Growing demand for better protection against the financial side-effects of data loss incidents in the US healthcare industry has prompted Lloyd’s insurer Beazley to extend its Breach Response product. Physician practices, as well as the big healthcare providers, can now buy much needed protection.
Demanding Regulations
Beazley’s targeted product is being seized on by some of the biggest healthcare providers and hospitals in the US because they have to comply with demanding regulations concerning notification or privacy breaches. Now Beazley is offering a similar breach response solution for incidents affecting up to 200,000 patients, allowing physicians’ practices to buy the tailored cover as well.
Regulations came into affect under HIPAA (the Health Insurance Portability and Accountability Act) in September 2009, that require physicians to notify patients in the event of many types of data breaches. There are more than 419,000 physicians’ offices in the US.
Data loss is a growing problem for the US healthcare industry, affecting everyone in the sector from hospitals, physicians and healthcare providers to bloodbanks, says Paul Bantick, a senior Lloyd’s underwriter in Beazley’s Technology, Media and Business Services (TMB) team.
In December 2009 alone two hospitals, two healthcare providers and one big city health department suffered data loss, according to the website www.privacyrights.org, which chronicles data breaches in the US.
Data loss becoming more commonplace
“Incidents such as hacking, stolen laptops and the targeted theft of computer hard drives containing personal data are increasingly commonplace,” Bantick told lloyds.com. “The motivation is identity theft. Obtaining the personal and financial details of maybe half a million individuals and selling them on to criminals engaged in credit card or mortgage fraud is a lucrative business.”
But traditional insurance policies are not up to the unique challenges posed by data breaches, Beazley found. Typically, they provide a lump sum to the insured in the event of a breach but give little or no practical support in notifying affected individuals or in offering credit monitoring.
What physicians, hospitals and healthcare companies are realising is that the first party costs related to a breach can far outweigh their third party liability. “There’s a potentially huge expense attached to complying with new legislation. Organisations or practices affected by a breach have to act quickly and the cost of doing that can be huge – even if no-one is affected by the breach,” Bantick explains.
Beazley provides new insurance product
Beazley’s Breach Response, which is underwritten at Lloyd’s, concentrates on limiting the complications of data breaches and keeping insureds on the right of the regulations. When notified of a breach by the insured, Beazley provides forensic and legal assistance from a panel of experts to help determine the extent of the breach and the steps necessary to comply with applicable laws. It provides for the notification of all individuals who must be notified under applicable law and, for breaches involving more than 100 notified individuals, gives each notified individual the option of 12 months’ free 3-bureau credit monitoring and fraud alert by TransUnion Interactive.
The policy’s retention level is kept low at $10,000 or $20,000 to protect insureds’ cash flow and payment is made directly to the providers. Retentions for physicians are even lower and start at $2,500.
Swift activation of the breach response services should reduce the scope for third party lawsuits from affected individuals, but can never eliminate it altogether, Bantick adds. To mitigate this risk, the insurer also offers third party coverage with limits of between $500,000 and $10,000,000, depending on the size of the hospital, healthcare organisation, physician practice, or group of practices, buying the coverage.
“But when you look at claims examples you see that most of the claims spend is not on the liability payments. It is on credit monitoring, the notification, the forensics and the legal expenses,” Bantick says. “Our product takes all that out of the insureds’ costs. You make one phone call to Beazley in New York and we’ll deploy the experts.”
