INSIGHTS: Telemedicine – minimising new liability risks

May 3, 2016

Principal Julie Somerville writes: Last week (on 18 April) the first “online hospital” was announced in Australia. Known as AHI TeleHealth, and run by Docto, the “hospital” enables Accident and Health International’s policy holders to access emergency doctors and allied health professionals by video, email, phone or sms, at any time of the day. While it’s in its infancy, the potential for telemedicine to improve health care is great. Not only could it assist travellers and expats, it may expand the health services available to people in remote areas, people with mobility issues and shift workers just to name a few.

However, as with every new form of business, there are potentially new risks. The most obvious in the telemedicine field is cybersecurity. That’s a subject for another post. Other risks that practitioners and organisations in the telemedicine field should consider include:

  • Inadequate history taking – as many people seeking teleconsultations are likely to have non urgent or common medical issues the natural temptation may be to take a more cursory history. However telemedicine consultations should be conducted in the same manner as an in person consultation. A detailed history should be taken, and thoroughly recorded. No only is this essential to making an adequate diagnosis and treatment plan, but it will assist in developing the doctor patient relationship. Patients who feel as though their doctor has listened to them, and cares about their condition, are generally less likely to take legal action if there is an adverse outcome.
  • Inadequate data security measures and privacy breaches – as the entire doctor patient relationship is virtual, all private information will be stored online. Therefore it is essential to ensure that you have good data storage and data security measures in place. Australia Privacy Principles (APP) also need to be complied with. For example, if the practice’s data is to be stored in an overseas cloud service provider reasonable steps must be taken to ensure that the overseas provider will not breach the APP (see APP8).
  • Inadequate or inconsistent procedures – Guidelines should be developed to ensure that there is consistency in the provision of virtual services. As telemedicine is a relatively new practice many practitioners may be uncertain as to the types of advice that can be provided virtually. Some practices are only providing telemedicine services to existing patients, whereas others will provide services to anyone regardless of whether there is an existing relationship. In some circumstances a patient may want a virtual consultation, however it may be that their condition is not suitable to that manner of treatment. Guidelines could provide a checklist of the types of services that should not be provided online.
  • Failure to keep up to date with changes in technology and changing laws and regulations. Technology changes at a rapid pace. Keeping up with those changes, and implementing them where appropriate, must form a central part of managing a practice that provides telemedicine services. Similarly, the rules and regulations relevant to the practice of telemedicine are also likely to be continually evolving. This is particularly the case in Australia given the Governments recently released Cyber Security Strategy
  • Inadequate insurance. Cyber insurance is a rapidly growing area. However there are marked differences in the types of cover available and the extent of the indemnity provided. Expert advice should be obtained from a specialist insurance broker in relation to the extent of cover required. Not only are there risks associated with patients’ medical data being compromised as a result of hacking, there is the potential for ransom attacks, corporate data loss, breaches of data protection by outsourced providers, reputational damage as a result of a data breach, network interruption losses, defence costs associated with investigations and inquiries and costs associated with advising clients of data compromises, just to name a few.

However, the above risks should not be seen as an impediment to the development of this new way of providing health care. As in any new change in the way we do business, it is simply a matter of identifying the risks, putting in place new methods to minimise those risks and monitoring the effectiveness of those methods.

I help professionals prevent, and resolve, the financial and personal risks associated with their business. I share posts regularly and tweet@nomorepastrami (contact me if you want to know the story behind the handle!). If you wish to keep up-to-date with issues and developments relevant to professionals follow me on LinkedIn. I also write regularly in relation to practice management and other social issues.

Published by Julie Somerville, Apr 25, 2016