Ensuring Senior Care Facilities Maintain Proper HIPAA and Data Breach Compliance

Senior care facilities that operate in tandem with a hospital typically covered entities that must follow HIPAA compliance.

Running a senior care facility involves ensuring all staff members follow the ever-increasing amount of regulatory compliance issues. In the midst of all of this red-tape, one of the more important issues is overcoming the unique challenges posed by the Health Insurance Portability and Accountability Act, commonly known as HIPAA.

HIPAA ensures that an individual’s health records and medical files are securely stored and transferred to the appropriate institutions, agencies and facilities. The information contained in these records and files is highly sensitive, and nobody wants theirs to fall into the wrong hands or be viewed by unwanted eyes caused by an unwanted Cyber Data Breach.

Insurance brokers and agents providing coverages for senior care facilities should work with the executives and managers to guarantee that all staff members understand the full range of compliance involved in handling and transferring these sensitive health records and medical files. If the proper precautions are not taken, the senior care facility may potentially be exposed to a claim of negligence or even face a lawsuit

The Importance of HIPAA

Residents at senior care facilities often have a range of health issues and require a wide variety of prescription drugs on a regular basis. In order to best serve these residents, nurses and other staff members at the facility must have access to this information. This ensures each resident receives their appropriate medications and medical care. In addition, if something were to happen to a resident, having his or her records on hand also shows potential allergies, prior health problems and other relevant medical information.

Protecting a resident's private health information should be a top priority for every senior care facility.Protecting a resident’s private health information should be a top priority for every senior care facility.

Understand the nuances of HIPAA protections

Not every senior care facility is required to follow HIPAA compliance. There are many different types of assisted living models and each one has their own standard of regulations. However, as noted by legal services firm, Davis Wright Tremaine, LLP, HIPAA applies to “covered entities.”  While a strict definition of CEs is difficult to answer, typically, it depends on if the senior care facility is also a legal entity with a hospital or other health care provider. Independent assisted living facilities are generally not CEs, although portions of the organization might fall under the umbrella.

In addition, it’s not only tangible paper documents or digital records that are protected under HIPAA, but any form of sharing this information to a non-covered entity. For instance, over time, senior care facilities become like a small community, with the residents and staff members sharing a considerable amount of time and stories together. In situations like this, a staff member might unexpectedly let a private detail about a resident’s health condition to other people living in the facility. 

“It’s not just paper documents or digital records that are protected under HIPAA.”

Boosting cybersecurity

Whereas in the past, senior care facilities maintained almost all of their residents’ medical records and health files on paper documents and kept these stored in filing cabinets, this is no longer the case in most instances. Many of these facilities now keep all of this sensitive information on computer files. This has many benefits, including easily transferring information from one specialist to the next, lower administrative costs for filing and searching for hard copies and increased flexibility for accessing these records. However, despite these advantages, there are still obstacles that can pose serious risks for senior care facilities if they’re not careful.

A robust cybersecurity system is not merely a suggestion, it’s a requirement. As cybercriminals gain new methods of breaching internal networks through phishing attempts, malware and ransomware, senior care facilities have a duty to ensure their residents’ PHI information is securely stored.

Secure outside vendors’ access

Throughout the daily course of operations, senior care facilities interact with a wide range of other businesses and individuals. From a third-party consultant who’s brought into evaluate nursing management policies to document destruction firms that haul away private records, these outside agencies may gain access to patients’ private health information via their work or just through happenstance. The Practice Solution noted that these individuals and companies must sign an agreement with the senior care facility to protect the privacy rights of the patients.

As noted by The Practice Solution, these third-party vendors might include, among many others:

  • Consultants
  • Attorneys
  • Bookkeepers or accountants
  • Software companies or computer technicians
  • Telephone providers
  • Malpractice carriers
  • Document destruction firms

It’s also very important for senior care facilities refrain from selling their patients’ information to outside companies, unless these individuals provide their consent. Although this is a rare occurrence and the overwhelming majority of senior care facilities do not partake in this practice, it should be reinforced among all managers and other staff members.

Secure Cyber / Data Breach Liability Insurance

With these emerging threats becoming more prevalent, many healthcare organizations are considering Cyber Liability Protection Insurance. Similar to other types of insurance coverage, when a data breach occurs or a computer system is compromised, we are not interested in how or why it came about. We are focused on getting the right help to our clients; working with them to identify and contain a breach or investigate and defend them in the event of a claim, limiting the financial and reputational damage to their business. We aim to take a holistic approach to loss. With greater cyber security measures in place, managers and executives at senior care facilities can gain that critical edge in their never-ending fight against fraud and data breaches.

In addition, McGowan’s Senior Care Cyber Liability Program can provide coverage for both first- and third-party losses and expenses stemming from the following:

• Credit monitoring.
• Notifying affected parties.
• Regulatory actions.
• Loss of income.
• Crisis management.
• Reconstituted and restoring damaged data.
• Litigation.
• And more.

Who can help?

Sometimes, despite the best training policies and security measures, a resident’s private health information becomes compromised. Whether it was an oversight from a staff member or a data breach of the facility’s server, these risks are unfortunately all too real, which makes having the right protections in place crucial. 

Brokers and agents who partner with McGowan Program Managers gain access to robust Senior Care Insurance policies that can provide the necessary coverages these facilities need. With the “Power of the Pen,” McGowan provides tailor-made insurance coverage that best suits each individual senior care facility.

Emerging Threats in Senior Care - White Paper