Practice Owner Insurance Checklist

Malpractice is not the whole stack. A dental practice owner usually needs to think about clinical liability, premises risk, cyber exposure, employment claims, and revenue interruption as separate problems.

Use this as a broker and renewal checklist. The exact package depends on your state, entity structure, lender and lease requirements, staffing model, sedation profile, and vendor stack.

Biggest mistake

Thinking malpractice is the entire answer

A practice can be exposed through clinical care, employee claims, ransomware, premises incidents, website issues, and downtime even when the owner has a professional liability policy.

Correct framing

Ask what protects the doctor, the entity, the team, the office, and the downtime

Those are not always handled by one policy. Many owners discover the gaps only after a claim, breach, or shutdown.

Best move

Work with a broker who actually understands healthcare facilities

A generic small-business package can miss clinical, HIPAA, staffing, and vendor-risk details that matter in a dental office.

Core coverage categories to ask about

Professional liability / malpractice. Make sure you understand whether coverage applies only to named dentists or also to the entity, associates, hygienists, assistants, sedation services, and contractor arrangements.
Commercial general liability. This is the non-clinical side: premises incidents, slips and falls, ordinary bodily-injury claims, and other general business exposures that are different from malpractice.
Property coverage. If you own or lease space, pressure-test how equipment, build-out, computers, damage, theft, fire, and water events are handled.
Business owners policy (BOP), if used. Some practices use a BOP that combines general liability and property coverage. Do not assume the bundle makes separate questions unnecessary. Verify limits, exclusions, and what is actually inside the package.
Cyber liability. Dental offices carry patient information, rely on email, depend on practice-management software, and increasingly rely on cloud vendors. Ask how breach response, forensic work, notification costs, ransomware events, email compromise, and vendor-caused incidents are handled.
Employment practices liability (EPLI). If you employ people, ask about wrongful termination, harassment, retaliation, discrimination, and hiring or supervision disputes.
Workers' compensation. Requirements vary by state, but if you have employees this usually cannot be treated as an afterthought.
Business interruption and extra-expense coverage. A practice can stay open on paper and still be financially damaged by a fire, flood, cyber event, EHR outage, or physical closure. Ask what actually triggers coverage, what waiting periods apply, and whether ordinary income loss, relocation cost, and recovery cost are covered.

Why cyber belongs in the stack

Ransomware and breach events are operational events, not just IT events

If the office cannot access charts, communicate safely, or restore systems quickly, the damage is clinical, financial, and reputational at the same time.

Cloud tools and backups reduce risk, but they do not eliminate recovery cost

Better backups, cloud-based systems, and clean email habits help a lot. They still do not answer who pays for forensics, breach counsel, notification, hardware replacement, or revenue loss when something goes sideways.

Know whether business interruption already includes cyber-triggered downtime

Some owners discover after an incident that they had partial coverage and did not understand it. Others assume they are covered when the trigger language is narrower than they realized.

Website and digital-access risk are part of practice risk now

If your site books patients, collects forms, publishes treatment information, or functions as part of the patient experience, it creates its own legal and operational risk surface. Web accessibility and digital compliance issues are not the same problem as ordinary malpractice or premises liability.

Do not assume your standard general-liability policy automatically handles website accessibility claims.
Ask whether cyber, media, tech E&O, or a specific endorsement responds to website-related allegations.
Make web accessibility part of vendor and renewal conversations, not just a web-design afterthought.
If you use online forms, payments, chat, scheduling, or patient communications, ask how that expands exposure.

Questions to ask your broker before renewal

Who is the named insured: just me, the entity, or both?
Which clinicians, staff, and contractors are actually covered?
Does the package change if I add associates, sedation, multiple locations, or a new service mix?
What is excluded under cyber, EPLI, and business interruption?
Does cyber coverage include business email compromise, forensics, notification, and vendor-caused events?
Does business interruption respond only to physical damage, or also to certain cyber and systems events?
Does anything in the package address website accessibility, privacy, or digital-content claims?
Do my lender, landlord, and vendor contracts require limits or riders I have not pressure-tested yet?

OnlyDentists take

The useful mental model is simple: malpractice covers one slice of risk. Practice ownership introduces a wider stack. If you are buying, growing, or restructuring an office, insurance should be reviewed as part of operating design, not as a box to check after the lease and note are already signed.

Sources

Educational only. This page is not individualized insurance, legal, accessibility, HR, or tax advice. Use it to ask better questions and spot obvious gaps before something expensive forces the lesson.