If you work in the healthcare business in any capacity, you’ve probably heard about the switch to Electronic Health Records (EHR) that requires healthcare providers to convert patients’ paper records into standardized, accessible electronic records by 2015 (see a full schedule for deadlines here.) This massive sea change in how patient records are made, kept, and stored, has been a long time coming, but now the conversion to this kind of record keeping is a mandate, so all healthcare providers need to comply with guidelines. You can read all about it on HealthIT.gov.
Doctors who have a small, one-person practice must comply in the same way major clinics do. The new EHR guidelines also require healthcare providers to pay attention to a wide range of privacy and security issues including wireless Internet security and access to Wi-Fi networks and all staff must keep records out of patients’ view, which is a bit tricky when files are now on computer screens instead of manila folders.
All of these new regulations lead to a whole new set of potential liabilities for healthcare providers and the companies that support them, and everyone involved is updating their insurance policies as they upgrade their systems.
Insurance issues connected to EHRs
The Insurance Journal cites a few academic papers that caution healthcare professionals about liability. From malpractice claims to privacy breach claims, providers are responsible for maintaining accurate records, and keeping them accessible to the right people and safe from the wrong people. Data breaches in healthcare are pervasive in the industry. The U.S. Department of Health and Human Services maintains a database of breaches affecting 500 or more individuals and the list reveals just how vulnerable these practices are to risk.
While liability will fall on the practices, it is easy to see how a chain of blame can ensue. A doctor’s office where a breach has happened might outsource management of their networks to an IT company that promises state of the art security features, and they, in turn, might contract their servers to a cloud hosting service. Technology has a long tail these days, and it’s hard to know where responsibility and blame begin and end.
Is your business ready for EHR?
Now is a good time to consider your insurance coverage when it comes to electronic health records and your liability. Many practices and facilities have upgraded and documented some of the problems they’ve experienced, and insurance brokers have had a chance to get caught up with the new and sometimes unusual coverage needs for clients in the healthcare industry.
Consider updating your coverage if you support healthcare facilities in some way. Many new regulations are in place, and all kinds of professional service providers should reconsider what their liability might be. From law and accounting firms that work directly with healthcare facilities to plumbers, electricians, and IT professionals who work on facility infrastructure and security, to doctors who practice at multiple facilities – so many people play a role in maintaining patient records and keeping them safe.
Contact your broker to talk about new issues with compliance and find out if there is additional coverage you should consider. If you find your risk is out of the ordinary or you can’t find coverage available on the commercial market, consider an enterprise risk captive as an alternative way to manage your risk.