Being able to practice medicine from afar is a great perk of working in telemedicine, but doing so in a legally compliant manner can be quite a juggling act. When a telemedicine doctor sees a patient in a state where he or she is not licensed to practice, there is a big potential for trouble. And there is also a significant difference in how each state regulates the telehealth medium. So the doctor must know quite a bit about the regulations for both the telehealth medium and for practicing medicine without being physically present in the state where the patient resides.
Licensure is one of the foremost compliance considerations for physicians offering telemedicine services to patients in different states.
Each state has its own licensure prerequisites, generally requiring that physicians possess a legitimate medical license in the patient’s state, regardless of where the physician is actually located. The repercussions for practicing without a state license can be quite dire. Physicians can glean the particulars about state-to-state requirements by visiting the Telehealth Resource Center’s page on licensing at https://telehealth.hhs.gov/licensure/licensing-across-state-lines. By far the easiest way to obtain licenses in the requisite states is through the Interstate Medical Licensure Compact. To learn what this much-abbreviated route to medical licensure entails, check out the IMLC’s homepage at https://www.imlcc.org/.
Another critical area is adherence to state-specific telemedicine consent laws.
Because requirements for consent vary across states, it is crucial for telemedicine providers to have a thorough understanding of and to comply with each jurisdiction’s particular rules and regulations. Some states, for example, mandate “informed consent” that must include a description of the telemedicine process and any necessary disclosures about its inherent risks and limitations. And what about the proper documentation of consent? Knowledge of each state’s telehealth policy—like that found at https://www.cchpca.org/all-telehealth-policies/—will help flag issues and keep things above board. (Some states, by the way, also have specific rules about obtaining consent from minors.) Another good compliance strategy? Digital consent forms can make life much easier when it comes to tailoring processes to meet the not-so-uniform requirements of each state.
Maintaining data privacy across state lines is equally vital.
Ensuring the safe and secure transmission of protected health information (PHI) is a top priority for the federal government. Doctors must take steps to comply with the Health Insurance Portability and Accountability Act (HIPAA) when handling PHI. Telehealth technologies must meet the same standards as traditional methods of communicating with patients, and certain steps need to be taken to guarantee that encrypted video chats via teleneurology or psychiatric evaluation are not any less secure than talking with these same doctors in person. This means understanding the required “technical safeguards,” mostly covered in a 2005 document. Hiring the right vendors and understanding their associated risks, as well as your own, is also covered in this same safeguard section.
Periodic compliance audits and ongoing staff education reinforce the pathway toward compliance with regulatory demands. “Audits are necessary for ascertaining whether the specific state licensure and consent requirements are being followed and should involve a thorough examination of not only the patient records but also the kinds of documentation that the agency uses in its day-to-day operations.” (“Telehealth Compliance Auditing,” 2017) Well-designed, well-delivered training programs assure us that our front-line staff members really do understand what I have called “the compliance basics”: They know the common sense that governs our work; they understand the reasons behind the mandates; and they know the rules that apply to their areas of responsibility. In these training sessions, we also cover what to do when you find out that someone wasn’t following the pathway to compliance, i.e., what to do when you discover a “compliance gap.”
Failure to comply carries serious legal hazards, including fines, disciplinary actions, lawsuits, and a flood of patient complaints, all under the unflattering glare of intensified regulatory scrutiny. Physicians who breach licensure, consent, HIPAA privacy, or other laws do so at their and their patients’ peril. Shoddy staff training is another high-risk area that can lead to severe consequences. What can telemedicine risk management possibly mean in this context?
To conclude, it is critical that doctors follow state licensure, patient consent, and HIPAA compliance orders when running telemedicine practices in multiple states. With the unfaltering application of these three guidance systems—licensure, consent, and data privacy—doctors can keep their legal heads above water and serve the personal health needs of patients from afar. For counsel on how to plow through the telemedicine legal thicket, call on Cohen Healthcare Law Group.
Contact our healthcare law and FDA attorneys for legal advice relevant to your healthcare venture.
Contact Us
