Healthcare organizaions are particularly at risk of an electronic data breach.
Courtesy of ThinkStock


Published 9/1/2016
Michael R. Marks, MD, MBA

Liability Coverage in a Changing Healthcare Environment

In the first article of this two-part series on liability management (see "Liability Management 101," AAOS Now, August 2016), I spoke with David Burke, director of Smith Brothers Insurance Healthcare Division, about what orthopaedic surgeons can do to protect themselves and their practices today and into the future. Specifically, we addressed directors & officers insurance, employment practice liability insurance, and fiduciary liability insurance. The focus of this article is cyberattack insurance, medical battery insurance, and errors & omissions (E&O) insurance.

Dr. Marks: Cyberattacks—both inside and outside of health care—are becoming increasingly common. A term I've been hearing quite a bit lately is ransomware. What do orthopaedic surgeons need to know about this type of malicious software?

Mr. Burke: Ransomware is a type of malware that essentially holds your computer data for ransom. Although ransomware is a threat to all businesses, health care is particularly at risk due to Health Insurance Portability and Accountability Act (HIPAA) regulations. The electronic health record (EHR) and computer network are the lifeblood of all medical organizations. As a result, no medical practice is immune to cyber liability. A successful breach or unauthorized access can financially cripple an organization. To mitigate their risks, I recommend physicians and their practices do the following:

  • Regularly perform penetration tests on their EHR or company server.
  • Develop a formal risk management plan to identify and mitigate malware leaks that release ransomware and could potentially shut down the entire operating system.
  • Obtain computer network patches and software updates on a timely basis.
  • Establish a response team—with a designated lead individual—to immediately address evidence of a breach.
  • Consider purchasing a comprehensive cyber liability insurance policy. Although most malpractice insurance policies include a token amount of cyber liability coverage, it will not be enough in the event of a breach.

Dr. Marks: During a recent conference I heard about a patient who required bilateral knee arthroplasties. Surgery on the patient's right side was scheduled first. However, on the day of surgery the surgeon discovered that left-side implants had been delivered. Because the patient was already anesthetized, the surgeon explained the situation to the patient's family and was given permission to proceed with surgery on the left side. In the end, the patient was pleased with the treatment. An attorney who was present, however, pointed out that the patient could have filed a battery charge against the surgeon. Can you explain?

Mr. Burke: Medical battery claims are an emerging trend in medical liability. Medical battery claims revolve around an intentional act by a healthcare provider to fail to adhere to the patient's right to direct their medical care or failure to adhere to a patient's advance directive, even if the care or surgery provided is necessary and of benefit to the patient. Medical battery claims can arise when the patient was not informed or had not given consent to a procedure, treatment plan, or surgery. These claims are increasing and are not the same as medical malpractice. Every physician should check with their malpractice insurer to see if they have a policy that will indemnify and defend them against a claim involving medical battery. The best way for physicians to prevent a medical battery charge is to have policies and procedures in place that mitigate the risks for this type of claim.

Dr. Marks: Do orthopaedic surgeons who perform Independent Medical Examinations (IME) or act as an expert witness in the defense/prosecution of orthopaedic malpractice claims/lawsuits require additional liability coverage?

Mr. Burke: Yes. A medical professional liability policy does not extend to defense/indemnity coverage if physicians are sued under these circumstances. That's because medical malpractice involves a direct doctor-patient relationship. Litigation with respect to IMEs and defense expert testimony focuses on the physician's clinical feedback based upon the medical treatment information he or she has been provided to review. Malpractice carriers will provide a reservation of rights on any claim/suit submitted in an IME or defense expert testimony. E&O insurance is professional liability insurance specifically designed for these exposures.

Dr. Marks: Do you have any final words of advice for orthopaedic surgeons?

Mr. Burke: Mismanagement of the liability exposures we have discussed can lead to significant financial consequences for an individual surgeon and his/her practice. These liability exposures are often overlooked by a practice or are not properly insured. Individual fiduciary responsibility, employment-related liability, and cyber breaches are ever present within healthcare practice communities. It is extremely important that orthopaedic surgeons have the proper coverage to protect themselves and their practices.

Michael R. Marks, MD, MBA, is a member of the AAOS Medical Liability Committee, AAOS Patient Safety Committee, and mentor for the AAOS Communications Skills Mentoring Program. He is employed by Marks Healthcare Consulting. He can be reached at markshcconsulting@

Smith Brothers Insurance Healthcare Division provides professional and management liability risk mitigation techniques and insurance transfer options to their clients nationally. David Burke can be reached at

Editor's note: Articles labeled Orthopaedic Risk Manager (ORM) are presented by the Medical Liability Committee under the direction of John P. Lyden, MD, and Michael Marks, MD, MBA, ORM co-editors. Articles are provided for general information and are not legal advice; for legal advice, consult a qualified professional. Email your comments to or contact this issue's contributors directly.