Your regulatory growth consultants

Learn More
Our OfficeSubscribePartnerships
CareersNews & Articles(03) 9084 7427
Portal Login
Aged Care

Aged Care Insurance: Complete Guide to Coverage, Compliance and Risk Protection

March 29, 2026
Andrea
Person holding an insurance policy document on a clipboard representing aged care provider insurance compliance requirements

Aged Care Insurance: A Complete Guide to Coverage, Compliance and Risk Protection

Insurance is not optional in aged care. It is a foundational business requirement, a compliance obligation, and a direct determinant of your organisation’s ability to withstand adverse events. At HCPA, we have guided more than 25 aged care providers through registration, compliance, and operational setup, and inadequate insurance is one of the most common gaps we find during our engagement audits. Our team, led by Team Lead Shayan with 7 years in quality and compliance and 3 years specifically with HCPA, has seen first-hand what happens when providers discover coverage gaps at the worst possible moment.

Our advisors average more than 2 years of dedicated aged care experience, and our 20-step engagement process includes a dedicated insurance and risk review as a standard component. Typical engagements run 6 to 8 months with investment from $6,600 to $17,500. This guide covers every major insurance category relevant to aged care providers: professional indemnity, public liability, management liability, directors and officers, cyber security, and workers compensation. Understanding each category, what it covers, and where the gaps typically emerge is essential reading for any aged care provider or prospective provider.

Why Aged Care Insurance Is Different From General Business Insurance

Aged care is a high-risk, highly regulated industry. The combination of vulnerable residents, complex clinical and personal care obligations, significant regulatory scrutiny, and large operational footprints creates an insurance profile that differs substantially from standard commercial operations. Generic business insurance policies routinely contain exclusions, sub-limits, and definitions that leave aged care providers materially underinsured.

The Aged Care Quality and Safety Commission’s increased enforcement activity since the Royal Commission has elevated both the frequency and severity of claims. Providers face complaints, investigations, civil litigation from residents and families, and potential criminal referrals in cases of serious neglect. Each of these scenarios triggers different insurance responses, and many providers discover their policy architecture does not respond to the actual risk profile they carry.

Aged care-specific insurance programs, offered by brokers with genuine sector expertise, provide policy wordings calibrated to the industry’s actual risk exposures. If your current insurance was purchased through a general commercial broker without aged care specialisation, a policy review is overdue. For context on the broader compliance environment your insurance needs to support, see our guide to aged care compliance obligations.

Professional Indemnity Insurance for Aged Care

Professional indemnity (PI) insurance covers claims arising from a failure in professional services. In an aged care context, this includes claims related to care planning errors, medication management failures, assessment mistakes, and failures to follow clinical protocols. When a resident or family member alleges that a care error caused harm, professional indemnity is the policy that responds.

PI insurance in aged care is typically structured on a “claims made” basis, meaning the policy active at the time of the claim (not the time of the incident) responds. This creates significant risk when providers allow policies to lapse or switch insurers without negotiating run-off coverage. An incident from 18 months ago can generate a claim today, and without a current PI policy or run-off cover, you have no protection.

Minimum Coverage Levels for Aged Care PI

The Aged Care Act does not prescribe specific minimum PI coverage amounts, but the Department of Health expects providers to maintain coverage adequate to their operational scale and risk exposure. Smaller residential facilities typically require a minimum of $5 million per claim and $10 million aggregate. Larger multi-site operators or those with significant clinical complexity often require $10 million per claim or more. HCPA recommends all providers obtain a current assessment of their appropriate PI level rather than relying on historical amounts that may not reflect current operational scale.

What PI Insurance Does Not Cover

Standard PI policies typically exclude criminal conduct, intentional harm, and claims arising from activities not within the defined scope of professional services. Some policies also exclude claims relating to sexual misconduct or abuse, which in aged care represents a significant gap given the sector’s elevated safeguarding requirements. Providers should verify their PI policy explicitly addresses or provides options to extend coverage for safeguarding incidents, or hold a separate standalone coverage for this exposure.

Public Liability Insurance: Protecting Against Third-Party Claims

Public liability (PL) insurance covers claims from third parties – residents, visitors, contractors, and members of the public – for bodily injury or property damage occurring on your premises or arising from your operations. In a residential aged care facility, the frequency of potential PL incidents is high. Slips, falls, equipment injuries, vehicle incidents in car parks, and contractor-related injuries all fall within PL’s scope.

Unlike PI, PL insurance typically operates on an “occurrence” basis, meaning the policy active at the time of the incident responds regardless of when the claim is made. This distinction matters for tail risk management and should be understood when reviewing your total insurance architecture.

PL Coverage Amounts and Common Gaps

Aged care providers should carry a minimum of $20 million in public liability coverage. Some state government procurement requirements and funding agreements specify higher minimums. The most common PL gap we see is providers with adequate per-occurrence limits but insufficient aggregate limits for their resident count and site footprint. A facility with 80 residents and a $10 million aggregate limit could exhaust that limit in a single year of moderate claims activity.

Products Liability as a PL Extension

Providers that prepare and supply meals, dispense medications, or supply assistive equipment are exposed to products liability risk. Most PL policies include a products liability extension, but the scope of coverage varies. Providers operating significant food service programs or supplying proprietary assistive products should verify their products liability coverage explicitly.

Management Liability Insurance: Protecting Your Leadership

Management liability (ML) insurance is a composite policy that typically covers several related exposures: directors and officers liability, employment practices liability, statutory liability, and organisational liability. In aged care, this coverage category has become increasingly important as regulatory enforcement has targeted both organisations and individuals within. It is a prerequisite for Regulatory Growth. them.

The Aged Care Royal Commission recommendations and subsequent legislative changes have significantly increased personal exposure for directors and senior leaders of aged care providers. The new Strengthened Aged Care Quality Standards and the provider registration framework create individual accountability obligations that can result in personal liability when governance failures occur.

Directors and Officers (D&O) Coverage

D&O insurance covers the personal liability of directors and officers for decisions made in their organisational capacity. In aged care, this includes regulatory investigations, civil claims from residents or families, and employment-related claims brought by staff. Directors of aged care organisations that receive government funding have heightened exposure, as funding agreement breaches can attract both civil and administrative consequences.

Many aged care boards hold D&O coverage as part of a management liability package without understanding what the policy actually covers and excludes. A policy review that maps your D&O coverage against the specific risk profile of aged care governance is worth undertaking at every renewal. For guidance on the governance requirements that create this exposure, see our resources on aged care registration and governance frameworks.

Employment Practices Liability

Employment practices liability (EPL) covers claims from current, former, or prospective employees alleging unfair dismissal, discrimination, harassment, or workplace bullying. Aged care’s high workforce turnover and staffing pressures create elevated EPL exposure. The industry’s reliance on casualised and agency workforces also introduces complexity around employment relationship definitions that not all standard EPL policies handle well.

Cyber Security Insurance: A Growing Priority

Aged care providers hold extraordinarily sensitive personal and health information about their residents. Electronic medical records, medication management systems, financial data, and personal identifiers create a significant data asset that is increasingly targeted by cybercriminals. The aged care sector has experienced a marked increase in ransomware attacks and data breaches since 2022, with several high-profile incidents disrupting care delivery and triggering mandatory notifiable data breach reports.

Cyber insurance covers first-party costs (your own incident response, system restoration, ransom negotiation, regulatory notification) and third-party costs (claims from residents or third parties whose data was compromised). The distinction matters because many providers assume their existing policies cover cyber incidents when they do not. Property insurance covers physical asset damage, not digital asset compromise. PI insurance covers professional service failures, not data breaches. Without dedicated cyber coverage, a significant incident can create costs with no insurance response.

What to Look for in an Aged Care Cyber Policy

Aged care-specific cyber coverage should include:

  • First-party business interruption cover for system downtime affecting care delivery
  • Ransomware response coverage including ransom negotiation support
  • Mandatory notifiable data breach notification costs under the Privacy Act
  • Third-party liability for resident data compromised in a breach
  • Regulatory investigation cover including Aged Care Commission investigations triggered by a cyber event
  • Social engineering fraud coverage for payment redirection scams

Coverage minimums should reflect your data volume and operational dependency on digital systems. Providers using integrated electronic medication management, clinical documentation, and financial systems with significant resident data holdings should seek coverage of at least $2 million to $5 million. Larger multi-site operators may need substantially more.

Workers Compensation: Mandatory and Complex

Workers compensation is mandatory in every Australian state and territory. In aged care, workers compensation premiums and claims experience represent a significant operational cost that many providers do not actively manage. The sector’s workforce profile, including high rates of manual handling, emotionally demanding work, and shift work, creates a workers compensation risk profile that is consistently above the average for service industries.

Premium management in workers compensation is an area where providers frequently leave money on the table. Most state schemes apply experience-rated premiums that reflect your actual claims history relative to industry expectations. Providers with below-average claims experience who do not actively monitor and challenge their premium calculations routinely pay more than their claims profile justifies. Conversely, providers with deteriorating claims experience who do not implement structured injury management programs see premium escalation that compounds over years.

Injury Management and Return-to-Work Programs

Robust injury management is both a workers compensation cost management strategy and a care quality enabler. Staff who are injured and not returned to work promptly create ongoing premium liability. Staff who are returned to work through well-structured programs recover faster, cost less in long-term claims, and are less likely to leave the organisation. An aged care provider without a documented injury management and return-to-work program is operating without one of the most cost-effective risk management tools available.

Building Your Insurance Program: A Foundational Step in Your Regulatory Growth Journey: A Structured Approach

Assembling the right insurance program for an aged care provider is not simply a matter of purchasing each coverage type in isolation. The policies must work together coherently, with no gaps between them and no unnecessary duplication. Coverage limits must aggregate appropriately across all potential scenarios. Policy conditions and exclusions must be understood and managed.

Annual Insurance Review Checklist

Every aged care provider should complete an annual insurance review covering:

  • Has your operational scale, resident count, or site footprint changed since last renewal
  • Have you added new service types that may not be covered under existing policies
  • Have you reviewed policy exclusions and sub-limits against your current risk profile
  • Are your PI and D&O retroactive dates maintained correctly to avoid gap exposure
  • Has the regulatory environment changed in ways that affect your liability exposure
  • Are your workers compensation premiums accurately reflecting your claims experience
  • Does your cyber coverage reflect your current digital footprint and data holdings

HCPA includes insurance and risk review as a standard component of our 20-step aged care engagement process. We do not replace specialist insurance brokers, but we work alongside your broker to ensure your coverage architecture reflects the specific compliance and operational obligations of approved aged care providers. For a complete picture of what our advisory covers, visit our aged care consulting services page.

Frequently Asked Questions: Aged Care Insurance

Is professional indemnity insurance legally required for aged care providers?

The Aged Care Act does not specify mandatory PI coverage amounts, but the Department of Health expects approved providers to hold coverage adequate to their risk exposure. More practically, without PI coverage an aged care provider faces the full financial exposure of any professional negligence claim personally. Given the frequency and severity of claims in the sector, operating without PI insurance is not a viable risk management position.

What is the difference between management liability and directors and officers insurance?

Directors and officers (D&O) insurance is typically one component within a broader management liability (ML) policy. ML policies usually bundle D&O coverage with employment practices liability, statutory liability, and organisational liability into a single package. Some providers purchase standalone D&O policies. The important distinction is that D&O covers individuals in their personal capacity, while entity coverage within an ML policy covers the organisation itself. Both are relevant to aged care governance risk.

Does general business insurance cover aged care cyber risks?

Generally, no. Standard property, PI, and PL policies contain exclusions for cyber events or provide only limited incidental cyber coverage far below what an aged care provider’s risk exposure requires. Purpose-built cyber insurance is necessary to address first-party incident response costs, third-party liability from data breaches, and business interruption arising from system downtime. All aged care providers with electronic health records and digital care management systems should hold dedicated cyber coverage.

How much public liability insurance does an aged care provider need?

A minimum of $20 million is generally appropriate for residential aged care providers, though larger facilities, multi-site operators, or those with government contract requirements may need higher limits. The aggregate limit is as important as the per-occurrence limit. Ensure your aggregate is sufficient to cover multiple claims in a single policy year, not just a single event.

What should I do if I discover a gap in my current insurance coverage?

First, assess whether the gap represents an immediate active risk or a potential future exposure. Contact your insurance broker immediately to understand options for endorsements, policy extensions, or supplementary coverage. If the broker cannot address the gap, seek a second opinion from a broker with specific aged care sector experience. Document the gap, the date you identified it, and the steps you took to address it. This documentation is important if a claim arises during the period of identified coverage gap.

Can HCPA help with our insurance review?

Yes. While HCPA is not an insurance broker and does not place insurance contracts, our 20-step engagement process includes an insurance and risk coverage review that assesses your current insurance architecture against your regulatory obligations, operational profile, and risk exposures. We identify gaps, flag potential compliance issues, and work alongside your specialist broker to ensure your coverage is fit for purpose. Contact us to discuss your current insurance situation as part of a broader aged care compliance and risk review.

Get Your Aged Care Insurance Review Started

The cost of discovering an insurance gap at claim time is always vastly higher than the cost of finding and fixing it proactively. HCPA’s experienced team combines regulatory depth with practical operational knowledge to identify the coverage misalignments that generic insurance reviews miss.

Our 20-step engagement process gives you a complete picture of your risk and compliance position — setting the stage for Regulatory Growth at every stage of your aged care journey — not just a checklist of policies to purchase. Engagements run 6 to 8 months with investment from $6,600 to $17,500. We work with providers at every stage, from pre-registration applicants building their first insurance program through to established operators conducting strategic coverage reviews.

Contact HCPA today to begin your aged care insurance and risk review. Our team is ready to help you build coverage that protects your organisation, your leaders, your staff, and the residents you care for.

Related HCPA’s News

Uncategorized

Aged Care Pricing Strategy: How to Set Fees That Are Competitive, Compliant, and Profitable

Aged Care Pricing: Master RADs, DAPs and Revenue Strategy in 2026 Getting...

March 29, 2026
NDIS

NDIS Registration Groups Explained: Which Do You Need?

NDIS Registration Groups Explained: Core, Specialist and SDA Choosing the wrong NDIS...

March 29, 2026
NDIS

NDIS Registration Requirements: Eligibility & Criteria 2026

NDIS Registration Requirements: Complete 2026 Checklist Meeting these requirements is the first...

March 29, 2026
Read All Articles

Subscribe to HCPA’s Newsletter and stay updated

Get Exclusive Updates On HCPA’s Events, Services And Career Opportunities!

Subscription Form
A smiling person wearing a checkered shirt.Woman smiling over her shoulder with a blurred natural background.A man in a hat looking to the side with a forested mountain landscape in the background.Two women smiling outdoors.A young man smiling at the camera.

10,500+ Businesses are growing faster