Closing the Gaps in Healthcare Risk: Where 831(b) Plans Fit

Dustin Carlson

Updated on June 7, 2026
Healthcare Management
The Impact of New Healthcare Policies on Risk Management in Health Systems

Healthcare practices operate in one of the most complex risk environments of any industry. From patient data security and regulatory compliance to staffing shortages and supply chain disruptions, the list of exposures continues to grow. At the same time, traditional insurance, while essential, is covering less than many providers assume.

Premiums are rising. Deductibles are higher. And more importantly, exclusions are expanding in ways that leave practices exposed at exactly the wrong moment. For physicians, clinic owners, and healthcare administrators, the question is no longer whether they have insurance. It’s whether their risk strategy holds up when something goes wrong.

Where Traditional Coverage Falls Short

Most healthcare organizations carry a core set of policies: malpractice, general liability, property, cyber, and business interruption. These are critical. But in practice, they often leave meaningful gaps.

Cyber coverage is a clear example. Policies frequently include sub-limits for ransomware, exclude certain social-engineering losses, exclude acts committed by state-sponsored actors, or impose strict conditions on payouts. You need a breach or cyberattack to go nearly perfect to collect on a claim, given the number of exclusions. Even when coverage applies, downtime, reputational damage, and patient attrition can create losses that far exceed what the policy reimburses.

Regulatory risk is another blind spot. Fines, penalties, and costs tied to HIPAA violations or billing disputes are often partially covered, or not covered at all, depending on the policy language.

Operational disruptions are equally challenging. A temporary closure due to a localized event, a vendor failure, or even a staffing crisis may not trigger business interruption coverage, especially if there is no direct physical damage. Yet the financial impact can be immediate and significant.

The Change Healthcare cyberattack was the defining financial loss event hanging over the healthcare sector in 2025. The attack disrupted claims processing nationwide and affected roughly 192.7 million people. Thousands of providers experienced severe cash-flow disruptions because claims could not be processed.

Many practices discovered their cyber policies did not adequately cover:

  • prolonged business interruption,
  • vendor/supply-chain cyber failures,
  • delayed claims processing,
  • reputational harm,
  • or liquidity crises caused by payment outages.

For many smaller practices and regional systems, this exposed a major blind spot: they had cyber insurance, but not enough coverage for cascading operational losses.

Layer on rising deductibles across property and liability lines, and many practices are effectively self-insuring more risk than they realize, without a formal structure or funding strategy in place.

A Structured Approach to Retained Risk

This is where an 831(b) Plan can provide meaningful value.

An 831(b) Plan is a tax-deferred risk management structure that allows qualifying businesses to set aside funds to cover defined risks that are difficult, inefficient, or impossible to insure in the traditional market. Rather than leaving those exposures to be absorbed out of operating cash, the practice allocates capital into a dedicated vehicle designed to respond when those risks materialize.

For healthcare providers, this creates a disciplined way to address the gap between what is insured and what is retained.

Healthcare-Specific Risks an 831(b) Plan Can Address

While each plan must be tailored to the organization’s actual exposures, there are several categories of risk that healthcare practices commonly struggle to cover through traditional insurance:

  • Cyber and data breach gaps: Costs associated with system downtime, data restoration, patient notification beyond policy limits, and reputational recovery efforts.
  • Regulatory and billing risks: Certain compliance-related expenses, audit defense costs, and operational disruptions tied to reimbursement challenges.
  • Business interruption without property damage: Revenue loss from vendor outages, utility interruptions, or localized incidents that don’t meet policy triggers.
  • Workforce disruption: Costs tied to sudden staffing shortages, key employee loss, or the need to rapidly secure temporary clinical coverage.
  • Supply chain instability: Financial impact from delays or shortages of critical medical supplies or pharmaceuticals.
  • Reputational harm: Patient attrition and revenue loss following negative publicity or adverse events not fully covered by liability policies.

These are not fringe scenarios. They are everyday risks that can quickly escalate into material financial events.

How an 831(b) Plan Works

At a high level, an 831(b) Plan allows a healthcare practice to create its own risk financing mechanism. The practice pays premiums to the plan for carefully defined coverages aligned with its exposures. Those premiums are tax-deductible for the operating entity, and the plan accumulates reserves that can be used to pay claims when covered events occur.

Several elements are essential for the structure to work as intended:

  • Defined, legitimate risks: Coverage must be based on real exposures, supported by underwriting and risk analysis.
  • Actuarial support: Premiums should be determined through credible methodologies to ensure they are reasonable and defensible.
  • Formal governance: Policies, claims procedures, and documentation should reflect the rigor expected in the broader insurance market.
  • Integration with existing coverage: The plan complements traditional insurance, focusing on gaps rather than replacing core policies.

When implemented correctly, the result is a more complete risk strategy, one that aligns financial preparedness with operational reality.

Why It Matters for Healthcare Practices

Healthcare providers face a unique combination of financial pressure and operational sensitivity. Margins are often tight, and disruptions, whether from cyber events, regulatory issues, or staffing challenges, can have immediate consequences for both patient care and revenue.

An 831(b) Plan provides three key advantages in this environment:

  • Liquidity at the point of impact: Instead of relying solely on reimbursements or external financing, the practice has access to dedicated funds to respond quickly.
  • Customization around real-world risks: Coverage can be designed to reflect the specific challenges of the practice, rather than relying entirely on standardized policies.
  • Stronger continuity planning: By formally funding retained risks, the organization is better positioned to maintain operations during disruptions.

A More Resilient Path Forward

The goal is not to replace traditional insurance. It is to recognize its limits and build a more resilient framework around it.

For healthcare practices, that means taking a clear-eyed view of what is, and isn’t, covered, and putting structure around the risks that remain. An 831(b) Plan, when properly designed and governed, offers a practical way to do just that.

In an environment where uncertainty is the norm, the practices that succeed will be those that move beyond assumptions and build strategies grounded in how risk actually shows up.

Dustin Carlson
Dustin Carlson
President at SRA 831(b) Admin |  + posts

Dustin Carlson is President of SRA 831(b) Admin.

Healthcare Business Today is a leading online publication covering the healthcare industry.

email us

founded in

Pittsburgh, PA

© healthcare business today 2026

PRIVACY POLICY DMCA