A healthcare data breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of (PHI) personal health information, such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.
The Breach Notification Rule requires covered providers to promptly notify individuals and the Secretary of the HHS of the loss, theft, or certain other impermissible uses or disclosures of unsecured PHI. Health care providers must also promptly notify the Secretary of HHS if there is any breach of unsecured protected health information if the breach affects 500 or more individuals, and notify the media if the breach affects more than 500 individuals of a State or jurisdiction.
Does your healthcare organization have an incident response plan in place to respond to a data breach that also includes funds set aside for potential HIPAA penalties?
Cyber/data breach insurance can help healthcare organizations and HIPAA business associates create a turn key incident response plan that is ready to respond when (not “if”) a data breach happens and depending upon the insurance carrier and policy coverages, assistance with HIPAA penalties may be offered.
Cyber/data breach insurance can help minimize the risk of an uncertain security strategy and offers a team of on-call experts already on retainer and at a fixed annual cost for the first policy year. Contact us for more details.