Abstract
Telemedicine—the provision of medical care using electronic communications, information technology or other means, between a licensee in one physical location and a patient in another—is growing especially rapidly. Telemedicine typically involves secure video-conferencing or store/forward technology to provide healthcare delivery by replicating the traditional in-person interaction between a patient and a physician. It generally excludes audio-only telephony, routine email, instant messaging, and fax.
Telemedicine technologies can facilitate communication between patients and their health care providers, including scheduling appointments, monitoring chronic conditions, obtaining laboratory results, prescribing medication, and clarifying medical advice. However, state medical boards face complex challenges in adapting regulations historically intended for the in-person provision of medical care to this new delivery model. Last April, the Federation of State Medical Boards promulgated Model Policy for the Appropriate Use of Telemedicine Technologies in the Practice of Medicine to educate licensees about the appropriate use of telemedicine technologies in the practice of medicine. The following is a summary of those guidelines.
Licensure
A physician must be licensed by, or under the jurisdiction, of the medical board in the state where the patient is located. Physicians who treat or prescribe through online services sites are practicing medicine and must possess appropriate licensure in all jurisdictions where patients receive care. A physician who lacks such licensure can be subject to prosecution for the unlicensed practice of medicine.
Most professional liability insurance policies specifically exclude coverage for unlicensed activities; some states require professional liability underwriters to cover practice that extends beyond state borders and some do not; if coverage does not extend beyond state boundaries, there may be no protection. Even if an in-person activity is covered, this activity may not necessarily be covered if it is provided electronically at a distance, even if in the state of licensure.
Establishing the physician-patient relationship
It may be difficult to define the beginning of a patient-physician relationship precisely, especially when the two parties are in different geographic locations, but it tends to begin when an individual with a health-related matter seeks assistance from a physician. The relationship is firmly established when the physician agrees to undertake treatment of the patient and the patient agrees to be treated, whether or not there has been an in-person encounter. The physician should disclose his or her identity and credentials, verify the location of the requesting patient, and obtain the appropriate consents from requesting patients after disclosures regarding the delivery models and treatment methods or limitations, including any special informed consents regarding the use of telemedicine technologies.
Evaluation and treatment of the patient
Before providing treatment, the physician must obtain a documented medical evaluation and review relevant clinical history to establish diagnosis and identify underlying conditions and/or contra-indications to the treatment recommended.
Informed consent
The physician must obtain appropriate documentation regarding the patient’s informed consent for the use of telemedicine technologies, including the following:
Identification of the patient, the physician and the physician’s credentials;
Types of transmissions permitted using telemedicine technologies (e.g., prescription refills, appointment scheduling, etc.);
The patient agrees that the physician determines whether or not the condition being diagnosed and/or treated is appropriate for a telemedicine encounter;
Details on security measures taken with the use of telemedicine technologies, such as encrypting data and password-protecting screen savers and data files, as well as potential risks to privacy notwithstanding such measures;
Hold harmless clause for information lost due to technical failures; and
Requirement for express patient consent to forward patient-identifiable information to a third party.
Continuity of care
A patient should be able obtain follow-up care or information from the physician (or physician’s designee) with whom he or she had an encounter using telemedicine technologies. Physicians solely providing services via telemedicine technologies, with no pre-existing relationship prior to the encounter, must document the telemedicine encounter and make it easily available to the patient and, subject to the patient’s consent, any other health care provider identified by the patient.
Referrals for emergency services
Should the patient have urgent or emergent healthcare needs associated with the condition for which care has been provided via telemedicine, an emergency plan is required and must be provided by the physician to the patient during the telemedicine encounter when the situation indicates that a referral to an acute care facility or emergency department is necessary for the safety of the patient. Such an emergency plan should include a formal, written protocol appropriate to the service being rendered via telemedicine.
Medical records
The medical record should include copies of any/all patient-related electronic communications, including patient-physician communications, consultations, evaluations, records of past care, prescriptions, laboratory and test results, and any instructions in connection with the utilization of telemedicine. Informed consent(s) should also be included. These records must be accessible for both the physician and the patient and consistent with all established laws governing patient healthcare records.
Privacy and security of patient records and exchange of information
Physicians must meet or exceed federal and state legal requirements of medical/health information privacy, including compliance with HIPAA and relevant state privacy, confidentiality, security and medical record retention result. A good source of information on these requirements is the “Standards for Privacy of Individually Identifiable Heath Information” issued by the US Department of Health and Human Services (accessible at www.hhs.gov/ocr/hipaa). There is significant potential liability for failure to safeguard protected health information and to maintain safe transmission of this information. This potential risk of liability pertains to both the referring physician and the physician providing treatment by telemedicine.
Written policies should be maintained at the same standard as traditional face-to-face encounters. Such policies should address a) privacy, b) health-care personnel who will process messages, c) hours of operation, d) types of transactions that will be permitted electronically, e) required patient information to be included in the communication, f) archival and retrieval, and g) quality oversight mechanisms.
Privacy and security measures must be equivalent to those required for face-to-face encounters and documented to assure confidentiality and integrity of any patient-identifiable information. Transmissions, including patient emails, prescriptions and laboratory results, must be secure within existing technology.
Disclosures and functionality on online services making available telemedicine technologies
Online services used by physicians in the provision of telemedicine should clearly disclose: the services provided; contact information for the physician; licensure and qualifications of physicians and associated providers; fees for services and means of payment; financial interests (suggestive of potential conflict of interest) in any services, products or other information that is provided to a patient by a physician during a telemedicine interaction; appropriate uses and limitations of the telemedicine site, including emergency health situations; appropriate uses and anticipated response times for emails and other electronic communication transmitted by telemedicine; to whom a patient’s protected health information may be disclosed and for what purposes(s); rights of patients with respect to protected health information; and description of information collected and any passive tracking mechanisms utilized.
Online services should provide patients with clear mechanisms to: 1) access and amend patient-provided personal health information, 2) provide feedback regarding the site and the information/services provided, and 3) register complaints.
Online service must have accurate and transparent information about the website owner/operator, location, and contact information, including a domain name that accurately reflects this identity.
Advertising of goods or products from which the physician receives direct remuneration, benefits or incentive is prohibited.
Prescribing
When the prescription of medicines is involved, measures must be implemented to uphold patient safety in the absence of a traditional physical examination. Such measures should guarantee that the identity of the patient and the provider is clearly established, and that detailed documentation for the clinical evaluation and resulting prescription is completed. Measures to assure informed and accurate prescribing practices are encouraged. Further, telemedicine should limit medication formularies to those deemed safe by the applicable medical board.
Prescribing medication is at the sole discretion of the treating physician. When professional standards are met and patient safety measure are upheld, and the clinical medication is adequately documented, the physician may exercise his or her judgment and prescribe medications as part of the telemedicine encounter.
Using telemedicine technologies offers many benefits in the provision of medical care. However, it also carries significant liability pitfalls providers must understand before setting foot on this new “frontier.”