The Cyber World and Your Liability
While the use of teletherapy and online-therapy has been increasing as alternative treatments in the Allied Health profession, the COVID-19 pandemic has accelerated their use, and they have become top-of-mind discussion topics.
These therapies have essentially become based on and enabled by virtual catalysts as agents of significant change. These “mobile world” catalysts include electronic and digital applications websites and pathways controlled by third-party providers. That means additional parties, including internet service providers and digital warehouses, are added to the chain of potential liability and claims exposure.
As a result, information is “put into play” for unintended disclosure, misdirected communications, or worse, criminals stealing information, committing identity theft, and committing extortion. The widespread expansion has occurred with the advent of Web 2.0 beginning in the early 2000s, which refers to the cumulative change in the way Web pages are developed and used. Examples include social networking sites, blogs, video sharing, hosted services, and many other categories. Mobile-targeted websites have become common and are specially designed for Netbooks, 4G, and Wi-Fi along with Application Programs (“Apps”). This impacts your therapy dialogue, client information, and your responsibility for documentation confidentiality protection.
For a very brief understanding of the digital background and the internet, it is of interest to share the history of the internet which currently drives alternative behavioral health treatments. The internet was developed by the U.S. military during the late 1960s. A U.S. military/university research partnership was created to develop the ARPANET under the control of a U.S. Government agency known as the Defense Advanced Research Projects Agency (“DARPA”). The purpose was to enable continuity of information transfer, communications, and operation between computers across geographic areas in the event of a nuclear exchange. The “Internet” was created by “packet switching” to enable U.S. Government computers to be linked together. If one computer was destroyed, the remaining computers in alternate locations continued to operate with the data. This eventually enabled the creation of the infrastructure for email and digital bulletin boards.
In 1968, there were three operational networks created, which grew to 20 by 1980. By 1993, over 19,000 operational networks had been created with over 50,000 by 1996. This accelerated the creation of a multitude of creative and commercial users worldwide. (Source: 2016, “Identity Theft” – Continuing Education Series, Pennsylvania Continuing Education, CPMI Professional Development, Inc., Harrington Education Center, Inc., Updated 2018)
In addition to client information that practitioners must protect, practitioners are also targets, just like all consumers, for identity theft. The driver for identity theft by criminals is to use fraudulent tactics to steal a victim’s money. Simple examples include stealing your credit card information and making a purchase. Another simple example is stealing your ATM passcodes and withdrawing money from your bank account.
Here’s a tip for you. Identity theft criminals often try to establish new credit in your name using your personal information prior to their credit or purchase transaction. There are three major credit bureaus for you to use to combat this: Equifax, Experian, and TransUnion.
Pursuant to the Federal Fair Credit Reporting Act (FCRA) every consumer, regardless of being a victim of identity theft or not, can receive a free credit report every 12 months from each of these three national credit bureaus. So, we recommend that you obtain a free credit report from each of these credit bureaus rotating every four months. The credit reports will show activity and indicate possible fraudulent actions. This is a good proactive action and it is free. Here is the contact information:
Pursuant to FCRA, if a person believes that they have been victimized by identity theft fraud, they may alert any one of these three credit bureaus which are then required to share the information with the other two credit bureaus. A security freeze will be created which prevents anyone, or any business from accessing your credit file for any reason until you, the consumer, provides the approval to the credit bureaus to unfreeze your account.
It is the NASWRRG’s priority to protect its policyholders since they are owners of the NASWRRG, and the NASWRRG wants to help them serve their communities. The NASWRRG instituted many proactive actions to support its policyholders including:
If or when you decide to deliver professional services through teletherapy and or online channels, make sure that you take security precautions.
For example, do not talk in a public place over the phone or online with your client. If people hear or see client-related material it is a HIPAA breach. If your laptop, iPhone, or other device is stolen, the information stored on those devices is breached, and you are liable for the information breach. Third-Party companies provide access to email, social media channels, digital storage warehouses, the cloud, and even storage facilities storing your paper files. If any of these Third-Parties’ systems or facilities are breached, you are responsible for the liability and related perils under HIPAA 45 CFR Part 160 HIPAA HITECH Law.
You need an NASW RRG Cyber Liability policy to cover you for Third-Party breach and perils arising from that. These policies have premiums as low as $59 per year for NASW members, and slightly more modest premium for non-NASW members and for Allied Health practitioners. The NASW RRG Cyber Liability policy premiums are very low cost, have modest increases for higher limits, the coverage is very comprehensive, and cover all HIPAA HITECH stated perils.
The NASW Risk Retention Group’s professional liability policy covers information electronic breach such as misdirected faxes or client information that is stolen from your office and breached office files at no extra charge, and it has zero deductibles This is called the First Party breach. As a matter of fact, there are no deductibles in any of the NASWRRG’s suite of liability insurance policies.
In summary, the NASWRRG offers a comprehensive low cost, yet a high-value suite of cyber liability products that cover Third-Party breaches such as an email or social media provider, or digital or paper storage company breaching your client information. These products cover the key liability perils listed under HIPAA HITECH, have an array of limits to choose from, sell at very low premium rates, and are unmatched by any competitor.
Refer to the following Tip of the Month articles to fully understand cyber liability and how it impacts you. Related content articles:
- COVID-19 Pandemic Sparks Alternative Treatments, June 2020
- COVID-19 Pandemic Virus Update, May 2020
- Because We Care, We are Security Aware, July 2019
- Live with Purpose, But Live with Protection, November 2015
- Recent Trends in Records Breach – Check Your Insurance Policies, September 2015
- Computer and Device Theft, February 2015
- Cyber Crime, November 2014
- Protecting Client Records, September 2014
- Importance of Cyber Liability, July 2014
- What is Cyber Liability, June 2014
- Client Records and Natural Disasters, July 2013
Thank you for all that you do as first responders, and as ongoing behavioral health and social health providers. It is truly a noble profession needed now more than ever.
Published, July 2020