While telehealth was poised for growth even before COVID-19, the pandemic pushed the fast-forward button presenting enormous opportunities and risks.
Telehealth is here to stay—but while the use of this technology grows, it comes with substantial risks that agents should help medical clients cover.
Since the coronavirus pandemic began, virtual doctor visits have been embraced by the public, even after restrictions eased. While telehealth was likely poised for substantial growth even before COVID-19, the pandemic pushed the fast-forward button. The telehealth market value is predicted to grow to $175 billion by 2026, according to a report from Global Market Insights. And the Coronavirus Aid, Relief, and Economic Security (CARES) Act has spurred growth further by funding the purchases of telehealth products and services.
Telehealth encompasses a broad variety of technologies and tactics to deliver virtual medical, health, wellness, and education services. Additional applications for telehealth services include storing and forwarding methods that allow doctors to receive electronic medical records for diagnosis and treatment with no live interaction, as well as lifestyle management platforms that promote wellness, health education and wellbeing. Broader uses of telehealth include physical therapy and psychiatry, along with remote monitoring where doctors use medical devices and wearables to monitor patients from home.
As healthcare providers offer telemedicine at no cost, more people are experiencing telehealth for the first time. And as access to broadband internet service expands for the tens of millions of Americans across the country, sections of the U.S. may finally gain desperately needed medical services through telehealth services.
However, while telehealth presents an enormous opportunity, there are substantial risks that must be considered. First, medical data is some of the most sensitive information in today's world. While cyber liability is not new to healthcare, the multiple attack surfaces of telehealth make it an increasingly attractive target.
Also, ransomware can be especially damaging to telehealth companies because their business model relies on a fully functioning network. Meanwhile, hackers target the value of medical data, which can be sold for use by others, and a medical business' reliance on connectivity increases its willingness to pay ransom to avoid a shutdown and reputational damage.
There are COVID-19 specific risks as well. During the pandemic, enforcement of HIPAA requirements for telehealth has been relaxed by The Office for Civil Rights (OCR) at the Department of Health and Human Services. Additionally, companies that have rushed to implement telehealth solutions may not have prioritized proper training and cyber security measures.
Telehealth presents a myriad of coverage and liability considerations. Here are four insurance coverages to consider for telehealth business clients:
1) Liability. Many telehealth firms partner with multiple vendors to provide the products and services they offer to their customers. Legal counsel's guidance on risk transfer for products and services is essential to good vendor risk management. Licensing agreements and customer contracts should also be reviewed regularly to ensure contract language reflects new products, services or relationships.
2) Technology errors & omissions. Technology E&O insurance protects businesses from errors, omissions, negligence and product failures. With telehealth, a technology failure can have an enormous impact on a business's finances. Unfortunately, traditional liability policies usually won't cover pure financial losses.
E&O coverage can help cover business legal fees and other related costs if software licensed to a client had glitches that caused them to lose a month's worth of billing data or equipment provided prevents customers from receiving online orders for 48 hours. It can also help with expenses if cloud-based data services fail to backup critical data that a customer cannot recreate, or if the website designed for a customer looked too much like its key competitor's site.
3) Cyber. Cyber insurance can protect the insured from ransomware damage, as well as data destruction, resulting business interruption and other financial losses.
Robust cyber liability coverage is important for all telehealth providers and especially those with large quantities of financial or medical information. Coverage that can respond to regulatory actions is key for those companies that operate in the medical space. Cyber needs are varied in the telehealth space so understanding which coverage is appropriate and partnering with an agent or broker and an insurer who understands this space is critical.
4) Product and professional liability. Most technology companies have generally enjoyed a relatively low exposure to products liability suits due to their relatively innocuous products. However, the risk profile for telehealth companies can be quite different from a traditional technology company.
Products such as consumer telecommunication equipment, wearables and medical devices used in diagnosis can greatly increase the frequency and severity of risk to products liability suits. Companies that incorporate a third party's products in their solutions should protect themselves through proper risk transfer and insurance coverage written for their unique risk profile.
The unique nature of telehealth and delivering medical advice remotely, without the benefits of the physical cues and body language associated with in-person consultations, adds exposure that could result in patient harm. The combination of using a platform that includes medical devices and remote professional advice results in a complex risk profile. For example, a picture of a physical issue such as a rash could be a distorted image and lead to an incorrect diagnosis.
Uncertainty around the “learned intermediary" is of concern to telehealth companies as well. A prescribing physician acts as a "learned intermediary" between a manufacturer and consumer and has the primary responsibility of warning patients of the hazards of prescribed pharmaceutical products. Whether this protection and responsibility changes when consultation is done virtually remains to be seen.
Andrew Zarkowsky is head of technology industry practice at The Hartford. His focus is on underwriting execution inclusive of growth, profit and product innovation for the technology industry. He has nearly 20 years of experience in underwriting technology companies.
Brad John is the head of life sciences industry practice at The Hartford. He has 25 years of insurance and risk management industry experience and is responsible for leading the development and execution of The Hartford's life science strategic plan, including product, distribution, and marketing.
The information provided in these materials is intended to be general and advisory in nature. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations herein are as of August 2021.