You’ve probably heard people mention cyber liability insurance and wondered if your practice requires this type of insurance. Healthcare providers are actually in greater need of cyber liability protection than almost any other profession! Good cyber liability insurance provides protection for claims that are otherwise excluded in most other insurance policies including, but not limited to claims involving:
- Information security & privacy liability
- Privacy breach response services
- Regulatory defense and penalties
- Website media content liability
- Practitioner regulatory liability
- Cyber extortion
- First party data protection
- Crisis management and public relations
Most physicians and practice administrators live in fear of a Centers for Medicare & Medicaid Services (CMS) RAC (Recovery Audit Contractors) or ZPIC (Zone Program Integrity Contractor) audit. RACs identify underpayments and overpayments of claims paid under the Medicare program for services for which payment is made under Part A or B of title XVII of the Social Security Act. ZPIC’s are responsible for preventing, detecting, and deterring Medicare fraud under the Medicare Integrity Program.
Q. If our practice is the subject of a RAC or ZPIC audit, what can we expect?
A. If you have good cyber liability insurance, you can expect the insurance to pay all of your legal expenses, plus fines and penalties where allowed by law, up to the policy limits less deductibles. The insurance will not pay for reimbursement of erroneous payments or overpayments you collected. If you don’t have cyber liability insurance, you can expect to pay all legal expenses, fines and penalties, and reimbursements out of pocket.
Q. Our billing company made the error, not us. Won’t they have to pay?
A. Your billing company may have insurance that will protect you or they may have agreed to indemnify you in your billing agreement should you become the subject of an audit. But, will they have sufficient insurance or funds to protect you in the event of a claim, particularly in cases where several of their clients are audited at approximately the same time?
Q. What if we have no Medicare or Medicaid patients.
A. Good cyber liability insurance will also provide protection regarding commercial payer audits.
Medical practices have a greater likelihood of a devastating loss due to the release or theft of Protected Health Information (PHI). We hear of hospitals, insurance companies and physician practices having thousands of medical records stolen almost every week. The costs associated with a breach can be enormous. You will be required to notify all patients whose Protected Health Information may have been compromised. You may be required to pay for the cost of credit monitoring and the establishment of a call center to answer patient’s questions. You may also be subject to HIPAA fines and penalties. Costs can easily be in excess of $1 million for small practices and $10 million or more for large medical practices and hospital systems.
Q. What if we become the victim of a Ransomware Attack?
A. If you have good cyber liability insurance, you can expect the insurance to pay all of your expenses and ransom up to the policy limits less any deductibles. If you don’t have cyber liability insurance, you can expect to pay all expenses and ransom out of pocket.
Q. Is there more protection afforded by cyber liability insurance?
A. Yes. Good cyber liability insurance is very broad.
Q. Do any of my other insurance policies provide cyber liability insurance?
A. You may already have some cyber liability insurance in an office package or medical malpractice insurance policy. Unfortunately, this insurance often provides a false sense of security as the limits can be very low with protection that is not very broad. You should have your insurance reviewed by a professional.
Learn about all of your options before purchasing cyber liability insurance. Call a Britton Agent to discuss your coverage options in detail. Call 800.462.3401.