When the COVID-19 pandemic forced health-service providers to move patient appointments from offices to online platforms, behavioral health practitioners were already well-suited for the telehealth medium. Unlike, say, orthopedic surgeons, behavioral health practitioners could deliver most of their care modalities online, enabling them not only to continue services but to expand them.
So when the pandemic increased the demand for behavioral healthcare — not only because of a growing need brought on by heightened levels of stress but also due to the de-stigmatization of behavioral health treatment — providers who still had openings for new patients quickly found their calendars fully booked with telehealth appointments. In fact, demand for online mental health services is so great, the Boston Globe recently reported, “It’s becoming impossible to find a therapist.”
Given the demand for behavioral health services, the convenience of telehealth for both patients and practitioners and the suitability of the medium for the delivery of services, it appears behavioral telehealth may be not only the “new normal” for the pandemic but also the primary solution to service needs for the long term — at least when service needs are limited to counseling and where delivery is viable.
Yet with new service-delivery practices and new technology come new risks and the need to manage them. The rapid adoption of telehealth has introduced or broadened multiple exposures, especially those related to cyber liability and technology errors and omissions (E&O).
As Insurance Business magazine reported in its April 2021 article “The rise of telehealth”: “The digital transfer of information between patient and provider, followed by the online storage of healthcare data, can be a tempting draw for cybercriminals. Theft of healthcare records is arguably the most lucrative form of cybercrime; a healthcare data record can be valued at up to $250 on the illegal market. By comparison, a payment card is valued at just $5.40, according to Trustwave.”
With that in mind, behavioral health providers should be asking themselves: Is my insurance program aligned with my practice’s telehealth services?
General Coverage Needs
For obvious reasons, all healthcare practices need to protect themselves with insurance covering general and professional liability, including MedMal Insurance. Larger telehealth practices that utilize customized platforms should carefully evaluate their technology exposures. Finally, the explosive growth in ransomware attacks over the past two years has made cyber insurance top-of-mind for businesses of all kinds, though, as the industry website GoodTherapy reports, too many practitioners overlook this important coverage.
“Mental health practitioners have a legal and ethical duty to protect their clients’ privacy,” GoodTherapy notes. “Cybersecurity attacks can expose clients to financial harm, fraud, and even physical danger when abusive partners and other criminals seek access to private data.”
“Many therapists think their businesses are too small to warrant the attention of cyber criminals, but 58% of cyber attacks in 2017 targeted small businesses. These attacks can be devastating. In some cases, they even include exorbitant ransom fees to regain access to critical data. Sixty percent of small businesses go out of business within six months of an attack. You may also face lawsuits and licensing board complaints from clients. If your security practices are severely or knowingly negligent, you could even face criminal charges.”
While blanket insurance solutions are available to behavioral health practices, the customized coverage a knowledgeable, experienced agent or broker can write is advisable to:
- Meet your practice’s specific needs. Just as each of your patients is unique, so is your practice. Where you’re located, how many employees you have, areas of specialty – all are vital considerations in determining what coverages you need and how much those coverages will cost. If your coverage isn’t designed specifically for your practice and your risks, it may include gaps that leave you unprotected against certain claims, and it may include unnecessary coverage that drives up your premium.
- Comply with state regulations, especially those related to MedMal. State regulations surrounding physician MedMal coverage vary widely, so MedMal Insurance cannot be a one-size-fits-all product. It’s important to work with an agent who can review your policy and, if you do business in multiple states, ensure the policy complies with requirements.
- Ensure you’re not overpaying. Quotes on coverage vary from carrier to carrier and underwriter to underwriter. Working with an independent agent or broker who knows your industry and understands your practice enables you to market your practice to multiple carriers and ensure an exemplary claims history is duly recognized during the underwriting process.
As a behavioral healthcare professional, you understand the benefits of working with a specialist. Alera Group has a specialty division devoted to healthcare professional liability, Alera HPL, which includes medical professionals and associates in offices around the country.
Whitepaper: 'Cyber Risk in a Post-COVID Landscape'
Cyber exposures and breaches have increased during the COVID-19 pandemic, with consequences that are far-ranging in both depth and scope. Organizations that don’t keep up and adapt run the risk of breach and damage that could be irreparable.
To help behavioral health providers and other businesses protect themselves, Alera Group has created an in-depth guide to managing cyber risk, “Cyber Risk in a Post-COVID Landscape.” In it, you’ll find information on topics including:
- Recent trends and claims
- Cybersecurity plans and functions
- Risk management
- Best practices
- Anticipated risks.
To obtain the whitepaper, click on the link below.
About the Author
Jason P. Shah, MD
Alera Group Healthcare Team
Jason P. Shah, MD leads the Alera healthcare liability team and has helped develop Alera's healthcare practice into a national leader. He has a background in medicine, information technology and business development. Jason utilizes his physician experience and insurance expertise to develop risk management and insurance programs for hospitals, health systems, physician groups and other healthcare practices around the country. Jason studied computer engineering at the University of Illinois at Chicago and later completed his MD from the UIC College of Medicine.