By Jennifer Schoenthal and Kyle Laudadio, healthcare underwriters at Beazley |
Early last year, when confronted with the COVID-19 global health emergency, healthcare providers had to pivot to offering services virtually, which for many, meant using new or unfamiliar technology under challenging circumstances.
This transformation placed huge demands on human and technological resources in the health sector. Technology providers that build or manage the platforms had to ensure systems were robust and secure enough to maintain service levels while facing a massive amount of new demand from health providers and patients.
Governments and regulators too understood that less restrictive interim measures would be needed to help critical healthcare services evolve, respond more quickly, and go virtual where necessary.
Responsive rulemaking
Fortunately, at a relatively early stage in the pandemic, U.S. regulators amended rules and issued statements aimed at supporting the move to digital health delivery, effectively as part of the emergency response.
Among the various stages, in March, was the waiver of licensing restrictions on inter-state virtual care provision by the Department for Health and Human Services (HHS) [i] to facilitate greater availability of online care.
The department also stated enforcement action would not be taken for non-compliance with HIPAA telehealth platform requirements where there has been a good faith effort to provide telehealth.[ii] In fact, the HHS even published a list of vendors that provide HIPAA-compliant video communication products: Vendors.
While we are hopeful that some of these changes will outlast the pandemic, we all need to be prepared that other rules are likely to be reinstated and return to the pre-pandemic stricter standards. This nuanced approach was demonstrated in a report published in September by The National Committee for Quality Assurance (NCQA), which, while recommending permanently lifting geographic restrictions, called for the full reinstatement of HIPAA enforcement.[iii]
While supportive of the digital health sector, the measures taken highlight the challenge to providers to stay on top of their “digital hygiene” in such a rapidly evolving and still heavily regulated risk environment.
Assessing and addressing risk factors upfront helps avoid falling foul of regulations and reduces the likelihood of claims or litigation down the line. Here are some of our learnings from 2020:
Training
At the start of the crisis, employees had to familiarize themselves quickly with new technologies and methods of care. Formal training often had to happen on the go and some non-related training went on hold to cope with the crisis. With vaccines now offering the promise of a slowdown and eventual end to pandemic, we are hopeful that medical professionals will soon have opportunity to reinstate formal training to help ensure the level of care is maintained and defend against avoidable risk exposures.
The shift to virtual care also raises another issue around availability of training more broadly, especially for healthcare practitioners who are new to the job. With so much practical experience delivered online, organizations need to be certain the training is sufficient and addresses any deficit caused by the lack of direct patient contact.
A strong focus on developing a “web-side manner” has recognized that delivering effective care and patient engagement remotely requires different approaches to in-person treatment. This involves honing softer skills such as reading body language in a virtual setting, as well as identifying whether a patient’s condition should continue to be treated remotely or intervening if data or technology does not perform accurately.
Training to ensure professionals have a robust approach to obtaining and recording informed consent is also essential for virtual consultations. Where a patient is not physically present to sign consent documentation in accordance with established practice, staff need to understand the process around online consent, and identify and eradicate inconsistencies.
Liability risk
This shift in care delivery and the prospect of a significant volume of healthcare being provided remotely long after the pandemic unfortunately creates new liability risks. As well as the care aspect, a reduction in training may be used by plaintiff lawyers to undermine the quality of a practitioner’s care provision.
There have already been incidents of plaintiffs’ lawyers contending that a remote consultation was not an appropriate setting and that the standard of care was not met. Litigation in this area is likely to increase as lawyers on all sides seek to establish the parameters of the use of virtual care.
Privacy and security
The virtual environment benefits significantly from the creation, analysis and sharing of data, but it also introduces a new dynamic around patient privacy and confidentiality. The vast majority of patients will be receiving care in their homes. Staff therefore need to ensure they do not breach a client’s confidentiality by providing advice with others present or allowing any other unauthorized access to consultations or records.
While data privacy and security have long been front of mind for healthcare providers and those supporting their systems, the adoption of virtual care on a wider scale introduces many more risks to manage. As wearable technologies become more embedded in ongoing care, both physician-led and patient-led, considerably higher volumes of sensitive patient data are shared and stored. Failure to assess and manage a data loss or breach risks jeopardizing a provider’s reputation, customer confidence and patient care.
Risk awareness
The task facing providers during the crisis has been two-fold for digital health providers. First, managing a smooth and effective shift to virtual care and adjusting to emergency alterations to the regulatory environment.
Second, addressing the interconnected risks that this shift online has created: From data privacy and security, staff training and awareness through to being vigilant about which emergency regulatory changes will persist beyond the pandemic, and which will return to “normal.”
In this environment, allegations of inadequacies or failures of remote care will emerge and move quickly to the courts in 2021. Taking steps we have learned to maintain digital hygiene under pressure in 2020 will go a long way to helping providers ensure that patients and their own organizations are protected as virtual care now evolves on a much larger scale.
Sources:
[i] https://www.phe.gov/emergency/news/healthactions/section1135/Pages/covid19-13March20.aspx
[ii] https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html
[iii] https://www.ncqa.org/programs/data-and-information-technology/telehealth/taskforce-on-telehealth-policy/