Health Information Compliance Alert

Published on Mon May 12, 2014 PDF

Question: Our insurance agent who deals with our practice’s general liability policy told me that the policy won’t cover expenses related to a security breach. He says that we need to purchase a separate policy. Is this now the norm?

Answer: If you’re still relying on a corporate general liability insurance policy, you’re not alone. But the language in those policies was drafted before so much information became digital and proven vulnerable to hackers around the globe, pointed out Tallahassee, FL-based associate attorney Sheryl D. Rosen with Akerman LLP in an April 29 posting in the firm’s Health Law Rx Blog.

“Now, increasingly, general liability policies are excluding breaches, carving out those benefits into separate cybersecurity policies,” Rosen explained. “Such policies typically cover privacy notification expenses, administrative penalties, crisis management, and other costs” that result from a breach.

So don’t mistakenly think that your general liability policy still covers breaches, even if it did so in the past. You should review your practice’s coverage and make sure that if your firewalls fail, your liability insurance won’t, Rosen advised.