RISK MANAGEMENT STRATEGY.
A proactive risk management strategy focuses on identifying, assessing, and responding to potential risks. It also requires leadership to actively promote policies and procedures, risk controls, accountability, and privacy training.
9 DONT MAKE ASSUMPTIONSPROVIDERS OFTEN MAKE FALSE ASSUMPTIONS
ABOUT HIPAA LAWS AND REQUIREMENTS.
Many practices mistakenly believe that HIPAAs required Security Risk Analysis is optional for small providers. They may also believe that installing an EHR fulfills the risk analysis requirement for meaningful use, or that their EHR vendor took care of privacy and security. These assumptions are wrong.
10 ASK FOR HELPBE FAMILIAR WITH THE RESOURCES AVAILABLE.
Like TMLT, liability insurance carriers offer cyber security tools and resources to help policyholders prepare for and mitigate breach incidents. Practices often need external assistance, as cyber attacks continue to grow in sophistication and frequency.
PROTECTION FOR A NEW ERA OF
MEDICINEABOUT TMLT:With more than 19,000 health care professionals in its care, Texas Medical Liability Trust (TMLT) provides malpractice insurance and related products to physicians. Our purpose is to make a positive impact on the quality of health care for patients by educating, protecting, and defending physicians. www.tmlt.org
Find us on: