The American Society for Health Care Risk Management (ASHRM) celebrates Health Care Risk Management Week during the week of June 17-21, a time dedicated to demonstrating appreciation for the work that risk management and patient safety professionals do to ensure that patients receive safe and trusted health care. We thought this was a good opportunity to turn our attention to patient safety and risk management with regard to telemedicine in health care, an industry that is expected to surpass $36 billion by 2025.
Telemedicine allows health care professionals to evaluate, diagnose and treat patients using telecommunications technology. Telemedicine technology is frequently used for follow-up visits, management of chronic conditions, medication management, specialist consultation and a host of other clinical services that can be provided remotely via secure video conferencing, chatbots, virtual assistants, and messaging platforms, the Internet, store-and-forward imaging, streaming media and terrestrial and wireless communications, and wearables.
Traditionally used to treat patients in remote places at their homes, telemedicine is now used in many different healthcare settings, including convenient care facilities, nursing homes, assisted living facilities, hospitals and clinics, medical laboratories and doctors’ offices.
The benefits of telemedicine for patients, according to proponents, include: more accessible care, more convenient care, more affordable care, and increased access to specialists, among others. For health care providers, the benefits include increased revenue, improved office efficiency, better patient follow through and improved health outcomes, and fewer missed appointments and cancellations, among others.
There are also risks for providers of telemedicine that could jeopardize patient safety, which is why a sound risk management program is so critical. These risks include professional licensure portability, credentialing, privacy, security, patient confidentiality, diagnostic errors, etc. Let’s take a look at some of these risks.
- Professional Licensure Portability. The regulatory landscape for practicing telemedicine across state lines is challenging, as the laws governing the provision of telemedicine services vary widely state-to-state. Healthcare providers are generally required to be licensed in the state in which the patient is receiving services. Some states offer a special license for the provision of certain types of telemedicine services, while other states allow for limited consultations by out-of-state practitioners without licensure. It is the responsibility of the practitioner to know (and adhere) to the applicable rules.
- Security. Whether patient/client data is sent by satellite, through the Internet or over a virtual private network (VPN), the following security measures, among others, should be established and implemented: authentication procedures such as log-in passwords; patient/client identification enabling cross-referencing of patient identifiers either from multiple domains or from a central patient information server; data control to ensure that patient information is stored and transmitted in a confidential manner; data tracking offering an audit trail of all exchanges involving medical information; and protected access systems to safeguard telemedicine applications on wireless networks.
- Patient Confidentiality. When transmitting electronic data, privacy is a paramount concern. Unauthorized network access, hardware tampering and interception of data may violate privacy requirements imposed under HIPAA, as well as other governing federal and state laws and regulations. The following protocols should be implemented:
- Obtain written permission from the patient/client before transmitting any protected health information.
- Require all staff involved in telemedicine to execute confidentiality agreements, including contract and vendor personnel.
- Allow only designated professionals to disclose health related information, such as the telepresenter and consulting and referring practitioners.
- Mandate HIPAA training for staff and providers, covering such topics as information security, common sources of breaches and consequences of protocol noncompliance.
- Transmit patient/client data on an as-needed basis and monitor staff for inappropriate access to protected health information.
- Diagnostic Errors. Misdiagnosis and errors can occur resulting in the patient not receiving the proper treatment or even receiving the wrong treatment. It’s essential to survey patients before launching telemedicine services, and asking which devices they would be most comfortable using when accessing the provider’s telemedicine services. It’s equally important to train staff on using telemedicine equipment, so they also can help patients who require assistance. Additionally, standardized clinical protocols should be implemented to ensure that test results are delivered in a timely, accurate and confidential manner. If an incident occurs, providers should be instructed to document occurrences and forward reports promptly to the appropriate individuals. A thorough, timely review of events helps foster a culture of accountability and continuous improvement in patient safety.
While telemedicine is bringing a paradigm shift to health care delivery with more providers using its services to diagnose and treat patients, it’s critical that the liability risks involved are well understood. Not only are robust risk management protocols needed, but it’s also equally important to examine the insurance policies required to address the exposures involved. Professional Liability (Medical Malpractice) insurance may or may not address exposures brought about by telemedicine technology. Cyber Liability insurance is also an area that needs close scrutiny to ensure coverage will respond and under any necessary circumstances. Additional policies may be required, such as an E-Health or virtual policy, which is relatively new and is addressing the ever-changing ways of how technology is intersecting with health care. Also important is looking at placing all necessary policies with the same carrier to avoid potential conflicts if there’s a liability claim that implicates both the provider who made the error and the technology that helped facilitate it.
RPS is available to assist you with securing the appropriate insurance coverages for your health care clients. Just give us a call.