[ Thursday, April 20, 2006 ]


HIPAA Insurance. Some folks have been musing on the availability, usefulness, and shortcomings of "HIPAA insurance" (insurance policies that cover an entity -- either acting as a covered entity or a business associate -- for HIPAA breaches, similar to D&O coverage. I've heard that policies are offered by various insurers, but never really had to look into it. But Alan Goldberg did point to this AON piece on HIPAA Insurance which looks informative and may be a good place to start. Make a comment to this post if you have any ideas or leads.

Jeff [1:56 PM]

“Insuring” against risks arising under the HIPAA Privacy and Security Rules has been a recurring subject of discussion beginning in 1998 or so when the Security Rule was first proposed and 1999 with publication of the proposed Privacy Rule. Each time a Rule became final (2001 for Privacy; 2003 for Security) and its two year implementation period, interest in “HIPAA insurance” surged. However, given the approach that DHHS is taking to HIPAA Privacy and Security Rule enforcement (complaint driven, “cooperative”) and the fact that, to date, no civil monetary penalties have been assessed (even for clear failures to comply with the a Rule provision), one wonders how a “value proposition” can be made for HIPAA insurance. My perspective is that such insurance is one for which its time has not yet come. The same may not be true for insurance covering risks, costs and liabilities that may impact a healthcare entity (and other businesses) under state security breach notification and disclosure laws.

Tom Evans
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template