Addressing the Risks in the Changing Telehealth Landscape
Get used to the idea of a virtual doctor’s visit. Telehealth is here to stay.
While the COVID-19 pandemic propelled the telecommunication technology into the spotlight, don’t be surprised if your next doctor’s appointment is via your computer or smartphone, even after the virus has subsided and all lockdowns are lifted.
Telehealth encompasses a broad variety of technologies and tactics to deliver virtual medical, health, wellness, and education services. It isn’t a specific service, but a collection of means to enhance care and education delivery, according to the Center for Connected Health Policy.1
The primary methods of telehealth services are seen in the following applications:
- Real time, virtual patient and doctor interactions via video.
- Store and forward methods that allow doctors to receive electronic medical records for diagnosis and treatment. No live interaction.
- Remote monitoring: using medical devices and wearables to monitor patients’ health data from home. Especially effective for chronic conditions, such as heart disease, diabetes, and asthma.
- Lifestyle management platforms that promote wellness, health education and wellbeing.
Broader applications including physical therapy and psychiatry are also included under the telehealth umbrella.
Poised for Growth
Telehealth isn’t a new phenomenon. In 2005, Dr. G. Byron Brooks launched Teladoc, the first national telehealth provider. Today, it’s publicly-traded company with a market capitalization north of $4B, and is active in more than 100 countries.
According to a report from Global Market Insights, the telemedicine market is set to be valued at $175.5B by 2026.2
While telehealth was likely poised for substantial growth even before COVID-19, the pandemic has pushed the fast-forward button. The CARES Act will spur growth through funding the purchases of telehealth products and services.3 Additionally, as health care providers offer telemedicine at no cost for COVID-19, more people are experiencing telehealth for the first time. Like with most technology, exposure and repeat use is one of the first modes of adoption.
Finally, with expanding access to broadband for the tens of millions of Americans who lack it, sections of the country (mainly rural and poor) may finally gain desperately needed medical services through telehealth services.
Enormous Opportunity With Substantial Risks
While telehealth presents enormous opportunity, there are substantial risks that must be considered. First, medical data is some of the most sensitive information in today’s world. While cyber is not new to health care, the multiple attack surfaces of telehealth make it an increasingly attractive target. For ‘store and forward’ services, the exposure is even greater because the transferred data typically has more medical information.
High-Value Targets
Ransomware can be especially damaging to telehealth companies because their business model relies on a fully functioning network.
Two big targets for hackers:
- The value of medical data (can be sold for use by others) and
- A business’s reliance on connectivity and willingness to pay ransom to avoid shutdown and reputational damage
When a patient uses new telehealth providers, they may need to share historical medical data. A hacker may find some telehealth portals and networks more vulnerable than larger, traditional providers with more robust IT security resources.
There are COVID-19 specific risks as well. In the midst of the outbreak, enforcement of HIPPA requirements for telehealth have been relaxed by The Office for Civil Rights (OCR) at the Department of Health and Human Services.4 Additionally, companies that have rushed to implement telehealth solutions may not have prioritized proper training and cyber security measures.
An Evolving Regulatory Environment
The regulatory environment surrounding telehealth continues to evolve. Without further direction or legislation at the federal level, regulation continues on a state-by-state basis. This means that providers must understand the laws of each state they practice in. According to an article by Jeff Lagasse of Healthcare Finance, “state parity laws are largely loose and ineffective. Such laws are intended to ensure the same coverage of services provided in person, but the laws themselves are often not very robust -- simply stating that telehealth services must be medically necessary in order to be covered, or that payers should not exclude services solely because they were provided through telehealth.”5
Coverage & Liability
With a rapidly growing market and a web of regulatory considerations, telehealth presents a myriad of coverage and liability considerations.
Many telehealth firms partner with multiple vendors to provide the products and services they offer to their customers. Legal counsel’s guidance on risk transfer for products and services is essential to good vendor risk management. Licensing agreements and customer contracts should also be reviewed regularly to ensure contract language reflects new products, services or relationships.
Technology E&O
Technology errors and omissions insurance protects businesses from errors, omissions, negligence, and product failures. With telehealth, if technology fails, it can have an enormous impact on a business’s finances. Unfortunately, traditional liability policies usually won’t cover pure financial losses. E&O coverage can help cover business legal fees and other related costs if:
- Software you license to a client had glitches that caused them to lose a month’s worth of billing data
- Equipment you provide prevented your customer from receiving online orders for 48 hours
- Your cloud-based data services failed to backup critical data that a customer cannot recreate
- The website you designed for a customer looked too much like its key competitor’s site
- And other scenarios
Cyber
Hackers know an opportunity when they see it. With an increase in new companies in telehealth and a less vigorous focus on cyber enforcement, it’s more important than ever to have the right coverage. First party cyber insurance can protect the insured from ransomware as well as data destruction, resulting business interruption and other financial losses. Robust cyber liability coverage is important for all telehealth and especially those with large quantities of financial or medical information. Coverage that can respond to regulatory actions is key for those companies that operate in the medical space. Cyber needs are varied in the telehealth space so understanding which coverage is appropriate and partnering with an insurer who understands this space is critical.
Product and Professional Liability
Telehealth companies can have a unique blend of product and professional liability risk.
Most technology companies have generally enjoyed a relatively low exposure to products liability suits due to their relatively innocuous products. However, the risk profile for telehealth companies can be quite different from a traditional technology company. Products such as consumer telecommunication equipment, wearables and medical devices used in diagnosis can greatly increase frequency and severity of risk to products liability suits.
Companies that incorporate a third party’s products in their solutions should protect themselves through proper risk transfer and insurance coverage written for their unique risk profile.
The unique nature of telehealth and delivering medical advice remotely, without the benefits of the physical cues and body language associated with in-person consultations, adds exposure to miscommunication or omissions that could result in patient harm.
The combination of using a platform that includes medical devices and remote professional advice results in a complex risk profile. For example, a picture of a physical issue such as a rash could be a distorted image and lead to an incorrect diagnosis.
Uncertainty around the ‘Learned intermediary’ is of concern to telehealth companies. A prescribing physician acts as a "learned intermediary" between manufacturer and consumer and has the primary responsibility of warning patients of the hazards of prescribed pharmaceutical products. Whether this protection and responsibility changes when consultation is done virtually remains to be seen.
Understanding the products and professional exposure on each telehealth risk is essential to providing the right coverage.
A Broad Range of Expertise, Products and Service Capabilities at The Hartford
The Hartford has a broad range of expertise, products, and service capabilities in the telehealth space.
Our coverage offerings can be customized to meet the unique needs of the customer whether they are in the Life Sciences o Tecnología space. The Hartford is well suited to partner with companies involved in the telehealth market because:
- We have expertise in Digital Health, Life Sciences, Technology, Allied Health, and Cyber
- We offer integrated products and solutions for digital health insureds, including Tech E&O, Cyber and Professional Liability
- We have strong global capabilities
Insureds are increasingly demanding specialized partners for their evolving needs and rely on the expertise of agents, brokers, and carriers to navigate complex regulatory environments as they invent, test, and go to market with cutting-edge telehealth applications.
For more information, call your local representative or visit us at https://www.thehartford.com/technology.
1 The Center for Connected Health Policy https://www.cchpca.org/about/about-telehealth
2 Telemedicine Market Size By Service (Tele-consulting, Tele-monitoring, Tele-education/training), By Type (Telehospital, Telehome), By Specialty (Cardiology, Gynecology, Neurology, Orthopedics, Dermatology, Mental Health), By Delivery Mode (Web/Mobile {Telephonic, Visualized}, Call Centers), Industry Analysis Report, Regional Outlook, Growth Potential, Price Trends, Competitive Market Share & Forecast, 2020 – 2026 https://www.gminsights.com/industry-analysis/telemedicine-market
3 CARES Act Summary (HR 748) Key Telehealth Provisions https://www.ama-assn.org/system/files/2020-03/summary-H.R.%20748-cares-act.pdf
4 Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html
5 Telehealth laws and regulations in 2019 have set the stage for increased access and use https://www.healthcarefinancenews.com/news/telehealth-laws-and-regulations-2019-have-set-stage-increased-access-and-use
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford no controla o revisa estos sitios. La provisiòn de cualquiera de estos enlaces no implica la aprobación o asociación de The Hartford con dichos sitios. The Hartford no es responsable y no ejerce ningún tipo de representación o garantía relacionadas con los contenidos, integridad, precisión o seguridad de cualquier material publicado en dichos sitios. Si usted decide ingresar a sitios que no pertenezcan a The Hartford, lo hace bajo su propia responsabilidad.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at https://www.thehartford.com.
