Risk #3: New Platforms Open Other Access Points for Hackers
Healthcare-dedicated TNC platforms like Uber Health integrate with hospitals’ electronic health records, pulling patient contact information and medical history to auto-populate specific fields. This integration can create yet another access point for hackers. A breach of these records would violate HIPAA laws and likely result in not only regulatory fines, but also lawsuits claiming negligence.
“Hospitals heavily secure their data, but are they making sure their vendor partners adhere to the same standards?” asked Wamiti.
Risk Management Action Items:
- Verify the TNC’s security and privacy protections and the amount of cyber insurance coverage it carries.
- Establish a HIPAA-business associate agreement with the TNC.
- Review your own cyber policy for both first- and third-party coverage.
Risk #4: HIPAA Compliance Gets Harder
Unauthorized access to medical records is not the only threat to patient privacy and HIPAA compliance. Drivers for TNC healthcare platforms should also not know anything about their passengers’ hospital visits.
“A driver doesn’t know in advance that a requested ride is for a hospital-related visit — which is a benefit, not a bug,” Duncan said. Withholding this information helps TNC platforms maintain HIPAA compliance, but an untrained employee escorting a patient to a vehicle can easily break that confidence by sharing unnecessary details with the driver.
“Mentioning to the driver that a patient was under anesthesia or will need help exiting the vehicle due to such-and-such procedure is an inappropriate disclosure of private information,” Wamiti said.
Risk Management Action Items:
- Use a TNC’s specific healthcare platform if there is one. Regular personal or even business accounts don’t guarantee HIPAA compliance.
- Train employees to not divulge details of patients’ visits to drivers.
Making it Work with Seamless Coverage and Expert Advice
As a first step, healthcare risk managers interested in using TNCs should communicate with their brokers and insurance carriers to ensure they have adequate coverage and the right risk mitigation strategies in place.
When healthcare risk managers buy commercial auto policies from Liberty Mutual and professional and cyber liability policies from Ironshore, a Liberty Mutual Company, “the programs dovetail seamlessly — as does claims management — so clients are better protected,” Wamiti said.
Says Duncan, “Liberty Mutual and Ironshore understand the dynamics of using TNCs for non-emergency medical transport and are prepared to work with risk managers to identify potential exposures so they can take advantage of this new technology.”
To learn more, visit https://lmi.co/healthcare.
|