OllaSuper
Home / Experts / Insurance Agent
Operations · Expert

Insurance Agent

Policy review, claims analysis, benefits comparison, COBRA admin — US health, P&C, business insurance navigation.

Starter prompts

4 ways to start with Insurance.

Click any → opens in app with prompt pre-loaded
Health renewal
Open-enrollment communication
▸ Preview prompt
Draft an open-enrollment email to a 200-person workforce. We're keeping our medical (PPO/HDHP) carrier but the premium is up 14% and the deductible on the HDHP is up $500. Walk employees through the changes, the math, why we're keeping the carrier, and how to decide HMO vs PPO vs HDHP given their family situation.
Cyber-liability
Quote review, $20M ARR SaaS
▸ Preview prompt
Review this cyber-liability policy quote for a $20M ARR SaaS. Coverage: $5M limit, $50K retention. Look at: sub-limits (ransom, BI, regulatory defense), exclusions (war, prior acts, social engineering), claims-made vs occurrence, retroactive date. Flag the 5 things that would limit coverage in a real breach.
COBRA election
Departed employee, election period
▸ Preview prompt
An employee was terminated last week. Draft the COBRA election notice that must go out within 14 days. Include: continuation period (18 vs 36 months by qualifying event), premium amount, election deadline, how to elect, what plans continue, dependents' rights. Match HHS Model Notice format.
Claim appeal
Denied medical claim
▸ Preview prompt
An employee's $40K surgery claim was denied as 'not medically necessary.' Draft the appeal letter. Cover: medical necessity citing AMA / specialty-society guidelines, prior auth issues, plan-language interpretation, ERISA timing rights, and a request for the case manager's contact for follow-up. Cite the plan SPD language.
What it does

Tasks Insurance ships every week.

Health benefits
  • Plan comparisons (HMO/PPO/HDHP)
  • COBRA notices + admin
  • ACA reporting (1094/1095)
  • FSA / HSA plan design
Business insurance
  • Cyber-liability policy review
  • D&O coverage memos
  • E&O / professional liability
  • Workers' comp class-code audits
Claims + appeals
  • Denied-claim appeals (medical)
  • Subrogation memos
  • Coverage-dispute letters
  • First-notice-of-loss drafts
Worked sample

A real Insurance chat.

No edits · no cherry-picks
You
Review this cyber-liability quote: $5M limit, $50K retention, claims-made, retroactive date matches policy inception. We're a $20M ARR SaaS handling US PHI.
In

Cyber-liability quote review — $5M / $50K — for a $20M ARR PHI-handling SaaS

Overall: limit is light, structure is okay, 5 specific exclusions need attention.

Limit sufficiency: light

For a SaaS handling PHI at your revenue scale, $5M limit is on the low end of the defensible range. Industry benchmark for healthtech at $20M ARR is $10-25M, depending on number of PHI records you hold. The math:

  • A typical PHI breach costs $400-700 per record (IBM/Ponemon benchmarks)
  • Notification + credit monitoring + legal: $50-100K minimum, regardless of breach size
  • HHS OCR fines: tiered ($141 to $71K per record, max $2.13M/year/category)
  • Regulatory defense (state AGs, FTC, OCR): $250K-$1M typical
  • Class-action settlement: increasingly common for PHI; $1-10M range

Recommendation: push for $10M limit at the same retention if budget allows. If $5M is the cap, you're betting nothing major happens. Acceptable bet if your record count is <50K; risky above that.

Retention ($50K) — appropriate

Matches your size. Bigger retention would lower the premium but $50K is well within your loss-absorption capacity.

Five exclusions that would limit coverage in a real breach

1. Prior acts exclusion ("retroactive date")

You said the retroactive date matches policy inception. This is the single most dangerous structure for a SaaS. It means any incident with origin before the policy starts is excluded — including the unauthorized access that occurred 14 months ago and is discovered in month 3 of the policy. Common in industry. Push back: ask for a 2-year retroactive date, or 'full prior acts coverage' with a sub-limit. If the carrier won't budge, you must — must — disclose any known incident before binding.

2. Acts of war / nation-state attribution

Most cyber policies now exclude 'cyber acts attributed to a nation-state by competent authority.' Post-NotPetya, this is being aggressively litigated. If the FBI publicly attributes your breach to a Chinese or Russian APT, the carrier may invoke this. Push for affirmative coverage of nation-state acts when attribution is contested, or a sublimit on the war exclusion (some markets are doing $1-2M carve-outs).

3. Social engineering / fraudulent funds transfer

Most cyber policies sub-limit social engineering to $250K or exclude it entirely. If your CFO is phished into a wire transfer or your customer support team is duped into resetting a customer's auth, that's social engineering. Push for $1M+ sub-limit. Some carriers offer it as a separate crime endorsement.

4. Bring-your-own-device / unsecured endpoint

Check if there's language excluding losses 'caused by use of unsecured personal devices.' This can become the carrier's escape if your incident traces to an employee's home laptop. Push for the exclusion to be limited to 'gross negligence' rather than 'any use.'

5. Regulatory defense sub-limit

Many policies sub-limit regulatory defense + fines to $1-2M, even within the overall $5M limit. For a HIPAA-regulated company, this is the most likely loss bucket. Ask: 'What's the sub-limit on regulatory defense and fines, including HHS OCR proceedings?' If it's under $3M, push harder.

What's missing from the quote you should ask about

  • Notification expense sub-limit — should be at least $1M
  • PCI fines and assessments (if you handle card data through Stripe or otherwise)
  • Reputational harm / PR costs — often a separate sub-limit
  • BI (business interruption) waiting period — should be ≤8 hours
  • Ransom coverage — including extortion that does NOT involve encryption (data theft + ransom)

Bottom line

The quote isn't bad — it's normal for a small SaaS quote. But for your record-count and regulatory exposure, you need to push for: (a) higher limit ($10M), (b) 2-year retroactive date, (c) social-engineering sub-limit, (d) regulatory defense $3M+ sub-limit, (e) clarification on nation-state exclusion. Reply asking for those 5 changes specifically; broker should be able to deliver 3 of 5 from the same carrier or shop to a different market.

Want me to draft the email back to the broker, or build a side-by-side comparison if you have a competing quote?

grounded in your files + site · memory on · 200M proxies + 4,000 tools
Pairs well with

Insurance works best alongside these 3.

Legal & Compliance Expert NDAs, NOCs, contracts, compliance notices — drafted to be signed, not negotiated for weeks. Finance Expert Invoices, payment reminders, vendor onboarding, GST notices, budget asks — politely firm. Operations Expert SOPs, vendor mgmt, procurement, RFPs, change management — the office's quiet engine.
Put Insurance on your team.
Plus 18 other experts. One subscription. No setup.
Start free →