Darwin Expands Data Security Coverage for Health Care Firms

December 14, 2006

Specialty insurance underwriter Darwin Professional Underwriters, Inc., is expanding its Tech//404 liability product for health care organizations in response to increasing exposure to network security and data privacy losses.

According to Darwin, Tech//404 for health care organizations is the first specialty liability insurance product to address the exposures of both technology and enterprise information risk in a single, comprehensive insurance policy.

The company maintains that while much attention has focused on data theft in technology and financial service companies, other industries, such as health care, are increasing their data risk profile at an alarming rate. With the introduction of electronic medical records (EMRs) and software-enabled medical care, hospitals themselves are becoming their own data warehouses with a much greater sensitivity to network intrusions and network interruptions, according to the underwriters at Darwin.

Tech//404 for health care organizations is designed for technology-dependent health care companies, which today include most health care firms as the industry undergoes rapid digitization and centralized storage of third-party data.

The current market for technology errors and omissions (E&O) liability insurance is estimated at $650 million, according to a recent Betterley Report. Most projections indicate health care technology liability as one of the fastest growing segments within that estimate.

“It seems we read about security lapses and other data security problems at health care organizations in the news every week,” said Drew Bartkiewicz, assistant vice president and lead underwriter for Darwin’s technology and information liability group. “Even though there are clear standards for protecting patient privacy, medical organizations are increasingly concerned about the perils of aggregating data, automating responses, and allowing access. Additionally, health care is one of the most regulated industries for data privacy standards so that is an added dimension of the professionals’ concern.

The product is designed, according to Bartkiewicz, to protect companies from exposures like these three recently reported incidents:
The September 6, 2006 security breach at Akron Children’s Hospital, Akron, Ohio. The files of some 230,000 patients were accessed and sensitive information, including social security numbers and bank account records, was stolen.

The Sisters of St. Francis Health Services Inc., Indianapolis, Indiana, is being sued in federal court after a July 28, 2006 security lapse that may have exposed the private information of more than 260,000 patients. That suit seeks damages of no less than $5,000 for each affected claimant.

The biggest data breach ever was reported in Oregon, where 365,000 patient records were stolen. Ten computer disks and tapes belonging to Providence Health & Services were stolen from an employee’s vehicle. To date Providence has spent $7 million responding to the breach.

For health care organizations contemplating growing risks, such as ID theft, network outages, and regulatory violations for data privacy, Darwin’s Tech//404 for can be a significant component in an enterprise risk management program.

Darwin’s product coverage includes:

Notification expenses under regulatory requirement to warn of security breaches

Fines, fees, or penalties arising from privacy or consumer protection errors

Errors and omissions for delivery of technology professional services

Network security protection, unauthorized access, and rogue employee coverage

Breach of privacy, including 3rd party liabilities

Malicious code, cyber-attacks, and inadvertent transmission of viruses

Optional contingent bodily injury, crisis management expense, and cyber extortion

Businesses eligible for Tech//404 for health care organizations include: ambulatory surgery centers; health care data processors; health care software providers; image delivery systems; long-term care facilities; physicians groups; hospitals; managed care organizations; third-party administrators; pharmacy delivery systems, and others.

Tech//404 is also available for financial services, e-commerce, and technology companies.

Source: Darwin i

Was this article valuable?

Here are more articles you may enjoy.