The Importance of Cyber Liability and Breach of Patient Data Privacy
Social Workers now, more than ever, need insurance coverage for third-party data breach. Federal and State governments demand higher expectations from Social Workers, and with the advent of the HIPAA HIGH TECH Law passed in March 2013 and enforced beginning in September 2013, Social Workers are now held liable and even more accountable than ever before. If a mover loses your patient records, or if somebody breaks into your storage boxes while being moved, you are directly liable for the data breach. If your computer data storage vender loses your records or another party accesses them while in the possession of your data vendor, you are directly liable.
Civil penalties for an accidental breach of private data range from $100 to $25,000 per occurrence, and up to $1.5 million for willful neglect. The NASW RRG Cyber Liability premium is only $59 per year for coverage, a wonderful value for the protection that you receive. Criminal penalties arising from data breach range from 1 to 10 years in prison, and fines from $50,000 to $250,000.
A data beach is the release of secure information into an unsecure environment. This happens intentionally or unintentionally. A data breach or security incident occurs when confidential data such as patient records, or personal financial data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to handle such information. This may involve information such as financial records, credit card, debit card, bank details, personal health information (PHI), personally identifiable information (PII), trade secrets, and intellectual property. Such incidents pose the risk of identity theft or other serious consequences.
The Federal government and many states have enacted laws with safeguards, notification requirements, and penalties to protect the security and confidentiality of information, and specifically medical information, as it is stored conventionally, electronically, and shared electronically. An example of this aimed directly at the healthcare professionals began in March 2013, when Congress passed the 45 CFR Part 160 HIPAA HITECH Law which became enforceable on many occupations including social workers and the behavioral health industry effective September 2013. This makes social workers liable for data privacy breach by third-party data management vendors used by social workers. Under HIPAA, and in many states under state law, the social worker is now ultimately responsible for protecting the client data no matter where the data is. The social worker has this duty, and the social worker is liable if the client data is compromised. This includes third-parties who the social worker hires to manage client records that become breached.
Simply losing a laptop, a mover losing a records file box or an envelope with a patient file in it, a burglar simply opening up a file drawer in the social worker’s office, a lost flash drive, or the social worker’s data management vendor accidentally faxing or emailing a patient record or form to the wrong phone number or email address, as well as a deliberate cyber attack on the social worker’s data management vendor are all examples of data breaches which become the social worker’s responsibility.
As A Social Worker How Can I Get Protected?
Cyber Liability insurance coverage for small practices and social worker agencies is still relatively new to the insurance world. Except for the NASW Risk Retention Group, virtually no insurance carriers have it as an affordable insurance addition for social workers. Those few carriers who do offer Cyber Liability insurance policies for Social Workers only offer it to Social Worker Agencies, or add expensive property and add business interruption coverage to drive up the costs and justify charging very high premiums.
Some Professional Liability insurance policies provide data breach coverage if the breach occurs within the control of the practitioner only. The NASW Risk Retention Group provides Professional Liability insurance protection that covers data breach within the control of the practitioner. Now, the NASW Risk Retention Group also provides a new Cyber Liability and Breach of Patient Data Privacy insurance policy that protects the practitioner from many other breach occurrences including Security Breach, Damages, Civil Monetary Penalties, Patient Notification, and Defense Expenses. This policy covers sole practitioners or individuals at the state and federal levels for third-party liability, including damages and civil monetary penalties the insured is legally obligated to pay and defense costs, arising from security breaches involving the personal information of the insured’s patients if a breach occurs while the information is in the care, custody, or control of a third party to whom the insured has entrusted the information. Such third-parties include a cloud vendor, a university whose computer system the insured uses to store records, a moving company hired by the insured to move the insured’s office contents including records and equipment, or a records disposal company hired to destroy old records. Coverage applies to electronic and paper records. It is an excellent cover for HIPAA HITECH protection arising from 45 CFR Part 160 which holds the social worker liable for data security breaches caused by third-parties that the social worker uses.
This cyber liability policy covers:
- reasonable costs to notify affected individuals and provides a one year subscription reimbursement benefit for identity theft protection,
- legal defense costs if a claim is made against the insured by affected individuals or if a state or federal regulator brings a civil action against the insured,
- damages that the insured is legally obligated to pay under court judgment or out-of-pocket court settlement, and any civil fines or penalties that the insured must pay because of the breach, and d) the costs incurred for the insured to notify the insured’s patients that data breach occurred.
This Cyber Liability policy is an excellent value for NASW social workers. It provides a broad array of coverage at a very low premium price, and responds to recent data privacy legislation enacted by the Federal government and adopted by some states, and provides excellent coverage at extremely affordable premium prices.
Social Workers now, more than ever, need insurance coverage for third-party data breach. Federal and State governments demand higher expectations from Social Workers, and with the advent of the HIPAA HIGH TECH Law, Social Workers are held liable and even more accountable than ever before.
Small Groups, LLC’s and legal entities do not qualify for Cyber Liability Insurance. For General Liability rates for Small Groups and Agencies, please contact Lonnie Ropp, [email protected].
Published July 2014