SECTION II POLICY ISSUES

A. REIMBURSEMENT

IMPEDIMENTS TO REIMBURSEMENT
Cost
COVERAGE POLICY
Medical and Medicaid
Managed Care
Payment Issues in California
Division of Wokers's Compensation
RECOMMENDATIONS

B. PHYSICIAN LICENSURE

PRACTICE
CURRENT LICENSURE REQUIREMENTS
POTENTIAL SOLUTIONS
RECOMMENDATIONS

C. PRIVACY AND CONFIDENTIALITY

CONCERNS UNIQUE TO TELEMEDICINE
CONCERNS RELATED TO ELECTRONIC RECORD KEEPING
LIABILITY FOR TELEMEDICINE PARTICIPANTS
PROTECTION UNDER CALIFORNIA LAW FOR INTRASTATE TELEMEDICINE
INADEQUATE PROTECTION UNDER OTHER STATES' LAWS
INADEQUATE PRIVACY PROTECTION UNDER FEDERAL LAW
SOLUTIONS AND PROTECTIVE MEASURES
ADMINISTRATIVE AND PROCEDURAL PROTECTIVE MEASURES
TECHNICAL PROTECTIVE MEASURES
LEGAL STANDARDS FOR TELEMEDICINE PRACTIONERS

D. MEDICAL LIABILITY

POLICIES OF CALIFORNIA MEDICAL MALPRACTICE INSURANCE CARRIERS
LEGAL STANDARDS
JURISDICTION
TECHNOLOGY CONCERNS
RECOMMENDATIONS
AUTHORIZATION AND CONSENT FORM

E. ACCESS TO CARE

CONCERNS RAISED BY TELEMEDICINE
CALIFORNIA REGULATORY REQUIREMENTS
RECOMMENDATIONS

F. CREDENTIALING

CONCERNS RAISED BY TELEMEDICINE
CALIFORNIA CREDENTIALING REQUIREMENTS
JCAHO INFORMAL POSITION
RECOMMENDATIONS





Section II
POLICY ISSUES

A. REIMBURSEMENT

Reimbursement for telemedicine has long been a major topic of discussion among policy makers in Washington, D.C. In the last year, numerous hearings and meetings have been held, reports written, legislative bills introduced and a federal Joint Working Group on Telemedicine organized to better coordinate funding and bring harmony among the federal agencies providing assistance for developing telemedical capability. However, aside from the federal government providing grants to stimulate the development of telemedicine, there has been no federal leadership on the key policy issues which inhibit the development of telemedicine, especially reimbursement.

In the past three or four years, the federal government has assisted the development and growth of telemedicine through federal grants to providers throughout the United States. The projects that emerged as a result of these grants are expected to generate more information about the technology and to acquire sufficient data with which to craft reimbursement policies and regulations for Medicare and Medicaid. A large number of these federally funded grant programs are found in the eastern and mid-western regions of the country; only a minor portion of federal funds for telemedicine program development reached California. It remains unclear why California has fared so poorly in getting federal assistance for these projects.

The vast majority of projects started prior to 1986 failed, while many others funded in the past several years have struggled to survive for a variety of reasons, including: poor planning, lack of a sound business plan, insufficient funding from public and private payers, expensive capital costs, lack of knowledge of the technology and its applications and, probably most importantly, inability to demonstrate a cost/benefit ratio. Also, the federally funded programs must rely on the government to sustain their efforts over the long-term in the absence of reimbursement.

To increase the opportunity for success and sustainability, federal funding agencies are now asking providers to commit more of their own funds to their projects, joint venture with other groups, and demonstrate a business oriented, "bottom line" approach to assure that they will establish themselves as self-sustaining programs rather than continuing dependence on government subsidy. Unfortunately, under current policy, this presents a true catch-22 since, without a guarantee of reimbursement for telemedical services, neither those who contribute the capital expense, who sustain the ongoing operating expenses, nor those physicians who are required to give their time for the actual telemedicine consultation are willing to commit to this technology over the long term.

Impediments to Reimbursement

In 1994, the Center for Health Policy Research (CHPR) issued a four-part report based on an in-depth study of telemedicine that it conducted for the Health Care Financing Administration (HCFA). They identified numerous questions needing to be answered but which can only be addressed through a "rigorous experimental design with treatment and control arms." Specifically, they identified HCFA's requirement for "face-to-face contact between the physicians and patients, at least for those specialties in which in-person care is a routine aspect of the practice," as the primary reason for a lack of telemedicine coverage.

The key issues impeding the decision to relax the face-to-face rule are the lack of empirical data upon which to make policy decisions and the potential for significantly increasing federal health care expenditures.

Cost

Although much anecdotal evidence exists, there is scant hard evidence that the communications technology will provide appropriate health care at a reasonable cost, despite the fact that in certain situations the cost-effectiveness of telemedicine appears obvious. Therefore, before payers and providers are willing to move on the issue, they want to know the likely economic effects of the use of telemedicine. Reimbursement policy issues are further complicated by rapid changes in equipment technology and faster communications networks which are making telemedicine capability more mobile, available for more applications, and with lower equipment costs and operational expenses.

Since the cost of providing service to rural populations is an important issue to both health care and telecommunications providers vis-à-vis the smaller population and the low volume of patients served, Congress included a special provision in the Telecommunications Reform Act of 1996 that will provide subsidies for rural health services. This should help rural regions of the country gain access to telemedicine. Section 254(h) of the Act states,

"A telecommunications carrier shall, upon receiving a bona fide request, provide telecommunications services which are necessary for the provision of health care services in a State, including instructions related to such services, to any public or nonprofit health care provider that services persons who reside in rural areas in that State at rates that are reasonably comparable to rates charged for similar services in urban areas in that State."

The Center for Telemedicine Law indicated that the "Federal Communications Commission has received only limited comments from telemedicine providers regarding the type of health care services that need to be supported." Although the comment period has lapsed, rural providers and their associations should assess the recommendations of the Special Committee on Telemedicine appointed by the Federal Communications Commission and encourage the California Public Utilities Commission to review and implement these recommendations as appropriate.

Overall, more states are becoming active in assessing the impact of telemedicine on their citizens and health providers. Some states are supporting the development of an infrastructure and acquisition of equipment by imposing new taxes or assessing fees. On the other hand, some states concerned about competition from outside practitioners or the potential for fraud have passed legislation clearly designed to protect the interests of local health providers and restrict competition. This could unfortunately isolate consumers and practitioners from outside expert assistance.

Coverage Policy

Medicare and Medicaid

Reimbursement for telemedicine services, as with all medical services, is largely influenced by the decisions and policies of the (HCFA), the federal agency that administers the Medicare and Medicaid programs. Once HCFA has established a policy for the reimbursement for a particular medical service, private insurers will, in general, follow HCFA's lead. HCFA is working toward establishing a Medicare telemedicine payment mechanism for Medicare but has not accomplished it to date. In addition, HCFA has not issued specific rules and regulations regarding reimbursement due to ongoing delays in the proposed payment plan for the demonstration project it is currently conducting. While their proposal is awaiting final approval from the Office of Management and Budget, the development of telemedicine in this country remains limited and stifled.

In contrast with past experience, some payment mechanisms are slowly developing in the public and private sector in various parts of the country. However, it will still take several years to develop and implement coherent policies due to the lack of cost/benefit data related to telemedicine, rapidly evolving technology, the diversity of payment mechanisms, and the need to develop fair and equitable models for reimbursement among the various health care providers.

In addition to previous legislative efforts requiring HCFA to establish a telemedicine payment plan, a health insurance reform bill S 1028 was recently passed by Congress and was signed by the President. This bill contains a provision requiring HCFA to "complete its ongoing study of Medicare reimbursement of all telemedicine services and submit a report to Congress on Medicare reimbursement of telemedicine services by not later than March 1, 1997." The HCFA report must include a proposal for Medicare reimbursement for telemedicine services.

On the bright side, HCFA does allow state Medicaid agencies to establish their own coverage policies for telemedicine. At least nine states currently permit reimbursement for telemedicine: Arkansas, Georgia, North Dakota, New Mexico, Montana, South Dakota, Utah, Virginia, West Virginia.

California recently passed legislation SB 1665, effective January 1, 1997, that requires private health insurance and managed care plans to integrate telemedicine into their existing reimbursement policies and procedures. The Medi-Cal Program is also required to have a reimbursement policy in place by July 1, 1997. See Figure 5, below.


Figure 5

Managed Care

The goal of capitated managed care systems is to, ideally, provide the best care to people for the lowest cost. Those who administer such programs give close attention to the bottom line and the "medical loss ratio", i.e. that portion of the premium dollar which is actually paid out for medical services. With telemedicine, a system could spread the expertise of a specialist throughout an HMO network, creating a "virtual" presence wherever that specialist is needed. The specialist and the system become more efficient by being able to eliminate non-productive "windshield time", unnecessary duplication of personnel and the need for costly facilities to house yet another group of specialists who would be needed were it not for telemedicine. All of this would likely lead to a reduction in the medical loss ratio. Managed care health plans are latecomers to the use of telemedicine but are beginning to recognize the potential it has for managing patient care in a more efficient cost-effective and caring way by "seeing" the patient where they are as the most efficient to provide medical care or health information.

There are many questions about how payment for telemedical services should be handled. Until recently, the studies and much of the literature have focused on fee-for-service payment policy rather than managed care. Although fee-for-service medicine is still the dominant model in California, it is quite clear that that is changing rapidly. There are parts of the state where, in fact, this is not the case and where managed care already dominates. Under a capitated payment mechanism for both the primary care practitioner and the specialist, where each receives a single monthly fee for each member of the health plan, the issue of payment for individual services is no longer important. However, even in California there are many rural regions of the state only mildly impacted by managed care. Consideration will need to be given as to how to address telemedicine payment issues for underserved populations and regions of the state until such time as all of these populations are moved into managed care plans as both Medicare and Medi-Cal are planning to do.

Kaiser Permanente and Allina Health Systems are leading the way among managed care providers in evaluating telehealth and telemedicine. Under a two-year grant-funded effort, Kaiser Permanente, Northern California Region is currently testing interactive technologies in order to evaluate their value for use within its health care network. Kaiser will also focus on identifying entirely new ways of delivering care and service to its health plan members and the communities in which they live. They are coordinating efforts across their corporate regions to assess the benefits of providing medical care with interactive technologies in the following service areas: ophthalmology, dermatology, orthopedics, rehabilitation medicine, home care, and long term care, with other services under consideration.

Allina Health Systems, a large managed care provider in Minnesota and Wisconsin, has joined with the Rural Health Alliance (RHA), a collaborative of rural communities in central Minnesota, to create a network. The network was initiated in May of 1995, connecting three rural and five urban sites and was created to support consultations, teleradiology, medical education, administration, and community education. The project was initially funded by a grant to the RHA and investment by Allina. Support costs are split with Allina paying for the T-1 (high bandwidth) telephone lines that create the hub center; RHA members paying for the spokes to the hub with costs divided evenly.

The insurance division of Allina reimburses specialists for consultations conducted over the network; it has also created a fund to reimburse for Medicare/Medicaid patients in the absence of HCFA's policy to do so. Early data from the program is too scant to provide for a meaningful cost/benefit analysis. However, Allina has indicated that the system is generating new referrals to the health plan and administrative savings have been demonstrated. They have also demonstrated savings in night-time coverage of rural emergency rooms through a telemedicine network, with care provided by trained nurses, rather than much more highly paid emergency physicians.

Payment Issues in California

Until recently, public and private reimbursement for telemedicine in California has been reflective of the current state of telemedicine reimbursement policy nationally, which is to say that it is limited and inconsistent. Currently, no insurers or health plans in California have developed a formal payment policy for telemedical services, although they, and many other key stakeholders are rapidly becoming aware of the need to do so. Kaiser Permanente, described above, is leading the way among managed care health plans in California in the use of telehealth and telemedicine. Other large health care plans within the state are assessing the potential of telemedicine and joint venturing with entrepreneurial physicians and medical groups in an effort to implement telemedicine where it can make a positive contribution to patient care. This issue is moot in light of the passage of SB 1665, signed into law on September 24, 1996 by Governor Pete Wilson, which requires all payers in California to integrate telemedicine into their reimbursement policies by January 1, 1997 and Medi-Cal to eliminate its face-to-face requirement by July 1, 1997.

Division of Workers' Compensation

The Division of Workers' Compensation (DWC) within the Department of Industrial Relations responded to inquiries from The Project, stating that, while the Division does not function as a payer, it does promulgate the Official Medical Fee Schedule (OMFS) based on the American Medical Association (AMA) codes for medical procedures. The OMFS contains several codes for use in obtaining reimbursement for telephone calls by physicians to patients for consultation or medical management. While there are currently no specific codes for other telemedicine services, the DWC would likely adopt such codes if they were created by the AMA. To date the AMA has taken no such action.

The potential cost savings to the statewide workers' compensation system from the use of telemedicine appear obvious, although it too must be proven. Costly long distance travel by injured workers to either treating physicians or disability evaluators could be significantly reduced. Those costs include not only the cost of travel, but also the unnecessary loss of productivity of a worker away from his or her job because of required travel. Qualified specialists, who might otherwise be unavailable to the injured worker, could be electronically transported to the local community for patient assessment or treatment recommendations. Fraud and abuse could be monitored by the case managers on a regional or statewide basis using the same telemedicine equipment.

Even though the DWC is not a payer, they do control costs through the OMFS in what has previously been a system of ever increasing expenses related to workers' compensation medical services. Those costs have been reined in during recent years by tighter control policies. If policies for telemedical services reimbursement were established at the outset and the appropriate oversight applied, there would be no more risk for abuse than exists under the present system with the added advantage of lowering costs to the overall workers' compensation bill.

In response to The Project's inquiry, the DWC also called attention to two other issues. One is the fact that Labor Code S. 3209.3 defines physician as practitioners licensed by California state law; this definition may have bearing on the use of telemedicine in workers' compensation cases. The second relates to fraud and abuse and the Industrial Medical Council promulgated regulations which address this issue by requiring minimum amounts of "face-to-face" time in the conduct of medicallegal evaluations.

Overall, the DWC indicated that they were supportive of any efforts to expand access and enhance quality of medical services for injured workers on the condition that expanded authority for the use of telemedicine be accompanied by careful attention to quality of care issues and to minimizing any fraud potential.

Recommendations

California has not concerned itself with the debate on telemedicine taking place in Congress, nor the need for HCFA to announce a payment plan for telemedicine. Telemedicine is beginning to take hold in the state and would benefit from a payment plan but it is likely that the entrepreneurial spirit of California's health care providers will set the national standard. In lieu of a national policy, California should take the following steps related to reimbursement.

Recommendation 1

As mandated in SB 1665 (Chapter 864) the Department of Health Services should develop a work program and timeline for implementing the telemedicine policies required by law and communicate them to the public by March 1, 1997.

Recommendation 2

The California Public Employees Retirement System should, through incentives, encourage health plans who provide coverage for state employees to establish a policy on telemedicine and provide coverage for telemedical services.

Recommendation 3

The Department of Corporations, the Department of Worker's Compensation and the Department of Health Services should encourage participating prepaid health care plans and health care organizations, through targeted financial incentives, to use telemedicine. Proper incentives will improve accessibility to specialist physician services in medically underserved areas of the state.

Recommendation 4

The California Medical Association (CMA) should stress to the American Medical Association the importance of modifying existing procedure codes and/or developing new procedure codes in the Official Medical Fee Schedule (OMFS) to facilitate reimbursement for telemedical services.

Recommendation 5

The California Public Utilities Commission should implement Section 254(h) of the federal Telecommunications Reform Act of 1996. The Act directs telecommunications carriers "...to provide telecommunications services which are necessary for the provision of health care services in a State...to any public or nonprofit health care provider that services persons in rural areas in that State at rates that are reasonably comparable to rates charged for similar services in urban areas in that State."

Recommendation 6

The Department of Corporations, the Department of Workers' Compensation and the Department of Health Services should each issue, after a proper review of telemedicine programs and technologies, regulations outlining the acceptable use of telemedicine by health care service plans.

B. PHYSICIAN LICENSURE

California and about one-half of the other states have a broad exemption from licensing requirements for medical "consultations." A consultation occurs when a licensed California physician seeks advice or assistance from a physician located outside of California. Section 2060 of the California Business and Professions code allows an unlimited number of such consultations as long as the outside consultant: (a) is licensed in the state or country of his or her residence, and (b) does not open an office in California, appoint a place to meet patients, or receive calls from patients within California.

Legislation recently passed by the California legislature and signed by the Governor (SB 1665) further defines the consulting relationship to assure that the outside consultant would not have the ultimate authority over the care of a patient located in California. The law is silent on the types of communication covered by the consultation exemption. Thus, consultations, including telemedical consultations, may be obtained by California licensed physicians for California patients as long as the consulting doctor is licensed in his or her state of residency. For example, a California doctor can call, write, e-mail, or telemedically consult with any doctor anywhere in the United States. This allows California doctors access to the best medical authorities regardless of their location and California license status and is clearly in the best interest of the California health care consumer. Patients in some other states are not so fortunate. In a minority of states, restrictions are placed on consultations such that routine telemedical consultations would be impossible. These states limit the number of consultations which can occur without obtaining a local medical license, or limit the number of days or months that consultations occur, or limit consultations to physicians in bordering states. Other states have eliminated the consultation exemption altogether, and require that any consultation be done only with a physician licensed by that state.

Practice

Contemporary telecommunications technology makes an entirely new form of medical care delivery possible: telemedical practice. As distinguished from consulting, interstate telemedical practice occurs when a patient in California is treated directly by a doctor from out-of-state.

Over a year ago, the Medical Board of California (MBC) became interested in the implications of telemedical practice, and appointed a committee to study this issue and make recommendations to the Board. The committee met in public four times in various locations throughout the state and co-hosted a two-day Telemedicine Symposium in September of 1995 during which nationwide telemedicine leaders addressed the committee, public, other Board members, and the State of California's legislative and executive staff. The committee also solicited the testimony of malpractice carriers, a medical records expert, and others during its deliberations. After this thorough review of the issue, the committee crafted a legislative proposal which was approved by vote of the full medical board and introduced in the California State Senate as SB 2098.

Among other things, SB 2098 allows the MBC to address the issue of licensure or registration of out-of-state telemedical practitioners. The committee determined that telemedicine technology is an emerging element in the practice of medicine and that it can provide increased access to quality medical care. However, the committee recognized that telemedical practice can be conducted outside the scope of existing peer review mechanisms and that, under present California law, the practice of medicine across state lines can create risks to efficient quality control and enforcement by the Board. The committee concluded that all medical consumers, including telemedical consumers, are entitled to protection from incompetent, negligent, and fraudulent practitioners.

In order to foster the necessary consumer protection, the MBC telemedicine committee considered many optional mechanisms for the regulation of the individuals practicing telemedicine across state lines. Two considerations tended to distinguish the various regulatory options on the dimensions of practicality and efficacy: (a) the minimum qualifications for telemedical practitioners and, (b) the state's ability to implement any discipline against a telemedical practitioner.

Current Licensure Requirements

Under current California law, an out-of-state telemedical practitioner would need to possess a full medical license in California. While this guarantees that the practitioner met California's rigorous educational and training qualifications, it limits the state's ability to enforce any adverse actions against the out-of-state licensee. For example, if the Board were to revoke, or otherwise restrict, the license of an out-of-state telepractitioner, and the practitioner were to continue to practice telemedicine into California, the only sanction available to the Board is the filing of a misdemeanor criminal complaint for unlicensed activity. Since extradition is nearly impossible on such a criminal charge, the physician could continue to practice telemedicine into California with impunity. In addition, some requirements for licensure in California may not be applicable to telemedical practice, since it does not involve hands-on care, invasive procedures, or access to narcotic and dangerous drugs.

The committee also reviewed the original version of model telemedicine regulatory language drafted by the Federation of State Medical Boards (FSMB). The FSMB model state licensure legislation would allow a physician from State A to enter State B via telecommunications without possessing a full license in State B. The FSMB proposal is a type of "physician registry" requiring physicians practicing via telemedicine to register with and be subject to action by each state's licensing board. The registration process would be less costly and cumbersome under such a system. The MBC felt that the FSMB model also lacks the ability of a state to enforce a revocation of a registrant practicing from another state's jurisdiction. In addition, it would allow any physician licensed by any state to register as a telemedical practitioner in California. The committee was concerned that the licensing standards of some other jurisdictions are insufficiently high to guarantee consumer safety, even in the limited risk atmosphere of a telemedical practice.

Potential Solutions

The MBC has proposed an amalgamation of these two approaches. The California Telepractitioner Registration Program, if enacted, would allow the Board to require that any physician practicing medicine into the state from outside California's borders have a valid registration issued by the Board. The registrant would have to meet minimum qualifications, as determined by the Board and set forth in regulations. The regulations would be drafted, heard publicly, and adopted after the passage of the enabling legislation and would be designed to screen out those applicants whose education or training were insufficient to guarantee patient safety. For example, applicants who graduated from unapproved medical schools or who were issued a license by legislative act could be denied registration. This regulatory mechanism would set a minimum threshold and, thus, complements the California Board's concerns for consumer protection.

The California proposal also reduces the difficulties of enforcement in the interstate telemedical setting. It amends the California Medical Practices Act to make it "unprofessional conduct" for a physician in California to practice telemedicine into another state without meeting the legal requirements for such practice in that state. Reciprocally, it requires that a physician registered to practice telemedicine into California be licensed in and practice in a state with a similar prohibition in that state's law. This means that a physician registered to practice telemedicine into California would have to live in a state (and hold an unrestricted medical license in that state) with a medical practice act which prohibits the physician from practicing in California (or any other state) without a valid California telemedicine registration. With this provision, the out-of-state registrant would jeopardize their home-state medical license if they continued to practice telemedicine into California after their registration were revoked. Ultimately, their home-state medical license could be revoked and, if they still continued to practice, they could be prosecuted criminally in their home-state. This "reciprocal enforcement" feature appears to be the most practical way to deter unregistered or unlicensed telemedical practice short of making such activity a federal crime. It will require amendments to the laws of many jurisdictions and, perhaps, interstate contracts for recovery of the costs of enforcement. California must encourage other states to enact similar legislation so that the benefits of the latest technology are shared with all citizens without undue impediments.

In addition, since California is likely to be an exporter of medical talent, including telemedical consultations, California policy makers should oppose local initiatives that unnecessarily burden access to other state's practitioners.

Recommendations

Recommendation 1

As mandated in SB 2098 (Chapter 902) the Medical Board of California should design a proposed physician registration program and submit it to the Legislature no later than the legislative deadline for bill introduction in 1997.

Recommendation 2

The Medical Board of California should coordinate telemedicine licensure, credentialing and reimbursement policies with neighboring states.

C. PRIVACY AND CONFIDENTIALITY

Concerns Unique to Telemedicine

In many respects, the use of telemedicine does not alter existing issues relating to the privacy and confidentiality of medical records. The fundamental concerns relating to the need to protect the confidentiality of patient information are the same whether a physician treats a patient face-to-face or through telemedicine. Even the privacy issues related to the use of video and audio tapes, the storage of still images, and the maintenance of electronic records, all of which are a part of telemedicine practice, have been identified and addressed to some extent.

What telemedicine promises to do, however, is make common the transmission of sensitive personal information to third parties and the storage of patient records in electronic form. The customary privacy and confidentiality of the medical setting cannot be guaranteed in telemedicine, because the patient's records and medical history are conveyed not only to the consulting physician, but also, by necessity, to several individuals outside the traditional medical team. The transmission procedure requires technical staff at both ends. In small communities, it is possible that the patient knows the nonmedical personnel socially, compounding the sense of loss of privacy. Thus, the nature of the doctorpatient relationship changes dramatically with telemedicine, challenging traditional concepts of privacy and confidentiality.

The ready accessibility to electronic patient information is one of the most difficult issues raised by telemedicine. The transmission of information over communication lines lends itself to electronic intrusion and exposure. Computer systems used in telemedicine must be connected to the outside world via modem and telephone, satellite or other communications that could be monitored or intercepted. Although there are a variety of low and high-tech security measures which arguably make electronic records more secure than traditional communications, no system is foolproof. The validation of that is the fact that today's methods of hard copy record management is not without vulnerability with access possible to on-site and off-site storage areas.

Patient concerns about the greater intrusiveness of video images, the presence of additional and unseen persons and the concern over a loss of control over medical information may impair patient disclosure of medically relevant information and lead to patient rejection of telemedicine. These concerns can be addressed through a combination of legal, technical and administrative security measures and patient education, but this will require much greater awareness and vigilance by telemedicine practitioners.

Concerns Related to Electronic Record Keeping

Apart from privacy concerns which are unique to telemedicine, telemedicine's reliance on electronic data raises even greater concerns. Although medical records are rapidly moving to electronic format because of advances in information technology, cost-pressure and health industry consolidation, telemedicine will accelerate that trend. The trend is highly controversial, and the privacy issues related to electronic data are intertwined with telemedicine privacy concerns. In examining telemedicine privacy concerns, a balance must be struck between the hysteria and fear-mongering frequently voiced over electronic medical record databases and the nonchalance, even technological arrogance, of certain advocates of computerized record keeping and telemedicine. There are valid concerns regarding the security of patient privacy in an electronic environment, and if these concerns are not addressed effectively, telemedicine will fail.

Increased Potential for Harm

The greatest concern with electronic data bases is the potential for damage they create from a security breach. With centralized databases, a large volume of records could be altered, lost, or stolen in one unauthorized access to the system. Access to networked systems increases both the number of users and the number of patient records. Arguably, the risk of invasion of privacy increases exponentially with an increasing number of participants. Even in a system laden with safeguards, accidental disclosures can occur, curious persons (either with or without authorized access) can browse patient records, the sale of patient information can occur, and persons can engage in the malicious destruction or modification of records.

Unauthorized Access and Disclosure

Electronic misappropriation of health information is a real threat because an unregulated market exists for the sale of personal information from public and private sources. In many states, companies that sell personal data need not obtain permission from individuals in advance. This can create financial incentives for both members of a medical organization and outsiders to increase their income by disclosing personal information.

In addition to the unregulated computerization and potential brokering of health care information, demands for such information stem from a variety of sources, such as peer review committees, third-party payers, employers, insurers and others who use the information for non-health purposes. This can dilute the physician's control over the confidentiality of the patient record.

Records Tampering and Destruction

Any individual who has access to a specific application on an information system could conceivably obtain unauthorized access to other applications. Outsiders or insiders could get access to patient data or laboratory results and delete, modify or copy them.

Liability for Telemedicine Participants

At present, it remains the responsibility of the health care provider to maintain and enforce a network security system. The failure of telemedicine participants to design, implement and enforce comprehensive security policies could cause providers to be held liable for the unauthorized disclosure or modification of sensitive telemedicine-related information.

Patients may file tort claims for emotional distress caused by the disclosure of medical records, or for economic loss suffered by the patient (e.g. lost wages, future earnings, inability to procure insurance). There may be liability for failing to comply with state patient record keeping requirements. There are both paper record requirements and confidentiality requirements that need to be complied with. There could be claims for defamation, libel or slander.

Protection Under California Law for Intrastate Telemedicine

In analyzing the threat to the privacy of patient records posed under the current legal framework, it is critical to understand the great disparity between the protection that will be afforded in-state (California) versus interstate telemedicine practice. Privacy protection for medical information is largely a matter of state law with certain federal laws covering specific information.

Conflicts of law, rules of the respective state of residence, the personal initiative of the plaintiffs and other influences may lead to different determinations of which state has jurisdiction, depending on the factual setting. In most cases, telemedicine sessions between parties residing in California will be subject to the laws of California.

California, fortunately, is at the forefront of protecting medical information, and little additional legal protection is necessary for the practice of telemedicine within California. California's Confidentiality of Medical Information Act ("Confidentiality Act"), implements a comprehensive administrative scheme to protect patient information from improper access. It requires, with certain enumerated exceptions, both health care providers and providers of administrative services to obtain a patient's authorization before disclosing his or her medical information to another party. The recipient of medical information, pursuant to a valid patient authorization is expressly forbidden to make any further disclosures of the information without obtaining another valid authorization from the patient. California's electronic record keeping law requires the use of certain technical safeguards to protect against unauthorized access to electronic records. The provision, which applies only to certain facilities and not to physicians, states that providers "choosing to utilize an electronic record keeping system, shall develop and implement policies and procedures to include safeguards for confidentiality and unauthorized access to electronically stored patient health records, authentication by electronic signature keys, and systems maintenance."

California has sought to address the problem of brokering health care information through strict laws regulating the extent of disclosure to such third parties. When practitioners reveal patient files to licensing and accrediting organizations, "no patient identifying medical information may be removed from the premises except as expressly permitted or required elsewhere by law." When providers disclose patient records to "public agencies, clinical investigators, health care research organizations, and accredited public or private nonprofit educational or health care institutions for bona fide research purposes, no information so disclosed shall be further disclosed by the recipient in any way which would permit identification of the patient." Moreover, the Confidentiality Act provides:

A provider of health care that discloses medical information pursuant to an authorization required by this chapter shall communicate to the person or entity to which it discloses the medical information any limitations in the authorization regarding the use of the medical information. This section requires, in the context of interstate telemedicine, that physicians must advise out-of-state practitioners of California's laws regarding the confidentiality of patient records. Finally, in addition to any other remedies available at law, the Confidentiality Act permits a patient to recover up to $3,000 in compensatory damages, $1,000 in attorneys' fees and the costs of litigation for a violation of the Act.

Inadequate Protection Under Other States' Laws

When California telemedicine practitioners collaborate with out-of-state practitioners, the privacy laws of another state may apply, and that other state's laws may offer minimal privacy protection. Only a handful of states, California being one of them, have adopted any laws or regulations to protect individuals against the unauthorized disclosure of their medical records by health care professionals or third parties. The unauthorized disclosure of medical records may be ethically reprehensible, but it is legal in most states.

Inadequate Privacy Protection Under Federal Law

Nor is federal law of much help in addressing disparities in state law for the protection of medical information. Federal law does not adequately protect patients' medical records, paper or electronic. The U.S. Constitution only protects individuals against unreasonable privacy intrusions by governmental officials and institutions. Legal safeguards against private action, such as the unauthorized disclosure of an individual's medical records by a private physician, nurse or third party, fall outside the Constitution and can be regulated by either Congress or the states. In practice, Congress seldom has exercised its authority to enact privacy laws and, in the interest of federalism, has deferred to the states on most matters.

Unlike many European countries, the United States has no omnibus data protection laws. Current federal privacy statutes rarely apply to non-governmental action. The relatively few federal privacy safeguards Congress has enacted apply only to information already in the government's possession, or in certain substance abuse cases. The Federal Privacy Act, for example, provides that federal departments and agencies that obtain confidential information from private individuals may use it only for the purpose for which it was collected. It does not cover private health care entities. These laws may restrict the federal government's ability to disclose medical information already in its possession without the individual's consent, but because most individuals have no reason to submit their personal medical records to federal officials, such statutes rarely apply.

The current combination of federal and state-by-state oversight has become outdated with respect to the National Information Infrastructure and the nationwide development of computerized and technologically oriented health care systems. Health care information can almost instantaneously flow across state borders, resulting in confusion and queries regarding cross-state regulation of patient confidentiality and privacy. The current lack of uniform privacy and confidentiality legislation negatively impacts the health care industry because providers and payers are transmitting health information without guidance on what protections are required, which state's laws govern or which state's courts have jurisdiction.

Solutions and Protective Measures

Addressing the privacy issues associated with telemedicine requires both legal and technical solutions. The implementation of reasonable technical solutions directed at user verification and access, authentication, security and data integrity will help determine the degree of liability risk telemedicine practitioners will face for breaches of patient confidentiality.

Until national or state legislation is passed that addresses the vagueness that exists in current federal and state laws, those involved in the delivery of health care must take what steps they can to ensure that personal records remain confidential and secure. The internal and external review of existing and/or proposed record keeping methodologies, from both a legal and a technical perspective, is advisable. By showing that privacy controls and safeguards are being researched and implemented, one may lessen the opportunity for allegations of negligence or reckless disregard for privacy concerns.

Administrative and Procedural Protective Measures

There are common sense administrative and procedural precautions that can be used to protect electronic records:

Patient Education Materials

Before the implementation of telemedicine programs, providers should develop and distribute educational materials for distribution to patients, providers and other interested parties.

Staff Training

Persons receiving access to patient information used in telemedicine should be reminded frequently of the sensitivity and importance of the information they handle and the patients' and providers' interest in protecting this information. Guidebooks and newsletters should be distributed periodically; posters and notices should be displayed to remind personnel of the necessity to keep patient information confidential. Information should not be disclosed to any third party, including individuals within a given health care network or facility, without a specific need to know.

Identification of Sensitive Data

Detailed and comprehensive guidelines should be developed and implemented to assist the personnel participating in the practice of telemedicine in identifying materials that are particularly sensitive to patients. These guidelines could also define the different levels of protection available depending on the nature of the information, as well as the methods of communicating and storing sensitive materials.

Physical Controls

Implementing procedures for access to the health care facilities, computer and telecommunications equipment, and the patients' records is also very important to maintain the protection of sensitive information. Access to certain areas, such as those where the telemedicine sessions are being held, should be restricted to specific personnel. Computer displays and television monitors should be installed so that the screens are not readily visible to passers-by. Passwords should be used extensively and changed frequently. Different levels of access should be granted to physicians and staff, depending on the nature of the data to which they need access, to prevent them from browsing into parts of a patient record for which they have no legitimate need.

Contractual Protection

When implementing security measures, those involved in organizing a telemedicine network should also consider the systematic use of confidentiality agreements that clearly define the duty to keep patient information strictly confidential and not make it available to other parties. These agreements should be signed by all personnel, from the physicians to the nurses, computer technicians, and telecommunication specialists. Subcontractor consultants, sales representatives, or vendors who receive access to confidential information or to premises or equipment (directly or via modem) where confidential patient information is used or stored should also be requested to execute confidentiality agreements.

Destruction

Guidelines for the destruction of computerized medical records created for or used in the practice of telemedicine must also be developed to ensure the protection of patient privacy. Those who are entrusted with the destruction of these data should be required to use the appropriate methods. Erasing files by giving a "delete" or "erase" instruction to a computer is not adequate. Rather, more complex destruction methods must be used.

Periodic Monitoring

Once a security policy has been implemented, it is important to monitor compliance constantly and to schedule periodic reassessments of the policy to take account of internal changes as well as the evolution of the techniques employed by hackers.

Technical Protective Measures

To the extent telemedicine requires that patient records be computerized, special technical protections should be instituted to thwart unauthorized access by computer hackers. Even though no security system will be completely immune from discontented insiders or determined hackers, technical safeguards, in addition to the administrative and procedural methodologies discussed above, should be established. The Computer-Based Patient Record Institute, Inc. recently released a set of information security guidelines that highlight issues to be addressed by all health care organizations in developing their policies. California's electronic records statute requires certain providers, including acute care hospitals, to "ensure the safety and integrity of all electronic media used to store patient records by employing an off-site backup storage system, an image mechanism that is able to copy signature documents, and a mechanism to ensure that once a record is input, it is unalterable."

Some specific technical measures include:

a. Isolated Network (Firewall). A firewall is any one of several ways of protecting one network from another nontrusted network. The firewall can be thought of as a pair of mechanisms, one which exists to block traffic and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic while others emphasize permitting traffic.

b. Encryption and Decryption.

Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data. Encryption scrambles a message so that its meaning is not easily read. Decryption changes an encrypted message back into its readable format. Only authorized individuals have the decrypting key.

However, the methodology for encryption and decryption is complex and to date cannot realistically be used when there is a heavy traffic of information among unrelated parties. Encryption of healthrelated information may be more appropriate and efficient when used by a limited group of physicians belonging to a specific closed network.

Authentication

Message authentication is also possible. An "authentic" message is one that is not a repeat of a previous message, has arrived exactly as it was sent, and comes from the stated source. Encryption algorithms can be used to authenticate messages. Sender authentication generally refers to the use of digital signatures, which function like handwritten signatures for printed documents; the signature is an unforgeable piece of data assuring that a named person wrote or otherwise agreed to the document to which the signature is attached. A secure digital signature system thus consists of two parts; a method of signing a document such that forgery is not feasible, and a method of verifying that a signature was actually generated by whomever it represents. California's electronic records law, though limited to certain facilities, requires the use of authentication by electronic signature keys an image mechanism that is able to copy signature documents.

User Verification and Access

It may be necessary to mandate the use of passwords or implement more advanced access protection (i.e., voice, eye or fingerprint recognition).

AntiTampering Measures

California's electronic records provision provides a limited protection for record tampering. Although the provision only applies to certain facilities (not physicians) that rely exclusively on electronic records, for such providers, the provision requires the use of "a mechanism to ensure that once a record is input, it is unalterable." Cal. Health & Saf. Code 123149(b).

Legal Standards for Telemedicine Practitioners

Legal precedent will determine the standard that telemedicine practitioners must meet to avoid liability for harms related to unauthorized access and other matters related to telemedicine records. Although the lack of legal precedent may create a greater risk in telemedicine than in traditional treatment settings, several principles will guide the development of telemedicine standards. Privacy protection has never been absolute, but has always been a function of reasonableness. The Fourth Amendment to the U.S. Constitution, for example, precludes only unreasonable searches and seizures. Therefore, it is likely that the standard of care by which telemedicine practitioners will be judged is whether telemedicine affords reasonable and customary protection for the privacy and confidentiality of patient information.

In determining the standard for reasonableness in telemedicine, the critical question is -- how safe is telemedicine compared to other treatment means? California's electronic records statute sets hard copy records as the minimum standard by which electronic record keeping system are judged. California law provides: "Any use of electronic record keeping to store patient records shall ensure the safety and integrity of those records at least to the extent of hard copy records." Cal. Health & Saf. Code 123149(b).

This statute applies only to certain health care providers which "utilize electronic record keeping systems only," Cal. Health & Saf. Code 123149(a). However, it suggests that hard copy record keeping systems may serve as reference point for developing a standard of reasonableness for the safekeeping of electronic records. Under this standard, the issue is not whether electronic patient information systems can provide airtight security, but whether such systems can provide privacy protection equal to or better than paper record systems. Electronic record keeping systems can, compared with a hard copy system, with properly implemented controls be made more secure than paper records. Newer technologies are actually more secure because they are digital, multiplex and more difficult to manipulate. For example, with the proper precautions, the Internet is safer than an ordinary phone line. As a result, patient and medical information could be more secure than under the paper management of these records. On the other hand, the greater harm that can be caused by a breach of security in electronic records is likely to demand a higher level of security. In determining whether a provider has acted reasonably, therefore, courts are likely to look at available security measures, administrative, procedural and technical, that could reasonably be deployed in telemedicine settings.

Lack of Federal Protection

Various solutions beyond the individual practitioner's efforts are available to protect the patient record in interstate telemedicine. The most obvious solution is federal legislation to establish uniform national standards that would establish uniform minimum standards of protection for medical records and telemedicine. Various bills have been presented to Congress, i.e., the Fair Information Practices Act of 1994 and the Medical Records Confidentiality Act of 1995 (S. 1360).

The Medical Records Confidentiality Act has met with strong criticism from the American Civil Liberties Union and other privacy advocates because it would allow access to computerized medical records by a host of third parties. The Massachusetts ACLU charged that the bill would bring about the creation of "Health Information Services," corporate entities which would receive, process and serve as libraries for actual on-line medical records forwarded from hospitals, clinics and individual doctors. The bill would permit the release of medical records from "Health Information Services" (the on-line data base holders) and "Health Information Trustees" (providers, hospitals, health plans, employers, insurers, and health oversight agencies) to the following among others: (1) researchers, (2) the opposing party to lawsuit, (3) law-enforcement authorities, (4) public health agencies, (5) release based on judicial warrant, (6) release based on judicial subpoena, grand jury subpoena, or administrative agency subpoena (7) search for unknown persons.

Inconsistent State Laws

In the absence of federal legislation, a uniform medical information protection statute could be drafted for adoption by each state. Such a statute, comparable to other uniform codes, would provide a minimal level of privacy protection for interstate telemedicine, yet allow states to supplement it with additional protections. The development of a Uniform State Medical Information Code would be relatively easy. The difficult aspect would be getting each state to adopt an acceptable version of the code.

Additional Protections Under California Law

As noted above, the Confidentiality Act provides aggrieved patients with a private right of action for improper disclosures of their medical records. However, the Act could be amended to contain stronger penalties for the unauthorized access and disclosure of patient records. Stronger penalties may be warranted specifically in regard to patient telemedicine records because of the possibility that such records may contain audio and video images of the patient.

In addition, the Telemedicine Development Act of 1996 (SB 1665) will modify the already strong confidentiality protections in California law to protect any patient information stored electronically as part of a telemedicine consultation or diagnosis. The bill will add Health & Saf. Code 123149.5, which would provide:

a) It is the intent of the Legislature that all medical information transmitted during the delivery of health care via telemedicine become part of the patient's medical record maintained by the licensed health provider.

D. MEDICAL LIABILITY

Because there is no precedent involving malpractice claims in the context of telemedicine, the extent of a telemedicine practitioner's exposure to malpractice liability remains unclear. However, there are compelling reasons to conclude that it would not be significantly greater than in the context of conventional medicine. Although the conclusion is necessarily speculative, experts in the field of malpractice law, on both the plaintiff and defense sides, polled by the Planning Committee feel that any future telemedicine malpractice claims can be accommodated by the legal standards and precedent governing malpractice liability in conventional medicine.

Although numerous peer-reviewed articles from throughout the world and dealing with many medical specialties have demonstrated that telemedicine can be an effective way to practice medicine without any apparent detriment to patients' well-being, various barriers have kept telemedicine from widespread use. As a result there have not yet been any malpractice claims brought against any telemedicine practitioners. That certainly would appear to be good news. However, the truth of the matter is that this may be bad news since the issue has not been tested or resolved; until it is, many potential physician, hospital, and clinic participants may be reluctant to enter the field if they believe that the potential risks of a telemedicine practice outweigh any perceived and potential benefits.

Certainly one would imagine that in the normal course of events, just as with conventional medical practice, malpractice in telemedicine consultations will occur and be alleged in litigation, but to date that has not been the case. The reasons for this absence of malpractice litigation in telemedicine are not clear, although one could argue that the lack of consistent reimbursement for these services has generated an insufficient revenue flow to attract those who might otherwise be drawn to the lucrative world of malpractice claims.

Policies of California Medical Malpractice Insurance Carriers

Early in the work of the Planning Committee, the following California-based malpractice carriers were contacted: Southern California Physician's Insurance Exchange (SCPIE), Cooperative of American Physicians/Mutual Protection Trust (CAP/MPT), The Doctor's Company, Medical Insurance Exchange of California (MIEC), and Norcal. The results of that canvas showed a lack of focus or even interest on the part of the state's malpractice carriers regarding telemedicine policies. None of these carriers had a definite telemedicine policy in place, and few had even considered one. Those that had considered telemedicine viewed it as just another way to practice medicine and assumed that it would likely be covered under their existing policies. They also felt that the existing legal standards governing medical malpractice would apply, and, provided that telemedicine was practiced according to the usual standards of sound medical care, that it should not present any increased liability for the insured physicians.

Most of these companies were waiting to see how telemedicine would develop before establishing their policies; they did not feel a need to be proactive. At the time of the initial inquiry, no company had an answer to the question of whether it would cover one of its insured should he or she be sued in another state where the insurance company was currently not doing business.

More than six months later, when the Planning Committee was well into its first year of operation, these same carriers were contacted again. By then it was clear that they had all given the issue some thought, although most still had not developed definite procedural policies regarding telemedicine. They were still taking a "wait and see" approach, preferring to deal with the question when and if one of their insured was sued.

In general, representatives of the insurance companies indicated that telemedicine would be covered as a normal extension of a physician's practice, provided it was done within the boundaries of the state. One company had decided to cover telemedicine claims within all the several western states where it wrote policies. Another company implemented a policy requiring that a physician apply to the insurer for a waiver in each separate state in which he or she intended to do telemedicine business, and, unless that application was approved, he or she would not be covered for any alleged telemedicine negligence.

Clearly we have reached a point in time telemedicine where advances in technology have strained conventional ideas of sound business practice. There are a number of legal issues to be settled before malpractice insurance carriers will freely commit to the coverage of broad telemedicine practices and physicians will be free of the risks of practicing without adequate insurance coverage. The following are some of these issues and some of the suggested answers to them.

Degree of Liability

Do physicians face greater liability exposure in the practice of telemedicine than they do in the conventional practice of medicine?

This issue can be argued both ways. The use of new technologies in telemedicine may increase liability exposure because it introduces the possibility of errors in the use of information transfer equipment and makes the practice susceptible to errors arising from equipment deficiencies or failures. Even in the absence of technical problems, a plaintiff might argue that a misdiagnosis resulted because the physician could not touch the patient. Moreover, the use of sophisticated technologies in telemedicine could raise the level of patients' expectations, making them more likely to perceive errors and to bring suit, particularly where the patient has not formed a close, personal relationship with his or her telemedicine practitioner.

On the other hand, although telemedicine may lead to the establishment of a more impersonal physicianpatient relationship, it can also allow more frequent consultations between the physician and the patient, thus better facilitating close monitoring and ongoing treatment. And, by allowing close observation of telemedicine encounters by other practitioners, and participation by a greater number of practitioners, telemedicine can allow more comprehensive examinations, a higher quality of treatment, and, ultimately, better results.

Audio and video recording of telemedicine consultations will also document whether or not the practitioners have followed sound practice. If the permanent records clearly show that malpractice has been committed in a particular case, then the records can prompt settlement at an early stage, thus driving down the high cost of malpractice defense. On the other hand, if the records exonerate the physician, then perhaps fewer frivolous claims will be brought, and those that are brought will be promptly eliminated.

Legal Standards

Do new legal standards need to be set for the practice of telemedicine?

Malpractice in telemedicine presents the same basic question as in all medical malpractice cases: Did the physician breach his or her duty of care toward the patient? The answer to this question requires a two part analysis:
1. Did a physicianpatient relationship exist?
2. Did the physician fail to meet the standard of skill and knowledge legally expected of a practitioner engaged in treating a patient in that particular jurisdiction?

Medical malpractice cases generally recognize that a physician's duty to a patient is predicated on the existence of a physicianpatient relationship. Courts have generally found that a physicianpatient relationship is created if a physician accepts or undertakes care of the patient, regardless of whether or not the patient care occurs through a face-to-face communication. While it is not necessary to establish a physicianpatient relationship, the physician's acceptance of reimbursement for services clearly establishes such a relationship. On the other hand, a physician who has not interacted directly with the patient, but rather has given advice to the patient's treating physician, may not have created a physicianpatient relationship with the patient on the rationale that the treating physician can choose to follow or disregard the consulting physician's advice.

That conventional analysis appears to apply equally well to telemedicine. For example, where a physician has directly treated and interacted with a patient via telemedicine, or accepted reimbursement for such services, a physicianpatient relationship is likely created. On the other hand, where a physician has merely communicated with another physician via telemedicine, and the treating physician can choose to follow or disregard the advice, the consulted physician likely does not create a physicianpatient relationship simply by giving advice. Such reasoning remains consistent regardless of whether the context is telemedicine or traditional medicine.

Traditionally, states have imposed standards of care based on community standards, thus requiring that a physician exercise the same degree of care ordinarily exercised by other physicians in the same or similar community, under the same or similar circumstances. However, as argued by the Court of Appeals of the District of Columbia, in view of the widespread development of national communication networks both within and without the medical profession, the nationalization of modern medical education and postgraduate training, the free flow of scientific information, and the nationally uniform educational and residency requirements, a national standard seems more appropriate.

Such reasoning provides persuasive argument for national standards in telemedicine. The development of telemedicine represents a movement away from the traditional, localized practice of medicine to a more modern and national practice using advanced technologies to treat patients in other cities and states; state and local boundaries and standards arguably become irrelevant. Moreover, with physicians practicing telemedically in unfamiliar localities and in conjunction with doctors from different localities, the development of national standards to govern telemedicine becomes necessary to avoid confusion about the applicable standard.

It behooves the telemedicine practitioner to maintain good communication with patients to promote as sound a bond of trust as can be created under electronic conditions. Part of that communication should include obtaining an informed consent prior to embarking on a telemedicine consultation. It is routine to obtain a written consent prior to performing a medical procedure but not usually prior to a consultation. In the case of telemedicine however, it is prudent to advise the patient of the process and their rights. A model consent form has been developed as a result of The Project and appears at the end of this section.

In addition to guidelines about applicable standards of care, new guidelines regarding standard clinical protocols and professional norms will have to be established. Also, technical standards for data transmission and image quality for various applications will need to be set. The American Telemedicine Association is currently looking into these issues and, over the coming years, hopes to establish such guidelines in coordination with the various medical specialty societies. The American College of Radiology has already set standards for teleradiological technology, and others, no doubt, will soon follow.

Jurisdiction

In which state could a telemedicine patient bring his or her malpractice claim against the telemedicine physician?

This issue does not often come into play in standard medical consultations despite the fact that physicians frequently contact out-of-state physicians for telephone consultations. Those communications are usually informal, collegial chats about difficult and interesting case management. Generally, given the informal nature of those consultations, and given the fact that the consultant is typically not in direct contact with the patient and does not usually submit a bill for services, such consultations rarely lead to malpractice claims.

However, because telemedicine can involve the direct treatment of a patient in one state by a physician in another state, the physician could appropriately be subject to a malpractice action in the state in which the patient is located. There are in fact a number of states in which the physician could be subject to personal jurisdiction:

1. The state in which the physician is located. It is wellsettled that an individual's presence within a state subjects him or her to the jurisdiction of the courts in that state.

2. The state in which the patient is located. The physician could be subject to jurisdiction in that state under the theory that, by transacting business in the state, the physician has established sufficient "minimum contacts" with the state to justify the state's assertion of jurisdiction over him.

3. The minimum contacts theory could also support bringing the physician to trial in any state in which he may have established sufficient business links via telemedicine. The physician could thus be subject to a malpractice action in a state in which neither the physician nor the patient are physically located.

Although the physician might be subject to the jurisdiction of numerous states under those theories, the various states are not all equally likely to entertain the suit. Under the "inconvenient forum" doctrine, a court in one state may refuse to exercise jurisdiction over a case if it would "more conveniently, efficiently, and fairly [be] tried in the locality in which it arose, and it would be oppressive or inconvenient, or an unwarranted extra burden on the courts of the forum, to try it there." Courts generally look for a compelling reason to justify entertaining a cause of action that arose in another state; however, they also give deference to a plaintiff's choice of forum. Considerations of convenience and familiarity with the local court system might encourage a plaintiff to file suit in his or her own state, but the differences in statutory limits on damages among the different states provide powerful incentives for the plaintiff to "shop" for the state where the awards are likely to be the highest.

Technology Concerns

What are the liability issues related specifically to the technology of telemedicine?

In this instance we have only questions without any specific answers. Cases related to other technological breakthroughs in medicine suggest that, in the event of equipment failure, physicians and hospitals face less risk of liability than do the equipment manufacturers. Again, without any telemedicine malpractice cases to provide precedents, the answers are only speculative, and numerous questions remain.

1. Is there more potential error in telemedical observation and reporting of signs and symptoms than in the face-to-face practice of medicine?

2. Is the patient's safety or right to privacy compromised?

3. Is quality of care compromised by the technological limitations of image resolution and data compression?

4. Who is at fault when there is equipment failure or when the equipment does not provide adequate information?

5. Does telemedicine fail to serve patients according to prevailing professional norms and practices? If so, what is the source of the failure, and is the provider liable for it?

6. If a physician or a hospital does not use new technologies made available through telemedicine, will that physician or hospital be found negligent?

Recommendations

Recommendation 1

Congress should enact and the President should sign, national legislation to set a uniform cap on damage awards, to prevent "forum shopping" for the biggest awards, using California's Medical Injury Compensation Reform Act (MICRA) as a model. MICRA, enacted in 1975 in response to a health care crisis related to malpractice insurance rates, places a cap on noneconomic damages of $250,000; 100% of all economic damages, such as wages, medical care and related expenses, are covered. It also places a limit on attorney contingency fees, allows for periodic payments of awards over $50,000 to insure that injured patients have resources for life or the extent of the injury, and allows for disclosure of any payment for economic losses that the plaintiff already received from other sources. By limiting potential awards, MICRA has stabilized malpractice insurance premiums.

Recommendation 2

The California Legislature should enact laws to provide telemedicine consent forms for the patient to sign that include a waiver so that the venue issue is settled by the parties before treatment is begun.

Recommendation 3

Telemedicine practitioners should be certain that the physicians for whom they are providing telemedical services are licensed and in good standing with their respective medical boards and that they have professional liability insurance.

Recommendation 4

Consulting physicians should request a face-to-face consultation if they do not feel that they are being presented with adequate visual and sound quality, or if the patient's condition does not lend itself to a telemedicine consultation.

Recommendation 5

The practitioner should obtain appropriate informed consent. As with any procedure, the patient must be made aware of the potential risks and consequences as well as the likely benefits of the telemedicine consultation, and must be given the option of not participating in the telemedicine consultation.

[This Authorization and Consent Form was prepared by Latham & Watkins to be used as only a model and should not be used by telemedicine practitioners and entities without review and, if necessary, modification and revision by legal counsel for the practitioner or entity.]

AUTHORIZATION AND CONSENT TO PARTICIPATE IN TELEMEDICINE CONSULTATION

[name of patient]

1. Purpose. The purpose of this form is to obtain your consent to participate in a telemedicine consultation in connection with the following procedure(s):

a. Your attending physician, Dr. , has determined that the use of a telemedicine consultation may provide you with access to services and expertise not otherwise available.

2. Nature of Telemedicine Consultation. During the Telemedicine consultation:
a. Details of your medical history, examinations, X-rays, and tests will be discussed with other health professionals at one or more other locations through the use of interactive video, audio and telecommunications technology.
b. Physical examination of you may take place.
c. Nonmedical technical personnel may be present in the telemedicine studio to aid in video transmission.
d. Other medical or nonmedical personnel may be off-screen at the consultant's telemedicine studio and other locations as observers or technical assistants.
e. Video and audio recordings will be taken of the procedure(s).

3. Associated Risks. Reasonable and appropriate efforts have been made to reduce the risks associated with telemedicine consultation, and all existing confidentiality protection under federal and California law apply to information disclosed during this telemedicine consultation. Despite these measures and protection, there is a possibility that: the transmission of medical information could be disrupted or distorted by technical failures in transmission; the transmission of medical information be intercepted by unauthorized persons; the electronic storage of medical information generated by this telemedicine consultation in one or more databases which could be accessed by unauthorized persons.

4. [Optional] Further Use for Teaching and Research. Video recordings of the telemedicine consultation for research, training and administrative purposes may be made by
to hospital staff, physicians and health care professionals.

5. Rights. It is understood that a patient participating in a telemedicine consultation may:
a. Request that the participating physicians omit specific details of the history of examination that are personally sensitive.
b. Limit any physical examination proposed during the telemedicine consultation.
c. Request that nonmedical personnel leave the telemedicine consultation studio at any time.
d. Request that all personnel leave the telemedicine consultation studio to allow a private consultation with off-site physicians.
e. Withhold or withdraw consent to the procedure at any time without affecting my right to future care or treatment.
f. Access all medical information transmitted during this telemedicine consultation, and obtain copies of this information for a reasonable fee.

I have reviewed this consent and have had any questions I have regarding the telemedicine consultation answered.

I consent to the use of the telemedicine consultation for the procedure(s) described above and release

from any and all liability arising out of my participation, subject to the following limitations pursuant to Section 5 above:

[Optional: I further waive receipt of any compensation for participating in the telemedicine consultation and any use of a video for research, training and administrative purposes.]

Signature:

[patient/parent/conservator/guardian]

Date: Time: a.m./p.m.

If signed by other than patient, indicate relationship:

Witness:

E. ACCESS TO CARE

The KnoxKeene Health Care Service Plan Act of 1975 (the "KnoxKeene Act"), the MediCal Managed Care program (the "MediCal Program") and the Workers' Compensation Health Care Provider Organization Act of 1993 (the "Workers' Compensation Act") regulate the provision of prepaid health care services in the State of California. Regulations promulgated under all three Acts set forth detailed requirements that must be met by health plans and health care organizations that wish to arrange for or provide prepaid health care services. In order to ensure accessibility to health care services for California patients, regulations promulgated under the KnoxKeene Act, MediCal Program and Workers' Compensation Act require participating health plans or health care organizations to comply with certain geographic accessibility standards. In particular, health plans must define their geographic service area, and must ensure that all plan enrollees have access to contracted health care providers within maximum geographic distances.

Concerns Raised by Telemedicine

The KnoxKeene Act, Workers' Compensation Act and MediCal Program do not prohibit the use of telemedicine where medically appropriate. In fact, telemedicine could enhance the ability of KnoxKeene plans to meet the accessibility requirements because it allows providers to surmount the geographic barriers that may prevent, or delay, access to care in traditional patient-to-physician, or physician-to-physician encounters.

If the accessibility guidelines discussed below are interpreted to require in-person contact, however, in the absence of any clarification from the regulatory agencies regarding the applicability to telemedicine, these guidelines could deter participating health plans and other health care organizations from utilizing telemedicine. In addition, telemedicine significantly diminishes the usefulness of geography as a barometer to measure access to medical services.

California Regulatory Requirements

KnoxKeene Act

The Department of Corporation's (DOC) KnoxKeene regulations require applicants for a KnoxKeene health plan license to define the geographic region designated as the plan's service area. The applicant must then demonstrate that, throughout the geographic service area, a comprehensive range of primary, specialty, institutional and ancillary services are readily available at reasonable times to all plan enrollees and, to the extent feasible, that all services are readily accessible to all enrollees. Guidelines for meeting the accessibility requirements include the following:

(a) all enrollees live or work within 30 minutes or 15 miles of a contracting or planoperated primary care provider, in such numbers and distribution as to accord to all enrollees a ratio of at least one primary care provider (on a fulltime equivalent basis) to each 2000 enrollees; and

(b) in the case of a fullservice health plan, all enrollees live or work within 30 minutes or 15 miles of a contracting or a planoperated hospital which has a capacity to serve the entire enrollee population based on normal utilization, and, if separate from such hospital, a contracting or planoperated provider of all emergency health care services. The regulations state that the guidelines are not intended to express minimum standards of accessibility for health plans, nor create any inference that a plan which does not meet the guidelines does not meet the requirements of reasonable accessibility. An applicant must, however, demonstrate compliance with the accessibility requirements, either by demonstrating compliance with the guidelines specified in (a) and (b) above, or by presenting other information demonstrating compliance with reasonable accessibility.

The DOC has responded to inquiries regarding their position on accessibility standards by citing the KnoxKeene Health Care Service Plan Act of 1975 and indicating that, in their view, the regulatory framework currently in place offers the Department sufficient flexibility in determining whether or not a comprehensive health care delivery system, which includes telemedicine, would comply with the Service Area requirements.

Workers' Compensation Act

The State of California has authorized a KnoxKeene health plan, a disability carrier or any other entity to apply for authorization to provide prepaid workers' compensation health care services as a Health Care Organization (HCO).

The Workers' Compensation Act requires health plans and other health care organizations that wish to provide health care to employees and their dependents for injuries and diseases compensable under the workers' compensation program to secure from the DOC and the Division of Workers' Compensation (DWC) within the Department of Industrial Relations an authorization and certification, respectively, as an HCO. Each HCO must define the geographical regions designated as its service area. Each HCO must ensure that throughout its service area, all health care is readily available at reasonable times to employees eligible to receive workers compensation health care benefits under agreements between the HCO and the employers of any such employees, and, to the extent feasible, that health care is readily accessible to such employees.

a. Department of Corporations Authorization Requirements:

Like the KnoxKeene regulations, DOC regulations for HCOs require applicants for authorization as HCOs to demonstrate compliance with the accessibility requirements. Guidelines for meeting the accessibility requirements include the following:
(i) all eligible employees live or work within 30 minutes or 15 miles of a contracting primary treating physician, in such numbers and distribution as to record to all such employees a ratio of at least one fulltime equivalent primary treating physician per each 1,200 expected injuries (or the ratios required for certification by the division of Workers Compensation of the Department of Industrial Relations, below);
(ii) all eligible employees live or work within 30 minutes or 15 miles of a contracting hospital which has a capacity to serve the entire eligible employee population based on normal utilization and, if separate from such hospital, a contracting or organization operating provider of all emergency health care services; and
(iii) there is a complete network of contracting or organization employed primary care physicians and specialists, each of whom has admitting staff privileges with at least one contracting or organization operated hospital equipped to provide the full range of workers' compensation health care benefits.

The regulations state that the guidelines are not intended to express minimum standards of accessibility for applicants, nor create any inference that a HCO which does not meet the guidelines does not meet the requirements of reasonable accessibility. An applicant must, however, demonstrate compliance with the accessibility requirements, either by demonstrating compliance with the guidelines specified in (i), (ii) and (iii) above, or, in the alternative, by presenting other information demonstrating compliance with reasonable accessibility (such as the certification standards for HCOs promulgated by the DWC, discussed below).

b. Division of Workers' Compensation Certification Requirements:

Regulations promulgated by the DWC also set forth detailed certification standards for HCOs. For example, a HCO applicant must describe the times, places and manner of providing health care services, and describe its geographical service area.

The HCO applicant must also meet the following accessibility requirements:
(i) at least one fulltime equivalent primary care treating physician is available within the geographical proximity specified in (b) for every 1,200 expected injuries or illnesses;
(ii) enrolled employees must live or work: (1) within 30 minutes or 15 miles of a primary treating physician and a contracted or HCOoperated hospital (or, if separate from such hospital, a contracting or HCOoperated provider of all emergency health care services); and (2) within 60 minutes or 30 miles of all other occupational health services;
(iii) the HCO must describe how access to any of the basic health services will be provided to enrolled employees who reside outside the HCOs geographical service area, such that the accessibility requirements are met; and
(iv) initial treatment for nonemergency services is made available within 24 hours after the HCO receives a request for treatment. The HCO may be exempted from certain of the accessibility requirements if it can show that an area lacks a certain type of provider, and that the minimum number is not available.

MediCal Managed Care Program

The MediCal Program provides services to MediCal beneficiaries through prepaid health plans which contract with the California Department of Health Services (DHS). Each plan must obtain DHS approval prior to making any substantial change in the availability or location of services to be provided under the contract. In addition, each plan must have available within its service area sufficient facilities, service sites and service locations to meet its contractual obligations. Each MediCal health plan is required to retain sufficient professional medical staff to provide access to preventative and managed health care services to its members. Specifically, each MediCal plan must provide at least one fulltime equivalent primary care physician for every 2000 patients, and at least one fulltime equivalent physician for every 1,200 plan members (or have in place an alternative mechanism for ensuring access, approved by DHS). In addition, each MediCal beneficiary assigned to a MediCal plan must be assigned to a primary care provider located within 10 miles from his or her place of residence. The plan member may request disenrollment if all primary health care services through the assigned MediCal plan exceed this maximum travel distance.

Recommendations

Recommendation 1

The Department of Corporations, the Department of Workers' Compensation and the Department of Health Services should encourage participating prepaid health care plans and health care organizations, through targeted financial incentives, to use telemedicine. Proper incentives will improve accessibility to specialist physician services in medically underserved areas of the state.

Recommendation 2

The Department of Corporations, the Department of Workers' Compensation and the Department of Health Services should each issue, after a proper review of telemedicine programs and technologies, regulations outlining the acceptable use of telemedicine by health care service plans.

Recommendation 3

The California Public Utilities Commission should implement Section 254(h) of the federal Telecommunications Reform Act of 1996. The Act directs telecommunications carriers "...to provide telecommunications services which are necessary for the provision of health care services in a State...to any public or nonprofit health care provider that services persons in rural areas in that State at rates that are reasonably comparable to rates charged for similar services in urban areas in that State."

Recommendation 4

The Department of Health Services, Joint Commission on the Accreditation of Healthcare Organizations, National Committee on Quality Assurance and health care organizations should take action to alleviate the burden of obtaining credentials at each health care organization where a remote physician practices via telemedicine. These authorities must provide a final, formal and precise determination of the credentialing requirements to be applied to those physicians who are present within a health care organization only through telemedicine.

Recommendation 5

The Department of Health Services (DHS), should after proper review of telemedicine programs and technologies, issue a bulletin outlining its policies with respect to the credentialing of offsite telemedicine practitioners by California hospitals. In particular, the DHS should indicate in what circumstances, if any, a hospital must credential a remote physician.

F. CREDENTIALING

Credentialing is the authority granted by a hospital or managed care provider, such as an HMO, to a physician to provide medical care to a patient admitted to the hospital or under contract with the provider. Credentialing and the granting of practice privileges allow health care organizations to monitor and supervise the quality of medical care provided within their walls. Credentialing is governed by state laws regulating hospital licensure and the practice of medicine by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), in the case of hospitals, and the National Committee for Quality Assurance (NCQA), in the case of managed care providers.

Concerns Raised by Telemedicine

The credentialing issues raised by telemedicine are directly related to the licensing issues previously discussed. Credentialing issues, however, apply to both out-of-state and in-state physicians who do not have privileges at the site where the patient is located.

Some may argue that remote physicians who provide telemedicine services to an organization's patients should be subject to the organization's credentialing requirements. For example, physicians who are on staff at hospitals may be fearful that they will be ignored in favor of telemedicine consultants not credentialed by the hospital. Hospitals and managed care providers may want to approve telemedicine consultants in order to make sure that the consultations and consultants are appropriate. On the other hand, requiring telemedicine practitioners to be credentialed by each of the healthcare organizations where they practice could cause a substantial burden for the physicians and for the host healthcare organizations. For example, if urban practitioners who assist rural primary care physicians are required to credentialed by each organization which uses their expertise, this could be a burden for telemedicine practitioners who regularly service several hospital or managed care providers. The credentialing process generally involves some combination of interviews, background checks, site visits, presentation of information relating to licensure, education and board certification, and in some cases, utilization profiles. Thus to be credentialed in a hospital other than their home site, telemedicine practitioners may have to go through cumbersome and time consuming procedures. The credentialing health care organizations may need to deal with an unlimited number of outside physicians. Several commentators have recognized that this administrative burden could become a substantial barrier to intrastate and interstate telemedicine.

Finally, credentialing is a difficult issue to resolve in the telemedicine context because it rests on the assumption that a health care organization can easily determine who is providing services "within" its walls. In a traditional, in-person, physician-patient encounter it is clear who is practicing medicine, and where medicine is being practiced (i.e., in the hospital, clinic or medical office where the physician and patient are located). However, there are currently no defined requirements for determining where, when and how a physician practices telemedicine in a hospital.

California Credentialing Requirements

As a condition to licensure by the California Department of Health Services (DHS), hospitals must have an organized medical staff which is responsible to the governing body of the hospital for the adequacy and quality of medical care rendered in the hospital. The medical staff must adopt formal procedures for credentialing and assignment of clinical privileges.

JCAHO Informal Position

In a wellpublicized opinion provided by the JCAHO for the Medical College of Georgia (MCG), the JCAHO determined that a physician at MCG who provided a telemedicine consult for a patient at a rural hospital 130 miles away would not have to be credentialed at that rural hospital, as long as any order in the patient's chart is written by the referring physician at the rural hospital. The consulting physician is not considered the physician responsible for the care of the patient.

While this appears to present an easy solution for the credentialing issue, the informal opinion has been criticized. First, some believe that the JCAHO opinion favors radiologists over other telemedicine practitioners, since radiologists generally do not write orders. In addition, although the consulting physician merely serves as an adjunct for the local physician, this does not protect the consultant from exposure to malpractice suits. Others note that "one cannot extrapolate from an informal statement made by a JCAHO in a single and specified case, and conclude that there is no need for credentials when care is provided to a patent in a hospital via telemedicine and the primary physician remains responsible for the care of the patient" For example, it has been proposed that the following questions must be tackled and resolved: (a) is the site of practice where the patient is located or where the physician is located? (b) is the remote physician or a local physician the provider of care, or are both? (c) how should presence at a location be defined (sporadic contacts, frequent contracts, primary care, secondary care, informal consultation, actual care) and how numerous or frequent must the contacts with a health care organization be to cause the remote physicians to be subject to the rules and regulations of a state or healthcare organization other than those of their site?

Recommendations

Recommendation 1

As mandated in SB 2098 (Chapter 902) the Medical Board of California should design a proposed physician registration program and submit it to the Legislature no later than the legislative deadline for bill introduction in 1997.

Recommendation 2

The Department of Health Services (DHS), should, after proper review of telemedicine programs and technologies, issue a bulletin outlining its policies with respect to the credentialing of off-site telemedicine practitioners by California hospitals. In particular, the DHS should indicate in what circumstances, if any, a hospital must credential a remote physician.

Recommendation 3

The Medical Board of California should coordinate telemedicine licensure, credentialing and reimbursement policies with neighboring states.

Recommendation 4

The Department of Health Services, Joint Commission on the Accreditation of Healthcare Organizations, National Committee on Quality Assurance and health care organizations should take action to alleviate the burden of obtaining credentials at each health care organization where a remote physician practices via telemedicine. These authorities must provide a final, formal and precise determination of the credentialing requirements to be applied to those physicians who are present within a health care organization only through telemedicine.

Recommendation 5

The Department of Corporations, the Department of Worker's compensation and the Department of Health Services should encourage participating prepaid health care plans and health care organizations, through targeted financial incentives, to use telemedicine. Proper incentives will improve accessibility to specialist physician services in medically underserved areas of the state.

Recommendation 6

The California Public Utilities Commission should implement Section 254(h) of the federal Telecommunications Reform Act of 1996. The Act directs telecommunications carriers "...to provide telecommunications services which are necessary for the provision of health care services in a State...to any public or nonprofit health care provider that services persons in rural areas in that State at rates that are reasonably comparable to rates charged for similar services in urban areas in that State."