With the growing threat of cyberattacks, federally qualified health centers (FQHCs) must prioritize cybersecurity to safeguard patient data and ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). To help health centers meet their obligations, the National Association of Community Health Centers (NACHC) has developed a comprehensive Tip Sheet on how cyber insurance coverage can support FQHCs in responding to security incidents and reporting breaches.
The Tip Sheet covers key HIPAA requirements, such as:
- Security Incidents & Incident Response
- Breach Determination
- Breach Reporting
- Responding to Investigations, Compliance Reviews, and Lawsuits
It also highlights important questions to ask your insurance carrier, including specific terms to include in a cybersecurity policy.
Tailored Cybersecurity Solutions for FQHCs
Cybersecurity liability insurance is critical for FQHCs, especially as federally funded organizations often face increased liability exposure. Insurance providers like Marsh McLennan Agency offer tailored programs that address professional liability, Directors and Officers (D&O) liability, and excess liability, ensuring that FQHCs are protected from financial and operational risks.
Additionally, organizations such as VirtuALLY have partnered with Acrisure Cyber Services to offer a full-featured security stack, helping FQHCs across Michigan and beyond protect their systems. The Michigan Primary Care Association also provides discounted KnowB4 training to FQHCs, helping them enhance their security posture through comprehensive cybersecurity education.
Legal Strategies for FQHCs
While some FQHCs have pursued legal strategies to substitute the federal government under the Federal Tort Claims Act (FTCA) for data breach litigation, it is important to note that HRSA has not opined on these cases and has not taken an official position. This substitution is not guaranteed and is a legal approach being explored by certain health centers. FQHCs should consult their legal counsel to determine the best course of action for managing cybersecurity risks and liability.
Federal Cybersecurity Resources for FQHCs
FQHCs can also take advantage of federal resources such as:
- HHS Security Rule Guidance Material
- CISA Cybersecurity Best Practices
- Federal Grant Opportunities & Programs, such as the State and Local Cybersecurity Grant Program
With these resources, FQHCs can enhance their cybersecurity defenses and mitigate the risks of cyberattacks, while ensuring compliance with federal regulations.
For more information on cybersecurity liability insurance and other resources for FQHCs, contact Advocates for Community Health or explore the NACHC Tip Sheet on cybersecurity insurance coverage.