If your digital health company is like most, you postpone the procurement of insurance policies until you absolutely have to obtain them, expecting to be able to obtain whatever you need on demand. You likely do not consider that not having certain insurance in place may delay the signing of your next big customer contract.
However, if you anticipate negotiating a significant customer contract soon, you should be anticipating your needs in advance of actually starting those negotiations, or you may find yourself in a situation where you have to commit to maintaining insurance during the relationship that you may not actually be able to buy on the open market. Why is this a problem? Well, this puts you in the position of potentially breaching the terms of the “significant” deal before you ever start performing those terms, which can obviously have serious consequences for your company’s business if your breach is ever discovered. Since the usual insurance terms in these types of deals require the submission of certificates of insurance as proof of coverage, any failure to procure the insurance required is not likely to stay undiscovered for an extended period.
Notwithstanding the foregoing, even if you do not breach the terms of the negotiated deal, it is far better to negotiate the scope of indemnification risks you will be incurring with advance knowledge of the terms of the insurance policies you already have in place, as you can then negotiate limits of liability within the coverage of the insurance coverage previously obtained.
So, what types of insurance requirements should a digital health company anticipate when it goes to negotiate a significant deal?
First and foremost, companies should anticipate the requirement of a general commercial liability policy. This is a standard commercial insurance policy that every business, regardless of whether or not in the software industry, should keep.
Second of all, companies should anticipate the requirement of a commercial auto insurance policy to cover the risk that employees or contractors may have an accident while traveling back and forth to a customer or business partner’s work site.
Third of all, companies should anticipate the requirement of an errors & omissions policy to cover the risk that company workers will intentionally or negligently act in a way that harms the customer or business partner.
Fourth, companies should anticipate the requirement of a cyberinsurance policy to cover the risks of hack attacks, data breaches, and third party cybercrimes, as well as notification costs and other costs to remedy a breach after it occurs.
Fifth, companies should anticipate the requirement of an umbrella policy to cover losses in excess of the insurance limits available.
What types of limits of coverage should a digital health company anticipate? In my experience, larger deals will come with larger expectations, so the more significant the deal, the more insurance your company should be lining up in advance.
The bottom line is that doing some advance planning with respect to insurance before your software company commences negotiations on a significant deal will save your company the worry down the road of being discovered to be in breach of the deal you just closed if you find that meeting the insurance requirements you agreed to is not quite as easy as you anticipated. Furthermore, it will enable you to go into negotiations better prepared to be able to negotiate terms that actually protect your company.