Telemedicine: A Virtual Compliance Jigsaw Puzzle

Sep 01, 2015 at 01:41 pm by Staff

Telemedicine has quickly become the hottest topic in healthcare delivery, as the industry strives to adapt to its murky waters of compliance. New services, such as Zwivel, are coming online with unprecedented frequency, piquing the interest of physicians and administrators about the unknown possibilities of telemedicine.

“Perhaps we shouldn’t be surprised by this trend,” said Michael Sacopulos, JD, CEO of Medical Risk Institute and general counsel for Medical Justice Services, a 4,000-member group with physicians in all 50 states. “High speed internet connections are now the norm. Services like Facetime and Skype are more popular than ever. Under continued pressure to cut costs and cope with declining reimbursements, administrators believe telemedicine offers a tool for increasing efficiency. Patients also like the convenience and increased options that flow from telemedicine. So what’s not to like? Shouldn’t we embrace the ‘new normal’ and sign on to a great, brave new world? Maybe, first let’s proceed with caution.”

Among the state and federal compliance requirements when taking a practice online are licensure, professional liability considerations, standard of care, patient privacy, informed consent, and referrals for emergency surgery.

 

Licensure

Medical providers “must be licensed by, or under the jurisdiction of, the Medical Board of the State where the patient is located,” according to the Federation of State Medical Boards’ Model Policy for the Appropriate Use of Telemedicine Technologies in the Practice of Medicine.

“Unfortunately,” noted Sacopulos, “this requirement imposes traditional state boundaries on the cyber world. Efforts need to be made to identify the residences of prospective telemedicine patients so the medical provider does not accidentally practice in a state without a license.”

 

Professional Liability

Most professional liability insurance policies provide state-specific coverage, meaning that if a provider accidentally practices telemedicine on an out-of-state patient, there may be no coverage, said Sacopulos.

“Providers wanting to expand into the area of telemedicine should check with their insurance carrier,” he suggested. “Another consideration relates to cyber issues. Traditional medical malpractice policies provide little to no coverage for electronic breaches. The nature of a telemedicine generates exposures to a variety of cyber risks. Any practice moving forward with offering telemedicine should have a comprehensive cyber insurance policy.”

 

Standard of Care

It’s imperative to note that telemedicine is the practice of medicine, and not “medicine lite,” Sacopulos pointed out.

“All the duties and obligations that come with in person consultations are owed to the remote telemedicine patient,” he explained.

The American Medical Association (AMA) recently stated there’s a general consensus among AMA members that care provided via telemedicine needs to meet the same standard as care provided in person.”

Also, the Federation of State Medical Boards made clear the position by stating: “In fact, these guidelines support a consistent standard of care and scope of practice notwithstanding the delivery tool or business method in enabling physician-to-patient communications.”

“Before starting to use telemedicine as a tool to consult with remote patients, a practice should plan how it will meet the standard of care it provides for its in-office patients,” said Sacopulos. “For example, how will it document a dermatological condition? If the condition is normally photographed when a patient is in the office, then the practice should be ready to capture the same quality of image via telemedicine. Each step of the consultation should be planned in advance to ensure it is equal in quality to an in-office evaluation.”

 

Patient Privacy

Sacopulos said it’s also important to note that any form of electronic communication with a patient should immediately bring to mind HIPAA and HITECH Act obligations.

“Whether the electronic connection with the patient is via email, text messaging, or video conference, the platform should be secure,” he said. “Private and confidential patient information is being transmitted and the patient has a legal right to protect the information in transit.”

The Federation of State and Board Telemedicine (FSMB) Guidelines specifically state: “Physicians should meet or exceed applicable federal and state requirements of medical/health information privacy, including compliance with HIPAA and state privacy, confidentiality, security, and medical retention rules,” said Sacopulos, adding that FSMB Guidelines suggest maintaining written policies to address:

  • Privacy;
  • Healthcare personnel who will be processing messages and patient communications;
  • Hours of operations;
  • Types of transactions that will be permitted electronically;
  • Required patient information to be included in the communication, such as patient’s name, identification number and type of transaction;
  • Archival and retrieval; and
  • Quality oversight mechanisms.

“Finally, telemedicine practitioners are cautioned to periodically evaluate their policies and procedures to insure they remain current and readily accessible,” he said. “FSMB informs us that electronic communications received from patients must be maintained within secured technology password-protected encrypted electronic prescriptions, or other reliable authentication and techniques.”

Sacopulos said it’s reasonable to assume that additional patient privacy requirements will be coming in the near future.

“This well may be in reaction to large scale breaches, such as Anthem Insurance experienced earlier this year,” he said. “Studies show that medical identity theft grew at an alarming rate in 2014. Government officials, including the FBI and California Attorney General, have specifically cautioned medical providers that their patients’ electronic data is at risk for hacking and theft. All of this should serve as a warning to telemedicine providers to comply with existing state and federal regulations. Telemedicine providers should also anticipate increasing privacy standards.”

 

Informed Consent

Before practicing telemedicine, a medical provider should obtain appropriate patient informed consent. The informed consent document should:

  • Clearly state the patient’s identity;
  • Clearly state the physician’s identity and qualifications;
  • Specify the scope of activities the practice will be using telemedicine technologies to fulfill, such as patient education, prescription refills, and scheduling appointments;
  • The patient must acknowledge that it is within the medical provider’s sole discretion to determine if the available telemedicine technologies are adequate to diagnose and/or treat the patient;
  • The patient should acknowledge the possibility of, and hold harmless the medical provider for, any technology failures and/or interruptions;
  • The practice should, as part of the informed consent process, provide information on the telemedicine technologies privacy and security standards, such as the inscription of data and firewalls; and
  • The informed consent document should specify express patient consent to forward patient information to a third party if necessary.

 

Referrals for Emergency Service

“The FSMB suggests that telemedicine practitioners have a written protocol in the event that a remote patient needs emergency services,” said Sacopulos. “This emergency protocol should cover possible scenarios when patients require acute care. How and where referrals are to be made should be covered in this protocol.”

 

State-Specific Requirements

The scope of permissible telemedicine varies significantly by state. Some states specifically require a physician/patient relationship to be established first in person with an exam and diagnosis and treatment plan, including prescriptions. Only then may telemedicine be conducted.

“Telemedicine is receiving much attention at the moment,” said Sacopulos. “The American Medical Association is in the process of adopting a Code of Ethics for physicians who provide clinical services through telemedicine. Texas has recently issued new telemedicine guidelines to its practitioners. All of this should serve as a warning to those interested in telemedicine to consult with their State Board of Medicine before engaging in telemedicine activities.”


 

LINKS:

Medical Risk Institute: http://www.medriskinstitute.com/leadership/

Medical Justice Services: http://www.medicaljustice.com/about/executive-team/

 

Sections: Archives

Related Articles

Celebrate Your Physician on National Doctors' Day
AMA to Insurers: Stop Dragging Feet on Prior Authorization Reform
Americans Are Waiting Too Long To Start Colorectal Cancer Screening
HELP Committee Hearing to Focus on Causes, Treatments for Pain
Cooper Cosponsors Bill Encouraging Tennessee to Expand Medicaid
Health:Further Changing Focus from Festival to Advisory