Risk Prevention Fundamentals for Healthcare Cyber Liability

Written by Stephen Lim Lic #0M66738

Risk Prevention Fundamentals for Healthcare Cyber Liability

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Most cyber policies include both first-party and third-party coverages. Some coverages may be included automatically while others are available "a la carte."

CyberLiability2020-02.png

While the coverage parts may differ in relation to what covers what, there are some key fundamental traits to properly preventing and mitigating the cyber liabilities of your healthcare organization. Below, we’ve listed some key points about how to control your risk exposures and provide some examples of how this relates to healthcare.

  • Avoidance

Avoiding risk is a primary fundamental in controlling risk. One part of avoidance is to ensure the internal members of the team have the appropriate levels of security access. This includes members of your staff and immediate team members who are part of the organization

Respectively, you will want to insulate data infrastructure from external access that (?)allows third party members to access your database. By limiting or restricting this kind of access by refusing access to certain regions, you are avoiding potentially risky situations including malware attacks.

  • Loss Prevention

Loss prevention fundamentals include physical controls such as locks on server rooms and computers, preventive surveillance of common infrastructure areas, and creating policies to mitigate the potential for "He said, She said" situations. Utilizing preventive measures can protect a healthcare practice by mitigating who has access to patient records and where and how they access them. This accountability and traceability allows you to review past experiences and grow your enterprise risk management.

  • Loss Reduction

Establishing an environment that prevents cyber-related losses by managerial controls means utilizing measures that centralize responsibility for cybersecurity and data control loss exposure testing to refine the program and minimize the potential of losses incurred with no remediation plan. Loss reduction for healthcare practitioners can include something as simple as ensuring to log out of computers when leaving a room.

  • Duplication

Duplication goes hand in hand with Loss Prevention and Separation. A proper duplication strategy enables your company to have real-time information backed up, either in a cloud or a portable hard drive. Duplication also provides the ability to do rapid-recovery of lost files due to a lack of access from your primary source of patient records.

For instance, backing up your database of patient health records either weekly or monthly will give you immediate access to these records in case of any data breach or lost data.

  • Separation & Diversification

Access to patient health records should not be readily available to all staff members, but more separated based on their roles and responsibilities. An administrator who handles only celeriac paperwork, ie insurance billing, should not have the ability to access and change patient health records. Inversely, a clinical nurse should not have access to any payment information that the front office staff may have for a patient.