Digital platforms heighten cyber exposuresPosted On: Nov. 4, 2018 12:00 AM CST
Health care providers treating patients remotely need to be aware of the potential cyber risks embedded in telemedicine models and the liability that could be created for them when sharing and receiving personal health information, experts say.
The 1996 Health Insurance Portability and Accountability Act, enacted to protect individuals’ personal health information, adds another layer of complication when it comes to telemedicine interactions, and health care providers should ensure they are following best practices for encryption of the information, experts say.
“Notes need to be taken on the patient just like you’re sitting across the table from them or in an exam room,” said Bridget Zaremba, Chicago-based health care claims practice leader for QBE North America, a unit of Sydney-based insurer QBE Insurance Group Ltd. “Are those notes encrypted? Could someone get into someone’s WiFi signal and eavesdrop on the entire conversation? Solid encryption and cyber risk is a big deal when it comes to telemedicine because there is a HIPAA component.”
Recently, a few insurers have indicated they do not want to cover risks unrelated to bodily injury under their hospital or health care professional liability policies, said Martha Jacobs, national health care industry practice leader at Aon PLC in Pittsburgh.
“In other words, they don’t want to cover liability that emanates from a cyber breach,” Ms. Jacobs said.
“That approach, as much as on the surface we would agree that we could get behind it — that nonbodily injury belongs over in a cyber policy and the bodily injury liability belongs in the health care professional liability policy — I don’t think any of us have certainty that we’ve thought through all the different scenarios,” she said.
“I still believe there is a strong potential for finger-pointing between coverages,” she continued. It “depends on what occurs and the actual fact pattern.”
For physicians, “it then really reinforces the need to have adequate cyber coverage, because if you’re interacting with your patients in this fashion at a higher degree or more frequently, arguably you’re going to be exchanging information that is private, that is protected, and therefore the need to have cyber breach coverage is all the more important beyond even just the medical care and the adequacy of your medical professional coverage,” Ms. Jacobs said.