Healthcare practices are among the most complex commercial insurance accounts an agent can write. They need professional liability coverage for patient care, commercial lines coverage for business operations, cyber liability for HIPAA compliance risks, and employment practices liability for staff-related claims. Getting the full picture — and making sure no coverage falls through the cracks — requires a structured intake process and knowledge of how these coverages interact.
Many healthcare clients — and some agents — assume malpractice insurance covers everything. It does not. Medical malpractice covers claims arising from professional services. A patient who slips on a wet floor in the waiting room is not a malpractice claim — it is a premises liability claim that falls under the commercial general liability policy.
Conversely, the CGL policy typically excludes professional services. A claim arising from a prescription error or a surgical complication is a professional liability claim, not a CGL claim. Healthcare practices need both — each covers a category of exposure that the other explicitly excludes.
Healthcare is the number one targeted industry for ransomware and data breaches. Patient records contain everything identity thieves want — name, date of birth, social security number, insurance information, and medical history. HIPAA requires healthcare providers to maintain administrative, physical, and technical safeguards to protect patient data — and to notify patients, HHS, and potentially the media when a breach occurs.
Cyber liability insurance for healthcare practices covers: breach response and notification costs, forensics, credit monitoring for affected patients, regulatory defense costs and fines, business income loss from a ransomware attack, and third-party claims from patients for unauthorized disclosure of their PHI.
What type of healthcare practice is this? (Primary care, specialty, dental, chiropractic, physical therapy, mental health)
How many providers are on staff? (Physicians, NPs, PAs, therapists)
Does the practice perform any surgical procedures? If so, what type and where?
Is the practice HIPAA-compliant? When was the last HIPAA risk assessment conducted?
Does the practice use an electronic health record (EHR) system? Is it cloud-based or on-premise?
Any prior malpractice claims or HIPAA complaints?
Does the practice accept Medicare or Medicaid? (Regulatory compliance exposure)
Does the practice have any telemedicine operations? Which states are patients located in?
What is the total annual revenue?
Are there any employed physicians or is it a solo practitioner?
AgencyAssist's healthcare intake workflow collects all commercial lines data in one link — GL, property, WC, and cyber. Malpractice data is also collected and structured for transfer to specialty carriers.