Dr. Boylan asks a great question regarding cyber insurance when he asks “how much is enough?” The answer depends on several factors:
1. How large is your practice? How many patients could you potentially need to offer credit monitoring to as the result of a breach?
2. Is your practice fully electronic? If so are you using the ‘cloud’ to store your patient records? Are you using a third-party vendor for your EHR or medical billing and if so, have you read what the limits to their responsibility are in case of a breach on their end that affects your data? All of these scenarios potentially increase your exposure to a cyber liability loss.
3. What type of cyber training have you performed with your employees to prevent a loss? Are all computers password protected? Do you change passwords often? Is everyone trained to double check all requests for patient information or payments? Have you discussed cyber security with the vendors you utilize for patient billing, payments, record storage, etc.? Do you allow employees to use business computers for personal use such as for their own email or social media? Do you change the manufacturer password that is installed on your servers or routers?
Most professional liability policies and some office package policies offer some built in cyber liability protection and many of those companies offer you the opportunity to increase those limits. There are also separate stand-alone policies available that usually offer higher limits with more comprehensive coverage along with a more competitive premium.
Cyber liability exposure also continues to evolve. The latest issue relates to “social engineering”. In a social engineering scenario someone in the office could be lead to make a payment to a fraudulent account or divulge protected health information such as patient health insurance information that is then used for fraudulent purposes.
Some cyber policies have added some coverage for social engineering exposures and some have not. Some companies have decided that a social engineering loss is more of a professional liability exposure than it is a cyber exposure since it is a failure on the part of the insured to verify to whom they are having communications before releasing information or payments.
It would be great if there was a formula that would let you know how much cyber to purchase but of course there isn’t. It would be a great conversation to have with your insurance professional. Together you can arrive at a cyber program that provides the coverage you need at a premium that is reasonable.
The more you manage your cyber liability risk the less chance you will be a victim of a cyber loss and the more comfortable you can be with the limits that you have. If you don’t manage your cyber exposure at all you may not be able to purchase limits higher than those provided in your professional liability and/or your office package policy.
A cyber limit of $50,000 is better than nothing but won’t get you far in the long run. A single podiatrist can purchase a $1,000,000 separate stand-alone cyber policy for around $500. Practices with multiple podiatrists would get a discount with each additional podiatrist in the practice. In the interest of being open and above board, I am an insurance professional that has specialized in the insurance needs of podiatrists for over 18 years.
James E. Spitsen, ARM, CIC, Lincoln, NE
There are no more messages in this thread.
Podiatry Management •1062 E. Lancaster Ave, Rosemont Plaza Ste 15 F, Bryn Mawr, PA 19010