HITECH Omnibus Rule Enforcement Prime Time to Update E&O Coverage for IT Trainers

IT trainers with healthcare clients face increased E&O exposure when HITECH enforcement begins next week.

CHICAGO——When enforcement of the HITECH Omnibus rule starts on September 1, IT training firms that work with healthcare clients will face increased Errors and Omissions (Professional Liability) exposure. The Omnibus rule, part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, updates 1996's Health Insurance Portability and Accountability Act (HIPAA) to require that healthcare providers be able to provide electronic versions of patient health records if and when patients request those records.

HITECH also tightens data security measures for healthcare information. TechInsurance, the nation's leading online provider of business insurance for small technology and IT businesses, warns that IT training businesses that serve companies in the healthcare sector could face increased Professional Liability exposures from their work preparing healthcare clients for the adoption and use of HITECH-mandated technology.

"They're using new software, scanners [to digitize paper files], flash drives," said TechInsurance CEO Ted Devine, referring to the new technology healthcare firms are implementing to comply with HITECH. "And whoever's teaching them—or taught them—how to use all this technology can be held liable when things go wrong." Specifically, Devine added, IT trainers can be named in liability suits over data breaches.

Such data breaches can lead to a number of (expensive) headaches: recently, a healthcare firm was fined $1.2 million for failing to remove patient information from a leased photocopier, thanks to HITECH's increased fines and penalties for data breaches. In addition, associates of healthcare companies can face liability lawsuits for their role in enabling or failing to prevent data breaches, which come with costly legal bills regardless of outcome.

Owners of small IT training businesses can minimize their likelihood of facing a hefty HITECH fine or lawsuit by implementing the following policies.

  1. Understand which businesses are regulated by HITECH. As of March, all businesses that work on a contract or subcontract basis with HIPAA-covered entities are subject to HITECH regulations. Enforcement of those regulations begins September 1.
  2. Know how fines and penalties are assessed. Ignorance is no excuse for not adhering to HITECH standards, according to the law. It calls for random periodic audits of all HIPAA-covered entities and their associates and contractors. Businesses not in compliance could face penalties.
  3. Update Professional Liability Insurance coverage to accommodate new risks. Patients' increased right to privacy and digital information means that those responsible for furnishing such information could face greater liability for mistakes and oversights that lead to improper information exposure. Outdated Professional Liability (Errors & Omissions) Insurance policies may be insufficient to handle related claims in court.

About TechInsurance, an insureon Company
TechInsurance is the nation's leading online insurance agent for small and micro businesses (those with 10 or fewer employees). Since its launch in 1997, TechInsurance has provided a convenient online destination where IT and technology consultants, contractors, and business owners can find essential liability insurance coverage from top-rated providers by completing an application process that takes only a matter of minutes. In addition to offering third-party Cyber Liability Insurance policies, TechInsurance offers General Liability, Property, and Workers' Compensation Insurance. For more details about TechInsurance, visit the company's website at

# # #

Media Contact:
Mark Meadows, Propllr LLC
302-353-8258, [email protected]

70% of businesses raise prices or cut hiring when sued