Banner

Computer Fraud Insurance: What's in Your Medical Practice's Policy?

Article

With most HIPAA Final Omnibus Rule provisions now in effect, it's a good time for providers to review their policies.

Most people who own homes - especially in areas such as Florida, Texas, and California - own flood insurance. But, how many people actually read the policy? After all, water damage is water damage, right? No. A policy that covers water damage may or may not include damage caused by flooding.

This same concept applies to computer fraud insurance. And, with the September 23, 2013, effective date for most of the HIPAA Final Omnibus Rule provisions, now is a good time for providers to review their policies.

In fact, a New York appeals court, in Universal Am. Corp. v. National Union Fire Ins. Co. of Pittsburgh, PA, No. 2013 N.Y. Slip. Op. 06321 (N.Y. App. Div. Oct. 1, 2013) held that this particular policy only covered losses stemming from the unauthorized use of outsiders or "hackers" violating the system, not claims-submission fraud perpetrated by authorized users. Here, the rider allotted up to $10 million in coverage for "loss resulting directly from a fraudulent … entry of Electronic Data" into Universal's computer system infrastructure. So, Universal argued that $10 million could be used to cover a portion of the $18 million in losses that resulted from providers processing fraudulent Medicare Advantage claims through its computer system. Unfortunately for Universal, it was determined that the policy language was unambiguous and, therefore, other funds had to be used to cover the financial impact sustained from the fraud.

This case highlights the importance of reading the policy and understanding what exactly is covered. A separate cyber security policy may be needed in light of the remote computing, mobile apps, and cloud computing platforms. And, it is crucial to see if violations related to laws such as HIPAA and the Health Information Technology for Economic and Clinical Health Act, or HITECH, which cause financial damage, are covered. Taking the time now could save time, money, and frustration later.

Recent Videos
Acing the interview
Handling phone calls with difficult patients
Andrea Greco on next steps after identifying a security gap during a risk assessment
Andrea Greco on regulatory compliance for risk assessments
Andrea Greco talks risk assessment blindspots
Andrea Greco, SVP of healthcare safety at CENTEGIX, talks about common risk assessment tools.
Risk assessment frequency with Andrea Greco, SVP of healthcare safety at CENTEGIX
© 2025 MJH Life Sciences

All rights reserved.