Backgroun Lines

What can a medical practice learn from a data breach at Target?

Gallagher Healthcare :: Industry Insights
By Trey Hutchins | 2/18/2014

I received two emails today from the Chase Bank fraud department stating that my credit card information may at risk due to Target’s data security breach. Not that I shop at Target all that much, but if I had been there even once between November 27 and December 15 my card information could be at risk. So much for being proactive and not waiting until the last minute to buy a few Christmas gifts. The good news is that there is nothing to show that my data has been compromised and they are sending me new cards; however, that also means that I have to change all of my auto-pay bills that are set up on that specific credit card… which is essentially every recurring bill that I have. 

With that said, why is a broker who specializes in medical malpractice insurance writing about a data breach at Target? The reason is very simple: if someone can break into one of the largest retail chains in the United States, a company that very likely spends millions of dollars each year protecting its data, what is going to prevent someone from trying to attack a medical practice? A business that very likely does not spend millions of dollars each year to protect its information. Furthermore, most medical practices have data on their clients (patients) that is far more comprehensive than Target’s. Do you maintain credit card information, social security numbers or medical records in any type of electronic format? Even if this information is not accessible online, it can still be put onto a flash drive and taken from your office. Many practices utilize laptops: what if one were stolen from your office? Many data breaches are down to a disgruntled or careless employee. 

Probably more concerning than your information being at risk, is what you should do in the event of a data security breach. There are rules and requirements in place that a business must follow if its data may be compromised. Has your practice created a plan to deal with a data breach? Do you even know who to call to walk you through the process? 

The good news is that most of the major malpractice insurance carriers have added coverage for this type of risk into their standard malpractice insurance policies. Limits generally range from $50,000 to $100,000 per provider, but may be reduced for group policies. Does your policy include this coverage? Is this amount enough? 

Over the past 5 years, several options have emerged, which allow practices to purchase additional coverage for this exposure. Coverage is available up to $1,000,000 per event and can be increased for larger groups. Due to the recent emergence of this type of risk, there is no rule of thumb or industry standard for how much coverage is needed. I have read that you can expect to spend up to $400 per record, therefore, a starting point for coverage would be to multiple the number of patient records you have on file (both active and inactive) by $400. Based on that equation, does your practice have enough coverage? 

If there is any good news to this topic, it’s that insurance coverage for this type of exposure is relatively inexpensive, at least compared to what most physicians are paying in malpractice insurance premiums. Most practitioners can purchase coverage for less than $1,500 per year. Combine that with how competitive the malpractice insurance market is today, and we can often offset this additional cost by ensuring that you have the best rate for your malpractice insurance policy. More often than not, we can both increase your coverage and reduce your total expense. When was the last time your practice received competitive quotes for its malpractice insurance coverage? 

The questions above are just another reason why every healthcare practitioner needs to use a specialized malpractice insurance broker who understands the industry and the rapidly changing landscape of the healthcare industry.  Gallagher Healthcare is the largest broker in the US for physician malpractice insurance, representing over 45,000 physicians across the nation. Our brokers can examine your current program and ensure that you have proper coverage at the most competitive pricing. Your job is to run a medical practice – let us handle the headaches of your insurance program. 



home / blog / medical-practice-data-breach-risk