This article originally ran in For the Record on February 17, 2014. It is reprinted here with permission.
Technological advancements and the expansion of access to health care under the Affordable Care Act have pushed telemedicine to the new frontier of health care delivery.
Since its beginnings more than 50 years ago, the scope of telemedicine practices has expanded to include simultaneous and nonsimultaneous interactions, consultations, and interpretations for patients in remote and metropolitan regions.
In light of the seemingly limitless opportunities to provide telemedicine capabilities, health care providers and entrepreneurs must navigate the many risks that come with relying on telemedicine practices.
Telemedicine involves direct patient care and is a subcategory of telehealth, a broader concept that includes the use of telecommunications technologies to support long-distance health care, health-related education, public health, and health administration. The Centers for Medicare & Medicaid Services (CMS) defines telemedicine as “the provision of clinical services to patients by practitioners from a distance via electronic communications.” Telemedicine covers a range of services, from remote monitoring of stroke and cardiac patients to diagnostic interpretations completed at a distant location.
The resurgence of telemedicine began in 2011 when the CMS issued a much-awaited final rule permitting a more flexible process for credentialing and privileging practitioners who provide telemedicine services. Its use increased in 2013, when federal and state legislation and major insurers expanded the types of reimbursable telemedicine services. And it will continue in 2014 as a Federation of State Medical Boards task force drafts language for the Interstate Medical License Compact, a proposed system that, if successful, will reduce barriers to practicing telemedicine across state lines. This year also will bring more collaboration among health care organizations, clinics and large institutions, and distant-site specialists to provide tele-ICU, telestroke, and other services, as well as new mobile technology for patient monitoring, patient engagement, and virtual clinical encounters.
The legal risks multiply as oversight of telemedicine by state medical boards and federal and state regulatory agencies increases. Providers and entrepreneurs must be mindful of the following legal issues to ensure their telemedicine services comply with federal and state requirements and appropriately protect patient safety and privacy:
Getting paid. Medicare reimbursement for telemedicine services is limited. It varies from state to state, and only about 20 states have enacted statutes that recognize or require commercial insurers to reimburse for certain telemedicine services. Providers should be aware of the reimbursement requirements and restrictions that may affect their billing practices, know what telemedicine services will and won’t be reimbursed, and submit only compliant claims to avoid liability for fraud and abuse and false claims.
Patient privacy. Prior to relying on any telemedicine technology to collect and transfer patients’ protected health information, providers should ensure that they have secure communication channels, implement entity- and technology-specific business associate and other confidentiality and privacy agreements, educate administrators and users regarding the appropriate use of telemedicine technologies, and understand how and what patient information is being collected and stored.
When information is shared between distinct entities, all disclosures must comply with federal and state privacy laws, and all business associates and subcontractors are equally responsible for protecting such information. Mobile health applications and devices also must comply with multiple privacy and security regulations, including those of the FDA and the Federal Trade Commission.
Credentialing and privileging. Health care organizations are liable for the care provided to their patients, regardless of where a provider is located. To mitigate possible negligent credentialing claims and associated risks, when entering into written agreements with distant sites, health care organizations must confirm that any written agreement they sign reflects current legal requirements, establishes specific responsibilities of distant-site hospitals and telemedicine entities, and ensures that written agreements include adequate representations, warranties, and indemnifications regarding the quality of services provided by the distant site and any entity with which it subcontracts. Distant sites, in turn, must have processes to assess the quality of their practitioners.
Peer review. As the reliance on telemedicine practitioners grows, health care organizations and telemedicine entities must develop policies and procedures for monitoring them and sharing internal review information so that the privacy of peer review and patient information is protected while information needed to make accurate credentialing and privileging decisions is shared. This information must include adverse events that result from telemedicine services provided by a practitioner to patients and complaints the health care organization receives about a practitioner. Information should be disclosed only in a manner that preserves all peer review privileges under state law.
Compliance with state requirements. Most states require physicians engaging in telemedicine to be licensed in the state where the patient is located, with limited exceptions for consultations. Providers and entrepreneurs need expert legal guidance to navigate individual state requirements, including licensure, consent, and practice of medicine issues, when providing telemedicine services.