The rapid spread of the COVID-19 virus has stretched the capacity of our healthcare systems. In addition to the immediate concerns of providing care to those infected and curbing the spread of the disease, healthcare providers find themselves contemplating the legal implications of the care they provide now and whether they will face lawsuits in the future. In an effort to slow the rate of infection, the use of telemedicine technology has increased exponentially and has become a critical tool in the fight against the virus.

Telemedicine is a convenient and safe option for patients who wish to abide by the shelter-in-place orders and reduce the risk of being infected or infecting others by venturing out into a medical provider’s office, hospital or clinic. The COVID-19 crisis has rapidly accelerated the use of telemedicine technology in our healthcare systems. The CDC has urged the public and healthcare providers to use this technology for non-urgent communications and visits, thereby reducing the pressures facing our healthcare systems and minimizing the risk of infection to healthcare workers and members of the public.

While the benefits of telemedicine programs are clear, healthcare providers implementing telemedicine in their practices must understand the applicable legal implications, as well as ways to minimize their risk.

Licensure

While telemedicine provides the opportunity for healthcare providers to provide care from great distances, Connecticut law requires that a telehealth provider be licensed in the state in which the patient is receiving services. However, pursuant to Executive Order 7G, which was enacted to expand access to telehealth services for Connecticut residents amidst the COVID-19 pandemic, the Governor waived this licensure provision to allow out-of-state licensed providers to provide care to Connecticut residents via telehealth platforms. For a full description of Executive Order 7G and the other ways in which the Governor relaxed the regulations relative to telemedicine, please see our eAlert dated March 24, 2020 here.

Informed Consent

Connecticut law requires that at the time of the telemedicine provider’s first interaction with a patient, the provider must inform the patient concerning the treatment methods and limitations of treatment using a telehealth platform and, after providing the patient with such information, obtain the patient’s consent to provide telehealth services. The provider must document such notice and consent in the patient’s health record. One way to obtain the necessary consent is to build the consent form into the telemedicine software, such that the patients are required to review and sign the consent form before participating in the virtual visit. If only verbal consent is obtained, this should be clearly documented in the patient’s record. Failure to obtain the necessary informed consent to telemedicine services could subject the provider to liability.

Security, Privacy and HIPAA

Under normal circumstances, telemedicine is required to be secure, confidential and HIPAA-compliant like any other provider-patient interaction. Only encrypted, secure platforms and connections for patient communication should be utilized, and providers should ensure that they are in a location where no one can overhear the virtual visits.

However, on March 17, 2020, the OCR issued a notice stating that it will “exercise enforcement discretion and not impose penalties for noncompliance with regulatory requirements under the HIPAA rules against covered healthcare providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” The OCR notice permits a healthcare provider to use “any non-public facing remote communication product that is available to communicate with patients” and specifies that this exercise of discretion applies to telehealth provided for any reason, not just services related to the diagnosis and treatment of conditions related to COVID-19. This relaxing of the HIPAA rules temporarily permits healthcare providers to use Skype, FaceTime, Zoom and other similar technologies to communicate with patients. These platforms should be used with caution and should only be a temporary means of providing telemedicine services until an appropriate secure platform can be implemented in the future. When using these third-party applications, providers must notify patients of the potential privacy risks, and providers should enable all available encryption, password protection and privacy modes.

Standard of Care

It should come as no surprise that the standard of care remains the same whether the care is provided via telemedicine or traditional in-person care. This remains the case, even in the context of the relaxed regulations implemented in light of the COVID-19 pandemic. Generally, telemedicine is low risk for liability since virtual visits are typically used for routine checkups and medication management. However, it remains essential for healthcare providers to treat each patient in the way they normally would, despite the untraditional format. This may be challenging, since providers will be forced to rely on information conveyed to them by patients verbally, rather than by physical examination or direct observation. It is therefore of the utmost importance that healthcare providers ask questions and encourage dialogue with the patient such that they are able to elicit sufficient information from the patient in order to render appropriate care. Meticulous documentation of the information exchanged with the patient during the visit is also critically important.

Immunity Provided by the CARES Act and Executive Order 7U is Not Without Limitations

While both the federal and state governments have enacted legislation to provide liability protections for healthcare providers on the front lines, no federal or state law provides an “absolute” immunity from legal claims against healthcare providers caring for patients during the crisis. As such, there remains ample opportunity for injured parties to bring claims against healthcare providers and, thereby, test the limits of the civil immunity protections afforded by the legislature.

Under the federal Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), Congress provided liability protection to volunteer healthcare professionals providing health care services during the public health emergency. Specifically, the CARES Act exempts volunteer healthcare providers from liability under federal or state law for any harm caused by an act or omission, unless the harm was caused by willful or criminal misconduct, gross negligence, reckless misconduct, conscious flagrant indifference, or under the influence of alcohol or intoxicating drugs, in providing health care services during the coronavirus pandemic.

While the CARES Act declined to extend the liability protection to non-volunteer health care professionals, Governor Ned Lamont’s Executive Order 7U afforded additional protections from civil liability for all Connecticut healthcare providers who treat patients during the COVID-19 pandemic. Specifically, the Order provides immunity from suit for civil liability for any injury or death alleged to have been sustained because of the healthcare provider’s acts or omissions taken in good faith while providing healthcare services in support of the State’s COVID-19 response. The Order expressly includes immunity for acts or omissions undertaken because of a lack of resources attributable to the COVID-19 pandemic, which resulted in the damages at issue. The immunity afforded by the Order does not extend to conduct that constitutes a crime, fraud, malice, gross negligence, or willful misconduct. For more information on Executive Order 7U and the scope of the civil liability protections afforded therein, please see our eAlert dated April 6, 2020 here.

While helpful, these legislative efforts to protect healthcare providers are not without limitation. Legislative immunity protections will not necessarily prevent injured parties and their lawyers from bringing lawsuits and carefully crafting their Complaints in an effort to circumvent the protections afforded by Executive Order 7U. While the civil immunity protections may provide compelling defenses in certain circumstances, the plaintiff’s bar will undoubtedly bring cases that will force the Courts to evaluate the four corners of the immunity protections. It is likely that some cases will be allowed to proceed based on criteria to be determined by the Courts.

Recommendations

It is imperative for healthcare providers to remain vigilant in their efforts to comply with the standard of care, and meticulous in their documentation.

Providers should make sure that they are properly protected by malpractice insurance coverage. They should pay particular attention to whether their existing malpractice policies include coverage for telemedicine activities and any other COVID-19 related activities that are outside the scope of the provider’s regular practice.

Now, as always, it is important for providers to carefully document their care and the thought-process behind their medical decision-making. Since face-to-face interaction will be limited, this increases the importance of clear and thorough documentation. Clear communication with patients and a strong “web-side” manner when providing telemedicine services will be essential in the effort to minimize liability.

Our healthcare team at Carmody, Torrance, Sandak & Hennessy, LLP is available to assist you as we continue to work through this crisis together. Please contact any of our team members below should have you any questions.

Mariella LaRosa
(203) 575-2654; mlarosa@carmodylaw.com

Tamara Nyce
(203) 578-4275; tnyce@carmodylaw.com

Leah Nollenberger
(203) 575-2685; lnollenberger@carmodylaw.com