Practice entity, cyber and public & product liability

Healthcare practices face the risk of complaints, legal action and investigation, which may not be covered by a practitioner's indemnity insurance.

There are many ways daily operations can expose practices to the risk of a claim, complaint, or legal action. For example, privacy breaches or failure in your duty of care can lead to poor patient outcomes forming the basis of a complaint.

Practices and not just practitioners can be the victim of a civil action (ie being sued). You can insure your business to cover the legal defence costs of any claim made against your practice and damages a court may order a practice to pay.
Practice indemnity coverage, including cyber cover, should be a part of any business risk management strategy to protect what you have worked so hard to build.

Read more in why should I insure my clinic?

Insurance covers described on this webpage as offered by MIPS’ partner, Aon. Aon have developed Healthcare Clinic Malpractice and other covers specifically for the Australian market. MIPS receives no financial benefit or commission from this but does assist members to apply. If you acquire cover, it will be through Aon, not MIPS and any future interactions will be through Aon.

Practice entity, cyber and public & product liability insurances are issued in the name of a business, not in your name. This means it must be purchased by the business  (or contractor) and the business must advise who is working in the practice and the nature of the healthcare provided. This is different to MIPS membership, that is only provided to individuals.

MIPS will collect your details and make a request to Aon on your behalf

What do these insurance covers protect? (click one to reveal)

Practice entity

Practice entity cover provides cover for claims against a practice entity and their practice staff, such as receptionists, assistants and practice managers. Cover is essential for situations where the practice is involved in a civil claim for non-healthcare related matters. For example:
  • The failure of practice staff to properly transport and store medications that are subsequently provided to patients and cause harm
  • Cyber incidents such as hacking, ransomware, or failure of critical systems can lead to patient harm and form the basis for a lawsuit against a practice
The costs of these claims can be substantial. For example, the Australian Privacy Commissioner ruled that a medical practice failed in their duty to secure the personal information of its patients and costs ran to over $1,000,000. It is typical for both the practitioner and the practice entity to be named in a law suit, so many practitioners acquire both practitioner indemnity insurance and a practice entity policy. Like a personal indemnity insurance policy, a practice entity policy covers acts, errors and omissions but in this case of your staff and the practice.


Cyber cover provides coverage for incidents. This could include:
  • business interruption caused by ransomware or other cyber extortion
  • Fraudsters stealing login details and making bank transfers
  • Denial of service attacks
  • Theft of your patients’ identities
  • Privacy and data breaches such as sharing personal information with the wrong patient by electronic means
The healthcare industry is particularly vulnerable due to the volume of personal, sensitive information collected. The average cost to an organisation in Australia is $276k to detect and recover after an attack, not including data breach fines of up to $2m.

Public and products liability

Public and products liability insurance covers compensation for claims made against you or your Practice arising from an injury to third parties, or damage to their property, resulting from your negligence during the ordinary course of running your business.
It will also cover you for any claims arising from any product you provide to patients – such as food or refreshments. This cover can also cover the cost of your reasonable legal fees incurred from defending a claim against you.
Public and products liability insurance is different to your practitioner indemnity insurance that covers you for malpractice claims arising from the patients you treat. Public and products liability also includes cover for advertising liability for any injury or damage that results as a result of your advertising activities.
If you own a business or work as a contractor, you may be liable for injuries caused to another person or damage to their property. For example, if visiting a patient and they or another person accidently falls overs your bag or equipment or where a patient suffers an injury due to a collapsed chair sitting in your consulting suite. In these circumstances your public and products liability insurance would respond to a claim made against you.


What type of incidents does practice entity cover?

A practice entity policy which includes cyber cover is intended to cover issues such as:

  • investigations and complaints against a practice eg refusing to treat a patient, allegations of discrimination, or poor communication with a patient
  • vicarious liability assumed as an employer for employees
  • errors made by staff members (including nurses, receptionists, etc) eg a nurse giving a patient the wrong medication, or a receptionist sharing personal information with the wrong party
  • patients who see multiple practitioners, or a locum, at one Practice and may have a claim against multiple parties
  • failure of practice procedures, processes, supervision or systems to handle patients and communication correctly
  • breaches or complaints about any advertising, social media or website claims that the Practice may have posted or shared.

What happens when a patient or group of patients sues a practice?

If a patient or a group accuses a healthcare professional of negligence and files a civil action against them (ie sues them), practice entity insurance provides financial cover for legal defence, court costs and, in the case of that practice is found liable/negligent, payments for a settlement or damages ordered by a court. If your practice is not insured, then the owners will be personally liable for damages and have to pay for any legal representation independently.

Does the policy cover staff accidentally exposing a patient’s private information?

Yes, breaches in privacy can be covered by a policy. This may include a civil claim where a breach such as staff accidentally passing private medical or other private information to the wrong person led to harm or financial loss.

Doesn’t MIPS’ Indemnity Insurance Policy already cover administrative staff and assistants?

Yes, as a MIPS member you are covered by MIPS’ Indemnity Insurance Policy which includes cover for administrative staff and assistants in your practice such as practice managers, receptionists and dental assistants in relation to healthcare you provide. It is not designed to protect a whole practice but rather to protect the individual member’s exposure. Key features:

  • $20 million policy limit
  • Automatic as part of MIPS membership (subject to eligibility)
  • Covers you and your practice staff
  • At no additional cost to your membership

Further information

Insurance cover is subject to the terms, conditions and exclusions of the policy. This information is not intended to be advice and you should not rely on it as a substitute for any form of advice. For further information about the Aon Healthcare Clinic Malpractice Cover (Practice entity cover), contact Aon. For further information about MIPS membership, review our Member Handbook Combined PDS and FSG or contact MIPS on 1800 061 113. Information is current as at the date published.