Feature

Cyberliability insurance: Should you purchase a policy?

Publish date: February 22, 2018

View on the News

Michael E. Nelson, MD, FCCP

Michael E. Nelson, MD, FCCP, comments: Being old enough to remember a paper chart and scheduling book, I can't help but marvel at the how the electronic health record (EHR) has fallen short of its expectations and added to the cost of medical care. Well, let's add cybersecurity insurance to the cost of doing business. While I love the ability to look at a chest x-ray or CT without a viewbox, I can't think of many other things that the EHR has done to make me a more efficient physician. It has, however, spawned many cottage industries that provide "must have" services with their attendant fees. The ever-increasing regulatory and administrative burdens and costs placed on physicians' practices is making it impossible for smaller practices to remain financially viable, leaving smaller communities without medical services. I don't think this was the intent when we decided to "modernize" medicine. It makes me want to go back to those Halcyon days of the paper chart - try phishing one of those, you hackers.


 

Manage risk before a breach

Of course, there is plenty that practices can do to prevent – and protect themselves from – a health data breach before it happens. Providing employee awareness training is an important step, said Craig Musgrave, chief information officer of the Doctors Company. Institute a training program for staff at all levels and go over the basics, such as refraining from opening emails from senders they don’t know, Mr. Musgrave wrote in a recent column. Updating all software regularly and backing up data is also essential. And Mr. Musgrave emphasizes the importance of “whitelisting.”

“Health care systems are fragmented in their management of systems and data,” Mr. Musgrave wrote in his column. “Their ability to patch legacy systems and employ cybersecurity staff varies enormously. Therefore, application whitelisting is essential. Rather than blacklisting known malicious software, an application whitelist prevents the launching of any executable program (known or unknown) that does not have explicit authorization. This, in combination with strong firewalls and network segmentation tools like micro-segmentation, provides stronger security.”

In addition, consider implementing data security policies and incident response protocols as well as employee training on securing patient data, ProAssurance’s Ms. Tullos said.

“A breach can also occur within a third-party vendors system and infiltrate the physician’s records, so it is important to discuss cybersecurity with those vendors and all parties should purchase cyberliability insurance,” she said.

Pages

Recommended Reading

Register for 2018 ACS General Surgery Coding Workshops
MDedge Surgery
Register for 2018 ACS Residents as Teachers and Leaders Course
MDedge Surgery
Register now to participate in 2018 Leadership & Advocacy Summit
MDedge Surgery
From the Washington Office: MIPS 2018 … Determining your status, making your plan
MDedge Surgery
From the Editors: An unexpected call to action
MDedge Surgery
From the ACS President: The joy and privilege of a surgical career
MDedge Surgery
Unscheduled visits for pain after hernia surgery common, costly
MDedge Surgery
How real is resident burnout?
MDedge Surgery
Parental leave not available to all academic surgeons
MDedge Surgery
Trump administration proposes rule to loosen curbs on short-term health plans
MDedge Surgery