Peter Reilly
Balancing benefits with risks challenge healthcare as virtual services climb
August 27, 2021
By Peter Reilly
Telemedicine has been evolving since the late 1960s, but it took the global COVID-19 pandemic for healthcare providers to jump on the bandwagon in a big way. Today, for all that virtual care helped kept the industry afloat during the crisis, the challenge ahead is balancing the benefits with the risks.
Virtual healthcare deployment has understandably exploded since last March among just about every type of clinical professional. It’s a trend that’s only gaining momentum: 75% of providers look for it to account for 40%, if not more, of their businesses in the future.
Thanks to the Centers for Medicare & Medicaid Services (CMS), virtual care jumped into everyone’s awareness after interstate licensing requirements for medical professionals were waived early in the pandemic to facilitate care during the COVID lockdown. It cleared the way for reimbursement at the same rate as in-person services, and most private insurers followed suit.
Today, lawmakers in Washington, D.C. are grappling with legislation to make the changes permanent, but no one’s making big money bets on the likely outcome. And while they wrangle over the matter, more immediate issues need addressing by the industry now. One is the increased risk of cyber intrusions. Virtual care presents yet another opening for hackers, the downside to the digitization that’s transforming healthcare. The other is the added exposure to malpractice claims given growing reliance with virtual care on the camera’s eye, versus the human’s, for diagnoses.
The costly and growing problem of cyber attacks
Scripps Health’s online operations were suspending for almost four weeks in May after a ransomware attack compromised the personal and financial information of over 147,000 patients, staff and physicians. While the health system gave few details, ransomware attacks hold records hostage until payments – some of which have surpassed $2 million – are made.
Some medical practices have folded, unable to recreate their records and facing big liabilities with their compromise. The problem of cyber crime, most notably ransomware, skyrocketed 470% with the pandemic; the black market value of health records can range from $250 to $1,000 (or more) per record, versus $5.40 on average for payment cards .
It’s not just healthcare systems and groups whose technologies may present easy openings to cyber criminals. Vendors – like businesses that provide billing or insurance reimbursement services to the industry – were responsible for 75% of the exposures in 2020, according to one report . Another pressure: cybersecurity testing and measures weren’t up to the explosion in use of virtual care, especially with mobile apps, one leading digital platform security firm noted . He attributed it to a lack of “security maturity” among app developers.
Diligence is essential for the industry to protect itself and its patients. The right insurance coverage in the right amounts is a start. And putting best practices in place to manage the risks is absolutely critical.
Healthcare providers need to be sure of the adequacy of their cyber insurance against costly breaches. This is best done in consultation with a qualified broker to quantify the organization’s risk and coverage in appropriate dollar amounts against escalating extortion demands. During the current hard insurance market in nearly every coverage line, expect cyber insurance premiums to cost 20% to 30% more than a year ago .
Equally important is the risk mitigation programs in place. They show how seriously cyber risk is taken and are a guide insurers use to set premiums. These programs should span everything from leadership involvement and employee engagement to security protocols. The strongest programs include such measures as:
• Ongoing staff education and training on digital safety, with an emphasis on recognizing and avoiding the schemes that can compromise a network.
• Firewalls and antivirus software and other basic protections in place and regular backups of the system.
• Investment into more advanced security measures – think dual authentication, encryption and virtual private networks – is worth it.
• So are routine network audits by outside digital security experts to identify potential weaknesses.
Brokers also can check vendor contracts for potential contractual issues. Since many digital breaches occur via their systems, the adequacy of their cyber security should be checked, and indemnification handled.
Risk of misdiagnosis also heightens with virtual health
No less worrisome than cybersecurity is the risk of misdiagnosis. Quality control can also be problematic – think sloppy practices where simple, relevant questions aren’t asked so important diagnoses can be missed.
Professional liability risks are a fact of life for medical professionals, but they have grown along with the expansion of virtual health. Not all conditions present in a way that can be visible to the practitioner in a video feed. Heart disease, for example, is often accompanied by fluid buildup. It may or may not be apparent in a virtual exam. A skin growth may not look like a melanoma through the camera lens, but what if a malfunction results in a faulty image?
Those failures to ask the right questions of patients during virtual consults are another liability opening. A 2016 study of telehealth practices , for example, found that no consulting clinician asked a patient with inflammatory acne about irregular periods or visible facial hair, leaving her polycystic ovarian syndrome unaddressed. Such issues would only be heightened today with the greater deployment levels.
And informed consent can take on a more prominent role. It’s the physician’s responsibility to explain to patients not only why a virtual consult is a better option than in-person visits, but what the risks can arise with this mode of care.
Again, it’s worth a discussion with an experienced insurance broker on how providing virtual care services may change coverage specifics under the professional liability policy. It’s also worth noting that misdiagnoses attributable to telehealth platform failures are an issue for the service vendor. It doesn’t hurt to make sure that vendors’ Errors & Omissions (E&O) policies are in place at sufficient coverage limits.
About the author: Pete Reilly is the practice leader and Chief Sales Officer of global insurance brokerage Hub International’s North American healthcare practice.
Telemedicine has been evolving since the late 1960s, but it took the global COVID-19 pandemic for healthcare providers to jump on the bandwagon in a big way. Today, for all that virtual care helped kept the industry afloat during the crisis, the challenge ahead is balancing the benefits with the risks.
Virtual healthcare deployment has understandably exploded since last March among just about every type of clinical professional. It’s a trend that’s only gaining momentum: 75% of providers look for it to account for 40%, if not more, of their businesses in the future.
Thanks to the Centers for Medicare & Medicaid Services (CMS), virtual care jumped into everyone’s awareness after interstate licensing requirements for medical professionals were waived early in the pandemic to facilitate care during the COVID lockdown. It cleared the way for reimbursement at the same rate as in-person services, and most private insurers followed suit.
Today, lawmakers in Washington, D.C. are grappling with legislation to make the changes permanent, but no one’s making big money bets on the likely outcome. And while they wrangle over the matter, more immediate issues need addressing by the industry now. One is the increased risk of cyber intrusions. Virtual care presents yet another opening for hackers, the downside to the digitization that’s transforming healthcare. The other is the added exposure to malpractice claims given growing reliance with virtual care on the camera’s eye, versus the human’s, for diagnoses.
The costly and growing problem of cyber attacks
Scripps Health’s online operations were suspending for almost four weeks in May after a ransomware attack compromised the personal and financial information of over 147,000 patients, staff and physicians. While the health system gave few details, ransomware attacks hold records hostage until payments – some of which have surpassed $2 million – are made.
Some medical practices have folded, unable to recreate their records and facing big liabilities with their compromise. The problem of cyber crime, most notably ransomware, skyrocketed 470% with the pandemic; the black market value of health records can range from $250 to $1,000 (or more) per record, versus $5.40 on average for payment cards .
It’s not just healthcare systems and groups whose technologies may present easy openings to cyber criminals. Vendors – like businesses that provide billing or insurance reimbursement services to the industry – were responsible for 75% of the exposures in 2020, according to one report . Another pressure: cybersecurity testing and measures weren’t up to the explosion in use of virtual care, especially with mobile apps, one leading digital platform security firm noted . He attributed it to a lack of “security maturity” among app developers.
Diligence is essential for the industry to protect itself and its patients. The right insurance coverage in the right amounts is a start. And putting best practices in place to manage the risks is absolutely critical.
Healthcare providers need to be sure of the adequacy of their cyber insurance against costly breaches. This is best done in consultation with a qualified broker to quantify the organization’s risk and coverage in appropriate dollar amounts against escalating extortion demands. During the current hard insurance market in nearly every coverage line, expect cyber insurance premiums to cost 20% to 30% more than a year ago .
Equally important is the risk mitigation programs in place. They show how seriously cyber risk is taken and are a guide insurers use to set premiums. These programs should span everything from leadership involvement and employee engagement to security protocols. The strongest programs include such measures as:
• Ongoing staff education and training on digital safety, with an emphasis on recognizing and avoiding the schemes that can compromise a network.
• Firewalls and antivirus software and other basic protections in place and regular backups of the system.
• Investment into more advanced security measures – think dual authentication, encryption and virtual private networks – is worth it.
• So are routine network audits by outside digital security experts to identify potential weaknesses.
Brokers also can check vendor contracts for potential contractual issues. Since many digital breaches occur via their systems, the adequacy of their cyber security should be checked, and indemnification handled.
Risk of misdiagnosis also heightens with virtual health
No less worrisome than cybersecurity is the risk of misdiagnosis. Quality control can also be problematic – think sloppy practices where simple, relevant questions aren’t asked so important diagnoses can be missed.
Professional liability risks are a fact of life for medical professionals, but they have grown along with the expansion of virtual health. Not all conditions present in a way that can be visible to the practitioner in a video feed. Heart disease, for example, is often accompanied by fluid buildup. It may or may not be apparent in a virtual exam. A skin growth may not look like a melanoma through the camera lens, but what if a malfunction results in a faulty image?
Those failures to ask the right questions of patients during virtual consults are another liability opening. A 2016 study of telehealth practices , for example, found that no consulting clinician asked a patient with inflammatory acne about irregular periods or visible facial hair, leaving her polycystic ovarian syndrome unaddressed. Such issues would only be heightened today with the greater deployment levels.
And informed consent can take on a more prominent role. It’s the physician’s responsibility to explain to patients not only why a virtual consult is a better option than in-person visits, but what the risks can arise with this mode of care.
Again, it’s worth a discussion with an experienced insurance broker on how providing virtual care services may change coverage specifics under the professional liability policy. It’s also worth noting that misdiagnoses attributable to telehealth platform failures are an issue for the service vendor. It doesn’t hurt to make sure that vendors’ Errors & Omissions (E&O) policies are in place at sufficient coverage limits.
About the author: Pete Reilly is the practice leader and Chief Sales Officer of global insurance brokerage Hub International’s North American healthcare practice.