Many social workers are unaware that there is a distinct insurance risk difference between a social worker causing a client records breach, and a third party causing a client records breach. HIPAA holds the social worker responsible for both events and penalizes the social worker for both events.
Most professional liability insurance policies deliberately exclude covering damages and legal defense of the social worker for records information breaches when the records are under the direct control of the social worker. Most professional liability insurance policies do not cover records information breaches committed by third parties such as movers, storage facilities, and online records repositories for example.
In the Assessment phase of treatment, information is gathered by the social worker that guides a plan of action to help the client. This is a particularly important core function from an insurance perspective. When information is documented, these records become client records subject to protection under HIPAA legislation, that holds the social worker liable for breach by the social worker and breach by any third parties who handle the records information.
These client records become subject to potential subpoenas and related social worker depositions. What the social worker says in writing and verbally can be used against the social worker in licensing board inquiries and in court. Even how the client records are stored on premises, or with a third party, or even moved by a third party is relevant.
This is a very serious matter. For example, in 2013, Congress added third party breach liability to HIPAA, specifically HIPAA HITECH 45 CFR part 160 which holds social workers liable for a third-party data breach. Violation of this law has civil penalties up to $25,000 for an accidental breach by the social worker’s records management company provider, or even a mover hired to relocate the social worker’s office or files. Criminal penalties range up to 10 years in jail and $250,000 in fines.
There is no doubt that social work is a noble profession with implicit values of service, social justice, human dignity, integrity, and clinical competence. Despite all of the sincere devotion provided by social workers,…
…they need to check and thoroughly read their Professional Liability Policy for exclusions in coverage for information records breach, and check their Cyber Liability Personal Data Breach Response Policy for third party information records breach.