Healthcare practice entity insurances

The loss of patient records, privacy breaches or failure in duty of care could result in a claim, complaint or legal action being brought against your practice entity or practice staff. To protect members in private practice there are two insurance policies that are a complimentary part of MIPS membership (subject to eligibility).

Practice Entity Cover

Even without treating a patient there is risk of claim, complaint or legal action being brought against your practice or practice staff. For example, privacy breaches or failure in duty of care may not directly relate to the healthcare provided to a patient but can be the basis of a claim, complaint or legal action.

MIPS Members’ Practice Entity Policy provides cover for claims against a member’s practice entity and/or their practice staff. Practice staff includes any administrative or management staff that work in your practice (eg receptionist, clerk, practice manager). Other healthcare practitioners that are required to be AHPRA registered are excluded (eg nurses, physiotherapists and other allied health professionals).

  • $20 million policy limit
  • Automatic as part of MIPS membership (subject to eligibility)
  • Covers you and your practice staff
  • At no additional cost to your membership

Cyber, Privacy and Media Policy

The Cyber, Privacy and Media Policy provides cover for risks associated with data storage, electronic communication and record keeping. You may need to claim under a cyber cover policy for incidents such as:

  • A virus or malware that deletes health records
  • Hackers that encrypt data and demand a ransom
  • Malware infections contracted through email or browsers that cause software to fail
  • Damages connected with privacy breaches (eg theft of credit card details)
  • Liability associated with published media (eg printed media and social media)
  • $100,000 cover for a variety of incidents (see policy limits)
  • Covers you and your practice staff
  • Application required
  • Only eligible if also eligible for Practice Entity Cover
  • At no additional cost to your membership

What are the Cyber, Privacy and Media Policy limits?

Area of cover Limit of cover
System damage and business interruption $100,000 (Max $20,000 per day)
Breach notification $100,000
Cyber and privacy liability $100,000
Media liability $100,000
Regulatory privacy actions $100,000
Consequential reputational harm $100,000 (Max $20,000 per day)
Threats and extortion $100,000
Court attendance costs $100,000 (Max $2,000 per day)
Crisis communication costs $100,000

What other cyber perils does the policy protect against?

  • Hacking attacks or viruses in both your computer network or a cloud network you are using
  • Security breaches of:
    • personally identifiable information
    • employee data
    • your website’s privacy statement
    • requirements for processing and strong credit card information
    • a cloud computing provider’s system your business uses
  • Notification to individuals in the event of a security/privacy breach
  • Damage to data or computer systems
  • Reduction in profit if your business is interrupted by cyber peril
  • Harm to your reputation
  • Regulatory investigation costs and expenses
  • Regulatory fines and penalties
  • Mandatory notification costs in the event of a security breach including legal costs to draft notification, printing and postage, credit monitoring services, identity theft helpline, security audit and forensic investigation
  • Liability for disclosure of private information (eg patient’s credit card details)
  • Ransomware that locks and prohibits access to your computer system
  • Defamation arising out of social media (costs you become liable to pay)
  • Intellectual property infringement arising out of social media
  • Content liability for social media

Exclusions:

Cyber cover excludes cover under the policy for insuring clause 3, sections A,B,D and E & insuring clause 5 including Computer Crime, Identity Theft, Telephone Hacking and Technology Errors and Omissions. See the Cyber, Privacy and Media Policy for definitions.

Apply for Practice Entity, Cyber, Privacy and Media Cover

Download policy documents

MIPS’ practice entity and cyber policies have been designed to help support members with the vicarious liability they may have through ownership and working in a healthcare practice.

Case study 1

Too busy come back tomorrow

A person comes into your general practice without an appointment on a day you are fully booked. The person advises the receptionist they have recently fallen and have a bad headache. Despite their insistence on an appointment, your receptionist is firm and tells them they cannot see you. The person returns home and dies that day due to a massive bleed (extra-dural haemorrhage) of their brain. Shortly after, the family makes a demand for compensation against your practice and threaten to take legal action.

In this example, you have not seen the person nor provided healthcare, but the practice and receptionist may be liable.

Case study 2

Ransom demand

Hackers gain access to your patients' health records and encrypt them. They demand a ransom of $2,000 to decrypt the files. You have patients in need of urgent medical attention, but you cannot access their records.

You and your colleagues take a principled decision not to pay the ransom but discover that your backup files have been damaged. They are potentially repairable, but you will need to pay for expert assistance.

Eligibility for cover

Practice Entity Policy

To be eligible for Practice Entity cover, you must be a current MIPS member in a membership classification that contains private practice and your practice entity must fit one of the following scenarios:

  • you are a sole practitioner and only shareholder of your practice company (ie you are the only practitioner providing healthcare in your practice and you own 100%)
  • MIPS Members hold the majority of ownership in the company or partnership AND where those practitioners undertake the majority of healthcare provided in the practice
  • an entity or practice structure approved by MIPS in writing.

Complete the Practice entity, cyber, privacy and media cover application form to confirm eligibility for Practice Entity cover and at the same time (optional) apply for Cyber, Privacy and Media Policy cover.

Cyber, Privacy and Media Policy

To be eligible for Cyber, Privacy and Media cover, you must be a current MIPS member in a membership classification that contains private practice and your practice entity must:

  • meet the Practice Entity eligibility requirements
  • meet the application requirements (you will be asked about this on application) such as appropriate anti-virus software, firewall, back-up procedure, secure storage of credit card data
  • apply and receive approval.

Example of Practice Entity cover

A person comes into your general practice without an appointment on a day you are fully booked. The person advises the receptionist they have recently fallen and have a bad headache. Despite their insistence on an appointment, your receptionist is firm and tells them they cannot see you.

The person returns home and dies that day due to a massive bleed (extra-dural haemorrhage) of their brain. Shortly after, the family makes a demand for compensation against your practice and threaten to take legal action.

In this example, you have not seen the person nor provided healthcare but the practice and receptionist may be liable.

Is my practice entity eligible?

= MIPS member and working practitioner
= Non MIPS member and working practitioner
= Silent non-working partner

Eligible practice structure
 
Ownership 25% 25% 25% 25%
Working 25% 25% 25% 25%
  • Majority of owners of the entity are MIPS members
  • Majority of the entity's healthcare is undertaken by those MIPS members.
Ineligible practice structure
 
Ownership 25% 25% 25% 25%
Working 33.3% 33.3% 33.3% 0%
  • Majority of owners of the entity are NOT MIPS members (must be greater than 50%)
  • Majority of the entity's healthcare is undertaken by those MIPS members, however, an entity must meet both the ownership and working MIPS member requirements.

 

This is a summary only. For full terms, conditions and exclusions for the: