Question
How does insurance work in a PC-MSO (friendly-PC) telehealth structure?
Short answer
In a PC-MSO structure the physician-owned professional corporation (PC) holds the clinical relationships and the medical-malpractice exposure, while the management-services organization (MSO) owns the technology, the platform, and the patient data. You insure each entity for what it actually does: telemedicine professional liability for the PC, and cyber plus technology E&O for the MSO. The load-bearing detail is the contractual layer between them - the PC and MSO should name each other as additional insured where appropriate so a claim that touches both does not fall into the gap between two separately-placed policies.
Why telehealth uses a PC-MSO structure
Many states apply the corporate practice of medicine doctrine, which holds that only licensed physicians (or physician-owned entities) may own a medical practice and employ clinicians. To operate legally while raising outside capital, telehealth companies commonly split into two entities: a physician-owned professional corporation (the PC) that holds the clinical relationships and employs or contracts the clinicians, and a management-services organization (the MSO) that owns the technology, brand, and business operations and provides administrative services to the PC under a management agreement.
This split is a legal and business structure, but it is also an insurance structure, because the two entities carry very different risks.
Which entity holds which exposure
The PC holds the clinical exposure. Its clinicians see patients and prescribe, so the PC needs telemedicine professional liability (medical malpractice) covering patient injury arising from that care.
The MSO holds the technology and data exposure. It owns the platform and the electronic health record and holds the protected health information, so the MSO needs cyber liability and technology errors and omissions. The MSO can also carry its own management liability and, depending on services, professional liability for the administrative services it provides.
Insuring the wrong entity, or assuming one policy covers both, is the most common structural mistake.
Rating the PC malpractice for a fluid network
The PC's clinician network is often fluid - doctors join and leave the platform frequently - so a professional liability program rated on a fixed roster of named physicians does not fit. The practical structure is an entity-level policy covering the PC's vicarious liability for the network, rated on projected patient volume or revenue rather than headcount. Underwriters still want to understand the credentialing and vetting process even when they are not rating on the roster.
The contractual layer between PC and MSO
Because a single incident can implicate both entities - a data breach at the MSO that harms patients of the PC, or a clinical event that also raises platform questions - the PC and MSO should be named as additional insured on each other's relevant policies, and the management-services agreement should address indemnity and insurance requirements between them. This is where a claim otherwise falls between two separately-placed policies. It is a program-architecture question, not a limits question, and it is worth resolving before launch.
Primary sources
Sources and references
This answer draws on the following regulatory, statutory, and standards-body sources. Coverage availability and program structure also depend on carrier appetite and underwriter discretion not captured by these sources.
- HHS - HIPAA for Professionalshttps://www.hhs.gov/hipaa/for-professionals/index.html
- III - What is Medical Malpractice Insurance?https://www.iii.org/article/medical-malpractice-insurance
Related practice areas
Insurance clauses in this area
Related questions
Have a more specific question?
A specialist will reach out by the end of the day.
Request a free coverage review