For a healthcare business, regulatory risk encompasses an array of issues that can lead to big problems. It’s true that sometimes violations are malicious, but other times, innocent mistakes like incorrectly coding a health condition can get flagged. Given that ICD-10 has over 140,000 different procedure & diagnosis codes, it’s easy to see how mistakes or differences of opinion can arise.
So even if you have been diligent, and as proactive as possible about regulatory risk, in today’s environment, it’s likely that you’ll face regulatory violations at some point as a corporate executive.
Let’s look at some aspects of regulatory risk, and ways you can work with insurance partners to not only implement coverage that minimizes your risk, but also understand what your liability is for coverage.
The Healthcare Industry is Especially Vulnerable
Since January of 2009, the Department of Justice has recovered almost $16.5 billion in health care fraud. According to the Department of Health & Human Services, the government secured a record return on investment sum in recent years, bringing in $8.10 for every dollar spent on healthcare related fraud and abuse investigations.
A number of things contribute to rising concerns about regulatory risk in the healthcare industry:
- Healthcare qui tam (whistleblower) claims are on the rise. In 2011 and 2012 there were more than 400. Between 1987 and 1992, there were only 62.
- Healthcare companies paid billions to the government in Fiscal Year 2015 to resolve alleged unnecessary treatment and costs (see earlier link).
- The Department of Justice also points to violations of Stark Law, which prohibits hospital-doctor financial relationships that might inappropriately influence patient referrals. Hundreds of millions have gone to the government in these settlements as well.
Other Factors Driving Healthcare Industry Risk
Beyond the patient care and billing concerns are other factors that the healthcare industry faces. Among them are wage and hour claims, Anti-trust violations, EMTALA, HIPAA, Stark allegations and investigations of publicly owned companies by the Securities and Exchange Commission.
In fact, cyber issues are a clear and present danger for all healthcare providers. The top five healthcare data breaches in 2015 alone compromised over 106 million patient records. This is more than the total number of compromised records for all prior years combined!
If you’re looking to better understand your cyber risk, my colleague, Lauri Floresca, WS&Co. Cyber Team Leader, wrote a nice series on Cyber 101, which you can find here:
- The Basics of Cyber Coverage
- Obtaining Cyber Insurance—The Process
- Network and Business Interruption
- Cloud Computing and Liability
Is Your Company Prepared to Respond?
Perhaps not as prepared as you might think.
Because all of these risks continue to grow, many carriers are adapting coverage options to meet new threats. Insurance carriers are increasingly removing regulatory risk from policies, and replacing it with the option to buy coverage as a standalone product.
(Cyber policies are an example of a coverage area that’s evolved over the years to be a standalone product that is now considered a “standard coverage” for most healthcare entities.)
Because the threat of violations is so significant – in fact, one report showed the life sciences and healthcare industries as the most prevalent to experience internal investigations related to regulatory issues in 2015 – the insurance industry is getting more aggressive in providing clients with incentives for reducing the odds of regulatory related issues.
One way is increasing deductibles. For example, if your directors and officers liability insurance today has a $10 million limit with a $100,000 deductible, your carrier might introduce a sublimit and/or raise the deductible for many regulatory violations to $1 million.
Some carriers might offer coinsurance as well, where you pay a share of the payment made against a claim. So if you had $10 million in coverage, a provision may be that you pay 20 percent or more of any claim up to that $10 million.
Since some of these coverage impairments are introduced by your existing carrier at renewal, it’s not always clear what’s covered and to what extent.
To ensure you’re prepared, now is a good time to dig deeper into your policies. For an independent policy evaluation, work with a broker or a consultant who will look for any coverage changes that might limit your protection while also presenting options to fill in the gaps.
Most importantly, understand that the risks facing your healthcare company are different than they were in the past, and you should take steps now to prepare for the regulatory challenges in the coming year.