HIPAA Insurance Can Be Misleading
There are multiple companies that claim to be offering HIPAA insurance, also known as cyber insurance, to protect healthcare organizations that experience a breach. However there is no such thing as HIPAA insurance. The fine print for these policies states that the insurance only covers organizations that are HIPAA compliant and there is often $100,000 limit for claims. However the average cost of a healthcare data breach is $6.45 million, once all of the costs are calculated, including reputational damage and fixing security gaps.
According to a cybersecurity report conducted by Symantec, HIPAA insurance includes, “coverage for the following: forensic investigators to determine the scope of the cyber or privacy incident; a law firm to act as breach counsel to advise the insured of its obligations arising from any breach of sensitive data; costs of notifying affected individuals; a public relations firm to provide advice on whether and how to make public statements, credit and/or identity monitoring; and call center support.”
Organizations that are not HIPAA compliant are not covered by the insurance. As healthcare breaches increase in prevalence, organizations working with protected health information (PHI) must be prepared for a breach. To prepare for a healthcare breach organizations should implement a HIPAA compliance program.
Therefore the best HIPAA insurance is an effective HIPAA compliance program. An effective compliance program includes:
- Six mandatory self-audits (5 for business associates)
- Gap identification and remediation plans
- Policies, procedures, and employee training
- Employee attestation and tracking
- Business associate management
- Incident management and breach notification
Compliancy Group’s HIPAA compliance program covers all that is required by HIPAA law. Compliancy Group’s Compliance CoachesTM guide clients through all of the documentation necessary to prove a healthcare entity’s “good faith effort” towards HIPAA compliance. The HIPAA implementation process is self-paced, allowing clients to complete each of the six stages in a timeframe that works best for them.Once a client completes the six stage implementation process, they are eligible to receive Compliancy Group’s Seal of Compliance. The Seal is a great differentiator as is verifies and validates that clients have made every effort to prove their HIPAA compliance. The Seal of Compliance, however, is not a HIPAA certification. The Department of Health and Human Services (HHS) does not provide a HIPAA certification.