Managing the risks of telemedicine

November 5, 2019

Five considerations for physician practices

Telemedicine services are expanding rapidly. An American Well survey found that 1 in 5 doctors currently use telemedicine to care for patients, while 61% of those who don’t use telemedicine say it’s likely or very likely they’ll start by 2022. Meanwhile, the Centers for Medicare & Medicaid Services (CMS) and private insurers are expanding coverage. Given this rapid growth, it’s important to look at potential risks associated with telemedicine.

Risk One: Litigation                                                                        

So far, there hasn’t been much litigation related to telemedicine. According to the Center for Connected Health Policy, “Claims of malpractice liability involving telemedicine have been few and most existing cases have been settled out of court with the final settlements sealed.”

This does not mean that litigation is not a risk. Claims have a lag time, and telemedicine is a new trend, so it could just be a matter of time.

When claims arise, they could stem from a variety of issues. Some are similar to what you would see in traditional care, including incorrect diagnosis or incorrect interpretation of an image.

In some cases, the telemedicine system could contribute to existing risks. Miscommunication, for example, could become more of an issue when doctors and patients aren’t meeting face to face.

In other cases, claims could involve the very nature of telemedicine. Some claims might argue that an exam should have been done in person rather than by video. Privacy and security allegations could arise based on the technology used. Power failure could disrupt care, which could result in a claim.  

Risk Two: State Laws and Licensing

In traditional healthcare, it’s reasonable to assume that the patient and the provider are in the same state. With telemedicine, this is not necessarily true. This means that the laws and licensing requirements of multiple states may be relevant.  

In addition to state licensing requirements, providers also need to comply with telemedicine laws. The Interstate Medical Licensure Compact (IMLC) makes it possible for doctors to practice in multiple states, with 29 states, along with the District of Columbia and the territory of Guam, participating in the IMLC at present. According to the Federation of State Medical Boards (FSMB), 14 state boards issue special licenses that let doctors operate across state lines for telemedicine, and four require physicians to register to practice across state lines. State laws also impact whether physician assistants and nurse practitioners can practice telemedicine across state lines.

It’s important to consult with an attorney as state laws vary and continue to evolve regarding telemedicine. For example, Florida just passed new legislation, effective July 1, 2019, that establishes standards of practice for telemedicine providers, authorizes certain providers to use telemedicine to prescribe certain controlled substances, and provides registration requirements for out-of-state telemedicine providers.

Risk Three: Policies and Procedures

A new system requires new strategies. Policies and procedures should address all aspects of providing virtual care. For example, how will patient identification be handled? What constitutes a patient encounter? And, which patients and symptoms are appropriate for a telemedicine visit?

New communication protocols may be needed. For example, how will the telemedicine provider communicate with the patient’s primary care provider or follow up with the patient? Providers must also determine when and how to provide prescriptions, and how billing will be handled.

All of these policies and procedures must be compliant with regulations and subject to a quality monitoring program.

Risk Four: Documentation and Informed Consent

Documentation is always important in healthcare, and this is also true when delivering telemedicine services. Documentation protocol must be followed to the letter and include all pertinent details. It’s important to keep documentation of the encounter including the patient’s response to treatment, any patient instructions, who participated in the encounter and the sites that were linked, mode of service delivery or technology used, any technical difficulties, and all patient-related electronic communications such as lab/test results.

Privacy and security risks must also be considered. Using telemedicine and electronic health records can make providers vulnerable to malware and hacks. Password-protected screensavers, encryption, and other safety measures can help keep information safe, while unsecured devices and systems, such as laptops and email, can result in security weaknesses. Compliance with the HIPAA Security Rule is essential.

Informed consent is another key issue. Patients must be made aware of the risks of telemedicine, how the process works, and who will be in charge of their care. Both the patient and the provider should agree that telemedicine is appropriate and retain the ability to stop treatment at any time.

Risk Five: Contracts

Providers may work with various organizations to provide telemedicine services. These can include the companies that provide the platform or software necessary for the appointments.

When engaging with other telemedicine or equipment providers, it’s important to have solid contracts in place. These contracts will define key terms including who owns the equipment, who owns the data, servicing the equipment, or turnaround times for incoming readings or test transmittals. Some other items to be addressed are compensation, billing, and privacy. If a malpractice claim or payment dispute arises, the details of the contract become essential. For this reason, providers should seek legal advice before entering into a binding agreement.

Judy L. Klein, CPHRM, FASHRM, is manager of the risk management department for Coverys.