Protecting Your Business and Your Patients from Your Employees
Ben Winters, CIC
Home care and hospice companies are usually required to run criminal background checks at the state level. Have you considered running national background checks on prospective employees?
In the summer of 2014, a Virginia health system suffered a data breach by a rogue employee who stole credit card information from cancer patients. There are many lessons that can be learned from this incident including best practices for protecting Personal Health Information (PHI) and Personally Identifiable Information (PII) but that is a separate subject to be addressed in a future blog post. The employee was an unlicensed medical assistant and as such a background check was not performed. According to reports, the company only requires background checks on licensed medical staff; others are screened at random. Furthermore, the rogue employee was a North Carolina resident so a Virginia state background check may not have shown any history of convictions. It was later discovered that the employee had prior felony convictions for credit card fraud and writing bad checks in North Carolina.
General liability and professional liability policies typically do not provide coverage for suits arising from data breach or employee theft incidents. The employer had to report the breach in accordance with Virginia law, but what about negligence in hiring? What if one of the affected patients brought suit claiming negligence on the part of the employer who owes these patients a certain duty of care. So, we have one incident that can potentially cause many different lawsuits predicated on multiple acts of negligence.
This exact same scenario could happen to any employer. How well is your business prepared to handle this situation?
Here are a few ideas if you are looking for a better risk management plan.
- If your company is located near the state border, you serve clients across state lines, or you are interviewing a job candidate who has lived in the area for a brief time then it might make sense to conduct a national background check.
- Running background checks on existing employees every year or every three years is a good risk management practice.
- Clearly document your hiring and firing practices in the employee handbook. A qualified employment attorney is a great resource if you need help updating your handbook.
- If you desire an extra level of assurance and would like to transfer some of this risk, then perhaps you should consider Employment Practices Liability Insurance (EPLI). A good EPLI policy will respond to claims brought against the employer by the employees as well as claims brought against the employer by third parties such as vendors, clients, and patients. Some insurance companies will offer coverage for regulatory fines brought by agencies like the EEOC as well as coverage for wage and hour claims.
EPLI premiums are based on employee count, human resources procedures, company financials, and termination history. For most small healthcare businesses, premiums range from $2,000 to $7,500 depending on the business’ size, track record, geographic location, and desired level of coverage.
Ben Winters is the President of Winters-Oliver Insurance Agency. He is a commercial insurance broker with a focus on the healthcare and social services industries. Ben serves clients throughout the Mid-Atlantic arranging risk management plans ranging from management liability to workers compensation. Contact Ben at (804) 746-5178 or bwinters@woinsure.com
This article is intended for informational purposes only. Businesses should consult an insurance professional about the specific circumstances of the business to ensure proper coverage is in place. It is also important to read the policy you purchase to ensure it does not limit or exclude important coverage. This is not an offer to bind coverage.
