Yes, it’s those four words that are causing a little worry across businesses around the world – General Data Protection Regulation (GDPR). The new and updated rules come into force in May 2018 and organisations are still at varying levels of readiness.
This article is for informational use only and does not constitute advice on complying with GDPR laws. For more about the legislation, visit the Information Commissioner’s Office website.
For healthcare, the impact is enormous. A 2015 study found that Cyber crime in healthcare is up by 125% since 2010 and is the biggest data security threat. Not only are practices increasingly a target for Cyber crime, but the amount of personal and sensitive data stored can be huge – a logistical, legal and security nightmare.
The GDPR does not just affect UK or EU businesses, its reach is far and wide and covers every business that:
Monitors, collects or processes data of anyone living in the EU (whether they are a citizen or not)Provides any goods or services to people in the EU (whatever country you are based in)Has a base/offices in an EU country.
Even with the UK pulling out of the EU, healthcare practices will have to be prepared for the May deadline. There will also still be a high chance you’ll fall into a category that is covered by the regulation and still need to comply post Brexit, even if it is not formally brought into UK law.
The best advice is to prepare and protect yourself now
That means:
- Reading up on and/or employing the services of a GDPR risk management specialistIdentifying what data you hold on patients, staff, other contacts, and in particular, children
- Writing down your processes for how you collect and store data, gain consent and what you use the data for
- Understanding your obligations, such as how to report a breachWorking out where your processes are non-compliant and fixing them (your GDPR specialist can help)
- And of course, considering protecting yourself if something goes wrong.
The protection is Cyber liability insurance
While having insurance doesn’t relieve you from your data security obligations, it does give well-prepared practices an added layer of protection in the case of a data breach. With Cyber hackers continually finding new and more sophisticated ways of stealing or compromising information, even healthcare practices with the best processes and security can still be vulnerable.
You may be aware that small businesses are now more of a target of Cyber crime than larger companies. It’s also the case that the healthcare industry is heavily targeted for the sensitive data it holds – potentially lucrative to criminals if sold on or held to ransom.
Choosing a specialist policy is important
Many standard practice, clinic and hospital insurances will not fully cover you for a Cyber event. Your computers and software will likely be insured, along with cover for loss of gross revenue, but any additional losses or responsibilities to your patients will probably not be.
Look for a Cyber liability insurance that covers you for any patient compensation and their legal fees, plus statutory fines. You can choose varying levels of cover beyond this, such as to protect hardware, data corruption, third party liability, and other data breach expenses and Cyber financial crime losses.
While the world tries to get up to speed with the GDPR and Cyber crime in general, make sure your practice is fully protected – contact a specialist broker at All Med Pro to discuss your requirements.