Every day it seems we read about a computer data breach or theft of information from large corporations. U.S. companies reported $40 billion in losses from unauthorized use of computers by
employees last year. The sheer size of the healthcare industry led to an increase in widely publicized breaches this year. In 2014 attempted attacks sparked concern about the overall vulnerability of healthcare organizations, and a recent breach exposed medical records for 4.5 million patients from 206 hospitals across 23 states. Even more alarming, the healthcare industry accounted for 42 percent of major data breaches reported in 2014 according to the Identity Theft Resource Center.
With the average data breach costing organizations $3.5 million, the financial impact of data breaches actually increased this year. According to annual research from the Ponemon Institute, the average cost paid for each lost or stolen record containing sensitive and confidential information globally increased more than 9 percent from $136 in 2013 to $145 in 2014. The cost per record increased to $195 for companies in the U.S. In addition, a breach that involves personal health information (PHI) must be reported to the U.S. Department of Health and Human Services’ Office for Civil Rights, which enforces the Health Insurance Portability and Accountability Act (HIPAA) and has the power to issue fines. While most medical professional liability policies contain some limited coverage for data breach, patient notification, credit monitoring and other cyber exposures; those limits of coverage are likely inadequate if your office is targeted and becomes a victim of a data breach. The cost of creating, mailing and processing just the certified letter informing each patient of the breach can run as high as $5 per patient. This does not include future expenses for credit monitoring for all patients whose information may have been exposed or potential fines you may face from regulatory bodies for allowing this breach to occur.
Furthermore, there are also an increasing number of physicians being audited for billing irregularities. These audits can come from Medicare, private insurers, RAC audits and others including Qui Tam plaintiffs. Medicare now makes it’s reimbursements to each individual provider publicly available so anyone with a computer can see how much revenue a given physician has received in the prior year from Medicare. Most medical professional liability policies provide some very limited defense coverage for these types of audits. However, those limits of coverage are inadequate in the event of a full audit of a medical practice and do not pay the fines that are usually associated and/or levied by the government for alleged “over billing” or “up-coding”.
