The rise of medical technology insurance
In today’s world, healthcare cannot be delivered without medical technology. From rehab or monitoring applications, medical or traditional forms such as blood pressure and heart rate monitors, every person relies upon technology for their medical needs. According to the Medical Technology Association of Australia, in FY2021 there were 135 ASX listed medical technology (medtech) companies in Australia with a market capitalisation of $179 billion. Through COVID-19 the necessity to monitor patients remotely became a critical demand rather than an add value proposition. Now in 2023, the medtech industry is the fastest growing industry, with Australia becoming a world leader in this space.
Regardless of the specific area a medical technology a business operates in, appropriate insurance coverage is critical. The exposures within healthcare and technology are interlaced, creating a complex and diverse risk environment. However, insurance products in this sector are still being developed and management information is limited which in-turn impacts appropriate pricing of the cover.
Risks faced by medical technology companies
Companies that provide medical technology services or products are exposed to the risk of legal actions. Such actions are evolving as technology develops and contractual obligations increase. Some of these risk areas include:
Whether it be physical or mental, bodily injury risk is a critical exposure for medtech companies. Traditionally only if a company procures medical malpractice insurance did the bodily injury trigger arising from their professional services. Coupled with this, information technology products (professional indemnity and public & products liability) have an exclusion for bodily injury arising from professional services and/or cyber events. Insurers are also loathe to offer any form of bodily injury under a traditional cyber policy and habitually exclude all forms of bodily injury.
Therefore, it is imperative that bodily injury can be triggered by multiple perils which includes professional indemnity, public and products liability and cyber. A bespoke programme should cover physical harm resulting from cyber events and system failures in addition to the delivery of healthcare and technological services.
- Privacy Act 1988 (Cth) and the Australia Privacy Principles
- Security of Critical Infrastructure Act 2018
- Competition and Consumer Act 2010
- Therapeutic Goods Act 1989
- Works Health and Safety
- Environmental, Social and Governance, (ESG) being a company’s conduct in connection with various legislation pertaining to adherence to social and environmental factors as a responsible corporate citizen.
Technology evolves and changes rapidly. The use of artificial intelligence (AI) coupled with the supply, install and maintenance of such products is a pivotal risk in the digital health arena. Allegation of errors and omissions in code, intellectual property infringement and breach of confidentiality are some of these risk factors.
Technology product failure is another cumulative exposure thanks to the plethora of applications and wearable technology. These tangible assets that have been altered, manufactured, distributed or installed create a heightened possibility of product failure. See our article on errors & omissions liability here.
This is a very pertinent exposure for any company in the Australian market. Having a robust cyber and privacy risk framework that is actively monitored and adjusted, is paramount for compliance and overall risk mitigation.
Understanding how the company complies with Australian privacy and data regulations (which are particularly important for healthcare companies given the sensitivity of the information being handled), including data protection is critical to the company’s operation.
Cyber security protocols such as the implementation of multi-factor authentication, simulated phishing attacks, penetration tests and installation of the latest antivirus software are now mandated by many cyber insurers. Company directors must turn their minds to mitigating against these risks to ensure their businesses are “cyber prepared”. This means a review of their network may be necessary, including its vulnerabilities, the impact to the business if the network is down and any response plans required i.e., policies, procedures and protocols relating to incident response and business interruption. See our product fundamentals article on cyber liability insurance here.
In order to preserve the identity and asset worth of any digital healthcare company, intellectual property (IP) protection is essential. IP rights violation, including accusations of copyright theft or brand infringement, as well as damages, settlements, and counterclaims, can be very expensive. See our product fundamentals article on intellectual property insurance here.
Development of bespoke insurance products
A tailored insurance policy incorporating insuring agreements for medical malpractice (bodily injury), professional indemnity, public and products liability and cyber ought to be procured for medical technology risk. This obviates issues of contribution and or causation from separate insurers who may ordinarily offer partial cover. This in-turn will lead to issues of demarcation in the event of a claim. Where one insurer underwrites all coverages then this risk is removed.
For further information on what is covered, see our product fundamentals article on medical technology insurance here.