Authors: Hannah Haynes, CLCS Madalyn Young, CLCS Shana Lawlor


Understanding the digital healthcare industry

During the COVID-19 pandemic, the healthcare industry underwent an extreme transformation. Digital healthcare emerged as a disruptive force that is here to stay. The Food and Drug Administration (FDA) defines digital healthcare as mobile health (mHealth), health information technology (IT), wearable devices, telehealth, telemedicine and personalized medicine.

According to Grand View Research, the global digital health market is expected to grow from USD175.6 billion in 2021 to USD1.5 trillion in 2030, expanding at a compound annual growth rate (CAGR) of 27.7% during that period.1 If these statistics hold true, this growth suggests that digital health is the future of healthcare.

Challenges within the digital health industry

Digital health innovations have continuously evolved with new and improved ways to streamline and enhance the delivery of healthcare to patients. This evolution has enabled providers to address some of healthcare's ongoing issues of access, affordability and equity. However, the adoption of digital health technology also presents unique challenges for cybersecurity, privacy, regulation and care delivery including an increased risk of misdiagnosis. The risk management landscape has also become more difficult to navigate. Standard insurance policies are often outdated for emerging healthcare firms, lacking critical coverage such as Bodily Injury coverage, which is vital in this evolving industry.

Terms used throughout

Technology Errors and Omissions (Tech E&O): A policy that provides protection to the insured in the case of any allegations of an act, error or omission in the rendering of technology services that causes damage to a third party.

Cyber/Privacy Liability: A policy that addresses the first-and third-party risks associated with e-business, the internet, networks, intellection property and informational assets against breaches.

Bodily Injury (BI): Refers to any bodily harm, sickness or disease, including resulting death. Bodily injury plays a key role in Technology Errors & Omissions and Cyber Liability coverage.

Insurance coverages necessary for digital health organizations

The signature insurance coverages for digital health companies include Professional Liability, Cyber Liability, and Technology Errors and Omissions (E&O) Liability. Technology E&O, and Cyber go hand in hand. While Cyber insurance will protect against data breaches, and Technology E&O will protect if a client is harmed, there's often an exclusion for bodily injury that can lead to an uninsured exposure.

Many carriers have begun to see increasing claims within these core coverages — especially relating to bodily injury. Each insurance carrier may also have different definitions of bodily injury. Some carriers include mental anguish coverage for pain and suffering, while others only include coverage for damages, economic losses, medical expenses and legal costs in the event of a claim.

The importance of Bodily Injury coverage within a digital health organization becomes pertinent when practicing medicine virtually. Negligent acts that occur virtually can cause new and complicated claims. For instance, consider a scenario where healthcare software used for electronic health records experiences an outage during a patient encounter. Due to the provider's lack of access to the patient's medical chart, the provider prescribes medication, unaware of the patient's allergy to the prescribed drug. Tragically, this results in an allergic reaction and subsequent fatality.

The importance of Bodily Injury coverage within Cyber and Technology Errors & Omissions coverage

Technology E&O and Cyber coverage have traditionally been used by the technology industry to safeguard against unique professional liability and cyber attack exposures. However, with the rapid growth of the digital health space, the traditional Cyber and Technology E&O insurance policies no longer provide the necessary coverage. Standard Technology E&O and Cyber policies typically lack Bodily Injury coverage, which has traditionally been excluded by insurance carriers. Bodily Injury coverage has become crucial for digital health organizations to reduce the potential exposure and risk associated with platform failures that could result in patient injuries.

Claims data

CFC, a prominent insurer in the digital healthcare sector, recently released a report highlighting notable claims they have encountered over the last five years (2017 — 2022).2 One such case involved the use of artificial intelligence in a skincare app specializing in the assessment of unusual moles. The app utilized AI to evaluate whether skin lesions captured by a smartphone camera are cancerous before recommending an in-person appointment. In a specific instance, the app incorrectly determined that a patient's lesion didn't pose a risk, resulting in the patient not seeking a dermatology appointment. Unfortunately, the AI technology focused on the wrong area of the skin, leading to an erroneous diagnosis. As a result, the patient's skin cancer remained undetected for six months, significantly increasing the risk of bodily injury. This example underscores the potential for technology failures to cause severe harm. A typical Technology E&O policy wouldn't cover such an incident, leaving the business at risk of significant expenses if claimed. Claims of this nature could result in multimillion-dollar payouts.

Beazley, another leading insurer in the digital healthcare industry, recently released their virtual care report. According to the report, a mere 36% of insured digital health companies have Bodily Injury coverage in relation to their cyber coverage, indicating that only about one-third of insured digital health companies possess sufficient protection. Additionally, the report states that 62% of digital health companies lack coverage for technology errors or omissions that may result in bodily injury; 69% of insureds don't have coverage for medical malpractice and 63% don't have coverage for bodily injury resulting from remote care. These statistics are indicative of the prevailing gaps in coverage within the industry.3

The significance of obtaining adequate coverage to secure funding

It's imperative for digital health organizations to maintain a comprehensive insurance program that helps mitigate unforeseen risks such as bodily injury, cyber threats, and medical malpractice claims. A strong insurance program also signals to investors that a company is being proactive in managing its risks for the business and its customers and is prepared for unforeseen events.

Utilizing a broker who is knowledgeable about the industry minimizes both coverage gaps and negative impacts on operations. This, in turn, helps protect investors and improve the stability and resilience of the company. In the event of a loss, insurance can step in to provide the critical financial support necessary to help maintain business continuity until the business can resume normal operations.


Digital healthcare providers face a multitude of complex risks, including operating in multiple states and locations, serving diverse patient populations and utilizing advanced technologies. Ensuring adequate coverage for these organizations, particularly concerning bodily injury, is critical. Digital health leaders, insurance brokers, carriers, and investors must shift their mindset away from leveraging traditional insurance coverage to a more personalized approach that encompasses understanding the intricacies of new technologies and their uses. Only then, will digital health companies gain comprehensive coverage that effectively mitigates the operational risk of this new industry, which is crucial for its long-term sustainability and growth.

Author Information

Hannah Haynes, CLCS

Hannah Haynes, CLCS

Producer Associate — Gallagher Account Executive

Madalyn Young, CLCS

Madalyn Young, CLCS

Healthcare Practice — Gallagher Account Executive


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis. Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources. Insurance brokerage and related services provided by Arthur J. Gallagher Risk Management Services, LLC. (License Nos. 100292093 and/or 0D69293).

© 2023 Arthur J. Gallagher & Co.