Data Breaches and Nursing Homes: Why It’s Crucial to Have Insurance

Data Breaches and Nursing Homes: Why It’s Crucial to Have Insurance

In today’s climate of cyber security hacks and network vulnerabilities, nursing home owners and operators are at an increased risk for being sued. Even when owner/operators have nothing to do with the security or data breach, they can be held liable for damages, and can even lose their business or license.

According to a 2014 report from the Privacy Rights Clearinghouse, an independent study from the Ponemon Institute shows that privacy breaches have increased by 100 percent since 2010. Plus, 90 percent of U.S. healthcare organizations have undergone at least one privacy breach within the last two years. The report predicts that these breaches can cost healthcare companies a staggering $5.6 billion per year.

Employee and Cyber Risks

Within the last several years, a number of network security breaches have made the headlines — and many of these were caused by employee misbehavior or irresponsibility. For example, in 2012 an employee at a New Jersey nursing home was prosecuted (and fired) for taking indecent photos of elderly patients and posting them on a Facebook page. In another incident in 2009, a Minnesota nursing home employee was fired for violating privacy by posting photos online of herself and her patients. Likewise, in 2013, St. Anthony’s Nursing Home in North Dakota suffered a data breach when a laptop computer and flash drive containing protected health information (PHI) was stolen from a doctor’s car.

According to the Ponemon Institute study, 88 percent of healthcare organizations allow their employees to use their own personal mobile devices to connect to their healthcare firm’s information networks. This can lead to serious breaches — such as the one in 2013 when a Texas hospice employee emailed private information concerning 800 patients to his/her own email server.

Breaches can also be caused by insecure Internet sites, such as the recent security breach on the file-sharing site, which contains information on three New York nursing homes. While it’s not known if any PHI was taken from the site, at least two of the nursing homes have installed new records software or switched their security providers.

The Costs: Federal Fines and State Penalties

When a breach happens, a nursing home can be liable for huge costs in the way of punitive damages, penalties and PCI/DSS regulatory fines, but monetary losses can also include repair fees for compromised networks and data systems, forensic costs, notification costs, and credit monitoring fees. Plus, there’s a high risk of substantial loss of income while these repairs are being implemented. Even after a so-called minor breach, financial loss can total more than six figures, representing a ruinous profit hit.

When a data breach takes place, health facilities, including nursing homes, can be liable to both federal fines and state penalties. On the federal level, the Office for Civil Rights can impose as much as $1.5 million per violation. State laws, while varying, can also be stringent. According to California Department of Health regulations, unlawful access to patient records can incur penalties totaling up to $25,000 per patient. In addition, security breaches must be reported within five business days. Late notices of data violations can result in fines of $100 per day (or a maximum fine of $250,000) for each patient involved.

Here are some examples of recent federal and state fines:

  • According to the same source, in 2010 the CDPH fined the Pacific Hospital of Long Beach $225,000 when a technician used medical information from nine patients to open fraudulent personal accounts with Verizon.

This is why PRS has developed CARENET Data Breach Insurance, the only solution with wording specific to the senior living industry. Minimum premiums start at $2,500, submit this one page app to get a quote today.

Carenet Data Breach For Senior Living One-Page Application (460)
Leave Yours +

No Comments

Comments are closed.

  • Comments are Closed