February 22, 2012
How should coverage respond?
A Healthcare firm accidentally disclosed a large number of patient records via a website. Breach appears to have resulted from a programming error. Insured’s response was needed with or without coverage:
When clients experience a breach, they need a carrier and coverage that:
• Responds quickly
• Can include services, advice and counsel -- comprehensive in scope and depth
• Is designed to help insureds manage a crisis and minimize exposure to litigation or regulatory action.
Here’s an example of breach response protocol in action:
• Patient Notification
• Call Center and escalation process for “gripe” calls, includes referral to counsel
• Informational web site (including timing of launch to dovetail with press management)
• Credit monitoring procurement
• Breach post-mortem and advisory on remediation of conditions causing breach
• Security review of “repaired” site prior to re-launch
• Press release and press management
• Notification of regulators and regulatory relationship management
• Notification of business associates
Source: CNA Insurance
