Do the new rules of telemedicine credentialing ease the burdens or do hospitals and critical access hospitals (CAHs) have to review their polcies and procedures more closely to ensure that the new rules don’t expose them to more risk? The Medicare and Medicaid conditions of participation (COPs) governing the process hospitals and critical access hospitals (CAHs) use for credentialing and granting privileges to physicians and practitioners who deliver care through telemedicine have been amended by CMS to permit a hospital or CAH that furnishes telemedicine services to its patients to rely upon information furnished by the distant hospital or telemedicine entity when making credentialing and privileging decisions, so long as there is a written agreement between the parties that includes four core elements.
Among other things, distant-site hospitals must meet the credentialing requirements for hospitals or for CAHs. For distant-site telemedicine entities (DSTEs), the DTSE must provide services in a manner allowing the hospital to meet both hospital credentialing requirements and those for originating site hospitals; or the requirements for originating site CAHs.
Although CMS intends the new rule to remove unnecessary barriers to the use of telemedicine and enable patients to receive medically necessary interventions in a more timely manner, two articles written since the release of the final rule have brought to light risks and issues related to the proxy credentialing process. In an article in the July/August 2011 issue of the Journal of Health Care Compliance, Tatiana Melnik, Esq and Brian Balow, Esq. address the “Revisions to Telemedicine and Privileging Rules,” and suggest that hospitals consider the following:
- Medicine-participation distant-site hospitals and DSTEs desiring to use the proxy credentialing process must review their agreements to ensure that they follow the requirements of the final rule.
- Telemedicine services are principally limited to in state services because the final rule requires that the distant-site practitioner be licensed in the state where the originating site’s hospital is located; therefore, telemedicine services crossing state lines will continue to run into the traditional barriers with delivery of these services.
- Originating sites relying on proxy credentialing must share peer reviews of the distant-site practitioner, which generally are privileged. Hospitals and DSTEs should review state laws governing peer review privilege and incorporate necessary language into their agreements to assure protection from liability associated with this information exchange.
In the second article, “Risk Managing the Telemedicine Final Rule, which appeared in the May 2011 issue of the RMS Newsletter, Fay Rozovsky, President, of The Rozovsky Group laid out a number of additional issues hospitals and CAHs should be considering when they enter into telemedicine agreements. Some of the issues Rozovsky identified include:
- Can the hospital utilizing the distant-site for telemedicine shift liability via contract to the distant-site hospital?
- Must the hospital inform the patient of the use of telemedicine services and obtain consent from the patient both to transmit the personal health information as well as to allow the telemedicine provide to perform a professional service?
- When the originating site hospital sends performance information that includes adverse event and complaint information involving telemedicine services, is the hospital risking that it may lose evidentiary protection under state law?
- Will existing health professional liability coverage address errors and omissions on the part of the distant-site physicians and practitioners and what type of insurance coverage is in place for negligent credentialing?
- What are the state requirements for telemedicine? Are they included in the written agreement?
- Has the hospital set a protocol for data security – confidentiality, integrity, and avaialabiltiy in transit and storage?
- Has the hospital identified the scope of its practice in telemedicine?
- Does the hospital have a process in place to respond to notifiable events such as downtime or system shutdown, critical test results warranting immediate action, data security breaches, misreads, loss of licencsure by a credentialed telemedicine physician or provider?
If you are a hospital or CAH that provides telemedicine, have you considered these topics? What issues have you encountered as you adopt and implement the new regulations?