HITRUST And Willis Partner To Improve Cyber Insurance Coverage And Premiums For The Healthcare Industry

HITRUST And Willis Partner To Improve Cyber Insurance Coverage And Premiums For The Healthcare Industry

The Health Information Trust Alliance (HITRUST), the leading organization supporting the healthcare industry in advancing the state of information protection, today announced a partnership with Willis North America.

The unit of Willis Group Holdings, plc., the global risk advisory, reinsurance broking, and human capital and benefits firm and industry leader in the cyber insurance marketplace, will collaborate with HITRUST to identify a common approach and develop solutions to better align insurance premiums with cyber risk profiles, tailor insurance coverage and establish a more streamlined process of securing cyber insurance for organizations that process and store protected health information (PHI).

The increase in cyber-related threats, attacks and breaches at organizations that process and store PHI has led to significant challenges for businesses trying to secure cyber risk insurance. Substantial premium increases and a reduction in available policy limits have reduced the ability for organizations to secure adequate coverage. At the same time, more healthcare organizations are including cyber insurance requirements as part of their third party assurance programs.

Currently, there is no generally accepted assessment and risk scoring method in the industry. As such, the evaluation and reporting of risk can vary significantly from one organization to another. There is also limited data available to understand cyber risk profiles, including the maturity of an organization’s information security and privacy programs and residual risk. Program maturity and changes in security controls can significantly impact organizational cyber risk profiles, and subsequently cyber insurance premiums and coverage.

The new Willis-HITRUST platform will improve insurance coverage and premiums for healthcare organizations by:

  • Making the process of securing cyber insurance easier, more efficient and improving consistency by leveraging an existing comprehensive information privacy and security framework, the HITRUST CSF, the healthcare industry’s most widely adopted privacy and security framework and model implementation of the NIST Cybersecurity Framework.
  • Improving the accuracy of risk assessments by using a robust assurance methodology that incorporates the ability to score the effectiveness of the organization’s controls.
  • Supporting the identification and ranking of information security controls associated with cyber risk and the impact of any changes in scoring.
  • Rewarding organizations that can document and demonstrate effective information security programs related to insurable cyber risks.

“We have already recognized the benefits in reductions in our cyber insurance premiums and streamlined process by leveraging our CSF Assessment with our cyber insurance carrier,” said Pamela Arora, senior vice president and chief information officer, Children’s Health. “HITRUST establishing a formal program will streamline the process and allow for greater benefits in the way of coverages and premium reductions.”

"The partnership will demonstrate to underwriters the value of the HITRUST CSF in making the underwriting process more efficient, consistent, accurate and predictive. By integrating the security framework into the underwriting process we will be well positioned to drive better results for organizations in securing cyber coverage,” said Geoffrey K. Allen, executive vice president, FINEX North America, a division of Willis Group.

"This is a win-win for insurers and the insured. It will provide additional incentives for organizations to improve their information security and privacy programs, as it would provide a financial incentive to do so," said Daniel Nutkis, CEO, HITRUST. “By implementing this program with Willis, not only will the insurance industry end up with better quality data on the security controls that equate to the greatest risks, but HITRUST will leverage the program to improve industry guidance and prioritization of the CSF controls."

Willis and HITRUST expect the solutions to be available by the end of 2015.

back to top