Telemedicine: Best Practices to Avoid Liability

Telemedicine is used in a variety of ways. Networked programs link tertiary care hospitals and clinics with outlying clinics and community health centers in rural or suburban areas. The programs may use dedicated high-speed lines or the Internet for telecommunication between sites. Some hospitals and clinics outsource specialty services to independent medical service providers, like radiology, stroke assessment, mental health and intensive care services, that offer telemedicine services. There are also telemedicine remote monitoring centers used for cardiac, pulmonary or fetal monitoring, and home care and related services that provide care to patients in the home.

Telemedicine is not a unique medical specialty, and does not have a separate board certification. Even in the reimbursement fee structure, there is usually no distinction made between services provided on site and those provided through telemedicine, and often no separate coding required for billing of remote services.

Where Is Telemedicine Permitted?

Most states permit telemedicine to some degree. However, Alabama, Arkansas and Texas are considered the states with the most stringent clinical practice rules for telemedicine. Alabama and Texas require a health care provider to be on the premises during a telemedicine encounter, and only permit telemedicine when the patient is at an established medical site. Arkansas requires an in-person visit before most telemedicine encounters. Alabama, Georgia, and Texas require an in-person follow-up after a telemedicine encounter.

There have been some recent challenges to states' attempts to restrict telemedicine. Some examples are:

• In 2013, the Iowa Board of Medicine passed a rule requiring doctors to perform examinations in person before giving patients abortion-inducing drugs, and to be physically present when the patients take the drugs. The Iowa Board of Medicine argued that the drugs could cause complications and that dispensing them from a remote location was unsafe. Planned Parenthood of Iowa contested the rule, as it uses telemedicine to provide medication-induced, nonsurgical abortions in remote areas of Iowa. During telemedicine videoconferences, a Planned Parenthood doctor consults with a patient, who is sitting with a nurse who has already performed tests. Then, the doctor remotely unlocks a secure drawer in the patient's exam room that contains the medicine, and watches the patient swallow it. In June of this year, the Iowa Supreme Court struck down the rule, saying the ban placed an “undue burden” on a woman's constitutional right to an abortion. Planned Parenthood of the Heartland, Inc. v. Iowa Bd. of Med., 865 N.W.2d 252 (Iowa 2015).
• In April of this year, the Texas Medical Board amended the Texas Administrative Code, limiting the practice of telemedicine in the state and requiring an in-person visit prior to a telemedicine visit. While the Texas Medical Board argued this decision was made to protect patient safety, critics pointed to the number of medically under-served counties in Texas and the need for remote healthcare. Teladoc, a telehealth provider whose patients can contact physicians via phone or online video consults 24/7/365, has sued the Texas Medical Board on antitrust grounds, challenging this limitation. The Texas Medical Board has moved to dismiss the suit, arguing it did not violate the Sherman Act or Commerce Clause in the amendment, because it was acting with the appropriate state oversight that provides immunity from federal antitrust law. The case, Teladoc, Inc. et al. v. Texas Medical Board, et al., No. 1:15-cv-00343, remains pending in the U.S. District Court for the Western District of Texas.

Potential Pitfalls

While telemedicine certainly has its benefits, if not well managed, it can also result in less than optimal care and expose physicians and hospitals to liability.

Telemedicine may be especially prone to causing breaches of confidential patient information. Hospitals and physicians engaging in telemedicine have the same obligation of responsibility for the privacy and security of patient information as those providing face-to-face care, and they must abide by HIPAA, the HITECH Act, and any other state or local regulations regarding patient privacy and security. A hospital or physician engaging in telemedicine should verify the security of a telemedicine vendor's systems and operations in order to protect their patients' information, and obtain insurance to cover a breach. Hospitals and physicians must understand that use of unencrypted communication platforms could result in breach and subsequent governmental action and civil exposure.

Telemedicine also brings with it licensure and credentialing concerns. Most states require physicians engaging in telemedicine to be licensed in the state where the patient is located. Hospitals must ensure that telemedicine providers, who are credentialed on the staff of a different hospital or whose licenses are from another state or country, are permitted to provide those services to patients. Hospitals and physicians need procedures in place for monitoring and evaluating telemedicine practitioners, and sharing adverse events.

Another concern for providers is that telemedicine may not be covered by certain insurance policies. Professional liability policies may not cover errors and omissions of a telemedicine practice, or cover practice in another state, or lawsuits regarding negligent credentialing or privacy breaches.

What the Parties Expect

Telemedicine brings with it a shift in patient expectations. While patients may delight in the convenience and accessibility telemedicine brings, they must be aware of, and consent to, the potential risks associated with telemedicine, including delays, inaccuracies, and misdiagnoses. Telemedicine is dependent upon technology. If technology fails or is delayed during a patient visit, the patient or physician may receive incorrect information, the physician may not be able to render a medical opinion at all, and treatment may be delayed or flawed.

Telemedicine also brings with it a shift in physician expectations. Physicians should understand and expect that any interaction with a patient through telemedicine can establish a physician-patient relationship; with it comes the duty of care a physician owes to her patient. For example, in White v. Harris, 36 A.3d 203 (Vt. 2011), plaintiffs sued a practice that employed a psychiatrist. The Plaintiffs' daughter participated in a one-time, 90-minute video-conference session with the psychiatrist. The latter completed an evaluation, which stated no follow-up services would be provided, but gave a recommended treatment plan for implementation by another physician. The psychiatrist had no further interaction with plaintiffs, their daughter or her physicians.

The Plaintiffs' daughter committed suicide less than a year after the video-conference session. The Plaintiffs brought suit, alleging that the psychiatrist fell below the standard of care. The defendant medical practice moved for summary judgment, asserting that the psychiatrist had no duty to the decedent because there was no doctor-patient relationship at the time of her death. Alternatively, the defendant medical practice argued that any such relationship was terminated following their one-time interaction. While the trial court granted summary judgment and found the psychiatrist's contact with decedent was “so minimal as to not establish a physician-patient relationship,” and that no duty existed at the time of decedent's death, the Supreme Court of Vermont reversed. It held that the brief, one-time, video-conference session created a doctor-patient relationship, and therefore a duty of care applied.

Minimizing Liability

The following are suggestions for hospitals and physicians to limit or reduce liability associated with a telemedicine practice:

• Ensure that the performance of the telemedicine physician meets compliance and credentialing standards and quality-of-care standards, as determined through a peer-review process.
• Evaluate on a routine basis the privileges of a telemedicine physician, and determine which procedures or services may be inappropriate for telemedicine.
• Establish guidelines for electronic health record access by or with telemedicine physicians, and put protocols in place to ensure the access is secure and HIPAA compliant.
• Engage reliable vendors to provide secure technology platforms, and ensure those vendors have their own insurance policies for data breach.
• Use a specialized consent form expressly authorizing telemedicine services. Identify and obtain patient acknowledgment of the unique risks associated with telemedicine, including but not limited to: 1) Equipment or technological malfunction, which could cause the information transmitted to be insufficient to allow for appropriate medical decision-making; and/or cause delays in evaluation and treatment; and/or cause medical errors; 2) Failure of security protocols, which could cause a breach of privacy of personal medical information; 3) Lack of access to complete medical records or previously established physician-patient relationship, which might make adverse drug interactions, allergic reactions or other judgment errors more probable; and 4) Follow-up services might not be provided. (In this regard, clearly delineate the scope of telemedicine treatment).
• Check the applicable liability insurance policy and confirm that it provides adequate coverage for telemedicine services. A physician may need to obtain insurance in more than one state. The American Medical Association recommends asking the following questions when evaluating various insurance providers and policies: 1) Will the policy cover the physician if she uses telemedicine in diagnosing or treating a patient in another state? 2) Is the physician restricted to practicing in a certain geographic area? 3) Can coverage be arranged if the physician wants to practice across state lines? 4) If the physician helps someone in an emergency situation in another state, will there be coverage?

Conclusion

In June, the U.S. House of Representatives passed the 21st Century Cures Act, a bill intended to speed up and improve drug development and modernize health care delivery. If made into law, the Act, as currently drafted, could boost telemedicine in the United States. The Act obligates The Centers for Medicare and Medicaid Services (CMS) to identify populations of Medicare beneficiaries whose care may be improved most by the expansion of telemedicine and to identify the types of services that would be most suited to being adapted to telemedicine. CMS would also need to describe its current activities related to the actual adoption and use of telemedicine and identify barriers to the expansion of telemedicine. In addition, the Affordable Car Act called for increased use of telemedicine.

Telemedicine is rapidly evolving, and with its evolution comes new potential pitfalls and risks. Practitioners in this area should keep abreast of state laws and regulations regarding telemedicine, as well as keep an eye out for developments in the federal landscape. For more information on telemedicine, as well as specific state regulations and news on telemedicine, see the websites of the American Telemedicine Association http://www.americantelemed.org/ and the Center for Connected Health Policy http://cchpca.org/.

Marcella C. Ducca is an attorney in the Atlanta office of Greenberg Traurig LLP.

Telemedicine, telehealth and mobile health (collectively referred to herein as “telemedicine”) are delivery methods of remote clinical services using technology. While the concept of telemedicine has been around for decades, new and improved technology is making it more ubiquitous. Telemedicine methods include videoconference, teleconference, transmission of still images, patient portals, web-based e-health patient service sites, wireless applications, e-mail, virtual consultation online, and other forms of telecommunications technology.

New Methods

New methods for telemedicine are constantly being developed. For example:

• The design company Teague has developed a concept for a “doctor in a box.” The patient buys an affordable kit at a drug store, and then has a doctor visit teleconferenced into the privacy of the patient's home. The kit contains a smart stethoscope, capable of hearing heart and lungs, seeing into the ear, and taking high-definition images. The kit also contains a teleconferencing camera that beams video of the patient to the doctor and tracks movement, heart rate and temperature.
• The company HealthSpot has developed a free-standing virtual healthcare kiosk. An in-person attendant checks a patient's height, weight, blood pressure, temperature and other metrics and provides that data to the physician. The patient then consults with a physician face-to-face via video screen in the kiosk. The physician can have the patient use various tools in the kiosk to gather more information about his or her condition (e.g., an otoscope to see into a patient's ear), and the data from the various tools is immediately transmitted to the physician. The latter can then dispense an electronic prescription. The station is cleaned between visits.

How It Is Used

Telemedicine is used in a variety of ways. Networked programs link tertiary care hospitals and clinics with outlying clinics and community health centers in rural or suburban areas. The programs may use dedicated high-speed lines or the Internet for telecommunication between sites. Some hospitals and clinics outsource specialty services to independent medical service providers, like radiology, stroke assessment, mental health and intensive care services, that offer telemedicine services. There are also telemedicine remote monitoring centers used for cardiac, pulmonary or fetal monitoring, and home care and related services that provide care to patients in the home.

Telemedicine is not a unique medical specialty, and does not have a separate board certification. Even in the reimbursement fee structure, there is usually no distinction made between services provided on site and those provided through telemedicine, and often no separate coding required for billing of remote services.

Where Is Telemedicine Permitted?

Most states permit telemedicine to some degree. However, Alabama, Arkansas and Texas are considered the states with the most stringent clinical practice rules for telemedicine. Alabama and Texas require a health care provider to be on the premises during a telemedicine encounter, and only permit telemedicine when the patient is at an established medical site. Arkansas requires an in-person visit before most telemedicine encounters. Alabama, Georgia, and Texas require an in-person follow-up after a telemedicine encounter.

There have been some recent challenges to states' attempts to restrict telemedicine. Some examples are:

• In 2013, the Iowa Board of Medicine passed a rule requiring doctors to perform examinations in person before giving patients abortion-inducing drugs, and to be physically present when the patients take the drugs. The Iowa Board of Medicine argued that the drugs could cause complications and that dispensing them from a remote location was unsafe. Planned Parenthood of Iowa contested the rule, as it uses telemedicine to provide medication-induced, nonsurgical abortions in remote areas of Iowa. During telemedicine videoconferences, a Planned Parenthood doctor consults with a patient, who is sitting with a nurse who has already performed tests. Then, the doctor remotely unlocks a secure drawer in the patient's exam room that contains the medicine, and watches the patient swallow it. In June of this year, the Iowa Supreme Court struck down the rule, saying the ban placed an “undue burden” on a woman's constitutional right to an abortion. Planned Parenthood of the Heartland, Inc. v. Iowa Bd. of Med. , 865 N.W.2d 252 (Iowa 2015).
• In April of this year, the Texas Medical Board amended the Texas Administrative Code, limiting the practice of telemedicine in the state and requiring an in-person visit prior to a telemedicine visit. While the Texas Medical Board argued this decision was made to protect patient safety, critics pointed to the number of medically under-served counties in Texas and the need for remote healthcare. Teladoc, a telehealth provider whose patients can contact physicians via phone or online video consults 24/7/365, has sued the Texas Medical Board on antitrust grounds, challenging this limitation. The Texas Medical Board has moved to dismiss the suit, arguing it did not violate the Sherman Act or Commerce Clause in the amendment, because it was acting with the appropriate state oversight that provides immunity from federal antitrust law. The case, Teladoc, Inc. et al. v. Texas Medical Board, et al., No. 1:15-cv-00343, remains pending in the U.S. District Court for the Western District of Texas.

Potential Pitfalls

While telemedicine certainly has its benefits, if not well managed, it can also result in less than optimal care and expose physicians and hospitals to liability.

Telemedicine may be especially prone to causing breaches of confidential patient information. Hospitals and physicians engaging in telemedicine have the same obligation of responsibility for the privacy and security of patient information as those providing face-to-face care, and they must abide by HIPAA, the HITECH Act, and any other state or local regulations regarding patient privacy and security. A hospital or physician engaging in telemedicine should verify the security of a telemedicine vendor's systems and operations in order to protect their patients' information, and obtain insurance to cover a breach. Hospitals and physicians must understand that use of unencrypted communication platforms could result in breach and subsequent governmental action and civil exposure.

Telemedicine also brings with it licensure and credentialing concerns. Most states require physicians engaging in telemedicine to be licensed in the state where the patient is located. Hospitals must ensure that telemedicine providers, who are credentialed on the staff of a different hospital or whose licenses are from another state or country, are permitted to provide those services to patients. Hospitals and physicians need procedures in place for monitoring and evaluating telemedicine practitioners, and sharing adverse events.

Another concern for providers is that telemedicine may not be covered by certain insurance policies. Professional liability policies may not cover errors and omissions of a telemedicine practice, or cover practice in another state, or lawsuits regarding negligent credentialing or privacy breaches.

What the Parties Expect

Telemedicine brings with it a shift in patient expectations. While patients may delight in the convenience and accessibility telemedicine brings, they must be aware of, and consent to, the potential risks associated with telemedicine, including delays, inaccuracies, and misdiagnoses. Telemedicine is dependent upon technology. If technology fails or is delayed during a patient visit, the patient or physician may receive incorrect information, the physician may not be able to render a medical opinion at all, and treatment may be delayed or flawed.

Telemedicine also brings with it a shift in physician expectations. Physicians should understand and expect that any interaction with a patient through telemedicine can establish a physician-patient relationship; with it comes the duty of care a physician owes to her patient. For example, in White v. Harris , 36 A.3d 203 (Vt. 2011), plaintiffs sued a practice that employed a psychiatrist. The Plaintiffs' daughter participated in a one-time, 90-minute video-conference session with the psychiatrist. The latter completed an evaluation, which stated no follow-up services would be provided, but gave a recommended treatment plan for implementation by another physician. The psychiatrist had no further interaction with plaintiffs, their daughter or her physicians.

The Plaintiffs' daughter committed suicide less than a year after the video-conference session. The Plaintiffs brought suit, alleging that the psychiatrist fell below the standard of care. The defendant medical practice moved for summary judgment, asserting that the psychiatrist had no duty to the decedent because there was no doctor-patient relationship at the time of her death. Alternatively, the defendant medical practice argued that any such relationship was terminated following their one-time interaction. While the trial court granted summary judgment and found the psychiatrist's contact with decedent was “so minimal as to not establish a physician-patient relationship,” and that no duty existed at the time of decedent's death, the Supreme Court of Vermont reversed. It held that the brief, one-time, video-conference session created a doctor-patient relationship, and therefore a duty of care applied.

Minimizing Liability

The following are suggestions for hospitals and physicians to limit or reduce liability associated with a telemedicine practice:

• Ensure that the performance of the telemedicine physician meets compliance and credentialing standards and quality-of-care standards, as determined through a peer-review process.
• Evaluate on a routine basis the privileges of a telemedicine physician, and determine which procedures or services may be inappropriate for telemedicine.
• Establish guidelines for electronic health record access by or with telemedicine physicians, and put protocols in place to ensure the access is secure and HIPAA compliant.
• Engage reliable vendors to provide secure technology platforms, and ensure those vendors have their own insurance policies for data breach.
• Use a specialized consent form expressly authorizing telemedicine services. Identify and obtain patient acknowledgment of the unique risks associated with telemedicine, including but not limited to: 1) Equipment or technological malfunction, which could cause the information transmitted to be insufficient to allow for appropriate medical decision-making; and/or cause delays in evaluation and treatment; and/or cause medical errors; 2) Failure of security protocols, which could cause a breach of privacy of personal medical information; 3) Lack of access to complete medical records or previously established physician-patient relationship, which might make adverse drug interactions, allergic reactions or other judgment errors more probable; and 4) Follow-up services might not be provided. (In this regard, clearly delineate the scope of telemedicine treatment).
• Check the applicable liability insurance policy and confirm that it provides adequate coverage for telemedicine services. A physician may need to obtain insurance in more than one state. The American Medical Association recommends asking the following questions when evaluating various insurance providers and policies: 1) Will the policy cover the physician if she uses telemedicine in diagnosing or treating a patient in another state? 2) Is the physician restricted to practicing in a certain geographic area? 3) Can coverage be arranged if the physician wants to practice across state lines? 4) If the physician helps someone in an emergency situation in another state, will there be coverage?

Conclusion

In June, the U.S. House of Representatives passed the 21st Century Cures Act, a bill intended to speed up and improve drug development and modernize health care delivery. If made into law, the Act, as currently drafted, could boost telemedicine in the United States. The Act obligates The Centers for Medicare and Medicaid Services (CMS) to identify populations of Medicare beneficiaries whose care may be improved most by the expansion of telemedicine and to identify the types of services that would be most suited to being adapted to telemedicine. CMS would also need to describe its current activities related to the actual adoption and use of telemedicine and identify barriers to the expansion of telemedicine. In addition, the Affordable Car Act called for increased use of telemedicine.

Telemedicine is rapidly evolving, and with its evolution comes new potential pitfalls and risks. Practitioners in this area should keep abreast of state laws and regulations regarding telemedicine, as well as keep an eye out for developments in the federal landscape. For more information on telemedicine, as well as specific state regulations and news on telemedicine, see the websites of the American Telemedicine Association http://www.americantelemed.org/ and the Center for Connected Health Policy http://cchpca.org/.

Marcella C. Ducca is an attorney in the Atlanta office of Greenberg Traurig LLP.