It will come as little surprise to healthcare providers that the COVID-19 epidemic has produced years of anticipated growth in telemedicine in just several months, with some reports tagging the surge at 9000% since 2019.
While most providers are scrambling amid changing government guidelines to set up systems and develop procedures, many are too overloaded to consider that the rapid pace of change also may open them up to new liability risks. The new risks may take two to three years to materialize after court systems return to normal operation and lawsuits from the COVID-19 period surface.
Johnson Financial Group’s Steve Frew is an expert on cyber threats, EMTALA, HIPAA, FTC compliance issues, and state and federal privacy liability risks and shared the following on this important topic.
Issues on the Horizon
One of the major factors fueling the growth of telemedicine has been temporary regulatory changes that have removed some of the obstacles from rapid deployment of telemedicine in medical offices and hospitals, such as:
- Centers for Medicare & Medicaid Services (CMS) and various insurance companies have established a parity of payments for in-person and telemedicine visits
- Some states have eased licensing requirements for cross-border care
- The Office for Civil Rights (OCR) has eased HIPAA security standards to allow the use of FaceTime and other systems to handle video visits
There are no assurances, however, that all of these temporary accommodations will remain in place following the end of the pandemic. To help protect your organization, consider the below risk management priorities when it comes to providing telemedicine support to patients.
Top Telemedicine Risk Management Priorities
- Consult an attorney familiar with telemedicine laws in all states where you have offices or patients. Keep up to date on temporary rules and regulations, licensure requirements, and any changes that might affect your practice. Many regulations, emergency declarations, and temporary accommodations have self-limiting expiration provisions that can change the rules even though the scope of disease cases may not have significantly changed. Don’t risk getting blind-sided by changes you missed.
- Check with your insurance agent to verify that your professional liability coverage includes your intended scope of telemedicine.
- Clearly identify your patient each time you have contact with them. You should verify the patient’s location and provide educational information on your telemedicine system, techniques and any limitations. You should also verify the patient’s ability to participate in an audio/video visit and obtain informed consent with signature or signature for the telemedicine visit. Have staff available to assist the patient establish the connection for the tele-visit. It is desirable to limit telemedicine visits to existing patients, if the nature of the practice permits.
- Have a clear policy on what medical complaints or types of visits are appropriate for telemedicine visits and which require in-person visits or referral to urgent care or emergency departments. Follow that policy religiously.
- Maintain HIPAA privacy and security. Only use service providers that can assure secure lines, reliable services and require a HIPAA business associate agreement for services. Do your due diligence on each potential provider and spend the money to get the most reliable equipment. Be very cautious to comply with HIPAA rules for sharing information.
- Train your staff thoroughly. They cannot follow policies they do not know about or do not fully understand. Retrain every time something changes. Refresh frequently. Document all training in the employee’s personnel file.
- Document telemedicine visits in great detail. Proper documentation in the medical record is always one of the most important means to avoid unwarranted liability claims. Documentation becomes even more important in telemedicine visits where conversation is the critical interaction. Some insurance companies recommend recording the telemedicine session for inclusion in the electronic medical record, but specific consent should be obtained from the patient before recording to comply with HIPAA and some state laws. (Keep #5 above in mind)