Omnia Health is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What are the key risks for organisations in healthcare?

Article-What are the key risks for organisations in healthcare?

The risks faced by healthcare companies and workers are many, maybe more than any other industry. And while some of these risks are shared with other sectors, many are unique.

From employee negligence and cybercrime to legal, regulatory and contamination issues, combating healthcare risks has been made even more challenging by the COVID-19 pandemic. What follows are just some of the key risks in the healthcare industry, along with advice on how best to prepare for them in an uncertain future.

1. Employee negligence and malpractice

Sometimes things go wrong in healthcare settings. Mostly this is not intentional, rarely it is.

The Medscape Malpractice Report 2017 surveyed over 4,000 physicians in the U.S. It revealed that the top five most common reasons for malpractice were failure to diagnose or a delay in diagnosis (31 per cent), treatment or surgery complications (27 per cent), poor outcomes and disease progression (24 per cent), failure to treat or a delay in treatment (17 per cent), and wrongful death (16 per cent).

In addition to these, nurses often have to deal with claims about failing to monitor patients correctly, update charts or respond quick enough.

However, administration staff, the healthcare company itself, and suppliers can be on the receiving end of a malpractice lawsuit. The cost of these can be huge. According to Willis Towers Watson calculations, claims over US$ 1m in the healthcare sector have almost doubled since 2000.

Be prepared for negligence and malpractice

Choosing the right liability insurance can be tricky – options include healthcare/hospital professional and general liability, nursing home professional and general liability, and miscellaneous healthcare facility liability.

But more than that, knowing how much liability limit is required can cause sleepless nights. This often requires a fairly in-depth discussion with actuaries, attorneys, and/or insurance professionals to assist in determining the most effective programme structure for your scenario. So, seek professional advice.

Also, be aware of the COVID-factor. We’re seeing a number of claims arising out of the pandemic – the spread of the virus or failure to properly clean the premises, for example. Unfortunately, these can be excluded by insurers leaving healthcare organisations limited in terms of coverage. So, it’s worth reassessing cover with the pandemic in mind.

2. Cybersecurity and data breaches

Healthcare collects more personal data on people than any other industry, making it prime for cybercrime. Ransomware and phishing attacks are popular methods to extract data, perform cyber extortion and cause network disruption.

Information security and privacy are big concerns for everyone. So much so that in response to the European GDPR, the UAE issued Federal Law No 2 of 2019 (Health Data Law). This regulates the use of IT and communications across the healthcare sector, imposing strict regulation on how data is processed, protected, and stored, with the long-term aim of building a centrally controlled health data management system.

Be prepared for cyberattacks

Cybersecurity is an ongoing task. However, the Willis Towers Watson 2017 Cyber Security Risk survey revealed that over half of companies have no cyber risk strategy at all.

Cyber threats are constantly evolving, so make sure security software not only exists but is up-to-date. Something as simple as selecting auto-update can make a big difference. And don’t forget smartphones. We’re seeing more and more cyber-attacks on these devices, via rogue apps that access high-risk data.

Cyber insurance is a must. These policies generally cover companies for liability for first-party and third-party losses. This means for things such as legal support, forensic services, business interruption expenses and cyber extortion. Check policy wordings carefully.

3. Virtual medicine

Virtual medicine stands as a risk in its own right, but also as a great example, of how the two previous risks – employee negligence and cybersecurity – have rapidly evolved in the face of COVID-19.

Healthcare organisations are more reliant on their IT systems than ever before. The Willis Towers Watson 2020 Healthcare delivery survey found that 84 per cent of the 397 U.S. companies surveyed now offer telemedicine through their insurance provider. Just over half (52 per cent) felt this would become more important in a post-COVID world.

The rapid shift to telemedicine and the ongoing need for some staff to work from home is leaving many healthcare organisations completely unprepared for this reality, exposing them to network and personal data security breaches.

It also leaves employees exposed in terms of negligence as well. Issues’ surround collecting informed consent and practising medicine outside of a licensed jurisdiction. It doesn’t help that the regulations on the use for telemedicine are wide-ranging within the UAE, with variations on who can practice this even between the Dubai Health Authority (DHA) and Health Authority Abu Dhabi (HAAD).

Be prepared for more virtual medicine

Keep on top of what new software is being installed by staff as they begin more virtual working and do so from home. Assess how these changes affect your overall cyber risk position.

Be sure to keep insurers or brokers in the loop concerning changes to the business and watch out for trends that take advantage of the pandemic. For example, the National Cyber Security Centre recently reported that coronavirus themed e-mails are already been used by criminals to extract data or extort funds.

4. Pollutants and cross-contamination

Cross-contamination of pathogens across a healthcare system has long been known to be a problem, but it’s never been a more prominent issue in the eyes of the public.

The spread of infectious disease hit the headlines as healthcare systems around the world struggled to contain the coronavirus. The issue here isn’t just to do with the spread of the virus from staff to patients, but from staff to family members too.

Be prepared for cross-contamination

The Willis Towers Watson 2020 report on Risk Management and Insurance briefing in response to COVID-19 makes the assertion that there is expected to be a high volume and variation in employer’s liability claims. This is particularly the case with employees contracting COVID-19 and then transmitting it to family members. Check insurance policies provide sensible coverage here, but also that record-keeping – reporting of incidents and advice provided – is kept up-to-date.

5. Employee disruption

The challenges that healthcare organisations are facing in recruiting, hiring, and retaining qualified employees are ever-increasing.

This is particularly true in the Gulf as highlighted by the 2017 World Health Organisation Report Framework for Action for Health Workforce Development in the Eastern Mediterranean Region. This report placed the UAE, Saudi Arabia, and Kuwait in Group 1, which means they faced a shortage of health workers, high reliance on expatriate staff and high staff turnover over the coming decades.

What affect will COVID-19 have here? It’s a little too early to tell, but a fair expectation could be expatriates looking to return home to be with their families in times of uncertainty. Given the costs of hiring new employees, healthcare companies need to monitor this situation closely.

Be prepared for employee disruption

Use data to begin predicting the expected staff turnover rate for your company and set aside cash flow to deal with this. Also, consider implementing improvements in employee wellness programmes and work-from-home policies (where possible) to help attract and retain employees.

6. Regulatory and legal change

Things can change quickly when a new piece of regulation comes into practice across the healthcare sector.

In 2019 alone, there were numerous new UAE healthcare laws and regulatory developments. The impact can be costly if caught unaware. Take the DHA Medical Display Screens Circular as an example. This demanded that all medical images must be read on screens meeting specific requirements including being LCD and having minimum requirements for pixel resolution. Any company with old technology has been forced into a rapid upgrade.

Be prepared for regulatory change

It’s clear that regulations are changing fast, so keep on top of them. Proposed changes are often published well in advance so should never come as a surprise. If the pandemic means you need to circumnavigate normal procedures (such as onboarding or training), then be sure to check with regulators concerning the level of leeway allowed during these pressing times.

Pressing times, changing risks

The healthcare sector will always be one packed with as much risk as reward. But many of the risks are highly predictable. Staying on top of them, performing regular risk assessments and keeping insurance policies up-to-date is the best advice I can give. Sound advice, in fact, no matter what industry you work in.



This article appears in the latest issue of Omnia Health Magazine. Read the full issue online today, covering femtech, AI, IoT and much more.  

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.