Errors and Ommissions Insurance for a Billing Company

By Chris Woolstenhulme, MBRA, CMRS

Do I Need Error and Omissions (E&O) Insurance For My Billing Company?

I've owned a billing company for the past 20 years. It has been a great journey: 20 years ago it was called a Home-Based Business, today it is called a Corporation (for protection and liability reasons). Medical billing has been considered low risk... until now. With HIPAA, E&O and Business Associate agreements in the mix, the world of billing is changing at an alarming rate. Until recently, I never considered it a necessity to carry insurance on my small company; but with the changes I'd be very short-sighted not to. Let me briefly explain why:

HIPAA has rocked the world for small businesses. Looking at the new Business Associate agreement is enough to scare the business right out of you. If you have not seen or used the new Business Associate Agreement, you will want to take a close look at it, pay attention. Medical billers are a separate covered entity and are just as liable as the providers when it comes to medical billing. HIPAA is not just for Doctors any more, patients are now much more educated and will encounter a complete set of HIPAA uses and restrictions at their doctor visits. Therefore, whether they realize it or not, companies that offer services to health providers have been hugely affected by HIPAA.

Business Issues: even if claims are found to be unwarranted, they can quickly eat up a company's cash reserves in no time, leading to financial hardship including legal fees and other related expenses. Most errors and omissions insurance policies cover judgements, attorney fees, court costs and settlements up to the limits of the policy, as well help with defense costs, regardless of fault as well as protection for judgements, court costs and more.

The new Business Associate Agreement, section 7. a) a.ii) states:

BUSINESS ASSOCIATE shall maintain during the term of this BAA a policy of errors and omissions or other comparable insurance with an insurer acceptable to PRACTICE in the amount of , covering BUSINESS ASSOCIATES obligations under this BAA. The policy of insurance shall name PRACTICE as an additional insured. BUSINESS ASSOCIATE shall furnish to PRACTICE such evidence of this insurance as PRACTICE deems satisfactory upon the commencement of this BAA. BUSINESS ASSOCIATE shall notify PRACTICE of any threatened or actual cancellation or termination of the insurance coverage, at least ten days prior to any such action.

You may be asking yourself: Is the risk high enough to threaten my business or personal finances?

The HIPAA Privacy Rule was created to limit the release of a patient's protected health information without authorization. The privacy rule restricts any "covered entity" from releasing protected health information to third parties unless there is a valid authorization signed by the patient for the release of PHI. To set the stage for how this affects you, let's first clarify E&O insurance and why it's important:

What is E&O insurance?

E&O coverage provides protection for you in the event that an error or omission on your part has caused a financial loss for your client. E&O insurance is specialized liability protection against losses not covered by traditional liability insurance. It protects you and your business from claims if a client sues for negligent acts, errors or omissions committed during business activities that result in a financial loss for the client. E&O covers your company or you individually, in the event that a client holds you responsible for a service you provided, or failed to provide, that did not have the expected or promised results.

For doctors, dentists, chiropractors, etc., it is often called malpractice insurance. Whatever you call it, it covers you for errors (or omissions) that you have made or that the client perceives you have made. Most E&O policies cover judgements, settlements and defense costs. Even if the allegations are found to be unjustified, thousands of dollars may be needed to defend the lawsuit. They can bankrupt a small company or individual and cause financial hardship with a lasting effect on the bottom line of large companies. Cases like these can be resolved with the purchase of E&O insurance.

Don't forget you are at risk for an event that may have occurred several years in the past, and the first time the mistake is apparent is when a court summons arrives in the mail. That's when the retroactive date on the policy is very important. The farther back the retroactive date of the policy, the more coverage and protection it offers.

Who needs E&O insurance?

In short, if you are in the business of providing a service to your client for a fee, you have an E&O exposure. You may want to consider what will happen if the service is not done correctly or on time, and it costs your client money or harms their reputation. Not to mention if you have a Business Associate Agreement on file.

Why does my company need E&O coverage?

To put it very simply, everyone makes mistakes. Even with the best employees and the best risk management practices in place, mistakes will be made. But what happens, and who pays, when you fail to catch a typographic error? It could be as simple as a patient's complaint that it is their belief that you have not respected their privacy. No one is perfect. What about unauthorized release of PHI or disclosure that compromises the security or privacy of such information? If you make a mistake and there is a breach of notification, you're exposed to the full extent of legal penalties.

Billing companies have a lot of responsibility getting the claims filed on time, with correct documentation, clean claims with all of the proper identifying numbers any/ all interaction between the provider and the insurance company (payer). What could possibly go wrong? Failing to perform these duties within specific guidelines may result in a federal investigation. It could be as simple as not filing a claim within the correct filing time and it was a very costly procedure- who will pay for the loss? Is it possible to make a mistake that may cause your clients to lose patients, contracts or reputation? For both privacy and security violations civil penalties of $100 per violation and criminal penalties of up to $1,500,000.00 depending the severity of the breach. What about a cyber breach? You have confidential information; can it be hacked by a third-Party? Would you be liable even if the wrongdoing was done by a third party? YES.

Keep in mind every state has its own Breach rules as well as its own definitions of what constitutes a breach. This information was taken from "Complete and Easy HIPAA Compliance" on If I decide not to become educated on this subject and purchase an E&O policy, I am choosing to take a serious financial risk. Even if you made no mistake, you can still find yourself involved in litigation which is both time consuming and expensive.

When should I buy E&O insurance?

Now would be a good time, as soon as you learn it is required. You are taking a risk and are required to have an E&O policy. Not only is it a requirement, you are taking responsibility and proving to be a legal business entity. This will also give your providers the peace of mind of knowing they will be compensated if there is an error or omission. Be sure to retro-activate the effective date on your policy.

Where do you find E&O coverage?

There is no "one size fits all" E&O policy and the policies are there is no "standard" coverage each plan will customize to your needs. Each policy must be read carefully to make sure that the coverage being offered fits your exposures. Having a retroactive date is very important. Claims that arise out of acts committed prior to the retroactive date will not be covered. The farther back the retroactive date, the more coverage provided. Insureon compiled quotes from several underwriters such as HISCOX, Travelers, Philadelphia, Hartford, as well as my own underwriter, Farmers. (BTW Farmers had the lowest cost premiums with no deductible and higher coverage.)

What is covered with E&O coverage and how much coverage do I need?

Some policies include the defense expenses within the limit of liability. Some will exclude punitive damages. The wording of these policies can vary greatly; again each policy must be read carefully to make sure the coverage fits the exposure. Different information may be needed depending upon the service you are providing and the exposure you have. Some will have huge deductibles, I was quoted double the payment for half of the coverage, so be sure to do your homework. Also, remember to inquire on back dating the coverage.

Limit of Liability Options:

Errors and omissions insurance policies usually cover the business owner, both salaried and hourly employees, and subcontractors working on behalf of the business

How much will I pay for E&O coverage?

Some will have huge deductibles, I was quoted double the payment for half of the coverage, so be sure to do your homework. Pricing anywhere from $300/Year to $1500/Year. There are no set costs for E&O insurance it may vary greatly depending on the class of business, location, claims experience (both of the individual insured and of the industry they are in). Each Quote will need to be customized to fit your needs. In my search for E&O I have been asked for copies of contracts, a description of quality control procedures, documentation procedures, training procedures, etc., and others required nothing more than a completed application. You will be asked where your business is located and if you have had any claims as well as the number of employees and your payroll. If you have had claims, what steps have you taken to ensure that the same errors will not continue to occur?

What steps can I take to avoid claims?

First and foremost be sure to have guidelines for implementing the HIPAA Privacy, Security, HITECH and Omnibus Final rules in your office. Again, I recommend a great book published by InstaCode, "Complete & Easy HIPAA Compliance" this book is available at It is a complete guide to understanding and implementing HIPAA and HITECH Requirements including the Omnibus rule.

In summary,

Good luck!

Chris Woolstenhulme, MBRA, CMRS is a Certified Billing Guru (CBG) for Find-A-Code. For more information about ICD-10-CM, ICD-10-PCS, and medical coding and billing please visit where you will find the ICD-10 code sets and the current ICD-9-CM, CPT, and HCPCS code sets plus a wealth of additional information related to medical billing and coding.

Publish this Article on your Website, Blog or Newsletter

This article is available for publishing on websites, blogs, and newsletters. The article must be published in its entirety - all links must be active. If you would like to publish this article, please contact us and let us know where you will be publishing it. The easiest way to get the text of the article is to highlight and copy. Or use your browser's "View Source" option to capture the HTML formatted code.

If you would like a specific article written on a medical coding and billing topic, please contact us.


innoviHealth Systems, Inc.
62 East 300 North
Spanish Fork, UT 84660
Phone: 801-770-4203 (8-5 Mountain)

request yours today
start today
free subscription

Thank you for choosing Find-A-Code, please Sign In to remove ads.