Understanding. your Cyber Liability coverage
|
|
- Aubrey Foster
- 8 years ago
- Views:
Transcription
1 Understanding your Cyber Liability coverage
2 TEXAS MEDICAL LIABILITY TRUST 901 S. Mopac Expressway Barton Oaks Plaza V, Suite 500 Austin, TX P.O. Box Austin, TX Fax: The only medical professional liability insurance provider created and exclusively endorsed by the Texas Medical Association. Published 2013 Understanding your cyber liability coverage is published by Texas Medical Liability Trust as an informational and educational service to TMLT policyholders. The information and opinions in this publication should not be used or referred to as primary legal sources or construed as establishing medical standards of care for the purposes of litigation, including expert testimony. The standard of care is dependent upon the particular facts and circumstances of each individual case and no generalizations can be made that would apply to all cases. The information in this publication is not a binding statement of coverage. It does not amend, vary, extend, or waive any of the terms, agreements, conditions, definitions, and/or exclusions in TMLT s policy or Cyber Liability Endorsement. The information presented should be used only as a resource, selected and adapted with the advice of your attorney. It is distributed with the understanding that neither Texas Medical Liability Trust nor Texas Medical Insurance Company is engaged in rendering legal services. Copyright 2013 TMLT
3 Table of Contents Preface... IV Cyber liability coverage...1 Coverage conditions and caveats... 2 Legal information... 3 Questions to consider... 6 Case study... 7 Vulnerabilities and exposures and claim scenario... 8
4 Preface IV This publication has been created for physicians and entities to explain some of the risks of privacy-related exposures that can result from: lost laptops; theft of hardware or data; improper disposal of medical records; hacking or virus attacks; rogue employees; cyber extortion; or cyber terrorism. Physicians hold sensitive patient and employee information, including: medical records; social security information; and billing information, including credit cards, home addresses, work addresses, and phone numbers. Cyber liability has become a huge exposure in the U.S.: In 2011 the FTC received 279,156 complaints of identity theft, making it their number one complaint. Panda Labs, an antivirus software vendor, reported that there were 60,000 strains of malware in existence in In 2010, FBI s International Crime Complaint Center (IC3) received the second-highest number of identity theft complaints since its inception. IC3 also reached a major milestone this year when it received its two millionth complaint. On average, IC3 receives and processes 25,000 complaints per month. The IC3 has seen substantial growth in complaints, referrals, and dollar loss claims since Texas is third in cybercrime complaints (7.3%) in the U.S. (IC3 study). Texas is fourth for cybercrime perpetrators (6.9%) in the U.S. (IC3 study). The average privacy breach costs $282 per record (Ponemon Institute 2011 Benchmark Study on Patient Privacy and Data Security). An increase in the frequency of large-scale health care related breaches has raised awareness of cyber liability. Health care organizations have experienced devastating breaches: HealthNet 1.7 million records Eisenhower Medical Center 500,000 records New York City Health and Hospitals 1.7 million records
5 Cyber liability coverage Because of the potential for high costs from a cyber-related loss, TMLT has added a cyber liability endorsement to all policies at no additional cost. This endorsement provides coverage for network security and privacyrelated exposures faced by medical professionals. Cyber liability policy limits are $50,000 per claim subject to a $50,000 aggregate per policy period and there is no deductible. If the policy is on a group policy form, the policy aggregate for all policyholders is $250,000. Please refer to your endorsement. Higher limits of $1 million are available at a discounted cost, should a policyholder request them. The endorsement provides payments directly to you (direct loss to your computer systems that suffer damage as a result of a data breach) and certain payments to others (claims made against you as a result of a privacy breach): Network security and privacy insurance covers third party claims arising out of the failure to prevent unauthorized access of the use of private information, including identity theft and breach of privacy for both on-line and off-line information. For example, the inadvertent transmission of malicious code or a virus to a third party s computer system or potential lawsuits from credit card or health insurance companies. Regulatory fines and penalties insurance covers regulatory investigations, fines, and penalties imposed as a result of a violation of federal or state privacy statutes. Examples include HIPAA and HITECH violations, or a state attorney general or Federal Trade Commission enforcement action regarding the breach of security and privacy of information. Privacy breach response costs, patient notification expenses, and patient support and credit monitoring costs insurance covers payment of all reasonable and necessary notification costs in notifying third parties (e.g., patients) whose private medical information has been breached or compromised. This coverage includes legal fees, notification costs, public relations expenses, IT forensic costs, as well as call center, advertising, and postage expenses. The costs for credit monitoring services are limited to a period of 12 months from the date of enrollment in such services. Network asset protection covers all reasonable and necessary sums required to recover and/or replace data that is compromised, damaged, lost, erased, or corrupted. Coverage also includes business interruption and extra expense coverage for income loss as a result of the total or partial interruption of the policyholder s computer system. 1
6 Effective January 1, 2013 all TMLT policies will be expanded to cover: Multimedia insurance provides coverage for both on-line and off-line media including claims alleging copyright/trademark infringement, libel/ slander, advertising injuries and plagiarism. Cyber extortion pays for a cyber extortion threat. This would involve a party making a threat or demand for cyber extortion monies or else they will: êê release confidential information of a third party; êê introduce malicious code; êê corrupt, damage or destroy the policyholder s system; êê restrict or hinder access to system including denial of service attack; or êê electronically communicate with policyholder s patients or customers claiming to be the policyholder in order to obtain personal confidential information. This coverage pays cyber extortion expenses, but such expenses can only be incurred with the Trust s consent. The coverage also would pay cyber extortion monies (funds paid with Trust s consent to the extorters to terminate the threat). Cyber terrorism coverage pays for acts of terrorism, meaning a use of force or violence for political, religious, ideological, or similar purposes, including the intent to influence a government or put the public in fear. This coverage pays for income loss, interruption expenses and/or special expenses. Coverage conditions and caveats TMLT s cyber liability coverage is on a claims-made policy. Your cyber liability coverage is offered in addition to your medical professional liability (MPL) policy limits and there are no binding arbitration or hammer clauses, unlike some of our competitors coverage forms. TMLT will pay on behalf of the policyholder except under Regulatory Fines and Penalties, which will be reimbursed. Defense costs are paid within the limits of insurance, unlike your TMLT MPL policy, where defense costs are paid outside the limits of insurance. The insurance benefits provided under the Network Security and Privacy Coverage; Patient Notification and Credit Monitoring Costs Coverage; and Regulatory Fines and Penalties Coverage are on a third-party basis. The benefits under the Data Recovery Costs Coverage are on a first-party basis and require TMLT s prior written consent for payment. 2
7 In the event of any cyber claim, you must notify TMLT within 60 days from the date a claim is first made to receive any benefit under this endorsement. Legal information Signed into law in 2011, the Texas privacy law, known as HB 300, expands cyber privacy laws beyond the scope of current federals laws. HB 300 does the following: expands HIPAA requirements on written authorization to include release of sensitive information; applies stronger enforcement and penalties; broadens the definition of breach ; expands training requirements; expands the U.S. Attorney General s role in enforcing privacy; expands patient rights to receive health information electronically; and prohibits the sale of personal health information with some exceptions. During testimony to the Senate Health and Human Services Committee, Matthew Murray, MD gave the TMA s interpretation of HB 300: Rules regarding the handling, including transmission, of medical information should apply to any entity in possession of or with access to such information regardless of the form in which the information exists or is transmitted (e.g., paper, electronic). Any penalties for the misuse of such information also shall apply to any entity violating privacy laws or regulations. Medical information should not be used for nonmedical purposes without the informed and noncoerced consent of the individual involved. The increasing horizontal and vertical integration of the financial services sector of the economy may provide nonmedical entities access to individual s medical records. Consent for the use or release of medical information should meet specific standards. Individuals, and in some cases treating health care professionals, should be required to provide informed consent regarding the use or transfer of medical information. Research activities should be protected but not at the expense of individual privacy. Information should be required to be de-identified in an acceptable manner to support legitimate clinical research without unnecessary risk to the patient s privacy. Penalties should be severe and readily enforceable. Databases are extremely valuable in today s marketplace. Given the potential financial 3
8 gains from selling medical information, penalties must be severe to deter these lucrative activities. There should be clear enforcement directives and the ability of an individual to seek redress in the courts should enforcement measures prove inadequate. HITECH was signed into law in 2009 and expands privacy and security measures in transmission of health care data. It expanded HIPAA laws that were already in place. HIPAA is a federal law that governs how health care providers can use, collect, and disclose private information. It requires providers and entities to implement appropriate administrative, technical, and physical safeguards to protect private information. The following comes from the Health and Human Services (HHS) website: Breach Notification Requirements Following the discovery of a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain cases, to the media. In the case of a breach of unsecured protected health information at or by a business associate of a covered entity, the business associate must notify the covered entity of the breach. These breach notification requirements for covered entities and business associates are set forth at 45 CFR sections Individual Notice Covered entities must notify affected individuals of a breach of unsecured protected health information without unreasonable delay and in no case later than 60 calendar days following discovery of the breach. Covered entities must provide written notification by first-class mail at the last known address of the individual or, if the individual agrees to electronic notice, by . If the covered entity knows the individual is deceased and has the address of the next of kin or personal representative of the individual, then the covered entity must provide written notification to the next of kin or personal representative. Individual notification may be provided in one or more mailings as information becomes available regarding the breach. If the covered entity has insufficient or out-of-date contact information for 10 or more individuals, the covered entity must provide substitute notice in the form of either a conspicuous posting for 90 days on the home page of its web site or conspicuous notice in major print or broadcast media in geographic areas where the affected individuals likely reside, and include a toll-free phone number that remains active for at least 90 days where an individual can learn whether the individual s information may be included in the breach. In cases in which the covered entity has insufficient or outof-date contact information for fewer than 10 individuals, the covered 4
9 entity may provide substitute notice by an alternative form of written notice, telephone, or other means. Whatever the method of delivery, the notification must include, to the extent possible: (1) a brief description of what happened, including the date of the breach and the date of discovery of the breach, if known; (2) a description of the types of unsecured protected health information involved in the breach; (3) any steps individuals should take to protect themselves from potential harm resulting from the breach; (4) a brief description of what the covered entity is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches; and (5) contact information for individuals to ask questions or learn additional information (45 CFR section ). Media Notice For breaches involving more than 500 residents of a state or jurisdiction, a covered entity must notify prominent media outlets serving the state or jurisdiction. Like individual notice, this media notification must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach, as well as include the same information as that required for the individual notice (45 CFR section ). Notice to the Secretary In addition to notifying affected individuals and the media (where appropriate), a covered entity must notify the Secretary of breaches of unsecured protected health information. If a breach involves 500 or more individuals, a covered entity must notify the Secretary at the same time the affected individuals are notified of the breach. A covered entity must also notify the Secretary of breaches involving fewer than 500 individuals, but it may submit reports of such breaches on an annual basis. Reports of breaches involving fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches occurred (45 CFR section ). Covered entities must notify the Secretary by filling out and electronically submitting a breach report form on the OCR web site at gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction. html. Notification by a Business Associate If a breach of unsecured protected health information occurs at or by a business associate, the business associate must notify the covered entity following the discovery of the breach so that the covered entity can notify the affected individuals, the Secretary, and the media, if appropriate, of the breach (or delegate the notification responsibilities to the business associate). A business associate must provide notice to the covered entity without unreasonable delay and no later than 60 calendar days from the 5
10 discovery of the breach. To the extent possible, the business associate must identify each individual affected by the breach, as well as include any other available information that the covered entity is required to include in its notification to individuals (45 CFR section ). Questions to consider 6 How are you currently safeguarding electronic patient data? Are you using encryption or other secure methods of preventing access to patient s protected health information? Do you keep your anti-virus and anti-spyware software active and up to date at all times? Do you use hardware and/or software firewalls to block outside access to your computer systems and unauthorized outgoing activity? Do you currently have any coverage for cyber liability losses and, if so, how comprehensive is the policy? Do you understand your responsibility in notifying your patients if there is a cyber-related security breach resulting in invasion of their privacy? Will a data breach impact your practice and your revenue? Have you considered the costs of lost production, lost time by employees working to fix the problem, and the overall loss of efficiency and potential reputational loss from a cyber claim? Do you have coverage for electrical damage, mechanical breakdown, and off-premises utility interruption (for example, due to power failure from blackouts and brownouts) or at least an uninterruptible power supply to continue operation of your computer system(s)? How often do you complete full backups of your electronic records? Are your data backups stored away from your premises? Do you have a cyber loss prevention and disaster protection plan established? The benefits of a formal plan include: avoidance or prevention of cyber losses and resulting computer processing interruptions; preservation and protection of your electronic data; continuity of employment for your employees with minimal or no loss of productivity; fulfillment of service commitments to your patients; uninterrupted collection of your account receivables; security of your patient s personal health information and sensitive personal information; and
11 compliance with state and federal laws. The key: implement proper privacy and security procedures beforehand. It is easier to prevent a data breach before it occurs than clean it up afterward. Case Study A group practice in an urban area was burglarized and many of the practice s computers were stolen. Among the items stolen was the server, which contained the practice management database. The database contained all patient demographic files, including patient names, home addresses, dates of birth, social security numbers, and diagnoses. Access to the practice management database was protected by password, but this level of security could potentially be circumvented. The practice sent letters to their patients notifying them of the breach. They also notified the Office for Civil Rights (OCR) of the burglary and breach of protected health information (PHI). According to the OCR, the burglary and breach of PHI could be a violation of the privacy rule, specifically impermissible disclosure and safeguarding of PHI and the security rule s safeguards. Risk management considerations HIPAA and HITECH require physicians to employ a series of administrative, technical, and physical safeguards to ensure the security of PHI. Additionally, physicians are required to notify patients if there are breaches of security involving unsecured patient information. Notification must occur no more than 60 days after the breach is discovered. Notification must be in writing by mail (or by phone in urgent cases) or electronic means if the patient has consented to electronic notification. If the breach involves more than 500 patients, local media outlets must be notified. In addition, the HHS secretary must be notified immediately for breaches involving more than 500 patients and annually for others. According to the American Medical Association, one critical exception to the breach notification requirement if the breach involved PHI that was secured (encrypted), then notification is not required. This rule applies to two categories of secured PHI: electronic PHI that meets specific standards of encryption and PHI stored or recorded on media that has been destroyed. This rule provides a significant incentive for physicians to encrypt PHI. Following the burglary, the practice took steps to provide better security for patient personal information. They no longer maintain personal information on a server located in the office. All personal information is stored on an off-site server, with access only allowed through a secured, 7
12 encrypted virtual private network. The practice also improved physical security measures in the office. Vulnerabilities and exposures 8 The need to protect the privacy of patients from hackers and cyber-thieves mandates the need for adequate security. Doctors who fail to adequately protect their patients right to privacy from unauthorized use may be held legally responsible and be in violation of state and federal regulations. Doctors may also fail to follow state or federal notification requirements in the event of a data breach. It is imperative that physicians and affiliated organizations know what laws require when a data breach occurs and that employees follow these rules. The following scenarios highlight security and unauthorized access exposures. It is important to note the differences between first and third party risks. First party risks include damage to your hardware, software, and exposure to your data. Third party risks are exposures to your patients data. Claim Scenario A laptop with unencrypted data containing patient files was stolen from a doctor s unattended vehicle. The data included employer s network passwords and 550 patient records consisting of Protected Health Information (PHI) and Sensitive Personal Information (SPI). The doctor immediately called her medical group s practice manager to report the loss. The practice manager had never developed any structured employee training on privacy and security compliance for employees. The thief was able to uncover the network passwords and all of the confidential patient information. He also tried to hack into the practice s network server and, in the process, corrupted their computer system, shutting it down for three days. The practice learned the thief was trying to sell their medical identification information for $50 per patient record. Predictably, the practice received a demand threatening to disseminate the patients confidential information to other criminals unless the practice paid them $20,000 within the next five days. The doctor hired an attorney to assess the situation and determine the applicable state and federal notification requirements and to manage the response process. A vendor was hired to handle the notification process to the affected patients at a cost of $100 per patient record contact. This included credit monitoring for those who requested it. The physician found that 20 patients were so upset over the practice s
13 weak privacy and security protocols they hired an attorney who demanded $200,000 for the breach of his clients confidentiality and right to privacy. After investigating the incident, the practice sent written notification to the affected patients; put a notice of the breach on their web site and on HHS.gov (required if the breach affects more than 500 individuals); and made local media aware of the breach. Additionally, the practice notified the Texas Attorney General s Office and the Office of Civil Rights (OCR), which subsequently led to two separate investigations and requests for extensive information. When the OCR requested a copy of the practice s Risk Analysis and Management Plan and Privacy and Security Policies and Procedures Manual to ensure compliance with HIPAA, the physician reported no such manuals existed. Because the practice was a Covered Entity, the Texas Attorney General s Office decided to file a civil lawsuit for HIPAA violations under HITECH, as well as patient privacy violations under the Texas Identity Theft Enforcement and Protection Act (ITEP) and House Bill 300. The Texas Attorney General sought civil fines and penalties and the recovery of attorneys fees and costs totaling $100,000. Because this was the medical practice s first public breach, their defense counsel was able to negotiate a compromise settlement with the Attorney General for reduced fines and penalties of $5,000. After considerable discussions, counsel was also able to settle the patients confidentiality and right to privacy claims for $10,000. Unfortunately, the practice had to also pay the identity-theft ring their extortion demand of $20,000 to terminate the imminent release of their patient records. Legal Expenses/Fees: $17,000 Notification Vendor Expenses: $38,000 Regulatory Penalty Settlement: $5,000 Data Recovery Costs: $5,000 Third Party Compensation: $10,000 Cyber Extortion Payment: $20,000 Total Expenses: $95,000 How would TMLT s Cyber Liability Coverage respond? Based on the claim scenario, this matter would have triggered potential coverage under five distinct Coverage Agreements: Liability Coverage Privacy Regulatory Defense and Penalty Coverage would pay for the fines and penalties imposed by the Texas Attorney General. 9
14 Security & Privacy Liability Coverage would pay for the patients claims for breach of confidentiality and right to privacy that arose out of the practice s failure to prevent unauthorized access to their PHI. Direct Payments Coverage Network Asset Protection Coverage would pay the expenses incurred by the practice to recover or to restore their lost and corrupted electronic data caused by the thief s hacking attack, including the practice s income loss, interruption expenses, and special expenses to continue normal operations and to minimize the suspension of their practice. Privacy Breach Response Costs, Patient Notification Expenses, and Credit Monitoring Expenses would cover the advertising and postage costs to notify patients whose ephi had been breached, including up to one year of free credit monitoring, and the expenses to employ a public relations consultant to mitigate the harm to the practice s reputation. Cyber Extortion Coverage would pay for extortion expenses and the payment of funds (subject to TMLT s consent) for the purposes of terminating a cyber extortion threat. Consequently, TMLT would provide coverage for this entire matter up to $50,000 per claim up to a maximum of $50,000 per policy period. (NOTE: Increased limits, at a discounted cost, are available up to $1,000,000. For more information about your cyber liability coverage, please call your TMLT Underwriter or Sales Representative. Thank you for choosing TMLT. 10
15 11
16 TEXAS MEDICAL LIABILITY TRUST Rdsn 1212
Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationHIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013
HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationMEDEFENSE CYBER LIABILITY EPLI MEDICAL DIRECTOR
MEDEFENSE CYBER LIABILITY EPLI MEDICAL DIRECTOR TEXAS MEDICAL LIABILITY TRUST 901 S. Mopac Expressway Barton Oaks Plaza V, Suite 500 Austin, TX 78746-5942 P.O. Box 160140 Austin, TX 78716-0140 800-580-8658
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016
Page 1 of 9 CITY OF CHESAPEAKE, VIRGINIA NUMBER: 2.62 ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 SUPERCEDES: N/A SUBJECT: HUMAN RESOURCES DEPARTMENT CITY OF CHESAPEAKE EMPLOYEE/RETIREE GROUP HEALTH
More informationThe ReHabilitation Center. 1439 Buffalo Street. Olean. NY. 14760
Procedure Name: HITECH Breach Notification The ReHabilitation Center 1439 Buffalo Street. Olean. NY. 14760 Purpose To amend The ReHabilitation Center s HIPAA Policy and Procedure to include mandatory breach
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationHackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common
Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass
More informationWhat Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act
What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act
More informationShipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS
Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More information3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?
HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed
More informationBreach Notification Policy
1. Breach Notification Team. Breach Notification Policy Ferris State University ( Ferris State ), a hybrid entity with health care components, has established a Breach Notification Team, which consists
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationSCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY
SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY 1 School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationPOLICY AND PROCEDURE MANUAL
Pennington Biomedical POLICY NO. 412.22 POLICY AND PROCEDURE MANUAL Origin Date: 02/04/2013 Impacts: ALL PERSONNEL Effective Date: 03/17/2014 Subject: HIPAA BREACH NOTIFICATION Last Revised: Source: LEGAL
More informationHIPAA Privacy Breach Notification Regulations
Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationSTANDARD ADMINISTRATIVE PROCEDURE
STANDARD ADMINISTRATIVE PROCEDURE 16.99.99.M0.26 Investigation and Response to Breach of Unsecured Protected Health Information (HITECH) Approved October 27, 2014 Next scheduled review: October 27, 2019
More informationHow To Notify Of A Security Breach In Health Care Records
CHART YOUR HIPAA COURSE... HHS ISSUES SECURITY BREACH NOTIFICATION RULES PUBLISHED IN FEDERAL REGISTER 8/24/09 EFFECTIVE 9/23/09 The Department of Health and Human Services ( HHS ) has issued interim final
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationInsuring Innovation. CyberFirst Coverage for Technology Companies
Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is
More informationBREACH NOTIFICATION FOR UNSECURED PROTECTED HEALTH INFORMATION
BREACH NOTIFICATION FOR UNSECURED PROTECTED HEALTH INFORMATION Summary November 2009 On August 24, 2009, the Department of Health and Human Services (HHS) published an interim final rule (the Rule ) that
More informationHIPAA Privacy and Security
HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationChecklist for HITECH Breach Readiness
Checklist for HITECH Breach Readiness Checklist for HITECH Breach Readiness Figure 1 describes a checklist that may be used to assess for breach preparedness for the organization. It is based on published
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationFive Rivers Medical Center, Inc. 2801 Medical Center Drive Pocahontas, AR 72455. Notification of Security Breach Policy
Five Rivers Medical Center, Inc. 2801 Medical Center Drive Pocahontas, AR 72455 Notification of Security Breach Policy Purpose: This policy has been adopted for the purpose of complying with the Health
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationBusiness Associate Agreement Involving the Access to Protected Health Information
School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered
More informationINFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES
INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationNew HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010
New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationGuidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES
DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR PARTS 160 and 164 Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationReporting of Security Breach of Protected Health Information including Personal Health Information 3364-100-90-15 Hospital Administration
Name of Policy: Policy Number: Department: Reporting of Security Breach of Protected Health Information including Personal Health Information 3364-100-90-15 Hospital Administration Approving Officer: Interim
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationBusiness Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule
Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationThe Dish on Data and Disks HIPAAPrivacy and Security Breach Developments. Robin B. Campbell Ethan P. Schulman Jennifer S. Romano
The Dish on Data and Disks HIPAAPrivacy and Security Breach Developments Robin B. Campbell Ethan P. Schulman Jennifer S. Romano HIPAAPrivacy and Security Breach Overview of the Laws Developments Incident
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationBUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:
BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationViolation Become a Privacy Breach? Agenda
How Does a HIPAA Violation Become a Privacy Breach? Karen Voiles, MBA, CHC, CHPC, CHRC Senior Managing Consultant, Compliance Agenda Differentiating between HIPAA violation and reportable breach Best practices
More informationInformation Privacy and Security Program. Title: EC.PS.01.02
Page: 1 of 9 I. PURPOSE: The purpose of this standard is to ensure that affected individuals, the media, and the Secretary of Health and Human Services (HHS) are appropriately notified of any Breach of
More informationMISCELLANEOUS MEDICAL PROFESSIONAL AND GENERAL LIABILITY INSURANCE POLICY CLAIMS MADE AND REPORTED COVERAGE ENDORSEMENT
MISCELLANEOUS MEDICAL PROFESSIONAL AND GENERAL LIABILITY INSURANCE POLICY CLAIMS MADE AND REPORTED COVERAGE ENDORSEMENT e-md E1857BA-0712 In consideration of the premium charged, it is understood and agreed
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationWhat would you do if your agency had a data breach?
What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability
More information9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.
Miscellaneous Current Topics in Healthcare Professional Liability Josh Zirin, FCAS, MAAA Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly to the letter and spirit of the
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationData Breach Notification Burden Grows With First State Insurance Commissioner Mandate
Privacy, Data Security & Information Use September 16, 2010 Data Breach Notification Burden Grows With First State Insurance Commissioner Mandate by John L. Nicholson and Meighan E. O'Reardon Effective
More informationBUSINESS ASSOCIATE AGREEMENT. Recitals
BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and
More informationHIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND
HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationTexas Medical Records Privacy Act (a.k.a. Texas House Bill 300)
Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationINFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:
INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More information