Top 5 Uninsurable Health Care Risks
Health care risks run the gamut, from “typical” concerns like cyber and workplace safety to niche risks like pandemic readiness and the opioid epidemic. So how are health care facilities approaching these risks?
Insurance is one obvious answer.
“I would say there aren’t a lot of risks in health care that are uninsurable,” noted Kevin Dean, chief underwriting officer, liability products, IronHealth.
That being said, however, not all insurance policies will cover a risk in full. Therefore, risk mitigation before a potential claim is vital.
“What’s more difficult,” continued Dean, “is based on what insureds are doing, how they are preparing” for industry-specific risks.
The risks on our list have been identified as harder to insure, in part because they are difficult to manage due to the human elements and the growing technology behind them.
Provisions of care are changing every year, as are technologies — are hospital systems keeping up with the latest strategies to prevent incidents in the first place? Are they thinking about the impact these risks might have in the long run should they be ignored?
Here are 5 risks we think should be on every health care risk manager’s radar.
There’s no shortage of cyber risks in any industry, and the health care sector has quite a few things to keep secure in the face of growing threats.
But as for uninsurable?: “I would say I’m of the belief that rarely is something a bad risk; it’s just a bad premium,” said Shawn Ram, head of insurance, Coalition Inc.
However, he added, “technology is being exploited on an aggregate basis, which causes a lot of concern.”
As Forbes reported: “The last five years has seen a surge of attacks on the health care industry, with the largest breaches impacting as many as 80 million people. … Health care breaches are especially serious because personal data can, in some cases, mean the difference between life and death. For example … it could cause medications to become mixed up — or people might fail to get treatment for conditions such as diabetes.”
“The notion of a cyber or tech failure causing bodily injury is a huge risk,” said Ram.
He gave the example of a “smart” HVAC system — one that’s connected to a facility’s internet and therefore accessible. In this scenario, hackers could manipulate the temperature throughout a facility or even shut down the HVAC system altogether. Patients in critical care, who need to be kept in stable conditions so as not to exacerbate their injuries or ailments, could potentially face lasting bodily injury if this were to happen.
In addition to bodily injury, cyber opens up a gateway for bad actors to get at protected health care information (PHI). According to an announcement from Coalition, “Health organizations saw over 15 million exposed patient records last year alone, and account for almost half of all data breaches. Despite the widespread risk, 70 percent of health care organizations lack cyber insurance.”
As Ram puts it, “Credit card information can be replaced. But PHI — my actual DNA — that can’t be replaced. That’s information adversaries hold dear. That makes it an attractive target.”
2) Alarm Fatigue
From the moment a treating physician, nurse or other medical caregiver enters their ward for the day, they’re greeted with any number of beeps and chirps. The never-ending buzzing stems from monitors, screens, call buttons, ventilators, pagers and more, each notifying the staff of emergencies or other situations that require their attention.
According to Amplion Clinical Communications, which specializes in developing and implementing patient-care communication technology for hospitals and health systems, acutely ill patients may be surrounded by as many as 20 advanced medical devices at a time.
Their research shows that nine times out of 10, caregivers respond to alarms that end up being benign. That means only 10 percent of alarms are actionable. When a never-ending symphony of sounds demanding immediate attention are proven to be false alarms, a sense of apathy can settle in.
This is alarm fatigue.
“A typical professional liability policy has some coverage for adverse events caused by alarm fatigue,” said Jeff Duncan, SVP and chief underwriting officer of the Liberty Mutual Healthcare Practice.
But, added Dean of IronHealth, “insurance isn’t always the best solution [for] it.”
Patient safety suffers when caregivers tune out the very sounds meant to alert them to danger. ECRI Institute, a nonprofit organization that researches best approaches to improving patient care, lists alarm hazards as the top health-device technology hazard.
It’s a risk many hospitals face, but luckily mitigation options exist, like ensuring there is an effective process in place for safe alarm management and response in high-risk areas.
Duncan said one best practice when adding in new machines with default alerts is to run through simulations with nurses, physicians and other staff responsible for responding. Examine the factory default alarms. Review those defaults to see if they make sense.
Also, he added, device manufacturers and providers should look at differing alarm tones and types to more effectively differentiate what’s happening — even alarms that vibrate rather than make noise.
“Providers should be thinking about alarm management holistically,” said Duncan. “How often are they reset or ignored? Talk to your front-line caregivers and see where they find issues.
“Also review workload management,” he added. “The staff ratios and acuity should be reasonable.”
3) Pandemic Preparedness
“This is one risk I think we don’t talk about enough,” said Duncan.
Pandemics have the potential to place great strain on the health care system, from response timing to the long-term cost of an outbreak. A pandemic could impact a large portion of the population, and could last days, weeks or sometimes months.
One recent example is a measles outbreak that has plagued Rockland County, N.Y., since October 2018. It became so intense that public officials set a public ban for unvaccinated minors.
The flu is another big one the health care industry prepares for each year: “In terms of likelihood, there is a 3.6 percent probability per year of a new influenza strain emerging,” Maria Paul, director of product management at RMS told associate editor Katie Dwyer last year.
Health care organizations must be prepared for their day-to-day resilience and also be prepared to respond if any type of pandemic breaks out.
This risk becomes scarier still, because it could happen in mere hours. And it can spread just as fast. The high speed and high volume of modern-day travel is a major driver of how rapidly infectious disease can spread.
“It’s hard to predict,” said Duncan. “The proliferation of air travel means an outbreak could spread across the globe. Hospitals need to think about how to prevent/prepare for that.”
He also noted there are long-term consequences from not being prepared: “[Health care facilities] should be thinking about the financial as well as the clinical impact.
“Property insurance may or may not cover business interruption from an outbreak. It’s not just the immediate response, either; their reputation could be hurt in the long-term if it has a poor response.”
4) Violence in Hospitals
Disoriented and confused patients lashing out has been, for far too long, accepted as “part of the job” in health care. From 2002 to 2013, the rate of serious workplace violence incidents (those requiring days off for an injured worker to recuperate) was more than four times greater in health care than in private industry on average, according to OSHA.
In 2015, medical and surgical hospitals, nursing and residential care facilities and ambulatory health care settings were among the industries with the highest prevalence of nonfatal occupational violence, with respective incidence rates of 6.0, 6.8 and 2.4 per 100 full-time workers, according to the U.S. Bureau of Labor Statistics.
“It’s more important for these incidents to get reported,” said Dean. “It’s important for the staff to understand that these things are not acceptable or these things are not normal.”
Violence in hospitals can be managed in several ways, starting with culture. If a health care facility makes it well-known to their employees that any act of violence, from threat to action, is unacceptable, it’s a step in the right direction toward managing this risk. Also including staff from across the facility in training helps keep incidents contained and reported in a timely manner.
“When doing serious vulnerability assessments, include clinical management, facilities, the security department and front-line caregivers — bring a diverse group to the table,” said Duncan.
If staff knows a violence-prone patient is coming into their care, they should have a system in place to alert caregivers of that person’s inclination to lash out.
“You can’t immunize from this risk,” he said. “But you can harden the facility from it.”
5) Aging Workforce
In health care, an older workforce is often prone to more serious injuries. Especially because many are tasked with moving or rotating patients, and that can lead to strains, sprains and other workplace injuries.
This is easily covered under most workers’ compensation insurance policies. But what about the other big risk that comes with an aging workforce: a higher percentage of outbound retirees.
“You can buy insurance for adverse events,” said Duncan. “You can buy insurance for injuries. But you can’t buy insurance for restaffing the 20% of employees who are eligible for retirement this year.”
Health care facilities need to think about their workforce replacement needs years in advance, from hiring younger generations to promoting the health care profession to school-aged students. &