Licensure

The practice of medicine requires a license, a requirement based on the need to protect the public health from the practice of medicine by unqualified providers, as well as to protect the interests of the medical guild. In most countries, practicing medicine without a valid license is a criminal offense. Some states or countries forbid the practice of medicine in another jurisdiction without a proper license in that second state, and disciplinary measures (including revocation of license) may ensue. In the United States, licensure has been a states’ prerogative, and restrictive statutory licensure requirements for practicing medicine across state lines have been subject to growing criticism. It is hard to justify, based on public safety, why local requirements for a California license would be insufficient for practicing medicine in Colorado; citizens in both states should be similarly protected from the unqualified practice of medicine. This notion has been reflected in the Federation of State Medical Boards Special Committee on License Portability, 2002, recommending that state medical boards develop and use an expedited licensure by endorsement process to facilitate multistate practice. Border-free TM provides another powerful reason to question this parochial segregation, and to call for a more uniform licensure process/requirement. By current (obsolete) understanding, a physician is considered to be practicing medicine in the state where the patient is located (by convention, originating site), which is hard to accept: because patients may travel to any state or country to be treated at their sole discretion; why can they not travel electronically (being much more efficient, saving money, time, or the environment), thereby creating a legal way to allow TM according to the location of the treating professional? This plea has been heard in Europe, where a new, approved directive on cross-border health care (Directive on Cross-border Health Care – COM(2008)414) requires all states to create legislation that allow patients to receive health care in another member state and be reimbursed to the level of costs that would have been assumed by the member state of affiliation if this health care had been provided on its territory (although states may limit this for overriding reasons of general interest). Member states may introduce a system of prior authorization to manage the possible outflow of patients; however, it is limited to health care that is subject to planning requirements. Examples include hospital care; highly specialized and cost-intensive care, especially risky care; or health care that could raise serious concerns about quality or safety.

Current and Needed (Constructive) Licensure Practices

After almost 2 decades of attempts to ease the licensure uncertainty, not enough has been ascertained. A survey of states’ licensure statutes reveals that most states still adhere to full, unrestricted licensure requirements for allowing the practice of medicine across state lines. However, there is a trend toward accepting the borderless nature of TM. To date, approximately 10 states (Alabama, California, Minnesota, Montana, Nevada, New Mexico, Ohio, Oregon, Tennessee, and Texas. Based on the Center for Telehealth and E-Health Law Report. Available at http://www.telehealthlawcenter.org/?c=118 . Accessed July 19, 2010) have adopted some version of a limited/special purpose licensure, which allows practitioners to obtain a limited license for the delivery of specific health services in particular circumstances, which is suitable for the TM model. Practitioners are required to maintain a full and unrestricted license in at least 1 state, while practicing TM in others. For example, Montana created a telemedicine license that authorizes an out-of-state physician to practice telemedicine only in the specialty in which the physician is board certified. A telemedicine license authorizes an out-of-state physician to practice only telemedicine.

Another option that may assist fruitful dissemination of TM is a border-free TM national system that would issue a license based on universal standards for the practice of health care in the United States. This does not necessarily preempt states’ sovereignty, but represents a national agreement to be implemented by each state. The logistics would require sensible solutions (eg, how data would be collected and processed; setting standards of education, qualification, and training; disciplinary measures), but some progress has already been made, such as the establishment of the National Practitioner Data Bank, the acceptability of Joint Commission on Accreditation of Healthcare Organizations (JCAHO; now The Joint Commission [JC]) as a national standard for medicine and practices, or the expanding reach of the US Food and Drug Administration (FDA) on health issues. In particular, in 2001, JCAHO introduced standards for institutional credentialing of TM providers. By these standards, a physician credentialed in any JCAHO facility would be permitted to provide TM services in another JCAHO facility (the JC rules allowed the facility where the patient is being treated to credential the distant treating physician in 2 ways: (1) the treating facility could fully credential the physician based on their own facility’s standards; or (2) the treating facility could accept the credentials of the treating physician because the remote institution is JC certified. However, in 2009, CMS required that only option 1 remains valid. JCAHO announced that a final decision is still pending). A stronger version would attempt a federal licensure system that would preempt state licensure laws, issuing one license that would be valid throughout the United States.

Another, less ambitious option, is for state boards to award licenses to professionals in other states with equal standards (endorsement). To have their licenses endorsed by another states, professionals need to apply for a license by endorsement from each state in which they seek to practice. However, because states may require additional qualifications or documentation before endorsing a license issued by another state, endorsement can be time consuming and expensive for a multistate practitioner in TM. To address part of this difficulty, a licensure system based on reciprocity requires the authorities (rather than individual practitioners) of each state to reach agreements to recognize licenses issued by the other state/s (bilateral or multilateral) without a further review of individual credentials. A license valid in one state would allow the practice of medicine in all other states with which such agreements exist; but notification or registration might still be needed. Such a requirement may be waived by mutual recognition, in which a state’s licensing authority legally accepts the licensure of another state without further action. The nurse licensure compact, legally accepted in 24 states, is based on this model, and should be more vigorously studied.

The most sensible and productive solution to TM licensure would be electronic patient transfer, viewing TM as being rendered at the location of the physician, the distant site. JCAHO (revising its credential policy), opted that practitioners who render care using live/interactive systems are subject to credentialing and privileging at the distant site (where the consultant is located) when they are providing direct care to the patient. However, CMS has required a change of this resolution, requiring institutions to establish independently the credentials of remote TM practitioners. A final rule is expected by June 2011. Other solutions presented here subscribe to the notion that leaving things as they are is unacceptable, because the interests of patients (eg, where specialists are scarce), providers (eg, when they can offer better or more efficient care), and the health system at large (containing the rising costs and decreased availability) are not adequately served. Moreover, scholars have argued that states’ current legal barriers to TM are unconstitutional. Attempting to circumvent current licensure by regarding all TM interactions as recommendations/consultation has several disadvantages: it probably will not pass legal scrutiny in most states’ courts; it requires a local referring physician who keeps full authority and legal responsibility over the patient (Hawaii, Colorado, and California allow significant consulting exceptions); it restricts patients’ autonomy in interacting with physicians at their convenience and choice; and it prevents a productive, cost-effective business model with an inhibitory effect on the uptake of TM.

Assuming that licensure issues have been resolved, or that TM is practiced within a state’s borders (where no additional licensure for TM is needed), other legal issues emerge. For example, provider authentication remains a challenge. TM should not be restricted on these grounds, because authentication requirements are shared by all IT-based modern enterprises (such as banking, credit, e-learning), and have been reasonably resolved. Therefore, TM should not be treated differently and available cyber-tech solutions should be used. Responsibility for assuring and protecting authentication is, and should be, the responsibility of the institution that provides the medical service, and appropriate regulations should be instituted and monitored (eg, passwords, event log/access archive, log-in log). In contrast, authentication in cyberspace is more problematic. Attempts to regulate cyberspace have proved futile in most cases (eg, pharmaceutical, direct-to-consumer genetic tests), and the responsibility should be shifted to consumers, expecting them to use only credible sources. Consumers should be empowered by information on the hazards of receiving medical care or consultation from nonaffiliated practitioners, as well as listing flawed sources/sites (as with travel warnings).

A final related question refers to choice of venue and law: if there is a multistate or multinationality TM interaction, which court should have jurisdiction, and what legal norms should be used? Because TM will undeniably create legal disputes, such as claims of malpractice, this issue must be proactively determined. A thorough exposition of choice-of-law is beyond the scope of this article because it requires a case-by-case determination and can be found elsewhere. However, most uncertainties can be resolved by binding (international) arbitration, as is commonly practiced by multinational commercial interactions (a result of the successful United Nations Convention on Recognition and Enforcement of Foreign Arbitral Awards, 1958, also known as the New York Convention).

Legal Aspects Stemming from a Patient-Provider Relationship

Phase II questions (ie, beyond who may practice TM and where), target the legal implications of using TM to diagnose or treat patients. These liabilities stem from a patient-provider relationship (PPR), and are derived from tort doctrines and recognized professional liabilities, providing ample case law and statutes from which to infer.

TM interactions are conducted in different models. One scenario involves a direct provider-to-patient interaction (also called the direct patient care model), such as in telemonitoring or telepsychiatry. A different model stipulates the presence of another provider at the originating site (also called the provider-to-provider consulting model), customarily practiced in ear, nose, and throat teleconsultation or telesurgery. The latter model places ultimate authority (and thus responsibility) on the provider at the originating site. Another model is devoid of patient presence altogether (eg, teleradiology). Such different modus operandi have important legal implications in creating binding PPR. Thus, the notion that all telemedicine is the same should be rejected and, within each TM interaction, the relevant components that can affect legal responsibilities and liabilities should be identified.

Informed Consent

Informed consent (IC) is a pivotal ethicolegal requirement. In TM, consent would be needed for 2 main reasons. The first is consent to the medical interaction itself (eg, diagnosis, treatment, monitoring), and the second refers to the transmission of medical and personal information via digital media, thereby sharing it with other providers and possibly (though not necessarily) storing it elsewhere. The first requires deliberation regarding consent to medical treatment based on procedures, benefits, and risks; the latter refers to informational risks: privacy and confidentiality.

Legal advice concerning liabilities for IC in TM must clarify whether a particular TM interaction is different than its non-TM counterpart. For example, consent to a telesurgery procedure involves all the risks of the traditional procedure with additional risks (for example, failure of communication lines, or a need to convert a teleprocedure to a traditional one, perhaps by a different practitioner). As a result, the batch of information necessary for IC must be expanded to incorporate the unique features of TM. Professional bodies such as the AAO-HNS and their legal advisors should evaluate all TM interactions and clearly define the set of information required for valid IC, and should not leave it to the discretion of individual practitioners and the injudiciousness of juries in court.

A separate question relates to the identity of the provider responsible for obtaining consent from the patient. For example, in California, only a state-licensed physician can establish PPR. Thus, “[T]he health care practitioner who has ultimate authority over the care or primary diagnosis of the patient shall obtain verbal and written informed consent from the patient…” (Cal. Telemedicine Dev. Act 1996). Therefore, prime liability rests on the physician at the originating site. If a state allows out-of-state practitioners to diagnose or treat patients, I advocate that both physicians (at originating and distant sites) assure and document valid IC, preferably by a signed form. In a direct patient care model, the provider is responsible for valid IC.

Documentation of IC remains essential, and many information technologies are available to record and archive ICs for future contentions. All involved parties (especially in multinational interactions) should verify the accuracy and adequacy of the IC process, and maintain access to the signed IC forms for future reference. The new platforms of Dialog Medical’s iMedConsent or similar international companies enable providers to obtain standardized, automatic, computerized IC to manage legal risks and to improve patients’ education.

Data protection and confidentiality are well-known concerns in TM, but have already received attention as a result of HIPAA (the Health Insurance Portability and Accountability Act of 1996, P.L.104–191) and also the development of electronic health records (EHR). Medical data might be transferred to distant sites in several situations. In teleradiology, imaging studies are transferred, whereas, in teleconsultation, entire medical records could be shared with others. Telesurgery or telepsychiatry would create a live video file that can be stored, copied, and transmitted. All these cases involve informational risks that must be contained and to which patients need to consent. Some of these risks are not adequately met by current practices. Institutions and practitioners who outsource diagnostic services to out-of-state or to foreign countries rarely share this fact with their patients. Although understandable from a prestige perspective or a business point-of-view, this practice raises serious concerns about patients’ consent to such data transformation.

Involving consultants in medical care requires providers to be transparent about their identity and qualifications, and to provide patients with binding assurances about record keeping, confidentiality, and the possibility of future access to their files (fair information practices). Patients must be given the opportunity to decline such transfers. As with legal advice, when applicable, institutions should attempt to make transferred medical records anonymous (for example, by using one-way codes) because the identity of the patient is not material to diagnosing a pathology slide or reading magnetic resonance imaging. In this case, most legal concerns are alleviated, because unidentified medical information (removing identifiers such as names, addresses, birth or hospital discharge dates, telephone or fax numbers, email addresses, social security numbers, medical record or health plan account numbers, or Internet Protocol [IP] address numbers) is not subject to the stringent regulation mentioned.