The healthcare industry continues to evolve and rapid advances in technology is playing a more important role than ever before. Heath technologies are being implemented in every part of the health and medical services supply chain. Whether that's using artificial intelligence (AI) in the diagnosis of patients, virtual health consultations, wearable devices, software, analytics, medical devices or supporting wellbeing choices.
Healthcare professionals are usually well-versed in medical malpractice and indemnity insurance, however many are unaware of the risks associated with technology errors and omissions, data privacy, cyber risks, and media liability risks. While technology is supporting interactions, the rapid adoption can create several risks and challenges. Not just around diagnosis, treatment, and care, but also technology, data privacy and regulatory compliance.
There are specific considerations you'll need make when considering what insurance covers to purchase. Blended covers for product liability, professional indemnity, and cyber liability should be considered to ensure the covers are adequate to meet your specific needs. Bodily injury should not be excluded - which a few insurance providers will insist upon. As a specialist life science insurance broker, we have access to the best insurers in the market that can consider your individual circumstances.
Providing digital healthcare services means medical or healthcare practitioners are reliant on the technology as well as their own skills to deliver quality healthcare services or treatments. Virtual care has meant potentially higher risk for misdiagnosis when professionals are not in the same room as their patient. Medical malpractice can extend to a wide range examination, diagnosis, prognosis, treatment, prescription of drugs, or care of patients.
Otherwise known as technology errors and omissions, professional indemnity will cover will protect against allegations of negligence, breach of contracts, defamation, intellectual property rights infringement. Technology introduces new and interconnected risks around diagnosis, data and duty of care. Combined with new business models and new entrants, this creates new challenges for traditional and new technology healthcare providers.
If you supply a tangible product, even if you didn't manufacture, you can be liable for injury or property damage as a result of a fault with a product you have provided. Advances in wearable technology means new opportunities for patients to monitor and regulate their own health. Product liability can cover smartwatches to classified medical devices, introducing technology risks that could give rise to bodily injury.
The healthcare sector is highly exposed to data breaches given the potentially high volume and sensitive nature of the information. Human errors, maliciou s attacks, third-party vendor faults, can mean you are held legally libel for the release of sensitive information. Failure to comply with the UK GDPR may leave you open to substantial fines, up to a maximum of £17.5 million or 4 per cent of annual global turnover. If you provide your heath technology solution in the US, you will have to comply with additional regulation such as HIPPA.
Health technology companies face a high degree of regulatory compliance and could face investigations from a wide range of bodies. Working in a highly regulated sector means that senior management are exposed to investigations, fines, civil and criminal actions. Combining the health sector with new technologies means the decision makers could find themselves inadvertentlly exposed to litigation. As an individual director, you should ensure your personal assets are protected because the company may not always be there to support you.
Depending upon your solution, you may want to consider a proactive approach to defending your intellectual property. Insurance can be arranged that allows you pursue those who are infringing on your patent, copyright, or trademark. Start-ups and SME businesses are disproportionately at risk of threats to their IP. A standalone policy can ensure funds and access to panel law firms with the expertise to protect your interests.
An IT vendor had inadvertently unsecured a file containing over 30,000 patients’ billing information such that it was searchable on the internet using search engines such as Google. The hospital discovered the incident during security testing when a larger healthcare system acquired the hospital. The information exposed included names, date of births, addresses, treatment information, and insurance information. The hospital utilised outside legal, forensics, notification services, a call centre, credit monitoring and crisis management. The hospital was investigated by multiple regulatory authorities.
A healthcare organisation was attacked by a sophisticated foreign phishing attack which exposed information in employee email boxes of nearly 20,000 paediatric patients. Employees had clicked on the phishing emails and either gave up credentials or launched malware into their network. Forensics found some evidence of data exfiltration. The data contained patients’ names, clinical information, phone number, addresses and insurance information.
The insured is a software computer company specializing in converting medical data, usually from an upgrade or switching electronical medical record (EMR) software. The claimant brought a medical malpractice claim against their healthcare provider and two doctors for improperly prescribing a drug. The insured was brought in as a third-party defendant and the compliant alleged that the patient’s medical records were not properly transferred from one EMR software to another, which led to improperly prescribing the wrong drug.
The claimant, a 29 year old female, alleged that the insured providing telehealth services prescribed contraindicated birth control pills, resulting in a catastrophic and life-altering stroke. Investigation by defence counsel determined that claimant had initially provided a medical history of migraines without auras, and was prescribed a 3 month supply of birth control pills. About one year later, the claimant filled out a new history and indicated migraines with auras, for which the birth controls pills prescribed is contraindicated, and was started on another prescription.
The insured provides telemedicine health counselling. A claimant submitted a complaint in which she reported abdominal pain and asked if she was able to travel. The insured’s doctor wrote an antacid prescription and said she was able to travel. The doctor said she should go in and get examined if abdomen was distended. On the way to the airport the claimant needed to change course and head to the emergency room instead and was found to have a ruptured appendix, requiring emergency surgery.