Telemedicine Medical Malpractice Risks Are Real. Follow These Risk Management Tips to Avoid Issues

Telemedicine use surged as the pandemic forced more employees to work from home. Though in-person doctor visits have resumed, it’s likely that telemedicine will remain a prominent part of medical treatment. Its increased use presents a challenging slew of risks.
By: and | March 4, 2021

Telemedicine has been around longer than many realize.

It first appeared on the April 1924 cover of Radio News magazine. Thirty years later, radiology images were shared over telephone, and in the 1970s and 1980s, teleradiology expanded to include neurological exam sharing and behavioral health treatment. In the 2000s, health care organizations and physician practices made a concerted effort to employ telemedicine as part of the standard practice of care and treatment.

Still, reduced or no reimbursements from health care insurers have stifled broad adoption of this treatment modality.

When the coronavirus pandemic hit in 2020, it significantly increased interest in and use of telemedicine.

As news broke regarding the risks and preventative approaches to mitigating exposure to COVID-19, there was a dramatic reduction of in-person patient visits.

Conversely, there was a marked increase in the use of telemedicine to care for and treat patients by primary care physicians, specialists, clinics and hospitals.

While in-person visits have slowly rebounded to pre-pandemic levels, an increased use of telemedicine will remain. Most physician groups and hospitals adjusted technology and resources. Additionally, the Department of Health and Human Services (DHHS) expanded the public health emergency through April 2021, ensuring that telemedicine will continue to be leveraged as a tool to provide care and minimize risk of exposure to COVID-19.

Risks, such as crossing state lines, documentation and non-physician clinicians, have always existed. For the most part, they have been managed or eliminated.

The increased use of telemedicine has created new and evolving risks and has highlighted existing risks. Those risks, along with practical recommendations for addressing them, are presented here.

Emerging and Existing Risks of Using Telemedicine

Six main categories of telemedicine risk exist for health care systems with the introduction and increased use of telemedicine.

1) Vendor Risk

Ellen Rensklev, principal and risk consultant, Edgewood Healthcare Advisors

It is important to carefully scrutinize vendors providing telemedicine platforms. As with all vendors, it is necessary to protect your patients’ health information. Vendors that are unfamiliar with HIPAA and Business Associate Agreements (BAA) should be regarded with concern.

Recommendation: Things to consider when looking for a telemedicine vendor partner include the following:

  • Seek strong contract language.
  • Secure solid BAA agreement.
  • Assure that vendors understand and are abiding by required and standard practices as related to HIPAA privacy and security.
  • Require good documentation protocols and processes.
  • Ensure the ability to have direct interaction with a patient.
  • Insist on a method to record patient interactions.
  • Verify easy access to work and communicate with vendors as the need arises.

2) Advanced Practice Providers

State-based regulations govern oversight and require malpractice coverage of non-physician clinicians when using telemedicine.

While compliance does not change with respect to telemedicine, the method used to show evidence of adherence could change.


  • Be aware of licensure requirements; have a defined scope of practice and know what is required with respect to oversight.
  • Analyze how telemedicine may impact current compliance processes. For instance, if a state requires a specific percent of chart and/or care reviews of a physician assistant, document these practices as telemedicine care is being provided.
  • Let compliance needs factor into vendor selection, choosing ones that can help facilitate documentation of oversight in accordance with states’ requirements.
  • While some care restrictions may be temporarily lifted due to COVID-19, state-based requirements of what a medical assistant, nurse or advanced practitioner can and cannot perform when treating patients are not altered by telemedicine.

3) State Licensure and Regulations

As is the case with the risks already covered, licensing requirements do not change with telemedicine. In general, clinicians must be licensed in the state where the patient resides, not where the clinician is practicing.

Centers for Medicare & Medicaid Services (CMS) instituted a temporary waiver of in-state licensure requirements during the coronavirus pandemic, but practitioners should be aware that state requirements may still supersede CMS waivers.

Recommendation: The Federation of State Medical Boards has created and regularly updates this document that outlines state requirements and includes links to relevant communications from each state.

4) Reimbursement

While commercial payers had been slow to accept and adopt telemedicine care, the dramatic increase of use brought on by the pandemic forced them to adjust quickly.

As a result, payers now reimburse for care. Providers must still be aware of payers’ rules surrounding reimbursement, and rules vary from one payer to another.

Recommendation: DHHS created a one-stop resource that provides up-to-date guidance to aid compliance with both federal and payer-specific reimbursement requirements.


Privacy and security rules apply to telemedicine. Providers must safeguard protected health information and supply required disclosures to patients.

Trent Sullivan, principal, Edgewood Healthcare Advisors

For example, notice of privacy practices should denote telehealth services. The DHHS Office of Civil Rights has issued a Notification of Enforcement Discretion to empower covered health care providers to use widely available communications applications without the risk of penalties, which can be found here.

Because of this ruling, non-public facing video chat applications such as FaceTime, Zoom and Skype may be used. Non-public facing applications like Facebook Live and Twitch are not approved for use with telemedicine care.

Recommendation: Use this time and relaxed enforcement discretion to perform a self-audit of telemedicine practices. The Federation of State Medical Board model policy can be helpful in this endeavor.

6) The Standard of Care and Malpractice Insurance Coverage

The same duty of care that applies to in-person care applies during telemedicine sessions. The potential exists for claims of delayed or missed diagnosis of conditions that would have been assessed during in-person visits. Potential situations illustrate the reality that telemedicine care is not always a substitute for in-person care.

Another area of potential concern is medical malpractice insurance coverage.

In general, malpractice insurance carriers support telemedicine care. However, many carriers have policy language referencing the amount of care, whether an established patient relationship is required before providing telemedicine care, and whether or not care can be provided across state lines. Some carriers may even be silent with respect to telemedicine care.

Tort caps do not cross over state lines. It is essential to understand a state tort cap will not cover a provider who is based in a tort cap state if they treat a patient via telemedicine in a state that does not have a tort cap.

As a reminder, the provider must be licensed in the state where the patient resides.

Recommendation: Ensure that thorough documentation of the telemedicine care is provided. The American Medical Association has a document that outlines each state’s definition and requirements of a physician-patient relationship via telemedicine.

Institutions should review medical staff bylaws and credentialing processes with medical staff leadership and consider revising bylaws and processes to incorporate the use of telemedicine care.

Care should be taken to ensure that administration of medication and controlled substances maintains or improves upon in-person medication management. If evaluation of a patient through a telemedicine platform proves less effective than in-person care, mitigate the risk by arranging an in-person appointment.

Looking Forward 

The sudden and rapid adoption of telemedicine on a broad basis is a welcome event in the medical community, yet it is not without risks for medical providers and health systems.

Vendor relationships, use of advanced practice providers, adherence to state licensure and regulations, reimbursement requirements, compliance with HIPAA regulation, and knowledge of standard of care and malpractice insurance coverage are essential steps providers should take to protect themselves and patients from risks inherent to the delivery of telemedicine care.

With proper documentation, compliance and care practices in place, the move toward telemedicine care can be a positive development for all parties. &

Ellen has over 40 years of risk management experience, including working as a chief risk officer and vice president of risk management for a large academic healthcare center. Trent has over 20 years in healthcare and municipal risk management and insurance. His experience creating and managing self-funded vehicles including trusts and captives helps him recommend effective approaches to loss mitigation through education and practice change efforts. They can be reached at [email protected].

More from Risk & Insurance