August 2000 Bulletin

Answering e-mail may be risky Giving more than general medical information may be a legal problem

By Kristin Olds Glavin

How many times have you, as a practicing orthopaedic surgeon, received an e-mail asking you to respond to a medical question? Do you respond auto- matically, evaluate who the sender is and what type of question is being asked or hit the "delete" key?

Hopefully, your answer is that you evaluate the sender and the question. While many practitioners find e-mail and the Internet to be an easy way to find and respond to queries, there are a host of legal issues that the physician Internet user needs to be aware of before engaging in "telemedicine."

Telemedicine use

Despite the overwhelming number of medical sites and offerings, there are essentially three types of medical services offered and requested over the Internet right now:

1. General medical information.
2. Referrals (includes advertisements).
3. Medical advice – based upon patient data the user provides.

While the first two categories are subject to some laws and regulations, such as Federal Trade Commission oversight and state consumer protection laws, it is the third category that triggers most of the legal hurdles. Because of these hurdles, telemedicine has flourished internationally, but has operated on a more limited basis in the United States. In this country, telemedicine is conducted mostly in academic medical centers/hospital-based networks for patient consultations, primarily in the fields of radiology, mental health, cardiology and ophthalmology.

The baseline question to ask, in trying to determine whether a service falls into this third category, is: "Is the service a form of medical practice?"

If your answer is yes—i.e., you are giving more than general medical
information, your practice information or outside references for more specific information—then you are exposing yourself to a myriad of potential legal risks. Because of this "great unknown" element, many physicians choose to respond to queries over the Internet by providing only general information along with their office information, or by limiting specific medical advice to established patients.

What are the risks?

Review of specific patient data over the Internet, even minimal or insufficient data, and any recommendation based on that data would likely be found to constitute a medical consultation, which exposes the physician to liability on several fronts. This interaction can be enough to legally establish a physician-patient relationship; there is no requirement that the physician formally accept the Internet user as a patient or that any compensation is provided to the practitioner. This type of medical advice is viewed similarly to advice given by on-call specialists; the physician-patient relationship is often implied and liability attaches if the physician is negligent.

Additional legal concerns that need to be considered if medical advice is to be provided include:

Medical licensure. Where does the Internet user reside? Where is the physician licensed to practice medicine? The state in which the user resides will usually be the place where any medical malpractice is assessed and any lawsuit filed, i.e., is the physician licensed to practice medicine in that state? Does the physician’s advice fall into any statutory telemedicine exemption? Does the physician’s advice meet the standard of care in that patient’s region/state?

Specific informed consent. Does the physician have the Internet user’s consent to transmit personal medical information over the Internet? This can be a basis for a state law privacy action and probably will fall under the proposed federal privacy/confidentiality regulations, expected to be final in the next year.

Medical malpractice insurance. Professional liability insurance policies do not cover unlicensed medical practice and may also have territorial boundaries.

Errors in use of regulation of technology. If medical information or advice is incorrectly transmitted and an adverse medical outcome results, liability can be assessed against the provider. The Food and Drug Administration may also regulate devices used in telemedicine activities, such as imaging devices that are subject to medical device regulatory authority. So if you are contemplating a full-scale telemedicine practice, you should consider the additional regulatory and cost burden.

Privacy/confidentiality. Patient medical data is protected under state law, under the federal Constitution and under the Health Insurance Portability and Accountability Act (HIPAA) and its privacy regulations that will be finalized in the next year. The proposed regulations, which received over 50,000 formal comments, contain strict requirements for the transmittal of patient data over the Internet. Internet abuses and the potential for hacking, especially in e-mail transmittals that may contain confidential patient data, are very real possibilities that could result in physician liability. Currently, 37 states impose criminal penalties for violation of state medical privacy statutes.

Federal anti-kickback restrictions. The nature of telemedicine referrals, where referrals typically come through a "hub" and fee-splitting is involved, bump up against these federal prohibitions and can result in substantial fines, penalties, and loss of Medicare provider status.

Reimbursement. Current Medicare regulations disfavor the practice of telemedicine, despite the potential cost savings of this method of practice. The Medicare Demonstration Project set up by the Department of Health and Human Services for telemedicine is very limited in the scope of what is reimbursable. Certain federal/state programs and some health plans have prohibitions on when enrollees can be directly charged by the provider; legal liability and other penalties can be assessed if the telemedicine practitioner is unaware of these restrictions and sends a bill to the patient.

How should the physician respond?

If you decide that you want to respond to specific medical questions only from your patients, there are still several issues to consider, including:

1. Make sure that your patients are comfortable with, and have signed any necessary release for, discussion of their private medical information via e-mail (informed consent). E-mail may not be secure and in the course of answering your patient’s specific question, you are probably writing about their medical conditions.
2. Make sure that your patients know that any emergency should not be handled via an Internet query. It may be a good idea to post a notice on your web site and in your office that patients should not expect an e-mail response from you for 24 hours and that any emergency or immediate issue should be handled by a phone call.
3. Make sure that you keep copies of all questions and answers to medical questions in the patient’s medical record. An adverse medical result stemming from your response to a question containing insufficient information from the patient may be the basis of a malpractice lawsuit.
4. Assure that your patients are aware of the potential for technology failures. Instruct them to follow up with a phone call to your office if they do not receive a response to their Internet query.
5. Stay on top of any state and federal requirements for medical record confidentiality. Imminent federal regulations may make telemedicine so burdensome that physicians will be deterred.
6. Be careful about charging for medical advice you give via e-mail; make sure that any charges are consistent with statutory and health plan requirements.

This article is not intended to provide legal advice. You should consult your own legal advisor for legal information.