Life Health Long-Term Care Planning

LTC providers wrestle with data security nightmares

November 07, 2016 at 08:30 AM
Share & Print

CNA Financial is seeing more big long-term care facility liability insurance claims involving problems with health data security.

Analysts at the Chicago-based insurer talk about long-term care providers' cyber liability problems in the company's latest aging services claim report. The analysts based the report on a review of 2,617 large long-term care provider professional liability claims that closed between Jan. 1, 2011, and Dec. 31, 2015.

Screenwriters occasionally base movie plots on the idea of resourceful nursing home residents escaping from the homes and going on wild adventures.

In the new CNA report, analysts note that resident elopement continues to be a major risk both for the residents and for long-term care facility managers. For CNA, elopement has been the professional liability allegation with the highest severity. The average total paid is $325,561, in part because almost half of the elopment claims paid involved the death of the resident who escaped.

In one case, for example, a 77-year-old woman with dementia escaped from an assisted living facility. She drowned in a pond on the facility's property.

For the long-term care facility managers, data security is another growing, frustrating source of liability exposure.

Federal regulators are pushing the facilities to put more data in standardized electronic health record systems, and, at the same time, imposing stiff penalties and notification requirements on facilities that violate tough new data security requirements.

The CNA analysts found that cyber claims accounted for 206 of the 2,617 large, closed CNA liability claims they reviewed.

About 64 percent of the claims involved the loss or theft of devices or data, unauthorized system access, or accidental loss of data and documents.

Just 17 percent of the claims involved ordinary hacking, efforts by hackers to "phish" login information from facility personnel, or successful efforts by hackers to encrypt facility data and demand that the facilities pay ransom money to regain access to the data.

But the average hacking claim payout was over $500,000, in part because a single hacking claim led to a $10 million payout.

The analysts recommend that a long-term care facility choose reputable information technology systems and vendors, conduct thorough information technology vendor risk assessments, require all employees to complete a cyber security awareness educational program each year, and require full-disk encryption of resident electronic health records.

Related:

Have you followed us on Facebook?

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Across Party Lines, Protecting Social Security Is Top Priority: Survey 10 New Life and Health Tax Numbers to Know for 2025 Ameriprise Plans to Keep Its Long-Term Care Insurance Block Kamala Harris Proposes Medicare Home Care Benefit In Long-Term Care Planning, Traditions Matter Prevention Is the Best Long-term Care Planning Strategy

Resource Center

Why Charitable Expertise Should Be Part of Your Practice link

White Paper

Why Charitable Expertise Should Be Part of Your Practice

Generative AI Trends Among U.S. Financial Advisors and Consumers link

White Paper

Generative AI Trends Among U.S. Financial Advisors and Consumers

Tech Is the New Talent Magnet: Firms That Invest in Innovation Attract Top Advisors link

White Paper

Tech Is the New Talent Magnet: Firms That Invest in Innovation Attract Top Advisors