When the pandemic made telehealth a widely accepted way to provide care, providers and patients celebrated. Four years later, it remains a common way to deliver care, but some states are cracking down on rules.
One physician in New Jersey penned an opinion piece in The Wall Street Journal describing her lawsuit against the state, saying, “Giving medical advice to an out-of-state patient over the phone can put me at risk of losing my license, and, in states such as California and New Jersey, of criminal charges as well.”
What’s clear today is that with all of its benefits, practicing over telehealth does introduce risks that clinicians must effectively manage to ensure patient safety, privacy and compliance.
Mitigating risks is the job of every clinician providing telehealth. This can be achieved in four ways:
- Staying compliant with state and Federal laws
- Robust data security measures
- Establishing clear procedures in case of emergency
- Fostering a culture of risk awareness and reporting
Telehealth risk management is not a one-time exercise. It’s an ongoing process that requires continuous monitoring, review, and updating. As technologies evolve and Federal and state regulations change, telehealth risk management strategies must adapt accordingly to maintain patient safety, privacy and compliance.
Mitigating regulatory risks of telehealth
The legal and regulatory landscape for telehealth is constantly evolving. On the federal level, the Health Insurance Portability and Accountability Act (HIPAA) is the primary law that governs the privacy and security of patient health information. The law requires providers to protect the privacy of patient health information by using secure electronic health records (EHRs) and encrypting patient data.
At the state level, the laws that govern telehealth vary. During the pandemic, many states temporarily relaxed their telehealth regulations in order to make it easier for healthcare providers to offer remote care. Many of these regulations have tightened up since then.
One common state law that can be difficult for telehealth is that the location of your patient or client matters. This can be problematic when someone wants to meet on telehealth while traveling outside the state.
Clinicians practicing in states with an interstate compact can make telehealth easier.
Telehealth tip:
- Check Federal and state telehealth regulations regularly for any changes.
- Confirm with your client or patient that they are located in a state where you’re licensed at the start of every appointment.
Data security and privacy
While HIPAA requires protecting patient health information, this becomes more difficult the more heavily your practice relies upon digital tools. Any cloud-based digital tool increases your risk for cyber attacks and security breaches. A healthcare cybersecurity benchmarking study from Censinet, KLAS, and the American Hospital Association (AHA) found that most healthcare organizations are more reactive than proactive. For small and medium-sized healthcare businesses and practices, one cyber breach could cause significant damage.
If there’s ever a system or software breach that affects your clients or patients, the fault lies with you as the business owner.
Telehealth tips:
- Only partner with HIPAA-certified vendors.
- Use secure passwords and change them every few months.
- Consider purchasing cyber insurance in addition to general malpractice insurance.
- Have a plan in place to respond to data breaches and other security incidents.
- Conduct regular security audits to identify and address any vulnerabilities in your systems.
- Read our blog on 6 tips to keep your practice HIPAA-compliant
Handling patient emergencies over telehealth
A well-defined emergency protocol specific to telehealth is essential for ensuring the safety and well-being of patients. This protocol should include clear guidelines on how to respond to various types of medical emergencies, such as cardiac arrest, respiratory distress and seizures.
For therapists, this means knowing when a patient is a danger to him or herself. Telehealth makes this more difficult because you don’t always know your patient’s physical location. And 911 is specific to your locale and not your patient.
Telehealth tip:
Be sure to have a system in place for escalating care to be able to manage emergencies effectively.
Get the right coverage for telehealth
Malpractice insurance is a crucial aspect of telehealth risk management. Providers face risks associated with providing healthcare services remotely that differ from in-person care. Malpractice insurance can protect you from potential legal and financial consequences arising from patient claims or allegations of negligence.
Telehealth tip:
- Be sure to keep your malpractice insurance up to date.
- Notify your insurance if you make any changes to your practice that would affect your coverage, such as adding a new service line or telehealth to a brick-and-mortar practice.
Learn more about CM&F Group’s telemedicine malpractice insurance. CM&F Group offers professional liability insurance to over 150 types of healthcare professionals. All our coverage options are available online, allowing our clients to obtain liability insurance coverage within minutes.