To provide an insurance program for a medical facility, whether it’s a one doctor or dentist, to a 100-employee urgent care center, it’s necessary to consider the inherent exposures. Before analyzing which risks need to be addressed, a certain number of fact-finding questions should be addressed.  

First, what kind of medical office or facility are we examining?  Does the practice serve strictly to elders or does it accept all the members in the family? How are the facilities set up to accommodate either the seniors or young children?  Are there ramps and handrails installed?  Small objects that children can choke on?  Is there a defibrillator on the premises?   

Second, how does the office store its patient records?  Is the information uploaded to secure server held on site or is the information uploaded periodically via the Internet?  If hard copies are kept, how are the files protected?  Against theft?  Against fire?  Are backups made periodically?  Kept offsite?  

Third, how does the practice hire its applicants?  Are background checks done to verify past employment? Does the office comply with the latest Patriot Act requirements?  What procedures are in force regarding employee complaints? Do the benefit plans conform to the new non-discrimination laws?   

As you can see above, these questions are just a few that many insurance agents and office managers may overlook.  When we work with our clients or insurance professionals, we use the enterprise approach.  We incorporate various risk management techniques that enable us to focus on what exposures can potentially cause the greatest risk to an organization and how we can protect the organization to deal with it.  

Can the risks be transferred?  For the employees that are transient, is it cost effective leasing temporary labor rather than dealing with the latest regulatory requirements?

Regarding the storage of patient data, what procedures can be implemented to minimize or prevent HIPAA violations?  Would it be more practical investing in a new computer and data system that has the capability to encrypt all the patient files and hold it on a secure server or should coverage be obtained by an insurance policy that protects against breach of patient privacy?   How about both?  

It is important to work with professionals that understand the business and are also able to examine exposures from all angles.  Using the team approach, it becomes easier to create a plan that can fill as many voids as possible in coverage possible. Combining these techniques provides a basis for effective risk management and loss control.   

By William F. Schaake, CIC, CRM © 12/18/2010-2023 All rights reserved.