Legal and Regulatory Compliance

Legal Concerns in Telemedicine

February 15, 2017 11:34 am

A telemedicine provider must comply with the licensure laws and regulations of the state in which the patient is located.

It is undeniable that telemedicine can improve access to care and clinical outcomes, especially for persons in remote areas or distant from a needed specialist. It reduces cost, provides 24/7 coverage for certain conditions, and gets high patient satisfaction scores.

Although telemedicine provides numerous benefits, it also presents some legal and regulatory challenges. For example, definitions of telemedicine vary from one state to another and even at the federal level. Medicare regulations consider telemedicine to be the provision of services using “multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner.” The definition excludes telephone calls and use of fax machines or e-mail. (42 C.F.R. § 410.78.) A much more detailed and restrictive definition is given for purposes of prescribing in the federal Controlled Substances Act. (21 U.S.C. § 802(54).) Medicare pays for telemedicine services but uses the term “telehealth services.” (Social Security Act § 1834(m) [42 U.S.C. § 1395m(m)].)

Three Categories of Legal and Regulatory Concerns

Definitional issues aside, legal and regulatory concerns can be grouped under three main categories, and there are a few minor topics to be aware of as well.

Licensure laws. Just as “home is where the heart is,” healthcare is where the patient is. Thus, a telemedicine provider must comply with the licensure laws and regulations of the state in which the patient is located. Because the laws vary from state to state, telemedicine is now the most important medical regulatory topic for the Federation of State Medical Boards (FSMB). The FSMB “Telemedicine Policies” document says 48 state boards plus the boards of the District of Columbia, Puerto Rico, and the Virgin Islands require telemedicine physicians to be licensed when treating patients in their jurisdiction. Fifteen states issue a special purpose license or certificate to do so, and four merely require physicians to register.

See related tool: State Laws and Reimbursement Policies for Telehealth

There are exceptions even to these rules, the most common being for physician-to-physician consults, residency programs, medical emergencies, and natural disasters. This variety of licensure laws is concerning enough that the FSMB has drafted model language for states to create an Interstate Medical Licensure Compact to make it easier for specialists to practice across state lines (Showalter, J.S., “Interstate Compact Eases Licensure, Improves Quality of Care,” Legal & Regulatory Forum, July 2016).

Hospital legal counsel, compliance officers, and medical staff services departments must ensure that to the extent patients are receiving telemedicine services or hospital personnel are providing them, the providers are properly licensed in the state where the patient is located.

Privileges and credentials. Closely related to licensure questions are those associated with the privileges and credentials of physicians who deliver care through telemedicine. A hospital customarily grants privileges only after a practitioner’s qualifications have been thoroughly vetted by hospital staff. Thus, the practitioner would need to hold privileges in both the home hospital and the distant site to which the services are being delivered, obviously a cumbersome and expensive proposition.

Recognizing the need to streamline the process, in 2011 Medicare issued a rule— Medicare Conditions of Participation, 42 C.F.R. Part 482 for Hospitals and Part 485 for critical access hospitals—intended “to ensure that patients in rural or remote areas will continue to receive the most cutting-edge medical care.” Under the rule, a hospital that furnishes telemedicine services to its patients via an agreement with a “distant” hospital—usually a larger medical center or telemedicine entity—may rely upon information furnished by that distant entity when making its own credentialing and privileging decisions.

This rule helps settle Medicare coverage issues, but it does not resolve state regulatory concerns. Hospital counsel and compliance officers must ensure that practitioners are properly licensed, privileged, and credentialed when telemedicine is being delivered.

Confidentiality, privacy, and security. Traditional confidentiality laws and HIPAA’s privacy and security standards clearly apply to telemedicine services, as they do to any patient encounter, thus these issues are not necessarily different in telemedicine. What may be different is the increased risk of security breaches due to remote access and the greater number of people (e.g., IT personnel) who may have access to the technology and the protected health information it contains. Compliance officers, information security officers, risk managers, and legal counsel must be vigilant to ensure the security of the online network used for telemedicine services. This must become a regular area of inquiry in the ongoing risk assessment process.

Other Important Issues

The following are some other topics that healthcare compliance leaders should be aware of. They are not unique to telemedicine, but they must not be overlooked.

Medical malpractice and liability . Coverage varies from one insurer to another and from state to state. For example, some plans only cover telemedicine when it is provided within the state in which the physician is licensed. Each policy’s terms must be reviewed carefully.

FDA and state prescribing regulations. Under federal law there are specific limitations on when controlled substances may be prescribed by telemedicine (see definitions of telemedicine provided earlier). These rules must be followed and state medical and pharmacy board rules must be adhered to as well.

Informed consent. Some states require a special informed consent for telemedicine. This information may be found in statute, regulation, or state Medicaid policies. The Telehealth Resource Center website is a possible resource for this information.

Miscellaneous federal laws and agencies. The following regulatory areas can also be implicated by telemedicine and must be kept in mind:

  • The Federal Communications Commission regulates mobile medical apps.
  • The Federal Trade Commission and the Department of Justice enforce the antitrust laws.
  • Federal fraud and abuse laws—such as the anti-kickback statute and the Stark Self-Referral laws—are enforced by various agencies.
  • The Health Information Technology for Economic and Clinical Health Act (HITECH) and the Medicare Electronic Health Record Incentive Program fall under the Department of Health and Human Services.

More Telemedicine in the Future

Although definitive studies have not been published, anecdotal evidence suggests that telemedicine provides greater patient access, reduces cost, and improves patient satisfaction scores. Reimbursement rules are aligning with consumer demand, and the number of payers expanding coverage seems to be on the increase. All these factors augur for future expansion of the field of telemedicine.

J. Stuart Showalter, JD, MFS, is a contributing editor for HFMA.

Telemedicine Resources:


googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text1' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text2' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text3' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text4' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text5' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text6' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text7' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-leaderboard' ); } );