Doctors and the dual-edged sword of virtual health

Risk-mitigation strategies are a must when using telehealth, whether its for malpractice or cyber liability.

Virtual healthcare has become an important dimension to a growing number of physician practices in the midst of a devastating pandemic. It is unfortunate, however, that the risks of using it make telemedicine a double-edged sword.

It goes without saying that the medical community has, for some time, grappled with both the tremendous potential of improved patient care and the possible downside of the expanded use of technology in medicine. This fact has never been lost on the medical community. But it underscores the need for risk mitigation strategies, and as a group, physicians should be better prepared than they are currently.

It took the pandemic for virtual healthcare to begin to grow into its potential. The regulatory environment was one reason its adoption was slow. Cross-border state licensure prohibitions not only invalidated practitioners’ professional liability insurance protection, but also mean their consults weren’t likely to be paid for by the CMS and many private insurers.

Only 27% of clinical professionals, in fact, offered virtual medical services before the pandemic, according to NPJ Digital Medicine. They offered a host of reasons for eschewing digital medicine in any form – not just the virtual house calls, but web-based patient portals, remote patient monitoring and data integration with wearables. Top reasons, they said, were the potential for medical errors (36%), patient privacy and data security (33%) and that their patients weren’t interested anyway (23%).

The pandemic totally disrupted the health care delivery model. When social isolation is necessary to tamp contagion, virtual solutions start to look as one tool to counter the dangers of delayed medical treatment. By April 2020, primary care and specialist practitioners alone had reported a jump in the rate of telehealth consults to 51% from 9% pre-pandemic, according to NPJ.

But while virtual medicine’s deployment has kept expanding, the risks that caused physicians to shy away from its use to begin with have grown in tandem. Having appropriate insurance becomes more critical with this growth too. But as important as the right coverage is, that doesn’t offset the need for well-thought-out risk mitigation. This is especially true for two key areas of concern: medical errors and cyber security. Here’s what physicians need to know.

You can only see so much through a virtual lens

Practitioners are fully aware of the risks – and costs – of diagnoses that are wrong, delayed or missed. Misdiagnosis for whatever reason has been the biggest driver of telehealth medical malpractice claims for conditions including cancer (25% of all claims), stroke (20%) and infection, according to insurance data.

The potential for mistakes is exponentially greater with virtual care, and physicians are still struggling with how that affects their perspective. Physical effects of heart disease, like fluid buildup, for example, are more effectively evaluated through a physical exam than virtual. A dermatological exam done virtually to evaluate a skin growth may result in a legitimate diagnosis, but if an equipment failure produces a faulty image, the liability risk grows.

The practitioner’s diligence makes the difference in mitigating the risk of misdiagnosis. Even though virtual medicine began to be widely used across the care spectrum as the pandemic continued, careful thought must be given to circumstances and conditions when in-person medical exams will have the better outcomes.

Further, informed consent is as important for virtual consultations as it is before a surgery.Patients and their families need the technology explained, along with its potential risks, their rights and any limitations to it that are beyond the physician’s control. Patients’ expectations must be managed in order to try and lessen the exposure for a malpractice claim.

Physicians also should be aware of the complexities of their professional liability insurance, as virtual health can have specific coverage provisions that are separate from protections of traditional medical services. It makes the case for having a qualified broker review these policies to ensure coverage is adequate for today’s environment. Further, keep in mind that platform failures leading to misdiagnoses are an exposure for the platform provider. Their Technology Errors & Omissions (E&O) coverage should be carefully reviewed and understood to help control for the risk.

Virtual care drives a virtual explosion in cyber crime

A healthcare data record can command as much as $250 per record on the black market, versus $5.40 for the next most valued, a payment card, according to SecureLink. If health care was a prime target of cyber criminals before the pandemic, the expansion of virtual care has only created more openings. One security expert described it as “blood in the water for bad actors.”

Cybercrime costs overall to individuals and businesses shot up by 69% to $4.2 billion in 2020, and healthcare was a major target, according to Health IT Security. The pace has only accelerated since. Between April 1 and April 21 of this year, 31 breaches were reported by health care entities to the U.S. Department of Health and Human Services “Wall of Shame,” or medical records breach portal. Hackers gained access through network servers, email and other devices; over 153,000 records were compromised in one instance.

The fastest-growing risk is ransomware, where cybercriminals hold an organization’s medical records – and these days, their backups, too – hostage. The number of patient records affected jumped 470% in 2020 from 2019 levels. With hackers grabbing at least $2,112,744 in ransom payments, it’s easy to see why some practices have been forced into closing with the impact, according to Healthcare Innovations.

Practitioners should be worried. While cyber insurance is a critical budget item, not surprisingly, health care will pay more for it than businesses with less risk. Some observers, including S&P Global, expect rates to ratchet up by 20% to 30%.

Their best protection is to put strong cyber security measures in place and to always be on guard. Doing so will go a long way toward reducing exposures, but can affect cyber insurance rates, too. (It’s important for policies to be reviewed by experienced brokers, however, as coverage limits may not be sufficient for the costs of a breach.) Too often, cyber coverage endorsed by a good medical professional liability policy is woefully inadequate. The small sub-limit offers some comfort to a provider, but the limits of liability in the endorsement are far too low to offer meaningful protection.

Risk mitigation includes training users on best security practices, and basic tools like antivirus software, firewalls and regular backups in place that are regularly updated. Higher level security measures – dual authentication, encryption and virtual private networks – are worth the investment. It is becoming increasingly important to conduct regular cybersecurity assessments to identify and fix weaknesses in the practice’s networks.

Plus, as dependence on digital medicine grows, practices need to take a careful look at contractual liability issues with their technology vendors. The easy question might be who is indemnifying whom for what. An arguably bigger concern is the adequacy of vendors’ cyber security and specific protections that are in place.

After all, with access to numerous customer networks, third-party vendors are attractive targets – one breach can impact hundreds of healthcare organizations. Case in point: the 2020 attack on Blackbaud, an IT vendor with a global client base. Over 12.3 million patient records held by 100 U.S. healthcare organizations were affect. Two were in Maine and half of its population was affected.

This dynamic and expanding risk will not go away for medical providers. The temptation to avoid addressing it is ill conceived. There are solutions and tools that are available to assist physicians in creating a strong data security program within their practices. A qualified insurance broker, partnered with appropriate insurance coverage is one key aspect of an overall risk management program that will allow for full effective use of virtual care, telehealth and other technology driven patient interaction platforms.

Peter Reilly is the practice leader and chief sales officer of global insurance brokerage Hub International’s North American health care practice.