What insurance does a Software as a Medical Device (SaMD) company need?

Software as a Medical Device (SaMD) — software intended to be used for one or more medical purposes that perform those purposes without being part of a hardware medical device — sits in two coverage worlds at once. As a software service, it produces Tech E&O exposure: customer business interruption from downtime, integration errors with EHR systems, output errors that lead clinicians or patients to costly decisions. As an FDA-regulated medical device, it produces products liability exposure: patient harm caused by the SaMD's clinical recommendation or diagnostic output.

The two coverages respond to different harms and rarely overlap meaningfully. SaMD companies that carry only Tech E&O face uncovered products liability exposure on patient-harm claims; SaMD companies that carry only products liability face uncovered Tech E&O exposure on customer-economic-loss claims.

FDA's Clinical Decision Support (CDS) Final Guidance (2022) clarified when software functions are regulated as medical devices. The four-factor test asks whether the software (1) is intended to inform clinical management, (2) is intended to support clinical decision-making, (3) is intended to enable the user to independently review the basis for the recommendation, and (4) is not intended to acquire/process/analyze a medical image, signal, or pattern.

CDS software that meets all four criteria is excluded from device regulation. CDS software that fails any criterion — including most AI/ML-driven diagnostic and treatment recommendation tools — is regulated as a Class II or III device. Once regulated, the company faces full medical device products liability exposure including premarket clearance requirements, post-market surveillance obligations, and recall responsibilities.

Tech E&O for a SaMD company covers economic loss from software service failures: a downtime incident that prevents clinicians from accessing recommendations, an integration failure that breaks an EHR workflow, an output error that produces an incorrect clinical recommendation that the customer relied on. Sizing typically starts at $1M-$3M and scales with enterprise customer requirements; health systems often require $5M-$10M Tech E&O on contracts above defined transaction thresholds.

Carrier appetite for SaMD Tech E&O has expanded in the last 24 months as the market has accumulated underwriting experience. The specialty markets that write the class are familiar with the SaMD distinction from non-clinical SaaS and price accordingly.

Products liability for FDA-regulated SaMD covers bodily injury or property damage caused by the software's clinical output. The trigger is patient harm — the recommended treatment caused the patient injury, the diagnostic output missed a condition that led to delayed treatment, the dosing algorithm produced an overdose.

Sizing typically starts at $5M per-occurrence and $10M aggregate, scaling with the clinical risk profile of the recommendations. Higher-acuity recommendations (oncology treatment selection, ICU drug dosing, surgical decision support) justify $10M-$25M tower sizing because the severity tail on patient injury is correspondingly higher.

AI/ML-driven SaMD introduces exposure categories that traditional software doesn't face: model drift over time as the underlying clinical environment changes, training data bias that produces systematically incorrect outputs for specific patient subpopulations, and adversarial inputs that produce incorrect outputs in edge cases. These exposures sit at the intersection of products liability (patient harm) and Tech E&O (system performance failure).

Newer specialty markets have begun adding dedicated AI liability extensions to Tech E&O policies that explicitly address drift, bias, and adversarial-input exposures. Coverage availability is still maturing; SaMD companies with material AI/ML components should source through brokers with documented AI healthtech experience to ensure the program structure addresses these specific exposures.

For a Series A-stage SaMD company (10-30 employees, FDA-regulated CDS or diagnostic tool, $1M-$5M ARR): combined Tech E&O + products liability + cyber + D&O typically runs $40,000-$100,000 annual depending on clinical risk profile, sponsor mix, and AI/ML scope. Tech E&O and products liability drive most of the premium; cyber and D&O are modest at this stage.

The single biggest variance driver is whether the SaMD's clinical recommendations are advisory (lower premium) or auto-execute without clinician review (materially higher premium). The clinician-in-the-loop dimension is the key underwriting question for AI/ML-driven SaMD.