Does Malpractice Insurance Cover HIPAA Violations?
Craig Skerpac, MBA
Medical records are extremely sensitive items. Patient privacy is also one of the most-important pillars of medical ethics. If you commit a breach of privacy through your actions at your practice, then you might face troubles. Annually, affected patients sue practices for countless thousands of dollars. They often sue for such losses as HIPAA violations. Sometimes, those patients win. If they do, they might put your practice in a very unstable position. So, if you face a HIPAA violation, will your medical malpractice insurance help you?
The way HIPAA and malpractice insurance work together can appear complicated. At times, you might need supplementary liability insurance to support such violations.
When a doctor commits malpractice, they place the patient in the way of harm. It is a physician’s negligence that might cause harm to the patient, and usually that is physical harm. Mis-prescribed treatments or mistakes during surgeries are reasons many people sue for malpractice.
After physical harm, a successful malpractice lawsuit might help the patient recover lost costs and receive help during what might prove an extended recovery. In the event of a patient’s death, a suit might help the patient’s survivors recover death benefits. However, though beneficial to the affected party, malpractice claims could harm your practice. Therefore, you should have protection against all potential malpractice suits. At some times, these suits might result from HIPAA violations.
Often, malpractice results in physical harm. Yet, personal harm might affect patients in other ways. For example, if someone in your practice exposes a patient’s private information, then there might result severe losses. Their private suffering might become public knowledge. Even worse, their identity might come under threat. Should this occur, they might accuse you of a HIPAA violation. They might try to sue for malpractice.
HIPAA stands for a law called the Health Insurance Portability and Accountability Act. This law has to do with the very sensitive issue of patient privacy. It governs how doctors, hospitals, insurance companies and others must safeguard a patient privacy.
The HIPAA standards developed out of the idea that the world of information was growing. The explosion of the internet and growth in information outlets began to pose new risks to privacy. As records migrated online, the threat of losses, leaks and other privacy risks escalated. Furthermore, new outlets began to exist for doctors and providers to potentially expose a patient’s information beyond traditional word of mouth. HIPAA sought to establish new guidelines for safeguarding a patient’s private information. It also established clear penalties that might result from exposing patients' private data.
Why does it count as malpractice?
Malpractice claims often succeed if courts find that a doctor failed to exercise a reasonable standard of care in treating patients.
Sometimes, a failure to maintain a patient’s privacy, a HIPAA violation, might fall under this definition of malpractice. In such cases, malpractice insurance might cover the policyholder for their losses. However, this is not true in every case. Depending on the circumstances of the case, a practice might not have help available.
As a result, it is much better to do what you can to prevent HIPAA violations in any and all cases. A commitment to security and discretion can usually help you.
- Familiarize yourself with all HIPAA standards as provided by law.
- Keep all written records under lock and key. Require a process for pulling, reviewing and recording patient information.
- Require all your employees to observe all standards of patient privacy. Put in place an oversight process. It can help you to catch any potential bad actors before they can steal information.
- Never discuss patient information with anyone but the patient, their proxies, your staff or others familiar with the case.
- Do not allow anyone outside of your practice to observe patient information,
- Implement a robust data security system within the practice. Computer networks, cloud data and other systems should have the highest levels of security.
- Should a data breach occur, immediately take the proper steps to contain losses.
Do I need additional insurance?
At certain times, HIPAA violations do not qualify as malpractice. If you did everything you reasonably could to protect a patient’s privacy, and information still leaked, then it might not be malpractice. Yet, that might not save you from lawsuits or complaints from dissatisfied customers.
In these cases, you might not be able to use your malpractice insurance against a claim. However, other professional liability policies might help you. Coverage like errors & omissions (E&O) insurance, cyber liability insurance or directors & officers (D&O) coverage might come into play.
In the event of an allegation of privacy breach, contact your New York professional liability insurance provider. They can likely guide you in choosing the right policy to cover your losses. Then, work to make sure the problem never happens again.
Get Started with a Free consultation
Creating a custom insurance or benefits package is critical for companies of all sizes.