Sources of Liability in Telemedicine
Telehealth can introduce new types of risk for your medical practice. Know what to look for so that you can take steps to reduce your liability.
In some ways, telemedicine may seem like it’s less risky than providing in-person medical care. Patients click through an onslaught of waivers before they’re able to “see” you, all of which warn them that telemedicine is no substitute for in-person care. Is that sufficient to protect you?
Unfortunately, there are many ways that telemedicine can create additional and new sources of risk or liability.
The Health Insurance Portability and Accountability Act (HIPAA) does much more than protect the privacy of records. It also sets forth the minimum security standards for patient data.
Telemedicine generates substantially more data, often in the form of video, photos, emails — even virtually rendered diagnostic testing! Practices must update their HIPAA policies and perform a risk assessment each time a privacy-impacting event occurs (and no less often than once per year). In short, you must revise your practice’s written HIPAA policies and procedures when you expand the scope of telemedicine services offered by the practice.
In compliance with HIPAA, it’s also essential that you:
- Have business associate agreements (BAAs) with the telemedicine company and any others assisting in this process
- Only conduct telemedicine visits on secure networks
- become familiar with the FCC and FTC requirements and standards for mobile privacy and the transmission of health information. This knowledge is valuable when choosing a mobile carrier or device.
Providers must be technologically proficient in order to offer telemedicine. We all experience moments of frustration with our computers and other devices. In a patient encounter, however, these technological hiccups invite risk. For instance, problems could arise from:
- not using the most appropriate/up-to-date telehealth technologies or programs
- lacking proficiency with the technology, which can hinder the connection and communication between the patient and you during the encounter
- being unable to manipulate technologies integral to patient’s care (e.g., not taking full advantage of clinical benefits offered by a remote patient heart rate monitoring device that integrates with telemedicine platform)
Also, keep in mind that a provider who routinely relies on others to help get visits off the ground might be creating grounds for HIPAA violations. Under HIPAA’s minimum necessary standard, providers should share patient data only with those who need to access it. Say, for example, that a provider’s technological incompetence requires that a nurse or admin connect each visit and wait until the patient is online to hand off the screen to the provider. Is that sufficient to make that additional person’s access to the patient’s info necessary?
State Corporate Practice of Medicine Doctrines
Unlicensed persons or entities (such as a telemedicine company!) cannot employ doctors. This would constitute the corporate practice of medicine. In many states, only licensed persons and authorized companies owned by licensed persons can practice medicine. This restriction is known as a corporate practice of medicine doctrine (CPOM). CPOM varies by state, with some states having strict guidelines and some having no CPOM doctrine whatsoever.
Some telemedicine companies base their startup plans — and their plans for how they’ll become profitable — on the presumption that they can hire doctors to render telemedicine through their platform. However, the flow of money through the telemedicine company must comply with each state’s corporate practice of medicine doctrine. Thus, the model must be evaluated against every state’s specific CPOM laws, some of which are statutory while others are only common law, or court-made, doctrines).
It’s no surprise that the owner of a telemedicine company that violates a state CPOM doctrine may be disciplined or even arrested for the unlicensed practice of medicine. But the licensed provider is on the hook, too. A physician employed by a telemedicine company in violation of CPOM may face discipline for aiding and abetting the unlicensed practice of medicine.
Standards of Care
There’s no denying that the convenience of telemedicine appeals to many healthcare professionals and patients. However, failing to see a patient in person when it’s medically appropriate may constitute medical malpractice.
Telemedicine isn’t for every situation. Providers are still held to the same standards of care. If they cannot effectively evaluate, diagnose, or treat a patient via telemedicine, they must communicate that to the patient and insist upon an in-person visit. If the patient refuses, the provider should communicate the recommendation in writing and follow up with the patient if clinically feasible.
Telemedicine has unique risks and benefits. Therefore, if you practice via telehealth, you should modify your informed consent discussion accordingly. You should also provide modified intake forms to patients to collect the information and provide notice of the information most pertinent to those being seen via telehealth. For instance, patients should understand the unique privacy issues that might arise as well as the provider’s telehealth visit payment policies.
How to Reduce Liability in Telemedicine
An experienced healthcare attorney can help you negotiate many of these thorny liability issues and reduce your risk. First, they can develop compliant documents with telehealth in mind, including intake forms, HIPAA policies, and Business Associate Agreements. Second, they can review your liability insurance to make sure that it actually covers what the agents think (and tells you) that it does.
If your practice operates in a state where we practice, we can support your telehealth compliance needs. Schedule a free consultation with one of our healthcare lawyers to determine if we’re a good fit.
This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader. It should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.