By JONATHAN ROMERO
Like healthcare providers across the country, Florida’s medical community found the state’s telehealth emergency waivers to be a Godsend for allowing services to be delivered virtually and organizations to stay afloat financially during the pandemic.
Their unexpected expiration took place in late June without a “glide path” to manage the impact. The timing wasn’t ideal as the Delta variant of the coronavirus has surged. The state now has twice as many people hospitalized than earlier surges,[i] a crush that has patients being stacked in hospital hallways.
Practitioners not on the front lines of the crisis who learned to rely on virtual health services are, for now, putting their faith in the Florida Medical Association’s lobbying to reinstate the waivers and make them permanent[ii]. But the medical community would do well to understand and take steps to guard against telehealth’s downsides that may earlier have been glossed over.
On a national basis, adoption of virtual health solutions has accelerated with the pandemic: 75 percent of providers expect it to account for at least 40 percent of their business in the future.[iii] But for all the benefits, it’s also given the community worrisome new risks that have also escalated with deployment: Growing incidents of cyberattacks with another digital opening, and the greater risk of misdiagnosis and professional liability.
Ransomware and other cyber attacks skyrocket
For a period during the summer the clinicians of UF Health Leesburg Hospital and UF Health The Villages Hospital were using pens and paper to document all patient care following a “cybersecurity event” in late May. Access to all system platforms was suspended for nearly a month. While UF Health wouldn’t confirm it, one published report said called the breach a ransomware attack with a $5 million ransom demanded.[iv]
Ransomware has been the leading form of cybercrime, which has shot up 470 percent since the pandemic. No surprise, as digital health records command over $1,000 per record on the black market, versus a paltry $5.40 each for payment cards.[v]
Not only are healthcare systems and practices vulnerable as technology deployment expands, but their vendors are, too, opening another door. In fact, 75 percent of 2020’s breaches stemmed from vendors.[vi] Further, as virtual health deployment exploded, the security testing and protective measures may not have been up to snuff – especially with mobile apps.[vii]
It’s all cause to proceed with caution. Risk mitigation measures are critical. So is the right insurance protection in the right amounts.
Putting best risk deterrent practices will not only protect providers but are an important indicator to insurers of how seriously cyber security is taken. They also influence premiums.
Among the measures:
- Regular staff education and training, especially on recognizing and avoiding cyber schemes.
- Basic protections like firewalls and antivirus software – and regular system backups.
- Advanced security measures like dual authentication, encryption and virtual private networks.
- Routine, third-party network audits, and requesting confirmation of consistent audits of vendors, as well.
An experienced broker will be invaluable in security cyber insurance; the risk needs to be quantified and the coverage amount must be sufficient against the escalating number of breaches. Given the current hard insurance market, provider groups should budget for premiums 20 percent to 30 percent ahead of 2020 levels.
Heightened risk of misdiagnosis
A recently released University of North Florida poll of healthcare providers found most were not fully equipped to manage virtual health consults. While over a third of respondents utilized these services during COVID’s spread, over 40 percent acknowledged that they had no formal training in providing them.
This poses a professional liability issue that has gotten more serious with the pressure of the pandemic. The risks with virtual health start with simple oversights – like failing to ask the right questions to uncover conditions. Further, it isn’t always the best way to observe the presentation of many conditions. Take heart disease, often marked by fluid retention that may not be visible in a video consult. Or a skin growth that’s not recognized as a melanoma due to a camera malfunction where a faulty image is projected.
Providers need to understand when virtual consults are ideal and when they may be less so. They also should focus on informed consent in educating their patients. Not only do they need to know when virtual health is just what the doctor ordered, but also when it may be a less-than-ideal risk.
It’s also important for providers to work with their brokers to clarify how the provision of virtual care services needs to be reflected in their professional liability insurance policies. They should also make sure that their telehealth system vendors have sufficient Errors & Omissions (E&O) coverage, as any misdiagnoses due to system malfunctions are a vendor issue.
Jonathan Romero is a commercial advisor with global insurance brokerage Hub International. He holds the Property & Casualty insurance license (2-20) and Life & Health insurance license (2-15) through the State of Florida. Jonathan earned his Bachelor of Science Degree in Finance and Economics from Florida Southern College.
Jonathan’s industry focuses include medical and white-collar professional risks, advising on professional, malpractice and management liability exposures and coverages. He also provides comprehensive property, casualty and benefits consulting to those clients, both for smaller, private clientele and for the large, public groups. Jonathan works with the State of Florida’s medical association and the local medical society in Leon County and the surrounding areas. Visit hubinternational.com
[v] Healthcare Innovation, “Report: Ransomware Attacks Cost Healthcare Organizations $21B in 2020,” March, 2021.