According to a cybersecurity report conducted by Symantec, HIPAA insurance includes, “coverage for the following: forensic investigators to determine the scope of the cyber or privacy incident; a law firm to act as breach counsel to advise the insured of its obligations arising from any breach of sensitive data; costs of notifying affected individuals; a public relations firm to provide advice on whether and how to make public statements, credit and/or identity monitoring; and call center support.”

Organizations that are not HIPAA compliant are not covered by the insurance. As healthcare breaches increase in prevalence, organizations working with protected health information (PHI) must be prepared for a breach. To prepare for a healthcare breach organizations should implement a HIPAA compliance program.

Therefore the best HIPAA insurance is an effective HIPAA compliance program. An effective compliance program includes:

• Six mandatory self-audits (5 for business associates)
• Gap identification and remediation plans
• Policies, procedures, and employee training
• Employee attestation and tracking
• Business associate management
• Incident management and breach notification

Compliancy Group’s HIPAA compliance program covers all that is required by HIPAA law. The Department of Health and Human Services (HHS) does not provide a HIPAA certification.