Recent Article on Cyber Insurance as Safeguard Incentive Has Implications for Healthcare Industry

cyber insurance

compliments of blog.techgenie.com

April 18, 2016. HIPAA Integrity recommends that you read the excellent April 11, 2016, Business Insurance article by Mark A. Hofmann entitled: “Cyber coverage seen as security incentive.” This article discusses concepts of “cyber insurance in risk management” presented at a recent U.S. House of Representatives Homeland Security Committee. The article reports that Representative John Ratcliffe (R-TX) said: “’We must explore market-driven methods for improving the security of the companies that store our personal information. I believe cyber insurance may be one such solution.’ Just applying for and maintaining such coverage would require ‘entities to assess the security of their systems and examine their own weaknesses and vulnerabilities.’” Already the HIPAA Security Rule provides for covered entities and business associates to complete a risk analysis that addresses Rep. Ratcliff’s statement, which would provide, along with their risk mitigation strategies, written background information in support of underwriting cyber coverages. Failure to comply has consequences, as echoed by Nat Wienecke, senior vice president of Property Casualty Insurers Association of America: “’In many cases, the soft underbelly of our cyber security environment can come through companies that haven’t matched their cyber risk management programs to the threats we are facing.’”

 

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) started its long-awaited HIPAA Privacy and Security and HITECH Act Breach Notification Rule compliance audits on March 21, 2016, that will continue through 2016. We have discussed OCR’s audit program in previous postings. In early April, OCR also posted its long-awaited audit protocols that identify information OCR seeks from covered entities and business associates as part of the current desk audit process. HIPAA Integrity has completed a comparison of the original with the April audit protocols, and has linked each comparison to the appropriate safeguard policy and procedure in the HIPAA Integrity Compliance Tool Package (Version 3.0). This Package is designed for covered entities and business associates to document and successfully demonstrate safeguard compliance for either a potential selection for an OCR desk or onsite audit or for providing evidence to cyber insurance underwriters of a security management process and security measures in place. HIPAA Integrity will discuss the OCR compliance audit program and protocols in a WEDI-sponsored Webinar on May 4, 2016.

 

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)