By Jay Lechtman, Senior Director of Strategy and Innovation, Healthcare, Riskonnect
In a world defined by social distancing, telemedicine is now an indispensable form of healthcare delivery. Providing care virtually can broaden access, reduce costs, and save time – but it’s not without risk.
While the ability to meet virtually with medical professionals is not new, the pandemic has significantly accelerated its adoption by providers and patients alike. Indeed, the percentage of American adults who have tried these services has doubled since the start of the coronavirus outbreak. In fact, some platforms are reporting a 158% increase in users since January. While the uptick in telemedicine generally is a positive development, it also opens up healthcare provider organizations to increased risk – especially for those running programs for the first time or at a volume substantially higher than in the past.
Business Risks of Telemedicine
Since providers can’t physically examine patients during virtual medical appointments, it’s harder to carry out a standard of care. The possibility of misdiagnosis, which already impacts 12 million U.S. adults per year, rises with greater use of telehealth services. And while Medicare and other insurance programs have expanded coverage and reimbursement for telehealth services, the line is blurrier for professional liability insurance carriers, which adds financial vulnerability and uncertainty for providers. And it’s unclear whether temporary Medicare changes will be made permanent or what will be required (e.g., Congressional action) to make that happen.
Telemedicine also raises unique HIPAA compliance dynamics. To limit COVID-19 exposure and ensure continuity of care, the U.S. Department of Health and Human Services waived many HIPAA privacy penalties for covered entities that act in good faith to deliver telemedicine services during the public-health emergency. But waived fines do not mean the law is completely suspended. Healthcare organizations and practitioners still need to obey the rules and take reasonable precautions to protect personal health information (PHI).
Four Ways to Mitigate Risks of Telehealth Services
Well-run telehealth offerings enable healthcare organizations to provide patient care and bring in new (or maintain existing) revenue while mitigating risk. Here are four areas healthcare organizations should prioritize when building and growing telehealth programs:
- Protect your data with third parties.
Thoroughly vet and regularly monitor every third party that has access to PHI or that handles any part of your telehealth practice, including your telehealth platform provider. Make sure the technology you choose is HIPAA compliant. Ask tough questions around security updates, privacy protections, and encryptions – and understand what the vendor is doing to stay on top of evolving threats and adhere to relevant mandates. It’s up to risk, compliance, and security leaders to verify that PHI is protected and notify patients of potential privacy risks when using telehealth platforms.
- Ensure providers can identify and address the risks that lead to medical errors.
With misdiagnosis claims rising at a rapid rate and getting ever costlier to defend, it’s critical that healthcare organizations provide clear standards and guidance on how providers and medical staff should run video appointments.
Make sure providers understand the most commonly litigated errors and how to mitigate those risks during remote visits. Create a successful telehealth environment by aligning internally on the specialties and services that can be conducted in this format and implementing any needed changes in procedures, intake processes, and other routines. And when necessary, encourage practitioners to ask a colleague for a second opinion.
- Empower patients to own their care.
One of the best ways to avoid the risks of misdiagnosis is to engage patients and create a safe space for them to play a larger role in their own care. Make them feel comfortable by identifying and removing any underlying issues that could lead to a negative experience or hold them back from sharing information. Implement a clear and thorough follow-up process to make sure patients truly understand their diagnosis, test results, and other critical information shared during telehealth visits. This is harder to do without in-person office visits, but it is an incredibly important part of patient care and engagement.
- Go beyond the risks you know about.
Risk management is about preparing for the risks you don’t expect. And with the constant evolution of today’s healthcare landscape, organizations need to prepare for new complexities and threats they haven’t yet planned for. That’s impossible to do without a clear understanding of overall business exposure.
Centralizing access to risk information, mapping, and correlating these threats across the enterprise – and understanding their interconnectivity within the organization – helps healthcare and risk leaders discover overlapping issues that put their business at risk. Aligning all aspects of risk – human capital, health and safety, legal and compliance, technology, financial, and more – creates new visibility that helps healthcare organizations stay on top of threats as they evolve and make more informed, confident decisions that improve patient safety and care.
Telemedicine is Here to Stay
While social distancing triggered the boom in telemedicine, patient interest in these services is expected to endure beyond the pandemic. Every healthcare organization needs to look at what’s currently working and what’s not in their telemedicine programs, continually build infrastructure, and refine practices, so you’re able to keep up with growing demand for effective virtual-care offerings in a risk-aware manner.
For more on managing risks in the healthcare industry, check out our e-book, Rx for Risk: ERM in the Healthcare Industry.