practice waiting room 

In addition to navigating the COVID-19 pandemic, there is increasingly more regulation, legislation, and legal challenges facing clinics of all sizes.

These challenges differ from, and are separate to, those that individual healthcare practitioners face when providing clinical services from their clinics. Depending on the regulation, or the legal challenge, it may not be covered by an individual practitioner’s indemnity policy. While MIPS membership includes an indemnity policy for practitioners that may extend to cover practice staff, practice owners should also consider a separate policy to cover their practice entity or staff, sometimes referred to as ‘practice entity’ or ‘clinic malpractice’ insurance.

Practice indemnity coverage, including cyber cover, should be a part of any business risk management strategy to protect what you have worked so hard to build.

While it has long been the case that a healthcare practice has a non-delegable duty of care to its patients, practices now also face high standards in relation to concerns such as privacy, and they can also be held accountable to Medicare under the Shared Debt Recovery Scheme

A healthcare practitioner who is an owner, Director, or partner in a practice usually wears two hats: business owner and clinician. Your individual MIPS membership includes indemnity insurance that can respond to your direct treatment of a patient, and supervision of others. In contrast, a practice entity policy which includes cyber cover is intended to cover issues such as:

  • investigations and complaints against a practice eg refusing to treat a patient, allegations of discrimination, or poor communication with a patient
  • cyber liability claims eg being unable to access IT systems due to a cyber hack, sharing personal information with the wrong patient by electronic means
  • vicarious liability assumed as an employer for employees
  • errors made by staff members (including nurses, receptionists, etc) eg a Nurse giving a patient the wrong medication, or a receptionist sharing personal information with the wrong party
  • patients who see multiple practitioners, or a locum, at one Practice and may have a claim against multiple parties
  • privacy and data breaches
  • failure of practice procedures, processes, supervision or systems to handle patients and communication correctly
  • breaches or complaints about any advertising, social media or website claims that the Practice may have posted or shared.

The costs of claims in these areas can be substantial. For example, the Australian Privacy Commissioner ruled that a Victorian medical practice failed in their duty to secure the personal information of its patients and costs ran to over $1,000,000.

Some examples of claims in this area include:

  • sending results to the wrong patient
  • staff accessing records inappropriately
  • healthcare records disposed inappropriately in landfill
  • healthcare records stored in insecure location
  • reception staff poorly triaging patients
  • nurses exceeding permitted activities unsupervised
  • failure of staff to appropriately supervise other staff.

IMPORTANT: All AHPRA registered healthcare professionals in private practice are required to obtain indemnity insurance (such as that provided through MIPS membership). It is common for practice entity policies to exclude cover specifically for the ‘healthcare provided by AHPRA registered practitioners’. The main purpose of the cover is then to protect a practice entity/clinic from the risk described above.


Dr Lee owns a clinic that provides both medical and dental services. She’s a dentist but she employs a practice manager, dentist, hygienist, dental assistant, a doctor and a nurse and uses a locum/staffing service for when her fulltime staff are on leave. The clinic is 50% owned by her husband and 50% owned by Dr Lee.

If a patient makes a civil claim (ie sues) they could name Dr Lee, the clinic, and any, or all of the staff employed, and allege that the clinic is vicariously liable.

Although the AHPRA registered healthcare practitioners employed by the clinic have their own individual indemnity cover, Dr Lee and her husband have taken out separate practice entity to ensure protection against any claim made against both clinic and staff.

Recent trends

Civil litigation in Australia is increasing and the healthcare industry is not immune to that trend. Settlements against healthcare practices are increasing in both number and value, and while a large claim may seem unlikely, the possibility of a large claim arising where part of the liability is apportioned to the practice is more likely.

A practice’s exposure to compensation claims increases where there are interventional healthcare practitioners, such as nurses or sonographers, who do not have their own insurance. For example, in an incident a nurse provided a Depo-Provera contraceptive injection and placed the needle and syringe back in the box after use. The nurse then mistakenly used the same needle for the next patient. While the nurse realised the error immediately, they still allowed the patient to go home without informing them of the oversight. Even without any negative health outcomes (and civil cases), there is still a risk to the practice from penalties from breaches or regulator investigations.

Have a further query about practice entity?

If you’re concerned your clinic is exposed to the multitude of risks associated with ownership and operation, MIPS has established a relationship with Aon to help MIPS members to consider and acquire practice entity and cyber cover. Aon have developed Healthcare Clinic Malpractice cover specifically for the Australian market. 

Make an enquiry

MIPS receives no financial benefit or commission from this but does assist members to apply for cover. If you acquire this cover, it will be through Aon, not MIPS and any future interactions will be handled through Aon.