The Electronic Patient Database (EPD) keeps a record of all patient data. The EPD enables patient information to be shared with other parties involved in the patient’s treatment. The system is entirely dependent on information technology.
This brings new risks with it: not only must the highly-sensitive patient data be available at all times, but its integrity must be ensured, and the information needs to be managed with due confidentiality. Hacking attempts and human errors occur quickly. On 25 May 2018, the new European General Data Protection Regulation (GDPR) is set to enter into force. As a result, the proper management of personal medical information will be even more crucial.
Cyber insurance was created due to traditional insurance solutions falling short when it comes to addressing these new risks. By way of example, this policy covers the costs incurred to control the cyber incident (event management). In the event of cyber extortion, the insurance provides support and reimburses extortion money. Any loss of profits incurred by the hospital or medical practice can also be covered. Lastly, liability for data protection is insured and the fines included in the GDPR are covered. Cyber insurance is therefore a necessary supplement to an insurance policy.
Medical apps assist healthcare providers and will be able to take over certain tasks in future. In the US alone, there are already 3,000 companies devoted to developing medical apps. Belgian universities and research centres are also active in this field. While at present these medical apps are mostly designed for data recording purposes only, in future they will be able to intervene autonomously, e.g. by administering medication or changing doses.
Telemedicine will also be a fixture in the health care sector. Direct contact between the patient and the attending doctor could, in certain cases, be replaced by a (telephone) consultation from afar or behind the scenes, with the doctor or health care provider then giving advice based on the medical parameters made available from various sources.
This evolution is driven by the fact that ICT applications are increasingly becoming an interface for communication between the doctor/health care provider and the patient. This applies in both directions, namely for the diagnosis and during treatment.
In terms of medical indemnity, this evolution is a concern. Questions will arise as to who bears responsibility for certain errors: is it the doctor or the ICT supplier? Both can be insured, but the focus now is on another type of policy. A medical indemnity policy is drafted specifically for the medical profession. A professional indemnity insurance policy – designed for an ICT service provider – contains other provisions.
Hospitals are starting to cooperate on a structural level. They are being urged to do so by the government. Extensive preliminary talks are being held prior to establishing hospital networks of this kind. Will every hospital in the network continue to retain its full autonomy? Will there be a network authority who can take action as required? Will a separate legal entity be created for this?
This is predominantly a directors’ liability issue (Directors and Officers Liability, abbreviated as D&O). D&O provides cover for management errors of the insured parties mentioned in the articles of association and the actual directors of the insured entity. Discussing the future position to be taken by the non-profit hospital organisation is at the core of these management tasks. As long as these discussions and agreements take place within the context of the existing non-profit hospital organisation, there is no problem.
However, if a separate non-profit organisation is set up, a new D&O insurance policy may need to be taken out. If the non-profit hospital organisation transfers or takes over part of its autonomy and there is an amendment to the articles of association, the D&O insurer must also be informed. An appropriate solution will be possible as the situation dictates.