Mitigating Risks to Mitigate Costs

By Martin Swann / 13 Sep 2017

Medical malpractice and risk specialist Martin Swann provides tips for mitigating your insurance risks and reducing the chance of a successful claim being brought against you

The number one question I am asked as an insurance provider when talking to a prospective new client is ‘how much?’ Given that the premium levied for your insurance is reflective of your perceived risk to your insurer, reducing your risk could reduce the rates used to calculate your premium. 

In this article, I will provide my best tips for not only improving the risk your practice represents to insurers, but also for reducing the chance of a successful claim being brought against you and your clinic.

Risk assessment

I have found that, ever increasingly, the purchase of insurance is regarded as a ‘commodity purchase’, with the cost of cover being a large factor in the decision of which provider to partner with. If you think of insurance in the same way a bookmaker would consider odds provided for horse racing, those with the best chance of winning (not having a claim) have the lowest odds (cheapest rates).

If you are perceived to be a greater risk due to poor risk management, the processes and procedures you adopt, or just having a poor claims history, it will have an impact on the rate applied by an insurer.1 

Sound risk management and risk mitigation should levy the most cost effective risk transfer (insurance) and reduce the chances of a successful claim being made against your practice. Here are my top three tips for minimising claims in your clinic:

1. Record keeping

If a claim is alleged against your practice, your files and records are what insurers will rely upon to provide them with the evidence they need to try and successfully defend your position. However, with the introduction of the new EU General Data Protection Regulations (GDPR) taking effect next year,2 insurers will also be considering the risk associated with the storage and security of your patient records. 

They will also consider whether there has been a failure to exercise the required duty of care to securely store these records in line with the new regulations.3 An insurer would consider your records to include, but not limited to: consultation records, emails, telephone notes or call recordings, photos or images, text or social media messages and health records. 

From a GDPR perspective, you should extend this definition to any single piece of data held about any individual, not just patients, but also employees and prospective patients too, as this is considered personal data and therefore falls under GDPR.2

From an insurance/risk management perspective, the following is considered good record keeping:

  • Full and factual information, which includes relevant history, full details of all examinations, assessments, investigations and findings, and details of any concerns or referrals such as mental wellbeing assessments. Details of any problems/complications arising, action taken in response to these problems and clear rationale/evidence for the proposed care plan, including any identified follow-up action, should also be specified.
  • Records completed at the time of the consultation. If done shortly after, then they should be recorded showing the date and time of the record being created, and the the actual event/consultation.
  • All records should be stored securely, for example, they should be encrypted when at rest in your network, and adequately backed up so they can be restored easily, in the event of a loss of data. Storage of records and the responsibility for the security and safeguarding of the data you are holding will increase significantly with the introduction of GDPR.2,4
  • Legible text, which is explained in more detail below.

Insurers are starting to pay more attention to how data and patient records are stored and how a practice would deal with a breach as part of their underwriting process, which is understandable given the increased duty of care that the new regulations represent for practitioners.2 Those practices with good procedures and processes for data collation, storage and security are considered a better risk from a GDPR perspective and rates will be reflective of this.3

2. Consent

Since the Montgomery case of informed consent in 20155 (and subsequently Crossman and Webster in 2016/17),6 consent has been a hot topic for all within the insurance industry. Insurers will be interested in understanding your processes for obtaining the required consent from your patients, in line with the increased obligations the recent changes have created. As opposed to reviewing your actual consent forms, underwriters will often focus on obtaining an understanding of your consultation process, while a number of insurers will offer to review these forms for practitioners.

  • An underwriter will be looking to establish that your consultation process allows adequate time to:
  • Identify if there are any underlying medical conditions that need to be considered prior to treatment.
  • Discuss all the medical risks, not just those deemed relevant, associated with procedures being discussed.
  • Consider the reasons for treatment and access the mental and psychological wellbeing of the patient to confirm if referral to another experienced professional, such as a psychologist, is required.
  • Provide the patient with suitable time for reflection prior to treatment, which will depend on the treatment, but insurers take guidance from bodies such as the General Medical Council.7

In addition, I have found that the underwriter will usually want to ensure that there is confirmation that all of the above is suitably understood and certified by the patient, as well as being accurately documented and recorded by the practitioner. They will also want to confirm that your practice has processes and procedures in place that include:

  • Training around consent, the consultation process and managing customer expectations.
  • Quality assurance including file/consultation reviews, providing feedback, implementation of additional training and follow up/ check back on completion of the required training to ensure that your staff are developing their skills for the benefit of your patients.
  • Customer reviews/satisfaction monitoring following treatment and the use of that feedback as a way of improving services.
  • Identifying and referring patients where there are concerns around their mental wellbeing.

The above will provide insurers with comfort that you have suitable processes in place for adequately accessing and obtaining informed consent from your patients. This alleviates some of the concern that insurers have in regards to defending a claim where there has been an allegation of failure to obtain adequate consent.

3. Complaints handling

Complaints against medical practitioners have increased nationally.8 This is following the impact of the Francis Report,9 which discussed the leadership of staff at Stafford Hospital, and other similar industry reviews such as Keogh. Additionally, the impact of social media as a forum to share news has increased public awareness and expectations. 

However, not all complaints need to evolve into negligence claims and, in my experience, effective management of complaints can reduce the chance of them becoming so. 

A survey by The Medical Protection Society in December 2016 found that something as simple as saying sorry could reduce claims, with 76% of patients surveyed saying that they would be less likely to complain if they had received an apology.12 

Obviously, from an insurance and risk perspective, you have to balance apologies with the obligation not to admit liability found within all policy wordings, so I would always recommend taking the advice of your insurer on how they would like any apology to be worded. When it comes to managing complaints, underwriters will attain additional comfort in the risk posed by a practice that can demonstrate that they have:

  • A clearly documented complaints process that is communicated to the patients as part of the consultation process.
  • A process for reviewing complaints after the event, to understand how they could be avoided in the future and make improvements to their risk management processes as a result of these findings.
  • A process for identifying patterns of complaints and re-training staff/practitioners where required to mitigate repeat complaints.
  • A culture where staff/practitioners will raise internal issues or incidents openly so that the practice can uphold its duty to the patient.
  • Have a complaints’ register showing previous complaints, the process of how these were handled and the outcome.

The last point is an interesting one because some companies may question the benefit of a complaints’ register, suggesting that by showing insurers that you have had lots of complaints, it may increase your premium. 

However, demonstrating that you have a process where you record not only complaints, but also timeframes, key dates, outcomes, retraining or remedial action and a system for accessing patterns and mitigation, is of huge benefit. This is because it will demonstrate to insurers that you understand the need for effective risk and complaint management and you have tools to identify risks, which will mitigate the chance of repeat claims.


The three areas highlighted in this article are integral to each other when it comes to effective risk management. They will not stop a claim being made against your practice, however, the chances of an allegation being successful could be reduced. 

Managing the patient expectations throughout their care at your practice is paramount to a harmonious relationship and makes it easier to have those difficult conversations when things don’t go according to plan or complaints arise. When issues do occur, record keeping will become your, and your insurer’s, best friend.

Disclosure: Martin Swann is the divisional director of Enhance Insurance. 

Upgrade to become a Full Member to read all of this article.