Nursing Homes, Assisted Living Facilities Face New Security Risks
As with all segments of the healthcare industry, nursing homes and other extended care facilities are facing growing liability exposures in the area of data security and privacy. In fact, according to an Experian report, “2014 Data Breach Industry Forecast”, the healthcare industry will be the most susceptible to publicly disclosed and widely scrutinized data breaches this year.
Since 2005, 25% of data breaches have been in the healthcare sector, exposing a total of 24,684,825 records*. Moreover, recent statistics show that a healthcare firm is four times as likely to experience a data breach (9.4% for a 500-employee firm) than they are to face a slip-and-fall claim (2.5%) over the next twelve months.
Part of the increased vulnerability to data breaches for nursing home and senior living facilities stems from incidents and scenarios that can expose sensitive data (such as medical records, bank account numbers, Social Security numbers, dates of birth) – even unintentionally or accidentally. For example, a nursing home group may inadvertently deactivate the login/
authentication system, leaving patient data accessible for an entire weekend. Or, a medical director for a group of long-term care facility has his laptop stolen from his car. The laptop contains data for more than 2,000 patients, which is released. These types of incidents will put an organization in violation of HIPAA and a complex of state laws, and can expose them to litigation for privacy breaches, financial loss and identity theft.
Confidential data can be compromised in several ways, including:
- Failure of authentication or security software
- Human error, failure to follow procedure
- Lost or stolen laptops and equipment
- Stolen or hacked passwords
- External hackers
- Disgruntled employees
- Employee collusion with identity thieves
- Viruses, worms
Having in place proper security protocols and employee training as part of a comprehensive risk management program is key. In addition, securing Cyber Liability insurance is a must today with the increase exposure to data breaches and the potential for significant expenditures and potential reputational harm for a facility.
Cyber Liability provides coverage for first-party losses that can include: expenses to notify affected parties, credit monitoring expenses, regulatory actions, crisis management expenses, loss of income, the cost to reconstitute and restore damaged data, among other important features. A policy can also include third-party losses including coverage for: litigation from affected patients, employees and other parties; failure to implement and maintain reasonable security procedures; negligence’ regulatory actions; invasion of the patient’s right to privacy; defense and damages; and spread of virus and malicious code.
Caitlin-Morgan specializes in providing sound insurance and risk management programs for nursing homes and assisted living facilities. Please give us a call at 877.226.1027 to discuss the types of coverages needed to protect facilities from today’s exposures.
*Source: A Chronology of Data Breaches, Privacy Rights Clearinghouse, June 2013