Be wary of telehealth’s legal risks

As the world rebounds from the COVID-19 pandemic, many health care providers still are taking advantage of the convenience of telehealth, which has grown substantially since 2020. It’s important to remember that traditional legal considerations and statutes that apply to in-person health care also apply to telehealth services and there are potential legal risks.

Jesse Berg, J.D., M.P.H., a partner in Lathrop GPM’s Health Law practice group, notes it’s clear that regulatory agencies, providers, payers, consumers and market forces generally have all concluded that telehealth’s benefits more than offset whatever costs have historically been perceived to exist. As a result, the US has seen a proliferation of telehealth care delivery models.

“For physicians and other health care providers, this is good news because telehealth tends to offer them a way to tap into new markets and patient populations with relatively low barriers to entry,” he says. “However, this does not mean that telehealth is simple. Providers need to navigate through a vast array of regulatory issues in developing and implementing these arrangements.”

Things to consider

States take very different approaches to physician licensure, and this needs to be researched closely when performing telehealth services. Depending on state law and regulations, physicians may need to be licensed in every state where their patients are located so that any out-of-state patient care provided via telehealth complies with laws related to interstate medical licensure.

“Some states offer limited-purposes licenses that allow physicians in one state to provide services across state lines, while other states allow physicians who are in good standing elsewhere to register with the state medical board and, as long as they maintain compliance with various standards, practice via telehealth,” Berg says.

Many states also require practitioners to obtain informed consent from patients before virtual visits begin. Providers should consult with an attorney about any state-specific informed consent requirements.

Licensure, however, is only the tip of the iceberg. Providers also need to consider fraud and abuse concerns in developing these arrangements, consider whether the appropriate level of supervision will be provided and find out whether payers will reimburse for these services.

“While coverage has expanded among Medicare, Medicaid and commercial payers, there are many inconsistencies in coverage and reimbursement,” Berg says. “Providers also need to be sure that they have the appropriate level of professional liability insurance when delivering care via telehealth. And things get even more complicated where prescriptions are involved or if nonprovider entities attempt to offer telehealth arrangements in corporate practice of medicine states.”

Doctors must also ensure they have appropriate Health Insurance Portability and Accountability Act (HIPAA) safeguards in place when using telehealth platforms, or risk potential supervision or privacy violations. Since telemedicine uses technology, it can make organizations and providers vulnerable to malware attacks and hacks, so keeping private health care information protected is paramount.

“Physicians aren’t always thinking about the numerous laws surrounding (internet technology) and data safety that need to be considered with telemedicine,” says Bethany Doran, M.D., M.P.H., a cardiologist and founder of Enabled Healthcare. “There are issues with privacy breaches, such as if a doctor is using Gmail or storing patient level data on their personal computer and exposing it to the internet; software malfunctions; and cyber security issues that need to be thought through.”

Many security specialists note that no practice will ever have foolproof HIPAA compliance, but minimizing security and compliance risks is of the utmost importance for organizations.

Risk avoidance

Miya Nazzaro, J.D., managing attorney of Nazzaro PLLC in Issaquah, Washington, notes some of the key risks that exists with telehealth are those around doctor-patient confidentiality.

“If a third party was present during (a remote) patient visit, there is the possibility that confidentiality no longer exists,” she says. “Since a doctor is no longer in control of the physical clinical environment, it is crucial that the doctor ask who is present and know what the relationship between the parties is. This enables the patient to make informed choices of who should be present during his or her care.”

She also notes that physicians should think about the standard of care for a remote exam versus an in-person examination. For instance, if a patient complains about an ear infection or sore throat, a doctor isn’t able to examine the inner ear or peer into the throat to determine if antibiotics are required or if there’s a viral infection or other cause.

Which standard of care should the doctor be judged against when the doctor misdiagnoses? Does the practice have written policies that set forth standard procedures for telehealth that are in line with other practices? These are important questions to ask, Nazzaro says.

“Even though the use of telehealth has increased since the pandemic, the tools and techniques to protect medical practices have existed and continue to evolve,” she says. “The key is for those medical practices that are not as accustomed to the practice to begin to learn these best practices and adopt these strategies to protect themselves.”

Judy Klein, a certified professional in health care risk management and manager of risk management and BD lead at Coverys, a medical insurance company, notes that it’s important for physicians to document clearly and concisely on a telehealth encounter.

“Include details of the visit, including a working diagnosis based on your clinical assessment, history and physical exam; any patient education or instructions provided; diagnostic conclusions; treatment plan; and any lab or test results reviewed and discussed,” she says. “Do not leave understanding to chance. Implement ‘teach-back’ strategies where the patient relays the information back to you and recognize language barriers. Without this level of communication, providers can miss that a patient might be coping with perhaps a personal circumstance that will impede their ability to adhere to their care plan.”

It’s also vital to train the entire staff on the best ways to use telehealth and understand it’s not just a fad. “Telemedicine is not an occasional camera visit with a patient,” Klein says. “It means ongoing training of staff in new work flows, roles and responsibilities, plus using the technology, troubleshooting and conducting oneself during a camera visit.”

Malpractice insurance

Something not always considered when physicians start offering telehealth services is to check in with their insurance carrier and let them know, because using telehealth may affect their policy.

“Each state has very specific guidelines on telemedicine, especially whether it is allowed across state lines, and this informs what malpractice carriers are willing to cover,” Doran says. “The most important thing is to engage with competent lawyers and make sure that all providers who are giving care to patients in a state are licensed and have malpractice coverage for the state the patient is physically residing in.”

Many telehealth sessions are now recorded, which raises the standards for reporting and provides an audit trail if a doctor did give incorrect advice or misdiagnose a patient. Besides a loss of trust from patients, doctors can also face expensive lawsuits, and patients or their families may have irrefutable proof that the physician acted in a way that exposed themselves to liability.

Telemedicine risks can be managed by staying informed and educated. There are many resources to assist physicians in managing risk with regard to telemedicine. For instance, professional societies, such as the American Medical Association and the Federation of State Medical Boards, and telehealth societies, such as the American Telemedicine Association and the Center For Connected Health Policy, have come out with recommendations.

“It is also important to rely on your professional team — engaging legal counsel and your medical/cyber liability carrier to discuss changes to your practice’s policies related to the integration of virtual care into your practice,” Klein says.

Ultimately, although certain licensing flexibilities have been added due to the pandemic and some states may even modify regulations accordingly, when it comes to telehealth provisions and providing patient protection, prudence is key for physicians who wish to avoid fine penalties and malpractice risks associated with telehealth delivery.