Ben Davis, insurance lead, emerging technologies at Superscript, the business insurance challenger discusses mental health provision and the use of apps during the COVID-19 pandemic.
The COVID-19 pandemic has led to a secondary pandemic: the nation’s mental health. COVID-19, and the shutdown of many basic services, has prevented people from getting the GP help they need to diagnose and care for mental health illnesses; many of which have become far more widespread during the lockdown experiences of 2020. Mental health apps have consequently rocketed in demand, with apps and other digital mental health services being used heavily to reach and support those in need.
The likes of Calm and Headspace have made meditation a mainstream way for people to look after their mental health and wellbeing. These apps - and similar ones - therefore now dominate the consumer wellness world. Apps and digital technology have also revolutionised the clinical mental health and wellness world. Private companies that offer these services are launching at speed, while the NHS is significantly investing in digital technology to roll out mental health services through Clinical Commissioning Groups across the UK.
Complex liabilities
With the impressive speed of new digital mental health offerings coming to market, and the increased attention from not only investors and VCs, but also regulators, all need to take due consideration for the liabilities they face. These businesses often have a complex operating model, blending technology (such as tracking, algorithms, Artificial Intelligence and more) with human intervention through therapists, counsellors, psychiatrists and so on. This means that in some cases liabilities for the service will lie with the therapists and psychiatrists themselves, in other instances the technology company - and any partners and vendors - may be held accountable for any grievances raised by users.
Insuring hybrid mental health offerings
Some mental health apps and digital technology services rely on algorithms and pure technology to deliver against their offering. Others simply act as a conduit between the therapist/clinician and the patient.
In the latter instance, when a therapist is involved and gives professional service to the patient, this therapist or healthcare provider assumes liability for the advice and service given and will need their own professional indemnity cover. Many healthcare companies and professionals will have pivoted their operations online during the pandemic. Where they used to see patients in person, now they’ll be offering services through an app or video consultation. These professionals should be aware that some professional indemnity policies have exclusions for online consultation due to the perceived difficulties for professionals to judge the condition of a patient without physically seeing them. Mental health professionals - and consequently, the technology companies that provision them - should certainly check their small print to ensure they remain covered for digital consultations.
For mental health apps operating on algorithms and technology, there are contingent liabilities that the app faces. Any digital mental health apps therefore need to have strict terms and conditions in place regarding what the patient is signing up for as well as what liability the therapist assumes.
In a third scenario, if a digital health company employs therapists directly then the company needs to assume the consultation risk and have its own comprehensive professional indemnity policy to cover not only the app itself, but also the services provided by its clinical staff. This is where we see the fusion of technology insurance and medical malpractice insurance, creating a new type of medtech cover.
Continued threat of cyber criminals
When considering their liabilities, technology providers in the mental health space cannot ignore the common digital risks they face.
Forced mass working from home has made targeted attacks on businesses and professionals much more feasible. Working on unsecured Wi-Fi networks and using personal devices are much more common than at the start of 2020 and are both elements that can increase the ‘attack surface’ of a company.
For all healthcare professionals, taking out a cyber insurance policy is crucial. This will cover their liability for a data breach involving sensitive customer information, such as credit card numbers, health records and personally identifiable information. But above and beyond this, education on the digital risks that are present in any modern company using computers and storing health information is greatly needed. Digital mental health companies employing therapists and counsellors must provide training on how to recognise suspicious emails and to avoid downloading any applications on work devices that are not for business use and have not been vetted by the company. Where possible, only use secured networks.
Ransomware is not only a big threat to the protection of confidential patient records, but it is also a significant threat to any hardware or equipment that digital mental health technology companies utilise as part of their offering. For example, if a service involves tracking patients’ vitals and known health conditions using wearable technology, a ransomware delivery would be financially devastating. Especially given the sensitive data that the app would be collecting from the users.
With the NHS investing in, acquiring and commissioning more and more digital mental health technology services, the threat to public healthcare is high.
The rise of the 'everything' company
Digital healthcare continues to advance at speed. With the likes of Google, Apple and Amazon making bigger strides into healthcare and the health insurance space, data is becoming even more of a commodity. As data is collected from and shared with more third-parties, the risk of intervention from cyber criminals will only increase.
Mental health is set to be one of the biggest health crises of the decade, as such regulation in the mental health tech sector will continue to grow. New digital mental health companies coming to market must adopt a risk-averse strategy and back themselves with the correct insurance to protect not only themselves but also the patients they serve.