Telemedicine Services: What to Know Before you Begin

Connie Christian, MBA, CPHRM
Facility Risk Management & Patient Safety Advisor

As we progress through the opening stages of COVID-19, more and more providers are moving to telemedicine to assess and treat their patients, while maintaining the infection control practices recommended by the Centers for Disease Control.

First and foremost, contact your professional liability insurance company for policy coverage specific to telemedicine. Regulations, statutes, and position papers can be found on the KAMMCO Telemedicine Resource page. Below are a few key loss prevention strategies that should be considered prior to implementing a telemedicine/e-visit service.

1. Is licensure appropriate?
Regulations are changing rapidly regarding out-of-state telemedicine medical licensure. Some states require full licensure, while others offer telemedicine-only licensure and some are silent on the issue. It is imperative to keep up-to-date on the regulations of the state(s) you are considering offering telemedicine services.
a. Are patients asked where they are located?
b. Has licensure been verified for patient locations?
c. Are there local prescribing rules?
d. Has the credentialing process been included in the plan?


2. Will a patient-provider relationship be created?
Definitions differ at the state level as to when a patient provider relationship is created. Researching the distant site state(s) standards will be necessary to determine if there is a duty to treat under the standard of care.
a. Is there a patient/provider relationship?
b. If no patient/provider relationship has been created, is that clear to the patient?
c. Is the patient educated on continuity of care?
d. Are protocols in place for tracking orders and follow up plans?


3. Are patients and conditions appropriate for telemedicine/e-visits?
Not all patients and conditions are appropriate for the telemedicine/e-visit environment or for a specific provider or group’s specialty. Realistic patient selection will provide the best experience for both the patient and the provider.
a. Are standards in place for patient selection?
b. Are guidelines in place for appropriate conditions?
c. Is a policy in place to terminate a visit outside the provider’s telemedicine expertise or comfort level?
d. Is there a plan for emergencies?


4. Is special consent required for telemedicine/e-visits?
Prior to seeing a patient via telemedicine/e-visit it is important that certain issues are presented, including the provider’s name and credentials along with any team members, a description of the service to be provided, privacy and security risks and safeguards, and technical failure risks and plans. The patient must agree that the provider determines if the care will be appropriate for telemedicine/e-visit. The provider should address: the risks versus benefits of telemedicine/e-visit care, a plan for ongoing care or referrals, and what types of transmissions will be permitted (education, scheduling, prescriptions and/or refills).
a. How will consent be conveyed and documented (conversation, form, note)?
b. Does the telemedicine vendor have samples or preferred method?
c. Are contingency plans for outages shared with patients?
d. Are expectations managed regarding what care can be accomplished remotely?


5. Does the physical environment suit a telemedicine/e-visit?
Dedicated time and space for telemedicine/e-visits will allow the provider appropriate ability to communicate and treat a patient as they would in person. Likewise, the patient should be encouraged to be in a well-lit, private place with minimal disruptions.
a. Is a safe space available?
b. Can both parties see, hear, and understand each other?
c. Does the provider have access to tools and records necessary to treat the patient?
d. Does the healthcare provider and team look professional?
e. Is the healthcare provider and team conveying empathy and compassion?


6. Is privacy and security being protected?
HIPAA states, “the provider must protect confidentiality, integrity and security of information regardless of the platform or device.”1
a. Is a trusted platform being used?
b. Do vendor agreements cover HIPAA and HITECH?
c. Have the provider and staff been trained appropriately?
d. Has a cyber risk assessment been performed and documented?
e. Is there a plan in place for a breach?
f. Are adequate encryption, passwords, etc… used on all devices?
g. How are records stored and protected?


7. What is documented in the telemedicine/e-visit medical record?
The patient medical record should include the same elements as an in-person medical record including items that were relied upon to make decisions, treatment recommendations and support for billing. Items specific to telemedicine/e-visits would include mode of service delivery, where the patient was located, time stamps if in multiple time zones, others in attendance with the patient, and if any technical difficulties were encountered.
a. Are standards developed for record keeping?
b. Is access available to records when providers need access?
c. Do the records follow care plans?
d. Are technical difficulties documented?
e. Are patients made aware of how to access their records?


For more information on Telemedicine, rules, regulations and guidance please see the links below:

American Telemedicine Association (ATA)

Federation of State Medical Boards (FSMB)

Center for Connected Health Policy

Telehealth Resource Center

This document should not be interpreted as medical or legal advice. Because the facts pertaining to your situation may fluctuate, or the laws in your jurisdiction might vary, please contact your attorney if you have questions related to your legal or medical obligations or rights, state or federal laws, contract interpretation, or other legal questions​.

2 Strategies provided in this article are adapted from ASHRM Annual Conference program provided by Emily Clegg, JD, MBA, Senior Risk and Patient