The virtual healthcare industry has undoubtedly transformed how care can be accessed, administered and financed—but it comes with its own set of unique complexities as institutions seek to provide adequate and thoughtful insurance coverage. While the pandemic presented an opportunity to bring a convenient and often more discreet alternative to patients, telehealth has become a pillar of the healthcare system, with new platforms launched almost daily.
As quickly as the number of digital providers has grown, so too has their risk profile. Challenges go beyond placing traditional medical malpractice, general liability or cyber liability coverage to coordinating siloed segments and accommodating multiple exposures.
Not your standard tech startup
Virtual healthcare is a technological service, but telehealth companies are far more sophisticated than your standard tech startup. In the early stages, risk management can fall to the wayside while the user experience and data-driven care are prioritized. But as these platforms are scaled and implemented in the real world, reality can set in. Trained medical directors, a strict adherence to credentialing systems and an in-depth understanding of state licensing laws become a necessity as risk extends well beyond a standard medical malpractice, tech E&O or cyber policy.
Telehealth companies limiting their involvement with providers to contracting doesn’t absolve them of liability either. If the company is sourcing providers or recommending treatment, they can be held liable, even vicariously, for patient outcomes, making medical malpractice a major risk.
As these digital platforms expand further into areas like weight loss, mental health, fertility and pharmacy benefit management, the liability multiplies.
As these digital platforms expand further into areas like weight loss, mental health, fertility and pharmacy benefit management, the liability multiplies and the regulatory scrutiny intensifies. Similarly, if credentialing is outsourced or inconsistent, the potential for claims related to unlicensed or underqualified providers can compound.
Taking the time to ensure these coverages are evaluated and placed in a meaningful and coordinated way will ultimately help ensure claims handling is streamlined and help to avoid complications down the line that can occur when separate insurers are handling claims that broach several lines of coverage.
A regulatory catch-up game
The patchwork of state-specific medical malpractice limits, licensing requirements and cyber regulations can be a labyrinth of regulatory and insurance complexity for growing telehealth companies. While a tech platform may start operating in one state, it could be treating patients in several more within a short amount of time.
Compliance with healthcare practice laws and data regulations demands specialized guidance that many startups don’t adhere to or budget for until it’s too late.
Many companies don’t fully understand how fragmented and nuanced the compliance landscape is until they’ve already triggered regulatory obligations. Compliance with healthcare practice laws and data regulations demands specialized guidance that many startups don’t adhere to or budget for until it’s too late.
Complicated risk profiles
Rather than market directly to consumers, many virtual care companies partner with employers to build Employee Assistance Programs (EAP), which enables them to scale quickly, but comes with its own set of drawbacks.
Within EAPs, the platform is able to access large employee census datasets that include sensitive personal health information (PHI) as well as personally identifiable information (PII). The information then flows from the employer to the platform, as well as from the platform to any of its contracted providers and payors. To complicate matters further, telehealth companies partner with dozens of employers and even large public entities, making the cyber aggregation massive and difficult to quantify.
Important questions naturally arise and must be answered. Underwriters will want to know:
- How is employee census data siloed and anonymized?
- How often is the data purged?
- How does the company differentiate PHI or PII from anonymized census data?
- What happens in a breach scenario across multiple employers or state jurisdictions?
Most startups carry only the required amount of cyber insurance limits as required by their contracts, but these limits often pale in comparison to the full scale of their exposure. While the contractually required $5M may seem adequate, the cost of a single breach could well exceed that amount. And when regulatory fines or litigation costs are also considered, the need for a robust cyber program with proportionate limits and coverage is even more evident and beneficial to the company's overall balance sheet.
Blind spots within billing systems
The throughline here is that telehealth companies are rife with coverage blind spots. The world of regulatory billing E&O and managed care E&O is no exception. Virtual Healthcare platforms that submit claims under their own NPI numbers face direct liability for misbilling, miscoding or triggering False Claims Act violations—whether intentional or not. Many of these companies also offer in-network pricing, billing and claims support and care navigation services, which can be considered managed care in the insurance marketplace.
Managed care E&O exposures are rarely covered under standard healthcare medical professional liability or tech E&O policies.
Managed care E&O exposures are rarely covered under standard healthcare medical professional liability or tech E&O policies. In fact, many carriers that specialize in digital health won’t even consider managed care and take extra precautions, often through exclusions, to avoid possible claims scenarios. There are strategies to mitigate these potential coverage gaps, but working with an expert who understands the complexities of this particular landscape is paramount.
Takeaway
When it comes to telehealth and virtual care platforms, what many brokers treat as a plug-and-play digital health submission often requires deep coordination across various lines of business or underwriting departments. One misstep in the placement process can unravel the entire risk transfer strategy when a claim hits.
Telehealth requires a cohesive plan that involves:
- Educating clients so that they understand their platform serves as a provider, an administrator and a data handler—and their insurance should reflect that.
- Anticipating blended claims that could trigger multiple coverages (e.g., med mal, tech E&O, cyber and billing E&O).
- Aligning carriers across coverage lines to help ensure there aren’t issues if a claim arises.
- Completing submissions that provide underwriters with the big picture.
- Reviewing contracts to ensure a cohesive and complete placement.
- Benchmarking adequacy of limits across all segments, not just cyber.
We help you win
The virtual healthcare market, alongside its regulatory complexity, is far from slowing down. Growth within this sector is only accelerating as patients demand flexibility and employers seek more ways to improve the value of their healthcare spending. But the risks are growing just as fast and becoming more complex.
At Amwins, we understand that navigating this market requires more than a check-the-box strategy. It commands expertise, coordination and a holistic view of how technology and care delivery interact
The insurance industry can operate in isolated coverage silos, but claims and data breaches don’t, especially within healthcare. Virtual care may have removed physical barriers, but it has introduced a new set of insurance complexities. Closing the gap is the challenge and opportunity of this evolving space.