We're holding two upcoming webinars: An Introduction to Captive Insurance on Thursday, July 28th and Commercial Real Estate Companies and Captives; a Natural Fit, on Thursday, August 4th. You can sign up for each at the following respective links: here and here.
We formed and operate the first series LLC in Montana (named Aegis) for captive insurers. Several other firms provide key services such as accounting, audit and actuarial work. Please contact us at 832.330.4101 if you'd like to discuss forming a captive for your company
Administrative Actions Coverage
Doctors are governed by their respective state medical boards, who wield a large amount of regulatory power over the medical industry. In addition, there are other state and federal organizations who have the ability to commence actions against doctors for a large number of potential infractions.
To cover this risk, captives commonly issue administrative actions policies, which cover the costs of “… all losses resulting from or caused by an ‘administrative action’ that occurs during the policy period. The total calculation of losses will include ‘loss of income,’ ‘remedial measures,’ ‘legal representation,’ and ‘public relations expense,’ caused by ‘negative publicity’ if applicable and provided insured can demonstrate loss.” The policy defines an “administrative action” broadly, usually using the following definition: “an ‘administrative action’ is a formal legal event, proceeding or ‘suit’ commenced by an ‘administrative agency’ (which would include the state bar), seeking to formally or informally adjudicate or enforce an administrative code.”
Target’s data breach in the winter of 2013 highlighted this risk in the public’s mind. According to their March 13, 2015 10-K, it eventually cost the company $145 million. Over the last year, other major companies reporting similar events include JP Morgan, Anthem Health and Home Depot. The total cost of each breach now totals $3.8 million; the average per record cost has also increased from $144 to $154.
Confidentiality adds an additional layer of risk for cyber liability. Suppose a hacker successfully breached a medical practice’s computer system. A client could sue the practice not only for the breach of data but also for a breach of confidentiality, potentially placing the doctors’ licenses in danger. While there are no cases on point, it’s only a matter of time before plaintiff’s attorneys start testing this legal theory.
At a minimum, a medical practice’s captive program should underwrite a cyber-liability policy that provides coverage for:
1. A security breach where hackers obtain confidential client information such as physical and email addresses, social security (or similar) numbers, medical history and other privileged information.
2. Public relations expenses expended by the company to overcome negative publicity related to the event.
3. Loss of income directly related to the event.
4. Extortion threats, where hackers obtain confidential information and then demand payment to not distribute it.
 Cory Bennett, Study: Data Breaches Average $3.8 Million, The Hill May 27, 2015.