The Doctors Company Offers New Layer of Data Recovery Protection
There may be no individual or industry that can be fully protected from a highly motivated and resourceful crook engaged in the rapidly expanding criminal enterprise of identity theft. However, a new feature of medical liability coverage offered by The Doctors Company can help mitigate the damage.
In the question-and-answer sequence below, Rob Francis, The Doctors Company chief operating officer, explains the scope of the problem, and how physicians can minimize their risk.
San Diego Physician: Looking at the big picture, how significant is the problem of data breaches in the medical practice arena and in the broader hospital/healthcare arena?
Mr. Francis: In the first five months of 2009, California officials received more than 800 reports of health data breaches. According to the Identity Theft Resource Center, government agencies reported that the number of personal records (Social Security numbers, medical records, and credit card numbers combined) exposed to such breaches grew six-fold in one year: from 35 million in 2008 to 220 million in 2009. PrivacyRights.org reported last year that there were 46 breaches encompassing nearly 80 million records.
San Diego Physician: What steps can doctors take to avoid breaches?
Mr. Francis: Most of the recommendations are pretty simple: Medical offices should have computer systems in place with log-out and password protection. They should ensure their computer systems and servers are backed up and secure. Physicians should limit online communications to existing patients as traditional email is not secure. In addition, doctors’ offices should prepare a data recovery and/or disaster plan so that they can comply with the Federal Trade Commission’s Red Flags Rule, which requires that holders of financial records develop and maintain a recovery and notification plan in the event of exposure. To access this rule, physicians should visit ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm.
San Diego Physician: What is the average cost to rectify a typical breach?
Mr. Francis: While there’s no such thing as a typical breach, examples include the loss of a laptop computer with patient information, and the loss of medical records. As part of its medical liability coverage, The Doctors Company now provides CyberGuard, which is complimentary privacy and cyber-liability protection that includes the cost of notifying patients — for physicians, the most frequently incurred cost associated with information breaches. CyberGuard also covers the cost of purchasing credit monitoring for affected persons in cases of exposure of personal financial information. The Red Flags Rule instituted by the Federal Trade Commission — as well as other local regulations aimed at preventing breaches of patient records and financial information — are sure to add to the price tag of these incidents.
San Diego Physician: How will CyberGuard coverage help physicians who suffer a breach that results in financial repercussions?
Mr. Francis: Most of the costs associated with breaches are notifying patients, and CyberGuard includes this in its coverage. The Doctors Company has added this coverage for solo and small-group physicians to protect their business. For more information, physicians should visit thedoctors.com/cyberguard.
SDCMS MEMBER BENEFIT
The Doctors Company (TDC) enjoys a reputation as the industry vanguard for low California rates, aggressive claims defense, expert patient safety programs, superior customer service, and exemplary member benefits. Most SDCMS members are eligible for a 5 percent discount on insurance premiums and a 7.5 percent dividend credit. To learn more, contact Janet Lockett at SDCMS at (858) 300-2778 or at JLockett@SDCMS.org. Visit TDC online at thedoctors.com. Potential Value: $500–$2,500!