6 things digital healthcare underwriters love
Digital healthcare is an emerging class of business, so it’s important for underwriters to have clear and relevant information to determine the risk associated with digital healthcare providers. We spoke to our healthcare team to understand what they look for in potential clients:
Background research and knowledge
Due to the emerging and innovative nature of this class of business, which often utilises novel ways of working, it’s important that digital healthcare providers have conducted a thorough background review and can demonstrate appropriate knowledge that their technology/platform is the safest and most effective way of delivering healthcare. This also includes conducting full training for those operating the equipment or using the technology.
It’s essential that digital healthcare providers are compliant with all applicable laws and regulations. When services are provided digitally, laws and regulations can differ to when services are provided in-person. Additionally, further laws and regulations must be considered depending on where the provider and the patent are located, as this can change at state, federal and international levels. It’s key for every digital healthcare provider to demonstrate they have researched every jurisdiction they plan to operate in and have received legal advice (when necessary).
Effective provider credentials
As more medical specialties move into the digital healthcare space, it is important clinicians still maintain the same level of medical education and technical knowledge, to deliver appropriate care. For example, a provider using artificial intelligence (AI) for cancer diagnosis should still have the full training and knowledge to be able to diagnose and treat these conditions. Technology should always back up the understanding of diseases and treatments required. License verification protocols and procedures should be followed, particularly when digital healthcare providers are operating across state boarders and international territories.
Effective credentials don’t just mean providers are educated and licensed to an appropriate standard. It also extends to previous claims history, board actions or complaints, and any preventative measures put in place to stop future occurrences.
Strong quality assurance protocols
A quality assurance (QA) plan sets measurable standards of care and puts procedures in place for the monitoring and remediation, of any deference from these standards. This is particularly crucial for digital healthcare providers because it can mean the difference between life or death. A thorough QA plan demonstrates that the digital healthcare provider takes a more proactive, than reactive, stance in their approach to patient care.
A key part of a digital healthcare provider’s QA plan is their peer review process. This should involve checking a peer’s work and providing feedback to ensure standards are kept and consistent. This also doubles as a platform for knowledge sharing within a company between different providers – so a win-win for everyone!
Good cyber risk management
Healthcare organisations are highly regulated due to the sensitive nature of the data they hold on patients so they have a huge cyber exposure and can be targeted for ransomware attacks. Personably Identifiable Information (PII) and Protected Health Information (PHI) is extremely valuable to hackers for multiple reasons, especially their extortionate resale value on the dark web.
Digital health companies should follow the privacy laws and regulations applicable to their jurisdiction, such as Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CMPA), General Data Protection Regulation (GDPR) etc. Entities should also be able to demonstrate they have suitable cyber security measures in place to minimise the risk of attack and the severity, should an attack happen. This includes utilisation of multi-factor authentication (MFA) which provides an extra layer of security when verifying an individual’s identity while accessing the company systems or email accounts. Appropriate data segregation is another key strategy to minimise the impact of a cyber-attack, by storing data in different servers the likelihood of attackers accessing a high volume of data is reduced.
It’s understandable that digital healthcare providers need to access and store PHI/PII records to provide services. In fact, a risk is often viewed more favourably by an underwriter when a telehealth provider can see patient medical history prior to prescribing medication, but it is essential there is a plan in place to prevent unauthorised access to this sensitive information.
Sound business plan
It’s music to a healthcare underwriters’ ears when a digital healthcare provider can demonstrate they have a thorough business plan. A plan which outlines growth and development plans for the next year, two years or even five years, is a very helpful tool when underwriting.
A business plan outlines the purpose of the business, including the scope of services provided, how they fit into the market, key competitors, challenges and growth plans. It also details the jurisdictions where the entity plans to provide services and consider their compliance with licensing and regulatory requirements. This demonstrates the insured has a thorough understanding of the sector they are entering into, or are already operating in, and their strategy for progression within this field. An organisational chart built in is even better!
CFC’s healthcare team love to work with digital healthcare providers, assisting them with possible exposures and risks they face operating in this emerging market segment.
If you have any questions about our underwriting considerations or want more guidance on key information to include in your submissions, just drop us an email.