Valuable New Information About
Medical Privacy in the Digital Age
In today's technology-driven world, it's vital to understand the issues surrounding patient privacy
and more importantly, how to protect yourself in the inevitable event of unauthorized release of
personal information. Here are some questions I'm often asked:
What specific personal and medical information is actually protected by HIPAA?
The Privacy Rule established by HIPAA (The Health Insurance Portability and Accountability
Act of 1996) protects "individually identifiable health information." This includes:
Any patient information past, present or future regarding mental or physical health
Information regarding patient's payment for care provided "Protected Health Information" (PHI):
this includes oral or handwritten notes, as well as data entered into a computer
any information connected with an identifying fact about a patient, such as name, address,
phone number, email and Social Security number.
How does personal information get released without a patient's authorization?
Since HIPAA was enacted, healthcare companies, medical practices and hospitals have
established ironclad policies and practices for handling personal information. But as good as
technology is, there are glitches in processes: people make errors and mistakes happen.
Unfortunately, it's not a matter of "if" it happens, but "when" it happens.
How can a healthcare company protect itself when a security breach happens?
Healthcare Security Privacy Liability Insurance is designed specifically to protect healthcare
companies from liabilities and costs related to the breach of private data. Coverage is available
with limits from $1 million$10 million, readily available; with deductibles ranging from $5,000
to $10,000 per event.
What's covered by Security Privacy Liability Insurance?
A lot. In addition to coverage for third-party liability, Security Privacy Liability Insurance
provides reasonable necessary expenses and costs for:
Conducting an investigation to determine the cause of the data breach
Notifying those whose confidential information has been breached and assisting
in providing them with credit and/or identity monitoring
Hiring a PR or other firm to minimize damage and restore public confidence
Legal defense, compensatory damages, judgments, settlements, other legal expenses
Any money an insurance company is required to deposit in a consumer redress fund