TELEMEDICINE IS NOT medicine in the next millennium. It is here and now a swiftly growing trend. Almost three quarters of the health care executives responding to the 1995 HIMSS/HP Leadership Survey on Trends in Health Care Computing stated that their organizations were involved in telemedicine projects or that they are a priority for the future. The federal government has been funding telemedicine graphics totaling more than $100 million through a variety of agencies. The technology is moving nimbly to satisfy the demand for telecommunications and video that connect geographically separated health care organizations.
Unfortunately the legal and regulatory environment has not progressed as rapidly. This article attempts to provide an overview of the legal environment through which the medical information superhighway must pass and to point out some potholes to dodge along the way. It is not intended to be a comprehensive analysis but a thought piece to highlight the legal issues raised by telemedicine through a scenario that represents a conglomeration of real-world examples.
Telemedicine reduced to its simplest form is connecting geographically separate health care facilities via telecommunications, video, and information systems. The HIMSS/HP Leadership Survey on trends in health care computing, conducted at the 1995 Annual HIMSS Conference and Exhibition, reveals that the primary uses of telemedicine are the following:
33%
Tele-imaging of patient records/films
30%
Perform remote
clinical diagnostics
22%
Connect remote experts
with students in a
virtual classroom
10%
Support surgical
procedures
5% [1]
For purposes of legal analysis, assume the following telemedicine scenario. A medical center of excellence, typically an urban, tertiary-care academic or large for-profit medical center (the “host") is linked to smaller, often rural, general community hospitals and health centers. The purpose of telemedicine in this environment is for remote clinical diagnosis and treatment, remote continuing medical education, and access to central data repositories for electronic patient records, test results, and care outcomes. Each system user has varied access to information and other users.
The system also identifies and evaluates clinical pathways and is used to develop clinical guidelines, which the network applies to credential its clinical staff. users are provided with hardware, software, and high-speed access, free of charge or subsidized by the host or payers. Remote hospitals and physicians refer to the host patients whom they cannot adequately diagnose or treat (mostly for tertiary care services).
One issue presented in this example is whether the network itself needs to obtain a Certificate of Need (CON) or be licensed. One goal or licensure statutes (which vary according to each state) is ensuring that facilities meet minimum quality standards. Historically, hospitals have received licensure for their facilities with the state of operation. Would a health care system, then, be required to possess a license from the state in which it has a "virtual" facility? it is likely that, as telemedicine matures, states may require some form of licensure or other assurances of minimum technological standards (such as the minimum resolution of network-transmitted images). Even so, interstate telemedicine networks have no assurances that states will impose consistent standards.
Interstate telemedicine raises other licensure questions, such as whether telephysicians are practicing medicine in the remote state and therefore need a license in the remote state. Most states allow for consults by out-of-state physicians. Teleradiologists, for example, may be able to consult with remote physicians interstate without a license from the remote state. Even in states that allow out-of-state consults, though, one questions is whether State B's licensure statute permits a physician from State A to regularly consult with a physician from State B. Pennsylvania, as with some states, allows out-of-state physicians to obtain extraterritorial licenses in such circumstances; other states make no such provision. When telephysicians go beyond consultations and render direct patient diagnosis and treatment, multiple licensure may be required, regardless of the states involved.
[Author’s Note: Since publication of this article in the HIMMSS journal, several states and the Federation of State Medical Boards (“FSMB”) have adopted legislation or proposed model legislation relating to the licensure of telephysicians. Kansas, for example, has recently adopted a regulation which prohibits the unlicensed telemedical practice. FSMB has adopted model legislation - a copy is available here on The Health Law Resource. Please visit Arent Fox’s telemedicine page for updates on state and federal legislation impacting telemedicine.]
State law and private accrediting standards (such as JCAHO standards) require hospitals to adequately credential providers and to ensure that medical staff members be competent in their practice areas. Moreover, individual institutions have divergent credentialling standards. For example, some hospitals require as a condition of maintaining privileges that certain specialists perform a minimum number of certain procedures each year. Recently, the JCAHO has promulgated guidelines to accredit health care networks, but questions still remain. Must hospital-based telemedicine networks focus attention on, and draft medical staff bylaw changes to reflect, telemedicine proficiency? Must there be separate standards at all for "virtual" practice? Must remote physicians be admitted to the host's medical staff in order to admit patients? If so, does this then impose upon the host a duty to continuously monitor remote physicians' competence and skill to the same degree as it does with other medical staff members? No clear answers emerge.
Telemedicine demands that an electronic medical record of the patient be shared across state lines. As among the network partners, who will have access to extract relevant network information, who is the ultimate custodian of the medical record and who is responsible to ensure the patient's privacy? Absent special circumstances, federal legislation regulating the confidentiality and privacy of data passing over an interstate network is lacking. For the most part, confidentiality and privacy laws have been enacted on a state or local basis without regard to overlap or consistency across state lines. For example, over a dozen laws protect various aspects of patient records in Pennsylvania alone. Federal legislation on confidentiality and privacy issues has been proposed to standardize this state patchwork quilt of laws, but no comprehensive federal law has been enacted to date. Indeed state law still varies as to the acceptability of electronic signature. Today, confidentiality, privacy, and data protection depend on state laws, the type of data processed, and the use of the data internally and externally by the provider. Unfortunately, the lack of legal guidance and uniform legislation leaves health care providers with the traditional legal responsibility for the confidentiality of the patient's record even though that electronic medical record is available for access and use by entities outside of the provider's control.
Additionally, accreditation agencies such as JCAHO and NCQA provide uniform guidelines that attempt to standardize networks and regulate quality. JCAHO uses the following indicators of quality in its accreditation of health care networks: planning, confidentiality and security, definition and capture of data, data transmission and integration, member-specific and aggregate data and information, knowledge-based information, and comparative data and information. NCQA's HEDIS project standardizes data elements to measure quality across managed care organizations.
Whether through legislation or through accreditation the reliability and standardization of data and the protection of the electronic medical record must be regulated. The legal risks relating to the disclosure of inaccurate or confidential medical information are significant. Such disclosure may result not only in defamation claims by the patient whose record is disclosed but possibly by the physician as the clinician's outcomes are evaluated.
For proposed legislation and model language, see:To Table of Contents.
- S.1360 - Proposed Medical Records Confidentiality Act of 1995.
- American Healthcare Information Management Association (AHIMA): Their proposed model language.
Health care systems owe a duty to patients in their facilities to prevent harm negligently caused by them, their employees, and agents. The law has developed to where health care systems must adequately supervise and credential their staff and independent physicians providing services under their auspices. Courts have not been faced, however, with the situation where a telemedicine host has no other affiliation with remote physicians and hospitals than their involvement in the network. One can conceive a court placing upon a network a duty to adequately supervise the usage of the telemedicine system by all network partners, especially as the host exercises increasingly greater control over network activities. Indeed some courts have established additional duties including the duty of a health care system to have physicians on call.
Negligence issues abound in this areas, such as which facility the host or the remote controls patient care or the remote practitioners who may ultimately prescribe further diagnosis and treatment based upon the consultation with the host's medical staff? If one goal of telemedicine is to improve remote physicians' training and skill, to what extent does the host's negligence implicate the host in a lawsuit? Is the host's control sufficient for a court to conclude that the host has assumed a duty to exercise further control? A related issue is establishing an adequate paper trail in the event malpractice litigation ensues.
The issues become murkier as telemedicine matures and evolves. For example, if remote robotic surgery is done through an interstate network or if telemedicine networks make physicians available to patients in the absence of physicians t the patient's location, it seems clear that the physician who remotely diagnoses and treats patients interstate would be required to secure a patient's informed consent to render care. The standards for when consent is "informed" vary by state. To the extent that the standards conflict, which state's standards apply? One glaring example of conflict is illustrative. In some states, the information necessary for a patient to give an informed consent is that which the reasonable patient would consider important. In others, the standard is what the prudent, reasonable provider would consider necessary. The answers to these questions often determine the outcome of medical malpractice litigation.
Regulatory oversight must also be a consideration under our scenario. One such issue is whether the provision of subsidized or free equipment violates the Medicare-Medicaid Patient Protection Act. Known as the "anti-kickback" statute, it makes illegal any arrangement where one purpose is to offer, solicit, or pay anything of value in return for a referral for treatment or services provided to Medicare, Medicaid, and state program patients. Although there are regulatory "safe harbors," these are rather narrow. There exists an incentive for telemedicine partners to refer to each other by virtue of their interconnectedness. The question is whether the host's subsidization of the system's capital or operating costs is intended as locking in a referral stream to the host. To the extent that the host shoulders most of the costs, and to the extent that access to the host by remote physicians (and vice versa) results in referrals, an anti-kickback remuneration problem arises. Often overlooked, this issue must be addressed by legal counsel for all network partners.
With the exception of federal grants, telemedicine services are for the most part not reimbursed by Medicare, Medicaid, and private/third-party payers. [2] Publicly funded programs such as Medicare and Medicaid account for substantial percentages of providers' patient revenues. Therefore, Medicare and Medicaid reimbursement policies may well dictate the growth of telemedicine. Actuaries have advised HCFA that reimbursing telemedicine would substantially add to Medicare program costs. Nonetheless, the agency has decided to continue studying the use of the technology.
As in any claim, the provider seeking reimbursement for telemedicine must demonstrate medical necessity. In addition, ancillary services generally must be "incident to" a physician's service. Under these rules, how does one, for example, bill patient-to-facility home monitoring? Another problem is that, in most cases, Medicare, Medicaid, and private/third-party payers reimburse only for actual face-to-face patient encounter, which by definition is absent in many telemedicine services. Moreover, which physician can bill and who reimburses the physician prohibited from billing? Clearly, reimbursement regulations must change to accommodate telemedicine.
To the extent the host desires to make its physicians attractive to payers, it may construct and track significant clinical practice pathways, protocols, or guidelines. Legally, two issues emerge. First, what is the liability of the host who will develop and implement the guidelines? Second, what is the scope of provider liability for following imprudent guidelines or for not following effective guidelines? The host in our example will construct and apply guidelines to increase efficiency and decrease costs. To the extent that the guidelines track the generally accepted standard of care in the community the institution developing guidelines has minimal risk. The institution accepting another's guidelines must be careful to consistently implement the guidelines. Not following the guidelines set forth by a hospital may result in malpractice liability.
To Table of Contents.Providers must be especially cognizant of the antitrust or price-fixing risks of database structure and usage, especially if anti-competitive risks arise from its use. In our example, the presence of payers as users or network partners complicates the analysis. In networks providing CHIN linkages, providers communicate billing information to payers. If the data reveal, directly or indirectly, financial or charge data, antitrust regulators may vie network physicians as engaging in price fixing, despite the network's facilitating consumer choice. A related risk is that regulators will view network physicians as allocating the patient marketplace among themselves.
Other issues to consider are the interstate use of physician extenders, such as nurse practitioners and physician assistants, whether corporate partners are engaging in the unauthorized practice of medicine, and the FDA regulation of experimental technologies and devices used in direct patient care.
For some of the legal issues, there are relatively facile solutions. For others, state and federal law must change in order to decrease the legal risks of telemedicine. One certainty is that there will be significant legal risks and increased exposure to liability. The same forethought that preceded the industry overcoming telemedicine's technological hurdles will be required in surmounting its legal ones.
1. Telemedicine was the topic of many bills introduced in the 103d and 104th Congresses, although none was enacted. The results of the HIMSS survey mirror the definition of telemedicine in House Bill 426, Section 3, introduced in the 104th Congress. H.B. 426, Section 3, found that the purposes of telemedicine are to (1)transmit, compress, and archive data; (2) perform examinations and procedures, conduct consultations, and diagnose and treat physical and mental conditions; (3) train health professionals and students; and (4) monitor patients' medical conditions outside a health care facility.
2. Some exceptions where telemedicine services have been reimbursed follow. Medicaid has recently approved coverage for some services in Georgia, Kansas, and Montana. Third-party payers in Georgia and Kansas have approved coverage for some telemedicine services. According to a recent survey, Medicare contractors believe that teleradiology, telepathology, and teleperinatology are reimbursable by Medicare carriers under current regulations, as the services do not depend upon a face-to-face patient interaction.
Return.
Sharon Klein can be reached at srklein@dechert.com. Bill Manning can be reached at wmanning@netreach.net.
A collection of information and usefule links to medical records practices and standards
Archives of JCAHO survey reports on medical records practices, organized by institution surveyed.