CNA Financial is seeing more big long-term care facility liability insurance claims involving problems with health data security.
Analysts at the Chicago-based insurer talk about long-term care providers' cyber liability problems in the company's latest aging services claim report. The analysts based the report on a review of 2,617 large long-term care provider professional liability claims that closed between Jan. 1, 2011, and Dec. 31, 2015.
Screenwriters occasionally base movie plots on the idea of resourceful nursing home residents escaping from the homes and going on wild adventures.
In the new CNA report, analysts note that resident elopement continues to be a major risk both for the residents and for long-term care facility managers. For CNA, elopement has been the professional liability allegation with the highest severity. The average total paid is $325,561, in part because almost half of the elopment claims paid involved the death of the resident who escaped.
In one case, for example, a 77-year-old woman with dementia escaped from an assisted living facility. She drowned in a pond on the facility's property.
For the long-term care facility managers, data security is another growing, frustrating source of liability exposure.
Federal regulators are pushing the facilities to put more data in standardized electronic health record systems, and, at the same time, imposing stiff penalties and notification requirements on facilities that violate tough new data security requirements.
The CNA analysts found that cyber claims accounted for 206 of the 2,617 large, closed CNA liability claims they reviewed.
About 64 percent of the claims involved the loss or theft of devices or data, unauthorized system access, or accidental loss of data and documents.
Just 17 percent of the claims involved ordinary hacking, efforts by hackers to "phish" login information from facility personnel, or successful efforts by hackers to encrypt facility data and demand that the facilities pay ransom money to regain access to the data.
But the average hacking claim payout was over $500,000, in part because a single hacking claim led to a $10 million payout.
The analysts recommend that a long-term care facility choose reputable information technology systems and vendors, conduct thorough information technology vendor risk assessments, require all employees to complete a cyber security awareness educational program each year, and require full-disk encryption of resident electronic health records.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Allison Bell
Allison Bell, a senior reporter at ThinkAdvisor and BenefitsPRO, previously was an associate editor at National Underwriter Life & Health. She has a bachelor's degree in economics from Washington University in St. Louis and a master's degree in journalism from the Medill School of Journalism at Northwestern University. She can be reached through X at @Think_Allison.
