Policyholder Services

OMIC Coverage Benefit for Cyber Liability and Network Vulnerabilities

What are the various security breaches covered under e-MD®?

Unauthorized access to or use of the Insured’s computer system.

A denial of service attack (intended by the perpetrator to overwhelm the capacity of a computer system by sending an excessive volume of electronic data to it) against an Insured’s computer system.

Infection of the Insured’s computer system by malicious code (software intended to damage a computer system) or the transmission of malicious code from the Insured’s computer system.

What do all of the coverage provisions under the e-MD® benefit provide?

The e-MD® benefit, provided in Section VII. C., of the policy, was added as insureds began to move more of their records, communications, and marketing online. OMIC’s e-MD® benefit now provides nine different cyber liability coverages. One of the coverages is Multimedia Liability Coverage. It covers claims made against the insured for the release or display of any electronic or print media by the insured that directly results in defamation or another tort of reputational harm, invasion of privacy, plagiarism, or copyright infringement.

Another coverage is Network Asset Protection. It covers digital assets loss, that is, the expenses necessary to restore or replace the insured’s damaged or stolen data and computer programs, because of accidental damage, operational mistakes, or a computer crime that an insured failed to prevent. It also covers the insured’s income loss and interruption expenses incurred during the time it takes to restore these digital assets.

The e-MD® benefit also includes Cyber Extortion and Cyber Terrorism Coverages. Under Cyber Extortion Coverage, OMIC pays money to stop the person responsible from executing a credible threat to release confidential information, pose as the insured to falsely obtain confidential information, or corrupt the insured’s computer system. Cyber Terrorism Coverage pays income loss and interruption expenses during a period of restoration of the insured’s computer system required because of an act of terrorism.

The e-MD® Security and Privacy Liability Coverage covers claims made against the insured for security and privacy wrongful acts.  Many acts fall within the definition of security and privacy wrongful acts. A privacy breach or loss of employee information constitutes a security and privacy wrongful act. A security and privacy wrongful act also occurs if an insured fails to prevent a security breach that results in destruction of electronic data stored on the insured’s computer system, unauthorized disclosure of confidential information that is in the care of the Insured or an outsourced IT service provider, or unauthorized access to a computer system other than the insured’s. The failure of the Insured to timely disclose a security breach affecting personally identifiable information or properly dispose of personally identifiable information in violation of privacy regulations is a security and privacy wrongful act, as is the insured’s failure to prevent either the transmission of computer viruses or a denial of service attack from the insured’s to a third party’s computer system. The Security and Privacy Regulatory Defense and Penalties Coverage covers legal expenses and regulatory fines, penalties, or compensatory awards the insured must pay because of security and privacy breaches.

The Security and Privacy Breach Response Costs, Notification Expense, and Support and Credit Monitoring Expense Coverage covers the cost of employing a public relations consultant to mitigate damage to the insured’s reputation or brand, due to an adverse media report of a privacy or security breach. It also covers the expenses of notifying affected individuals in the event of such a breach. Finally, it pays for the provision of customer support in the event of a privacy breach, including credit file monitoring and identity theft education and assistance. January 1, 2016, this coverage was enhanced to include proactive breach response costs and voluntary notification expenses. Proactive breach response costs coverage allows the insured to employ, with OMIC’s prior consent, a public relations consultant prior the publication of an adverse media report to avert potential material damage to the reputation of an Insured. Voluntary notification expense coverage gives insureds, with OMIC’s prior consent, an opportunity to notify affected individuals in the case of a security or privacy breach, even if they are not legally required to do so.

Two new coverage sections were also added in 2016. BrandGuard® provides reimbursement for lost income directly resulting from an adverse media report or notification to patients regarding security or privacy breaches. PCI DSS Assessment Coverage pays fines or penalties levied by a card association (e.g., VISA, MC, AmEx, Discover) or bank for noncompliance with a Payment Card Industry (PCI) Security Council Data Security Standard (DSS) that results in a security or privacy breach. (All merchants and processors must following the PCI Data Security Standards when storing, processing, and transmitting cardholder data.)

The e-MD® per claim and aggregate limit is $100,000. Payments made under e-MD® are a sub-limit of and reduce the benefits payable under BRP. The BRP and e-MD® coverages also include a two year extended reporting period if the insured acquires tail coverage for the policy. However, the extended reporting period does not increase the limit of liability; it is shared with the prior policy period.

What is the difference between the BRP HIPAA proceeding coverage and the e-MD® Security and Privacy Regulatory Defense and Penalties Coverage and e-MD® Security and Privacy Liability Coverage?

The BRP HIPAA proceeding coverage covers legal expenses and fines or penalties when a government entity alleges violation of the HIPAA privacy and security regulations. HIPAA violations, but not damages or the costs of adopting and implementing a compliance program negotiated as part of a settlement with or by order of a government entity.

The e-MD® Security and Privacy Regulatory Defense and Penalties Coverage covers legal expenses plus regulatory fines and penalties and regulatory compensatory awards for claims brought by a government entity for security and privacy breaches. The e-MD® protection covers many more violations than just HIPAA, and it also covers awards or funds payable to affected individual due an adverse judgment or settlement.

The e-MD® Security and Privacy Liability Coverage covers legal expenses and loss because of written demands for monetary damages or other relief, or civil proceedings or arbitration, based on security and privacy wrongful acts. In other words, it covers claims not brought by the government but by private parties.

Regardless of the coverage provision(s) triggered, the Additional Benefit pertaining to any HIPAA proceedings or claims arising out of the same event(s) is afforded either under Subsection VII.B (BRP) or VII.C (e-MD®), but not both, and only one $100,000 limit applies (Subsection VII.C. limits are a sub-limit of Subsection VII.B. limits, regardless). OMIC has the sole discretion to determine which coverage provision applies in any event.

Please refer to OMIC's Copyright and Disclaimer regarding the contents on this website

Leave a comment

Six reasons OMIC is the best choice for ophthalmologists in America.

Best at defending claims.

An ophthalmologist pays nearly half a million dollars in premiums over the course of a career. Premium paid is directly related to a carrier’s claims experience. OMIC has a higher win rate taking tough cases to trial, full consent to settle (no hammer) clause, and access to the best experts. OMIC pays 25% less per claim than other carriers. As a result, OMIC has consistently maintained lower base rates than multispecialty carriers in the U.S.