Michelle Foster Earle has spent more than 20 years helping healthcare providers, insurers and brokers navigate some of the toughest risks in medicine. As founder and CEO of OmniSure Risk Consulting, she built a woman-owned firm known for blending clinical insight with risk management expertise. OmniSure delivers proactive strategies, on-demand support and real-time guidance that help clients reduce losses and protect patients.
Her background as a healthcare executive and her national reputation as a thought leader give her a unique vantage point on medical liability, clinical risk and the growing cyber threats facing providers.
A longtime speaker and moderator at the Crittenden Medical Liability Conference, Foster Earle recently shared her perspective on the risks that keep leaders up at night — and how organizations can build resilience before the next disruption hits. What follows is an edited Q&A of that conversation.
You built OmniSure into a go-to partner for carriers, brokers and policyholders. Now your confidential helpline offers advice on-demand 24/7. How has that immediate support played a role in reducing risk?
Policyholders are often hesitant to call their insurance companies when they have a concern that has not yet become a claim or lawsuit. Since our helpline is confidential and we are a neutral third party they are more likely to reach out and speak candidly about what’s going on.
First, we ask the policyholder if it is an urgent matter. If it is, we try and address the issues immediately. For example, we had a call from a therapy clinic for pediatric patients where a patient suffered a head injury and the business needed immediate pre-claim advice on whether to give the family a copy of the incident report.
In about 75% of the cases, the calls are very proactive, not as urgent but nonetheless very important. The same type of clinic, for example, may be putting in a pediatric sensory gym and might want to talk about risk management policies and patient safety plans in advance.
Both calls are great and can prevent or control losses. We estimate, based on the number of urgent calls alone, that we prevented at least $74 million in losses last year. That’s a conservative estimate too. It doesn’t even factor in all the proactive calls, recommendations and assessments we have done.
OmniSure boasts deep clinical risk and medical liability expertise. What is a frequent blind spot you see that hospitals or insurers overlook?
I like to say sometimes insurers don’t know what they don’t know. Underwriters can ask all the best questions and still not get a good picture of what is happening unless someone speaks using terms familiar to both “insurance” and “healthcare,” as our company does.
This allows us to fill in the blanks or interpret the perspectives of both the insurer and the insured to come up with solutions that lead to the best possible outcomes.
Sexual abuse and molestation liability is a great example. An underwriter may ask about the hospital’s chaperone policies and the hospital risk manager might say they have had chaperone policies in place for many years.
Then OmniSure goes in and finds out that their chaperone policy is what we would call an “opt-in” policy, meaning that the patient can request a chaperone during a sensitive exam. However what may be needed is an “opt-out” or even a “mandatory” policy based on the patient population, most relevant guidelines, or even state regulations.
We know the language of both organizations and can bridge the gaps, updating the underwriter and healthcare entity about the type of chaperone policy that is more appropriate and protective.
OmniSure not only keeps up with the latest standards in healthcare, we know more deeply how these standards can be applied to prevent losses.
At the same time, we keep up with claim trends, learn from losses and help bridge the gap with the insureds.
In this scenario, maybe the health system hasn’t had any sexual abuse losses and there is no regulatory requirement for chaperones in the state. As a result, the entity might think it’s in good shape. We can help the hospital see why this is such a big issue and what can be done to prevent widespread harm and losses in the system based on what is happening in the insurance world.
Based on lessons learned, we can go even deeper and recommend forms of patient education, documentation guidelines, ways of monitoring compliance, what training and competencies are needed for patient safety, how to set up an investigation team and if necessary, plan for the best defense.
In a cyber‑heavy risk environment, how do you see the consultative model adapting to help organizations anticipate—not just respond to—cyber-driven medical liability exposures?
Most cyber policies address the financial, regulatory and reputational risks of cyber breaches, ransomware, phishing and other such exposures. But in healthcare, the biggest threat is what happens with patient safety.
Certainly patients don’t want their personal health information to end up for sale on the dark web. Identity theft can haunt a person for years and a widespread breach can do a lot of damage to a health system. Required legal notifications and monitoring can be expensive too. But cyber policies generally come with risk teams that include both cybersecurity and law firms in order to respond to these kinds of breaches.
OmniSure comes in proactively. What we anticipate and address is the potential real-time impact on patient care and safety. What is a health system to do when it’s electronic health records are inaccessible or even the admission discharge transfer (ADT) system for example?
If that system goes down you can’t print an armband, assign a room, order meds or surgery. It’s an ordering and monitoring nightmare. The whole system is paralyzed.
Imagine you have a patient in labor who is being monitored. Instead of the nurse monitoring the person from the desk, someone would have to sit in the room with the patient. It’s the same scenario with the ICU.
Our role is to assess and advise health systems regarding patient safety plans so they are ready for digital downtimes. Often we see they need a more multidisciplinary approach with experts from all the different departments.
Given your healthcare executive experience before founding OmniSure, what’s one clinical or operational insight you wish more underwriters or providers understood when evaluating cyber‑triggered med‑mal risk?
Proactive risk consultations are so helpful. When I was in healthcare leadership I was focused on regulations, operations, reputation, staffing, quality, revenue and expenses.
Any outside consulting help that I could trust but didn’t have to find and then fund was a huge help. Insurance companies with risk services that are proactive, not punitive, can not only reduce risk and prevent losses, they can impact accreditation, operations and quality.
Given that most health systems don’t have the kind of experience with cyber-triggered med-mal risk that they have with medication errors and treatment failures, any insights we bring their way from our exposure to those events can have a major positive impact.
Our helpline plays a key role in helping mitigate risk. Years ago when I was in healthcare leadership and had to inform a family that the death of their mother was under investigation due to a communication and hand-off failure, someone suggested I call our insurance company. They put me on the phone with a nurse consultant in their risk management department who let me share all my feelings and then gave me an opportunity to practice what I was going to say.
I am certain that call gave me the support I needed to do what was right by the patient, the family and our healthcare staff. It saved my organization from facing a wrongful death claim. It is such a privilege now to do that for the healthcare organizations and professionals we serve. It’s the most talked about service we offer and it has an enormous impact on our partners’ retention rates.
OmniSure works across healthcare, senior care, and human services. Which sector do you see as most exposed right now to combined cyber and clinical risk and why?
Hospitals and health systems are the most at risk simply because they rely on electronic health records (EHRs), connected medical devices and online communication to provide safe and efficient care.
Hardware failures, cyberattacks or natural disasters can impact millions of patients and employees, opening the organization up to large claims on multiple fronts.
Hospitals need to put policies and protocols in effect that deal with digital downtimes to ensure that if systems fail patients are protected.
Delayed test results, communication breakdowns and inaccessible medical records can lead to serious consequences.
HIPAA rules and regulatory agencies such as the Centers for Medicare & Medicaid Services mandate institutions create contingency plans that safeguard care during outages.
In 2021, Insurance Business America presented you with an Elite Woman award. What strategic shifts have you made since then, especially in the face of evolving threats in healthcare?
Receiving that award was such an honor. OmniSure has always been so progressive and I think the judges recognized me because I am the founder.
We field calls and meet needs from the beginning when the threats are starting to ripple, sounding the alarm before the big tidal wave. We’ve done that with the opioid epidemic, sexual abuse, virtual care, staffing shortages and scope of practice issues as well as the growing mental health crisis.
With each of those evolving trends, new threats surfaced and we started addressing them head on with risk advisories, tips, tools, checklists and more.
Right now we are seeing a whole lot of confusion around executive orders, changing state laws, and quite sadly pediatric care issues, especially mental health. As issues surface, we provide risk guidance to the insureds directly impacted and more broadly across other health systems that may be affected. Equally important, we also alert and educate underwriters at the companies we are partnered with, so they are able to navigate evolving threats with more insight.
You frequently speak at industry venues like Crittenden and ASHRM. What emerging legal or regulatory trends intersecting med‑mal liability are drawing the most questions from your audiences?
Currently some of the big questions are where do we put our trust and who sets the standard of care?
Other big concerns are around the legality of executive orders. Do we rely on the current governmental agencies and any politically issued statements or do we look to the medical authorities and who are the medical authorities?
We used to look for guidance from agencies like the National Institutes of Health, Centers for Disease Control and Prevention, the Food and Drug Administration, the Centers for Medicare & Medicaid Services and trust the American Medical Association, the American Academy of Pediatrics and all the other organizations representing medical specialties.
But now the waters are muddier. So who decides whether to vaccinate, what happens during an outbreak, etc.?
Then there’s the issue of abortions. Do we allow a patient from a restrictive state to terminate a pregnancy at a clinic across state lines or with medications by mail? If so, how do medical malpractice carriers insure for that?
Underwriters, claims attorneys, and insureds are all coming to us with those and other questions, looking for guidance about how to navigate the risk created by the unprecedented chaos we are seeing.
Fortunately, it’s not always as threatening. Sometimes regulatory changes seem like they are going to have a huge impact but they don’t. For example, the FDA allowed compounded versions of GLP-1 drugs when there was a shortage. It seemed like every clinic, med spa, telehealth company and potential prescriber hopped on the weight loss train, creating questions about risks and whether to insure them.
After the supply stabilized and FDA-approved medications were no longer on the shortage list, everyone wondered what would happen to all the compounding pharmacies, telehealth prescribers and med spas we insure? Would they go out of business? Well, no one is exiting the weight loss business as far as we can tell. They are just coming up with new formulations.
Given the surge in connected devices and cloud use, what do you think will happen in the future with med-mal claims involving breaches tied to device failures or third-party cloud disruptions?
That’s a great question and it’s complicated. We could have an entire conversation on that question. There was a great example given by a speaker at one of the Crittenden Medical conferences a couple of years ago. In that scenario, a patient was recently diagnosed with diabetes. She had a wearable device that continuously monitored her blood glucose levels and sent alerts to her phone and her physician’s office when her blood glucose was becoming dangerously low.
She was driving while this was happening by the way, so her phone was safely tucked away.
Let’s assume that some type of glitch creates a disconnect between the device and monitoring system through no fault of the patient.
When these devices malfunction—whether by design defect, software bug or cyberattack—they can compromise patient safety, leading to adverse health outcomes, and triggering associated product liability or medical malpractice lawsuits if negligence or a lack of regulatory compliance is found on the part of the manufacturer or the provider.
We should expect the complexity and frequency of these claims to grow as device interconnectivity expands. And the lines between product liability, user negligence, and medical malpractice are going to get very blurry.
While compromised data and identity theft are at the top of the list of concerns, I also see loss of access to critical services leading to delays, substandard care, and patient harm as a big issue. In the earlier scenario earlier, the patient’s low glucose could also lead to an auto accident in which others are injured so the risk is substantial.
My advice is for entities to focus on whatever they can do to build in checks and balances for continuity of care, similar to the Digital Downtime Playbook one would expect a hospital or health system to implement.
