George Breen, a Member of the Firm in the Health Care and Life Sciences practice in the Washington, DC, office, was quoted in an article titled "Regulatory Insurance: Worth the Money, or Not What It Seems?"

According to the article, regulatory insurance also raises a public policy question that has yet to be resolved in states such as California, which only recognizes insurance coverage for certain things. California does not recognize insurance coverage for crimes or wrong dealings, so fraud and abuse coverage would be unenforceable since it would be against California law to insure against that kind of loss.

"The carriers like to focus on the penalties, but the penalties often are not the cost driver, as it is the associated costs in dealing with the breach," Breen said. "You may pay a $250,000 fine but have $7 million in business costs resulting from the HIPAA violation or other breach."

With a RAC audit, for example, Breen notes that challenging the audit results can be a long and expensive process involving several steps in the appellate courts before the district court.

If the policy provides for a defense, Breen also advises checking the details to determine who has the authority to choose the attorney and whether the carrier can settle the case without your approval.

There is no one answer to whether regulatory insurance is worthwhile, Breen said. The coverage tends to be a better fit for smaller health care providers, such as physician groups, than for large hospitals or health systems, he said.

"If you find the right policy at the right price, you might decide that it gives you enough peace of mind that you're willing to pay the premium," he said. "But I worry that a lot of health care providers are going to pay for coverage like this and then find out it is of limited utility, when you look at all the costs involved with an incident."

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.