As health data breaches become more common, the market for data breach insurance is heating up, according to an article at iHealthBeat.
Larry Harb, president and CEO of Okemos, Mich.-based IT Risk Managers, told FierceHealthIT in 2012 that his company's revenue from data breach insurance has increased in double digits for 10 of the 12 years the firm has been in business. With the rapid growth in digitized clinical data, sales growth has been even more rapid.
Indeed, 94 percent of healthcare organizations had at least one breach in the past two years, according to a report from the Ponemon Institute. It found that such breaches cost organizations a total of $6.78 billion annually.
While insurance won't prevent a breach from happening, it can help provide some peace of mind.
"Whether you buy insurance or not, the risk doesn't go away. The only decision you are making is who is going to pay for it," Harb told iHealthBeat.
The insurance covers costs such as forensic analysis; crisis communications and public relations; and notification. The costs, however, can include penalties. The Office for Civil Rights in January levied its first penalty--$50,000--for a HIPAA breach affecting fewer than 500 people.
A recent report from CSC's Global Institute for Emerging Healthcare Practices named cyber insurance among the tactics healthcare organizations might use to protect themselves from breaches. Its overall recommendation, however, was that organizations take a holistic approach to securing data. Lead author and senior research specialist Jared Rhoads told FierceHealthIT that insurance might make sense especially for smaller organizations.
While more than half of major hospital systems are believed to have purchased a policy or are looking into it, smaller organizations may not even have breach insurance on their radar.
As Harb said in the iHealthBeat article: "People are finally starting to realize ... that everyone is responsible and size doesn't matter. If you are a one-person doctor's office and you have personal and private information, you've got to make a business decision."
To learn more:
- find the iHealthBeat article