[ Wednesday, March 10, 2010 ]
Bleg: Do you sell HIPAA insurance? Have you purchased it?
There's a conversation going on at the AHLS HIT listserv about HIPAA insurance. People occasionally aske me about this, and I tell them I believe it is available but don't really know who's selling it or what's covered. So, if you're a seller of HIPAA Insurance (insuring covered entities, business associates and others from losses, damages, costs, etc. of HIPAA breaches by those insured entities), or if you buy that insurance, post a comment to this blog post or email me at jdrummond-at-jw.com. I'll post info as updates to this post.
What I've gleaned so far is that products are out there, and they vary based on how many individuals have to be impacted before it kicks in, whether it covers costs of fines/penalties/damages or just costs of notification, whether it just covers the insured breaches or breaches by the insured's business associates, and what the limits are.
UPDATE: I haven't got much information on insurance, but did get a lot of info on what to do when you have a breach. Who do you contact, what issues do you need to address? Here's some information I've received. I can't vouch for whether any of these folks know what they're doing, but if you're looking at consultants to help you with a breach and the necessary notification, you might consider Kroll
, but probably only if the breach is really big. You also might contact Identity Force
, AHA's preferred vendor, I'm told. Someone mentioned Debix, particularly if you have a patient population that might not be web-saavy (or have web access). You'll definitely want to talk to your insurance broker to see what they recommend. They might have folks they'd propose, might be able to tell you things to look out for (like indemnification clauses), and might keep you from doing something that might adversely impact the insurance you've got. Also, consider what you really need. Do you need deep forensic analysis of the data breach? Or is it pretty straight-forward, and all you need help with is printing letters and stuffing envelopes?
Jeff [9:53 AM]
Blogger: HIPAA Blog - Edit your Template