Medical Forum asked the three major medical defence organisations if their policies covered the new data breach changes and cyber risks.
Avant said its:
“Practitioner Indemnity Insurance Policy provides cover for defending a complaint in relation to privacy law (subject to the terms, conditions and exclusions of the policy). The policy also provides cover for any monetary fine or penalty, to the extent permitted by law, ordered to be paid by a practitioner based on their breach of privacy laws. This was brought in to support members with the recent changes to the Privacy Act and the introduction of the notifiable data breaches scheme. From 1 July 2018, Avant will also be providing cover for any privacy breach notification costs.
MIGA said its policy:
“…principally covers doctors for claims arising from the provision of medical services in their field of practice, however, cover can encompass various matters arising out of a notifiable data breach, including for civil claims, legal expenses and certain other losses. Other types of insurances may also be relevant in the context of cyber risks and criminal conduct and in this regard, MIGA has a partnership with Guild Insurance through which other types of insurance can be obtained for a broader range of business risks, including cyber insurance.”
MDA National said its:
“Professional Indemnity Insurance Policy and our Practice Indemnity Policy cover claims against our Members and Practice Policyholders for unintentional privacy data breaches as well as inquiries by the Australian Information Commissioner into a breach. The policies also include cover for replacing documents or data that may be lost due to an unintended breach, provided there are appropriate backups and security in place. The Cyber program extends to human error with respect to both:
- Data asset loss and
- business interruption
Human error means an operating error or omission, including the choice of the program used, an error in setting parameters or any inappropriate single intervention by an employee or a third party providing services to you, which results in loss, alteration or destruction of your data.”
We also spoke to the national president of the Association of Australian Practice Managers (AAPM), Ms Cathy Baynie, who said that it was business as usual for practice managers.
Privacy is daily fact of life for the 2000 plus AAPM members who will already have policies in place and staff trained.
“However, privacy education is popular with members and we work closely with MDOs to deliver workshops and seminars most years. This year, privacy workshops for receptionists will include the notifiable data breaches changes among other things,” she said.
“There’s certainly no panic in our ranks. Privacy training is ongoing and our members have been fully updated and resourced to meet the requirements. This is just one of the many changes we deal with on an ongoing basis.”