A clean bill of digital health: Managing risk hygiene factors
Beazley underwriters Jennifer Schoenthal and Kyle Laudadio explain why maintaining a clean bill of digital health helps manage exposures to unexpected liability risks and ensure treatment occurs in a safe, secure and regulated remote environment.
Confronted with a global health emergency and a poorly understood novel virus, healthcare providers in early 2020 had to pivot to offering services virtually, using new or unfamiliar technology in challenging circumstances.
Such a transformation placed huge demands on human and technological resources in the health sector. Technology providers that build or manage the platforms also had to ensure systems were robust and secure enough to maintain service levels amid mounting demand from health providers and patients.
To make certain patients still receive the care they need while hospitals dealt with the virus, it wasn’t only health and tech providers that had to adapt. Governments and regulators have introduced less restrictive interim measures to help services evolve, respond quicker and go virtual where necessary.
At a relatively early stage in the pandemic, regulators amended rules and issued statements aimed at supporting the move to digital health delivery, effectively as part of the emergency response.
Among the various stages was the waiver of licensing restrictions on inter-state virtual care provision by the Department for Health and Human Services[i] to facilitate greater availability of online care. The department also stated enforcement action would not be taken for non-compliance with HIPAA telehealth platform requirements where there has been a good faith effort to provide telehealth.[ii]
And while some of the changes may outlast the pandemic, other rules are likely to be reinstated and return to the pre-pandemic regime. This nuanced approach was demonstrated in the recently published government and industry-backed Taskforce on Telehealth Policy report, which, while recommending permanently lifting geographic restrictions, also called for the full reinstatement of HIPAA enforcement.[iii]
While supportive of the digital health sector, the measures highlight the challenge to providers to stay on top of their digital hygiene in such a rapidly evolving and heavily regulated risk environment.
Assessing and addressing risk factors upfront helps avoid falling foul of regulations and reduces the likelihood of claims or litigation down the line. Here are some factors to consider when improving digital hygiene.
At the start of the crisis, employees had to familiarize themselves quickly with new technologies and methods of care. Formal training often had to happen on the go and some non-related training went on hold to cope with the crisis. With the initial emergency having slightly eased, this is an opportunity to reinstate formal training to help ensure the level of care is maintained and helps defend against avoidable risk exposures.
The shift to virtual care also raises another issue around availability of training more broadly, especially for health professionals new to the job. With so much practical experience delivered online, organizations need to be certain the training is sufficient and addresses any deficit caused by the lack of direct patient contact.
A strong focus on developing a “webside manner” has recognized that delivering effective care and patient engagement remotely requires different approaches to in-person treatment. This involves honing softer skills such as reading body language in a virtual setting, as well as identifying whether a patient’s condition should continue to be treated remotely or intervening if data or technology does not perform accurately.
Training to ensure professionals have a robust approach to obtaining and recording informed consent is also essential for virtual consultations. Where a patient is not physically present to sign consent documentation in accordance with established practice, staff need to understand the process around online consent, and identify and eradicate inconsistencies.
This shift in care delivery and the prospect of a significant volume of healthcare being provided remotely beyond the pandemic opens up new liability risks. As well as the care aspect, a reduction in training may be used by plaintiff lawyers to undermine the quality of a practitioner’s care provision.
There have already been incidents of plaintiffs’ lawyers contending that a remote consultation was not an appropriate setting and that the standard of care was not met. Litigation in this area is likely to increase as lawyers on all sides seek to establish the parameters of the use of virtual care. It is therefore crucial to maintain clear and consistent records of online treatment, in the same way as for in person care.
Privacy and security
The virtual environment benefits significantly from the creation, analysis and sharing of data, but it also introduces a new dynamic around patient privacy and confidentiality. The vast majority of patients will be receiving care in their homes. Staff therefore need to ensure they do not breach a client’s confidentiality by providing advice with others present, or allowing any other unauthorized access to consultations or records.
While data privacy and security have long been front of mind for healthcare providers and those supporting their systems, the adoption of virtual care on a wider scale introduces many more risks to manage. As wearable technologies become more embedded in ongoing care, both physician-led and patient-led, considerably higher volumes of sensitive patient data are shared and stored. Failure to assess and manage a data loss or breach risks jeopardizing a provider’s reputation, customer confidence and patient care.
The task facing providers during the crisis has been two-fold for digital health providers. First, managing a smooth and effective shift to virtual care and adjusting to emergency alterations to the regulatory environment.
Second, address the interconnected risks that this shift online has created: From data privacy and security, staff training and awareness through to being vigilant about which emergency regulatory changes will persist beyond the pandemic, and which will return to ‘normal’.
In this environment, allegations of inadequacies or failures of remote care are emerging and can quickly move to the courts. Taking steps to ensure digital hygiene factors are maintained under pressure can help providers ensure patients are protected and support the long-term health of their organization.
About the author:
Jennifer joined Beazley in October 2013 as an Underwriter for the Miscellaneous Medical team.
About the author:
Kyle joined Beazley in January 2017 as an underwriter on our Private Enterprise team, specializing in Miscellaneous Medical risks. He previously underwrote small non-profit business at United States Liability Insurance and mid-market/large healthcare accounts at AIG.