Are you a physician, hospital, healthcare organization or a business associate that is getting ready for HIPAA Omnibus Rule compliance? Will you be ready on Sept. 23rd?
Much is at stake with the new HIPAA Omnibus Rule just around the corner, no matter if you’re a small, mid-sized or large healthcare organization or a Business Associate. With the new rule, smaller organizations must keep in mind that they have the same compliance responsibilities as much larger entities, and this now also includes business associates.
A Data Breach Incident Response Plan is a Necessity
OCR has made this point clear in recent enforcement actions. Are you ready with a data breach incident response plan in hand should your healthcare organization become the next data breach victim? Cyber/data breach insurance can help your organization respond to a data breach and/or security incident and may even help cover HIPAA fines and penalties.
As healthcare organizations continue to implement their EHR systems, options must be sought to protect themselves and their patients from what is becoming the inevitable data breach. When a healthcare organization or other HIPAA covered entity suffers a data breach the cost can be damaging not only to an entity’s bottom line, but also to the reputation of its brand. With the increased vulnerabilities and as part of a data breach response plan, healthcare organizations will increasingly turn to a cyber security/data breach insurance policy. Especially now with the new HIPAA Omnibus Rule.
We all know the saying – “Its not a matter of “if” a data breach will happen it’s a question of “when?”
When a healthcare data breach happens – its serious and could potentially be quite expensive when you factor in patient notifications, a “good faith” offer of credit/identity theft monitoring to affected patients, attorney costs, computer forensics help and potential HIPAA fines as high as $1.5 million.
What can a healthcare organization do to ‘minimize’ its data breach?
Steps to consider:
– Assess current security, risks, and gaps.
– Take an inventory of and identify the types of hardware and electronic media that must be tracked.
– Take inventory of PHI / PII and encrypt sensitive patient data.
– Train employees on security procedures periodically.
– Pre-plan for a data breach by setting up an incident response plan.
– Review vendor agreements and business associate contracts.
– Purchase a data breach/cyber insurance policy.
While we all know healthcare organizations top goal is to take care of its patients, great care must be taken to ensure the privacy and security of sensitive patient health information (PHI). The new HIPAA Omnibus Rule requires just that and more.
Let our Experienced Cyber Insurance Experts Help
The Cyber Data Risk Managers team has in-depth knowledge of the industries and cyber exposures we cover. We can help create and customize a cyber/data breach insurance policy that best suits your needs. We’re a one-stop service for all your cyber/data breach insurance and security needs and can offer multiple insurance quotes from A-rated cyber insurance carriers.
Request your Cyber Insurance Quote below
For assistance, please complete the information boxes below to request a Cyber Risk Insurance quote. Or call 1 + (855) CUT-RISK.