Policy Forum
Dec 2019

How Should Gene Editing Be Managed by Risk Managers?

David Sine, D.Bioethics
AMA J Ethics. 2019;21(12):E1059-1064. doi: 10.1001/amajethics.2019.1059.


Gene editing, because it is a new technology, presents challenges to health care organizations’ risk managers. At this time, little claims data exists upon which to make informed decisions about loss control and to draw upon when developing risk mitigation strategies. This article explores gene editing through the eyes of risk managers and underwriters and concludes that traditional risk management tools must be used to reduce risk until more is known about the frequency and severity of claims.

Gene Editing and Insurance

Gene editing presents challenges to health care risk managers. Because it is a new technology, a relatively small number of insurance claims is available upon which informed decisions can be made about effective loss control and risk mitigation strategies. This article considers risks of gene editing as viewed by health care organization risk managers and insurance underwriters and concludes that traditional risk management tools must be used to reduce risks to organizations and practitioners offering this new technology until more is known about the frequency and severity of claims.

Evaluating Risk

Risk managers. Risk managers evaluate and respond to risks by considering the likelihood of an event and the severity of that event if it should occur. This approach—that risk equals a calculation based on likelihood and severity—stretches back to the very beginnings of the risk profession, as merchants formed alliances to protect their interests in ships returning from the New World. Those first efforts considered type of cargo, time of year, and the competencies of captains and crews. If a vessel failed to return, the others in the alliance would “insure” their unfortunate partner by keeping him solvent, which meets the basic definition of insurance since it transfers some risk from one merchant to another.1 Some readers will be familiar with this story and know that some of these agreements were made in a 1686 coffeehouse in London, known as Lloyd’s. It took some time, but a particularly American variant of insurance eventually emerged in 1864 to insure passengers. (The first known “travelers” insurance agreement is said to have occurred in Hartford, Connecticut.2) The coffeehouse is gone, but Lloyd’s of London remains as an insurance market in a building on Lime Street.3,4,5

Underwriters. Underwriters, the close partners of risk managers, use risk information and actuarial tables to express risk and set insurance rates. Actuaries and underwriters rely on prior claims data to estimate, with great precision, the likelihood and severity of possible events. However, such foresight typically does not entail specific predictions. (A singular exception is life insurance, in which death is certain but not when it will occur.) Rather, it allows an underwriter to anticipate a range of alternative event sequences. For example, if a 2004 Volvo station wagon driven in Vermont by a teenager needs to be insured, it is an underwriter who sets an insurance rate—based on a range of possible outcomes and a history of claims made by similar drivers of similar vehicles—and determines the insurance premium this new driver’s parents will pay. With no claims history to illuminate either frequency or severity of possible outcomes, a worst-case scenario must be imagined and insurance rates set accordingly. A worst-case scenario is referred to as a total foreseeable loss, one for which a conservative risk manager would “plan for the worst and hope for the best.”

Managing Risk Means Limiting Exposures

Broadly speaking, risk managers have 4 main ways to limit risk exposures to their organizations.

  1. A risk can be eliminated by simply not taking it. One example would be not to allow a teenager drive.
  2. A risk can be transferred or outsourced. A transfer can take the form of shifting financial responsibility—or part of it—to a third party. The financial risk of a teenage driver, for example, is partly transferred to an insurer. Transfer of financial risk can also entail transferring an act or service to a third party through outsourcing. An example of financial risk transfer to a third party in health care is when a health care organization employs an outside organization to staff and operate a dialysis unit to provide dialysis services to patients (though some suggest that this kind of service-provision transfer creates an ostensible agency relationship between organizations, resulting in no real financial risk transfer at all).
  3. A risk can be mitigated. A teenage driver’s financial risk to parents, for example, can be reduced by setting parameters, such as prohibiting driving at night or prohibiting cell phone use while driving.
  4. A risk can be accepted and additional actions possibly pursued. For example, a teenager can be allowed to drive one car with known safety features, such as high-quality tires and functioning taillights.

These approaches to risk management are not exhaustive and are almost always used in combination. How do these approaches apply to gene editing?

Overall, known and unknown risks of somatic gene editing can be conceptualized in much the same way as some risks of other procedures.

Foreseeable Risk

Estimation of what’s called foreseeable risk depends on any number of variables. In gene editing, one feature of foreseeable risk is whether somatic or germline mutations are edited. Unlike somatic editing, in which effects are limited to a single patient, germline editing poses risks both to the individual into whom modified genetic material is introduced and to that individual’s progeny.6 While risks to both are yet to be fully appreciated, since only somatic therapies are currently undergoing clinical trials, somatic gene editing might be considered less troubling than germline editing—at least from an ethics and risk management standpoint— because the absence of heritability risk means an organization’s risk exposure is presumably less for somatic than for germline gene editing. That said, gene editing processes are not always precise, and off-target changes can occur.7

Overall, the known and unknown risks of somatic gene editing can be conceptualized in much the same way as some risks of other procedures, the effects of which are limited to a single patient. For example, in 1999 an 18-year-old man with an inherited liver disease died during a novel gene technology trial—a clinical gene “therapy” trial in which the patient-subject was injected with a gene-carrying virus. In this case, it was the viral vector carrying the gene, not a gene or gene modification, that caused the patient-subject’s death.8 Worthy of consideration here is that most gene editing protocols occur ex vivo, outside a patient-subject’s body; the modified DNA sequence is then inserted at the cleavage site. This means that a gene editing patient-subject would presumably be exposed to more risk than the patient-subject in the gene therapy trial because modified genes, not just modified cells, are reembodied. When somatic or germline editing become widely available, it will be paramount to document that a patient-subject was informed of the risks and benefits of a gene editing procedure and its alternatives.

Approaching Risk for Gene Editing

The 4 approaches to risk management introduced earlier might be applied to gene editing by health care organization risk managers in some of the following ways.

  1. A risk can be eliminated by simply not taking it. Avoiding risk is certainly a possibility for a health care organization or a practitioner, who could say, “We don’t do that.” Avoidance is perhaps attractive as a risk management approach to germline gene editing, in particular, but it also has appeal as an approach to somatic gene editing’s unknown, unforeseen, unknowable, or unforeseeable risks. Avoidance could be seen as the intent of the German Ethics Council, which calls for a temporary global moratorium on all germline editing.9 But if the goal is to provide care and comfort for a patient, avoidance might not be ethically acceptable, as gene editing seems to have therapeutic promise. Research continues, and while not offering gene editing therapies might be a short-term risk management solution, over the long-term, the availability of therapeutic options, which evolve over time, will demand that health care organization risk managers revisit gene editing’s risks, particularly those that become known or foreseeable.
  2. A risk can be transferred or outsourced. Transferring or outsourcing gene editing risk could be a reasonable approach if gene editing service referrals could be offered, for example. A health care organization risk manager would need to ensure that any relationship with a third-party provider of gene editing services would not create the impression that the third-party acts as an agent of the risk manager’s health care organization.
  3. A risk can be mitigated. For gene editing, a risk can be mitigated in 2 ways: (a) through an informed consent process in which risks and benefits of gene editing and alternatives to gene editing are explained to a patient and (b) through a strong credentialing process.10 The third approach, used in combination with the second approach in which gene editing risks are transferred to a third party through outsourcing, could mitigate residual risks through hold harmless agreements or third party indemnification, which reduce or remove financial risk exposures by third parties agreeing not to sue or agreeing to pay damages if a suit is brought by a patient.
  4. A risk can be accepted and additional actions possibly pursued. Simply accepting risks of gene editing, at least at this point is time, is probably best regarded as unwise, since neither current risks to a patient-subject, in the case of somatic gene editing, nor risks to a patient-subject’s progeny, in the case of germline editing, are known. Risks that are impossible to quantify are not impossible to insure, but they would very likely be very expensive to insure. Germline editing, for example, as noted by the German Ethics Council, is not “in principle, ethically reprehensible,”10 but because it faces “numerous major [technical and financial] obstacles … the risks would have to be reduced to an acceptable level” before being used for reproduction.10

Long Tails and New Worlds

For a health care organization risk manager, how a health care organization or individual practitioners should insure against a tort claim for a technology with unknown, unforeseen risks is simply not clear.11 There is no current plan in place to insure against descendants of a germline gene-edited person12 suing an organization or clinician, and there is not enough data about or experience with gene editing to imagine—much less know or foresee—claims risks that future complications could pose.13 Claims that can foreseeably be made 10, 20, 40, or more years after an original insurance policy has been written are known to risk managers and underwriters as long-tail future claims. These are nightmares for risk managers and underwriters, as the nature of future liability for these claims is not (and possibly cannot be) fully understood at the time a policy is written. Both somatic and germline gene editing can generate long-tailed future claim risks, which a health care organization risk manager is obliged to consider and protect against. So, for now, risk managers in organizations in which gene editing happens or will happen should base their recommendations on the 2017 report of the National Academy of Sciences14 and advise that human subjects research or gene editing services be limited to the goals of curing and preventing serious diseases, and they might have to advise organizations to self-insure—to band together to share risk—as the merchants at Edward Lloyd’s Coffee House did to protect each other from unknowns facing ships bound for a newer world.


  1. Travelers Insurance Company. Travelers history. https://www.travelers.com/about-travelers/travelers-history. Accessed September 9, 2019.

  2. Vaughan EJ, Vaughan TM. Essentials of Risk Management and Insurance. 2nd ed. London, UK: Wiley; 2002.

  3. American Society of Healthcare Risk Management. Health Care Risk Management Fundamentals. Chicago, IL: American Hospital Association; 2007.

  4. Insurance Commission. Lloyds of London and the birthing of the American Insurance Regulatory Commission. https://insurancecommission.org/lloyds-of-london/. Accessed July 30, 2019.

  5. Lloyd’s of London website. https://www.lloyds.com/about-lloyds/history/corporate-history. Accessed July 30, 2019.

  6. O’Reilly K. Genome editing and the AMA Code of Medical Ethics. American Medical Association. https://www.ama-assn.org/delivering-care/ethics/genome-editing-and-ama-code-medical-ethics. Published August 4. 2017. Accessed April 5, 2019

  7. Baylis F. Counterpoint: the potential harms of human gene editing using CRISPR-Cas9. Clin Chem. 2018;64(3):489-491.
  8. Stolberg S. The biotech death of Jesse Gelsinger. New York Times Magazine. November 28, 1999. https://www.nytimes.com/1999/11/28/magazine/the-biotech-death-of-jesse-gelsinger.html. Accessed June 11, 2019.

  9. Araki M, Ishii T. Providing appropriate risk information on genome editing for patients. Trends Biotechnol. 2016;34(2):86-90.
  10. German Ethics Council. Intervening in the human germline. https://www.ethikrat.org/fileadmin/Publikationen/Stellungnahmen/englisch/opinion-intervening-in-the-human-germline-summary.pdf. Published May 9, 2019. Accessed October 16, 2019.

  11. Rubeis G, Steger F. Risks and benefits of human germline genome editing: an ethical analysis. Asian Bioeth Rev. 2018;10(2):133-141.
  12. Annas GJ. How did claims of CRISPR babies hijack an international gene-editing summit? Research. November 30, 2018. http://www.bu.edu/research/articles/he-jiankui-gene-edited-babies/. Accessed April 4, 2019.

  13. Addison C, Taylor-Alexander S. Gene editing and germ-line intervention: the need for novel responses to novel technologies. Mol Ther. 2015;23(11):1678-1680.
  14. National Academies of Sciences, Engineering, and Medicine. Human Genome Editing: Science, Ethics, and Governance. Washington, DC: National Academies Press; 2017.


AMA J Ethics. 2019;21(12):E1059-1064.




The author is grateful to risk manager colleagues who shared their perspectives on this set of questions.

Conflict of Interest Disclosure

The author(s) had no conflicts of interest to disclose.

The viewpoints expressed in this article are those of the author(s) and do not necessarily reflect the views and policies of the AMA.