Sponsored: Liberty Mutual Insurance
Rideshares Meet Healthcare: 4 Critical Risks to Manage
Uber has already disrupted transportation. Now it’s coming for healthcare.
Patient transportation has long been a pain point in the health care sector. About 3.6 million Americans miss or delay medical appointments because of difficulties arranging a ride, amounting to a cost of $150 billion per year. Hospitals traditionally have two options when it comes to arranging non-emergency medical transportation (NEMT) for patients who can’t drive themselves: provide them with taxi vouchers or encourage them to schedule rides with a contracted NEMT company.
But neither of these offers the on-demand amenities of rideshare companies like Uber or Lyft — known in the industry as Transportation Network Companies (TNCs) — including real-time ride tracking, documentation of pickup and drop-off times and locations, easily retrievable payment receipts, the convenience of short wait times amid high driver volume, and often lower costs.
In March 2018, Uber officially launched its Uber Health platform and began partnering directly with healthcare facilities to provide patient rides. Lyft also began offering a similar service via Lyft Concierge.
But their unique features also introduce new risks. To reap the benefits without falling victim to unforeseen exposures, hospital risk managers should consider the following risks and recommendations when it comes to using TNCs for patient transportation:
Risk #1: TNCs Aren’t Right for Every Patient
Using Uber Health or Lyft Concierge is not appropriate for every scenario. If a patient has been under anesthesia, for example, he or she may need a caregiver to travel with them.
“TNC platforms don’t solve for acuity. They aren’t chaperones. If patients need chaperones under traditional transportation options, they’re still going to need chaperones under this option,” said Jeff Duncan, Chief Underwriting Officer, Healthcare Practice, Liberty Mutual Insurance.
A TNC may also not be a good match for patients with mobility challenges or who use wheelchairs.
Noted Njoki Wamiti, VP & Miscellaneous Medical Facilities Product Manager, IronHealth, “There is the loading and unloading exposure since the provider would be the one assisting the patient to the vehicle and securing them in.”
Risk Management Action Items:
- Set internal guidelines dictating when use of a TNC is safe and appropriate.
- Check professional liability policies for explicit coverage for loading/unloading exposure.
Risk #2: You Can’t Control Driver Skill and Behavior
“Any time you get into a vehicle, no matter how good the driver is, there are thousands of other people behind the wheel who may not be as skilled,” Duncan said. “The patient is exposed to all the hazards of the road.”
Most state laws mandate that TNCs carry $1 million in auto liability limits, but in the case of a severe accident, “a hospital or other healthcare provider may be vicariously liable for the conduct of the driver because it facilitated that ride,” Wamiti said.
But a driver’s conduct extends beyond how he or she handles a vehicle. As with auto accidents, a hospital can be held vicariously liable for a driver’s hostile or inappropriate actions, such as the abuse or sexual assault of a patient. Given the high profiles of large TNCs, these types of incidents can receive significant media attention.
“Medical malpractice policies may cover claims of sexual abuse, so this is where a claimant may try to trace liability back to the healthcare provider,” Wamiti said.
Risk Management Action Items:
- Ask the TNC how thoroughly and frequently it conducts driver background checks and how it follows up on reports of misconduct.
- Confirm the TNC has adequate auto liability limits and transfer the risk via a formal contract.
- Consider buying sexual abuse and molestation coverage.
Risk #3: New Platforms Open Other Access Points for Hackers
Healthcare-dedicated TNC platforms like Uber Health integrate with hospitals’ electronic health records, pulling patient contact information and medical history to auto-populate specific fields. This integration can create yet another access point for hackers. A breach of these records would violate HIPAA laws and likely result in not only regulatory fines, but also lawsuits claiming negligence.
“Hospitals heavily secure their data, but are they making sure their vendor partners adhere to the same standards?” asked Wamiti.
Risk Management Action Items:
- Verify the TNC’s security and privacy protections and the amount of cyber insurance coverage it carries.
- Establish a HIPAA-business associate agreement with the TNC.
- Review your own cyber policy for both first- and third-party coverage.
Risk #4: HIPAA Compliance Gets Harder
Unauthorized access to medical records is not the only threat to patient privacy and HIPAA compliance. Drivers for TNC healthcare platforms should also not know anything about their passengers’ hospital visits.
“A driver doesn’t know in advance that a requested ride is for a hospital-related visit — which is a benefit, not a bug,” Duncan said. Withholding this information helps TNC platforms maintain HIPAA compliance, but an untrained employee escorting a patient to a vehicle can easily break that confidence by sharing unnecessary details with the driver.
“Mentioning to the driver that a patient was under anesthesia or will need help exiting the vehicle due to such-and-such procedure is an inappropriate disclosure of private information,” Wamiti said.
Risk Management Action Items:
- Use a TNC’s specific healthcare platform if there is one. Regular personal or even business accounts don’t guarantee HIPAA compliance.
- Train employees to not divulge details of patients’ visits to drivers.
Making it Work with Seamless Coverage and Expert Advice
As a first step, healthcare risk managers interested in using TNCs should communicate with their brokers and insurance carriers to ensure they have adequate coverage and the right risk mitigation strategies in place.
When healthcare risk managers buy commercial auto policies from Liberty Mutual and professional and cyber liability policies from Ironshore, a Liberty Mutual Company, “the programs dovetail seamlessly — as does claims management — so clients are better protected,” Wamiti said.
Says Duncan, “Liberty Mutual and Ironshore understand the dynamics of using TNCs for non-emergency medical transport and are prepared to work with risk managers to identify potential exposures so they can take advantage of this new technology.”
To learn more, visit https://lmi.co/healthcare.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.