Question
What insurance does a digital health startup need?
Short answer
Tech E&O for software defects, cyber for PHI under HIPAA, products liability if FDA-cleared as Software-as-Medical-Device (SaMD), D&O if VC/PE backed, and CTL if conducting prospective studies. Sizing depends on dataset volume and FDA regulatory pathway, not on revenue or headcount.
The five coverage lines
Technology E&O: covers service-side software defects, data integrity errors, and platform failures. Typical placement: $2M-$10M sized to user count and clinical decision-support scope.
Cyber liability: covers PHI breach response, HIPAA OCR investigation, ransomware operational interruption, and contingent cyber for cloud platform failures. Sized to dataset volume.
Products liability: required if the platform is FDA-cleared as SaMD. Covers bodily injury from clinical decisions driven by software output.
D&O: required from first outside-investor round onward. Sizing scales with valuation and clinical exposure.
Clinical trial liability: required if conducting prospective studies, sized to subject count and indication.
What changes at FDA clearance
Pre-clearance, the program is dominated by tech E&O, cyber, and D&O. Products liability is not yet activated.
At 510(k) or De Novo clearance, products liability activates and must be sized to commercial use. The transition often requires a carrier change.
At commercial launch, cyber sizing scales to commercial user volume, and contingent cyber for cloud platform vendors becomes load-bearing.
Related practice areas
Insurance clauses in this area
Have a more specific question?
A specialist will reach out by the end of the day.
Request a free coverage review