Here's what most medical practice owners don't realize until it's too late: your professional liability insurance—the malpractice coverage everyone talks about—doesn't actually protect you from most of the risks your practice faces daily. Someone slips on a wet floor in your waiting room? That's not malpractice. A laptop with patient data gets stolen from your office? Not covered by malpractice insurance. An employee hurts their back moving equipment? Also not malpractice.
Running a medical practice means juggling multiple types of insurance, each covering different pieces of your risk puzzle. The good news? Once you understand what each policy does, building the right coverage package becomes straightforward. Let's break down exactly what your practice needs.
General Liability: Your First Line of Defense
General liability insurance covers the physical accidents that happen in any business with a physical location. A patient trips over a loose carpet in your hallway and breaks their wrist. A delivery person slips on ice outside your entrance. Your employee accidentally knocks over a patient's expensive glasses during a visit. These are all general liability claims.
Think of general liability as protecting you from the same risks a retail store or restaurant faces. It's not about your medical expertise—it's about operating a space where people come and go. Most medical practices need coverage limits starting around $1 million per occurrence with a $2 million aggregate limit. Landlords often require proof of general liability before signing a lease, and it's typically non-negotiable.
Professional Liability: The Coverage Everyone Knows
Professional liability insurance—also called malpractice insurance or errors and omissions (E&O) insurance—covers claims arising from your actual medical services. Missed diagnoses, treatment complications, medication errors, surgical mistakes, and other allegations of professional negligence all fall under this coverage.
State requirements vary widely. Connecticut mandates minimum coverage of $500,000 per occurrence with a $1.5 million aggregate. New York's standard is $1 million per occurrence with a $3 million aggregate. Virginia has no state-mandated requirement at all—but here's the catch: even in states without legal requirements, hospitals and surgical centers almost always require professional liability insurance before granting privileges. Insurance networks frequently require it for participation. And patients increasingly expect you to have it.
The average cost for professional liability insurance runs about $56 per month for medical offices, though your actual premium depends heavily on your specialty. High-risk specialties like obstetrics or surgery pay significantly more than lower-risk fields like dermatology or psychiatry.
Workers' Compensation: Required Almost Everywhere
If you employ anyone—receptionists, medical assistants, nurses, billing staff—you almost certainly need workers' compensation insurance. This coverage pays for medical bills, lost wages, rehabilitation costs, and disability benefits when employees get hurt on the job.
In 2025, healthcare workers' compensation averages $1.33 per $100 of payroll. A medical practice with $300,000 in annual payroll would pay roughly $3,990 annually. Requirements kick in with your first employee in most states. California explicitly requires coverage even if you have just one employee. North Dakota, Ohio, Washington, and Wyoming require employers to purchase coverage through state-run programs rather than private insurers.
Operating without required workers' comp coverage brings serious consequences: substantial fines, potential criminal penalties, and personal liability for employee injuries. If an uninsured employee gets hurt, you could face lawsuits for medical expenses and lost wages—costs that could easily exceed six figures for serious injuries.
Cyber Liability: The Coverage You Can't Ignore Anymore
Here's a statistic that should get your attention: healthcare data breaches exposed 275 million records in 2025, with each incident costing healthcare organizations an average of $10.22 million. Ransomware attacks on healthcare increased 278% between 2018 and 2023. Your patient records—containing names, addresses, Social Security numbers, diagnoses, and treatment histories—represent exactly the kind of high-value data hackers target.
Cyber liability insurance covers costs when patient data gets compromised: patient notification expenses, credit monitoring services for affected individuals, forensic investigation to determine what happened, regulatory defense when the Department of Health and Human Services investigates HIPAA violations, and legal fees if patients sue. Many policies also cover ransomware payments and business interruption losses if cyberattacks shut down your systems.
While cyber insurance isn't legally required yet, proposed federal legislation could change that. The Health Care Cybersecurity and Resiliency Act of 2025 would establish minimum cybersecurity standards for healthcare providers, including mandatory multifactor authentication, data encryption, and regular security audits. Whether or not these requirements pass, clients and business associates increasingly demand proof of cyber coverage before signing contracts or sharing data.
Business Owners Policies: Bundled Coverage for Small Practices
A Business Owners Policy (BOP) bundles general liability and commercial property insurance into one package, typically at a lower cost than buying each separately. For small medical practices, a BOP runs about $70-$110 monthly, or roughly $840-$1,320 annually.
The property portion covers your physical assets: medical equipment, computers, furniture, supplies, and the building itself if you own it. Coverage extends to damage from fire, theft, vandalism, and weather events. Most BOPs include business interruption coverage, which replaces lost income if you have to close temporarily due to covered property damage. If a fire damages your practice and you need to shut down for three months while repairs happen, business interruption coverage keeps paying your rent, staff salaries, and other ongoing expenses.
Important limitation: BOPs don't include professional liability coverage. You still need separate malpractice insurance. BOPs work best for small to medium practices with straightforward operations. Larger practices or those with specialized equipment often need custom commercial policies instead.
How to Build Your Coverage Package
Start by identifying your must-haves based on legal requirements and practice structure. Professional liability is essential if you're practicing medicine. Workers' compensation is required if you have employees. General liability is necessary for lease agreements and protecting against premises liability.
Next, add cyber liability. Given the breach statistics and regulatory scrutiny healthcare faces, this isn't optional anymore—it's essential protection. Small practices storing patient data electronically need this coverage.
For small practices, bundling general liability and property coverage in a BOP typically saves money compared to separate policies. Talk to an insurance broker who specializes in medical practices—they can compare quotes from multiple insurers and identify coverage gaps you might miss on your own. Don't forget to review your policies annually. As your practice grows, adds services, hires staff, or acquires equipment, your insurance needs change too.
The cost of proper insurance coverage seems high until you face an uninsured claim. A single malpractice lawsuit can cost hundreds of thousands in legal fees and settlements. A data breach affecting a few thousand patients easily reaches seven figures once you factor in notification, credit monitoring, regulatory fines, and legal costs. Workers' comp claims for serious injuries routinely exceed $100,000. Proper insurance coverage isn't just about compliance—it's about protecting everything you've built.
