Question
What insurance does a telehealth or virtual-care company need?
Short answer
A telehealth company usually needs telemedicine professional liability (medical malpractice) for the clinical side, cyber and technology E&O for the platform and the patient data it holds, and the ordinary business lines (general liability, workers compensation, and directors-and-officers once outside capital arrives). Which entity carries which line is driven by the corporate structure: most telehealth companies run a PC-MSO (a physician-owned professional corporation for the clinical services plus a management-services organization for the technology), and the program has to insure each entity for what it actually does. Because the clinician network is often fluid and the platform holds protected health information, the two defining lines are entity-level telemedicine professional liability and cyber/technology E&O.
The short answer
Telehealth sits at the intersection of a medical practice and a technology company, so the program has two centers of gravity: the clinical care (which creates medical-malpractice exposure) and the platform and data (which create cyber and technology exposure). Around those two lines sits the ordinary business stack - general liability and property, workers compensation once there are employees, and directors-and-officers once investors are involved.
The structure determines who holds what. Most telehealth companies are organized as a PC-MSO, and you insure the professional corporation for the clinical exposure and the management-services organization for the platform and data exposure. Getting that split right is the difference between a program that responds and one that leaves a gap between two policies.
Telemedicine professional liability - the clinical line
The clinical entity needs professional liability (medical malpractice) covering patient injury arising from the telemedicine care its clinicians provide. For a network of prescribing clinicians this is usually written at the entity level to cover the practice's vicarious liability, rather than as individual policies for each physician, and for a fluid network it is rated on projected patient volume or revenue rather than a fixed physician headcount.
The exposure is amplified by multistate operation (clinicians licensed and seeing patients across many states) and by the clinical scope, especially prescribing. Companies prescribing controlled substances or high-scrutiny medications such as GLP-1 weight-management drugs face closer underwriting.
Cyber and technology E&O - the platform line
A telehealth platform runs on software and holds sensitive patient data - protected health information subject to HIPAA, plus payment and account data. Cyber liability covers breach response, notification, regulatory exposure, and ransomware, while technology errors and omissions covers claims that the platform software or connectivity failed. For a company whose product is the platform, both are core lines, not add-ons.
The two can be written together or separately. Payor contracts, partner agreements, and pharmacy relationships increasingly specify a required cyber limit and data-handling terms, so the number is often set by the largest contract.
The rest of the stack (added by trigger)
General liability and property: the operating floor for ordinary third-party claims and office or equipment, usually at $1M/$2M as leases and vendor contracts require.
Directors and officers (D&O): triggered by outside capital; investors typically require it at the first institutional round.
Workers compensation: required by statute once there are employees.
Employment practices liability (EPLI) and management liability round out the picture as headcount grows.
How contracts drive the limits
Telehealth companies rarely set their own limits in a vacuum. Payors, retail and employer partners, and fulfillment pharmacies impose insurance requirements through their contracts, and those requirements usually dictate the professional liability, cyber, and umbrella limits the company must carry. Running each partner or payor agreement against the current program before signing is what keeps a telehealth company compliant as it scales.
Primary sources
Sources and references
This answer draws on the following regulatory, statutory, and standards-body sources. Coverage availability and program structure also depend on carrier appetite and underwriter discretion not captured by these sources.
- HHS - HIPAA for Professionalshttps://www.hhs.gov/hipaa/for-professionals/index.html
- III - Business Insurance Basicshttps://www.iii.org/article/business-insurance-basics
Related practice areas
Insurance clauses in this area
Related questions
Have a more specific question?
A specialist will reach out by the end of the day.
Request a free coverage review