Before initiating treatment, health care providers must generally obtain their patients’ informed consent. The purpose of the informed consent process is two-fold. First, it allows patients to gain an understanding of the risks and benefits of the proposed treatment, and alternative courses of action. Second, it helps shield providers from legal exposure.

A formal informed consent process is particularly critical for procedures that carry a high risk of patient injury. When considering such “high-risk” procedures, neurosurgery or radiation therapy may come to mind. However, in the practice of telehealth, reliance on imperfect technological tools, as well as the “distance” factor, can propel otherwise routine treatments into a higher risk category.

The Risks of Telehealth Practice

One important telehealth-specific risk is the possibility of technological hiccups and failures. Computers, tablets, cell phones, web cameras, and electronic health records represent just a sampling of the technology-based tools used by telehealth providers. While these technologies can improve and advance patient care, they can also falter, impairing the medical evaluation and treatment process and threatening patient safety. For example, transmission errors can occur when telehealth providers receive patient data electronically (such data may include patient records, x-rays, and medical device print-outs). These errors can delay patient treatment and even give rise to dangerous misdiagnoses.

Beyond transmission errors, the remote nature of telehealth practice can create additional risks. For instance, a patient being evaluated by a distant, off-site provider may not be able to tell who is present in the room at the distant provider’s site (i.e., medical or non-medical personnel may be present and within listening distance, but not captured by the camera’s view). This is a clear privacy concern for patients, who may not want such “hidden” third parties to have access to their personal health information.

The remote nature of telehealth practice can also increase patient risk because distant providers cannot perform comprehensive physical examinations. Without completing a hands-on examination, the distant provider’s ability to offer a complete and accurate evaluation of the patient’s condition may be limited.

State legislatures are starting to take note of these telehealth-specific risks. In fact, a few states have already passed laws that require providers to obtain a patient’s informed consent before delivering telehealth services.

State Implementation of Telehealth-Specific Consent Laws

To date, state approaches to telehealth-specific consent laws have varied. For example, in Nebraska, telehealth providers must obtain patients’ written informed consent prior to an initial telehealth consultation. Conversely, under both California and Arizona law, a patient’s verbal consent to the use of telehealth care satisfies the statutory informed consent requirement. In Texas, telehealth providers are required to obtain patients’ informed consent prior to delivering telehealth services, but the relevant statute does not specify the required form of the consent. In at least one state, Oklahoma, legislators have gone above and beyond simply requiring informed consent for telehealth services. The Oklahoma telehealth statute establishes a detailed consent framework, laying out the specific types of information that telehealth providers must give to patients.

Although telehealth-specific consent laws are currently confined to only a small minority of states, all telehealth providers should take heed. No matter the jurisdiction, failure to properly obtain a patient’s informed consent before initiating telehealth services can increase a provider’s risk of facing consent-based negligence claims (an explanation of the elements of an informed consent claim can be found here).

Mitigating the Risk of Consent-Based Claims

To prepare for the possibility of facing a consent-based claim (which will often accompany a medical malpractice claim), telehealth providers may consider incorporating a more thorough informed consent process into their overall risk mitigation strategy. For example, providers can improve their documentation of the informed consent process by drafting a telehealth consent form, or a telehealth addendum to a more traditional consent form that they might already use. While some providers, such as those practicing in Oklahoma, may need to adhere to specific state requirements regarding the content of these telehealth-specific forms, there are several general categories of information that all providers may consider including, such as:

  • Language introducing and explaining the telehealth process in a way that patients can easily understand;
  • Description of the expected risks and benefits of telehealth services; and
  • Other information necessary for the patient to have a complete understanding of the telehealth process (i.e., available alternatives, referral information for a local provider, etc.).

Although telehealth providers cannot possibly avoid all practice risks, they can limit their exposure by taking a proactive approach to the informed consent process. Key aspects of such an approach are likely to include disclosure of all material facts necessary for patients to make an informed decision about moving forward with telehealth care and careful documentation of the consent process. From a risk standpoint, providers who take these steps will be well positioned to adapt to emerging new technologies and the continuously expanding scope of services being offered via telehealth.