Categories: Health Information Technology, Privacy and Security Law, State and Federal Regulatory Issues, Telehealth and Telemedicine

Before initiating treatment, health care providers must generally obtain their patients’ informed consent. The purpose of the informed consent process is two-fold. First, it allows patients to gain an understanding of the risks and benefits of the proposed treatment, and alternative courses of action. Second, it helps shield providers from legal exposure.

A formal informed consent process is particularly critical for procedures that carry a high risk of patient injury. When considering such “high-risk” procedures, neurosurgery or radiation therapy may come to mind. However, in the practice of telehealth, reliance on imperfect technological tools, as well as the “distance” factor, can propel otherwise routine treatments into a higher risk category.

The Risks of Telehealth Practice

One important telehealth-specific risk is the possibility of technological hiccups and failures. Computers, tablets, cell phones, web cameras, and electronic health records represent just a sampling of the technology-based tools used by telehealth providers. While these technologies can improve and advance patient care, they can also falter, impairing the medical evaluation and treatment process and threatening patient safety. For example, transmission errors can occur when telehealth providers receive patient data electronically (such data may include patient records, x-rays, and medical device print-outs). These errors can delay patient treatment and even give rise to dangerous misdiagnoses.

Beyond transmission errors, the remote nature of telehealth practice can create additional risks. For instance, a patient being evaluated by a distant, off-site provider may not be able to tell who is present in the room at the distant provider’s site (i.e., medical or non-medical personnel may be present and within listening distance, but not captured by the camera’s view). This is a clear privacy concern for patients, who may not want such “hidden” third parties to have access to their personal health information.

The remote nature of telehealth practice can also increase patient risk because distant providers cannot perform comprehensive physical examinations. Without completing a hands-on examination, the distant provider’s ability to offer a complete and accurate evaluation of the patient’s condition may be limited.

State legislatures are starting to take note of these telehealth-specific risks. In fact, a few states have already passed laws that require providers to obtain a patient’s informed consent before delivering telehealth services.

State Implementation of Telehealth-Specific Consent Laws

To date, state approaches to telehealth-specific consent laws have varied. For example, in Nebraska, telehealth providers must obtain patients’ written informed consent prior to an initial telehealth consultation. Conversely, under both California and Arizona law, a patient’s verbal consent to the use of telehealth care satisfies the statutory informed consent requirement. In Texas, telehealth providers are required to obtain patients’ informed consent prior to delivering telehealth services, but the relevant statute does not specify the required form of the consent. In at least one state, Oklahoma, legislators have gone above and beyond simply requiring informed consent for telehealth services. The Oklahoma telehealth statute establishes a detailed consent framework, laying out the specific types of information that telehealth providers must give to patients.

Although telehealth-specific consent laws are currently confined to only a small minority of states, all telehealth providers should take heed. No matter the jurisdiction, failure to properly obtain a patient’s informed consent before initiating telehealth services can increase a provider’s risk of facing consent-based negligence claims (an explanation of the elements of an informed consent claim can be found here).

Mitigating the Risk of Consent-Based Claims

To prepare for the possibility of facing a consent-based claim (which will often accompany a medical malpractice claim), telehealth providers may consider incorporating a more thorough informed consent process into their overall risk mitigation strategy. For example, providers can improve their documentation of the informed consent process by drafting a telehealth consent form, or a telehealth addendum to a more traditional consent form that they might already use. While some providers, such as those practicing in Oklahoma, may need to adhere to specific state requirements regarding the content of these telehealth-specific forms, there are several general categories of information that all providers may consider including, such as:

  • Language introducing and explaining the telehealth process in a way that patients can easily understand;
  • Description of the expected risks and benefits of telehealth services; and
  • Other information necessary for the patient to have a complete understanding of the telehealth process (i.e., available alternatives, referral information for a local provider, etc.).

Although telehealth providers cannot possibly avoid all practice risks, they can limit their exposure by taking a proactive approach to the informed consent process. Key aspects of such an approach are likely to include disclosure of all material facts necessary for patients to make an informed decision about moving forward with telehealth care and careful documentation of the consent process. From a risk standpoint, providers who take these steps will be well positioned to adapt to emerging new technologies and the continuously expanding scope of services being offered via telehealth.

Tags: consent-based claim, risk, Security, state privacy law, technology, Telehealth, Telemedicine
Back to Health Law Advisor Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.