A patient privacy and data security study by the Ponemon Institute released in January 2013 says most health systems are likely to “experience a data breach of some kind.” The study found that 94% of healthcare organizations experienced at least one breach in the past two years and 45% dealt with more than five in the same period. Top causes include lost devices, employee mistakes, third-party mix-ups and criminal attacks.
The Ponemon Institute study further documents that the average cost of a data breach today is $2.4 million and continues to rise. The majority of those expenses involve clean up, paying federal and state fines, setting up hotlines and covering the expense of potential victims’ access to credit bureaus, etc.
In response to the growing threat of cyber-related incidents, Premier Insurance Management Services Inc. (PIMS), a wholly owned subsidiary of Premier Inc., in 2008 began offering a comprehensive, integrated liability insurance product. In 2012, PIMS added Beazley Breach Response, a data privacy and network security insurance solution.
Baystate Health, a four-hospital integrated delivery system based in Springfield, MA, has not had a high-volume breach, but its chief risk officer (CRO) knows the organization is vulnerable. Baystate Health purchased the Beazley coverage through PIMS in June 2012.
“My level of concern is much greater than others in the organization who don’t manage risk on a day to day basis,” said Baystate Health CRO Lynn Tenerowicz, RN, BSN, JD. She is responsible for the IDN’s administration and oversight of operations of risk management programs, litigation and claims management, and property and casualty risk financing programs.
“We can handle the individual breaches of confidentiality,” she said. “The Beazley solution provides a comprehensive approach to dealing with large-scale breaches. If we have an incident, Beazley has the resources to help us analyze the situation and provide a program of action. Even though in a particular breach we may gratefully not even hit our deductible, having those resources and expertise at our fingertips is comforting.”
One feature of Beazley Breach Response is a workshop for organizations with net patient revenue of $800 million or more. Baystate Health’s workshop was in January 2013. “I was really impressed,” Tenerowicz said. “Beazley clearly has extensive expertise and they shared it with us most effectively. Our outside counsel who previously worked for the U.S. Attorney’s office participated and was impressed as well at the level of expertise of the individual who presented.
“We haven’t had a breach so we haven’t needed the services,” she emphasized, “but the expertise to help us if we need it is clearly there. I absolutely recommend the Beazley solution through Premier Insurance Management Services.”