How Healthcare Organizations Should Look At Rising Risks of Virtual Care

The growth in popularity of virtual health services was one of the few bright spots of the coronavirus pandemic. Now that the worst – hopefully – is behind us, the medical community needs to figure out how to keep it working as we move forward. 

A good place to start? By assessing risk management policies and procedures that pertain to virtual health practices. Two major concerns are the potential for misdiagnosis and the heightened risk of cyber-attacks. Neither is getting less worrisome and the time for action is now. 

Virtual health has been a part of healthcare since its first uses in the late 1960s, when it truly was delivered via “tele”-phone. It was limited by interstate licensing requirements, waived by regulators during the pandemic, and the disparity between in-office and virtual consults. 

Today, virtual health services are almost universally offered by healthcare organizations of all sizes and types. Compare that to the 15% of medical professionals whose practices offered these services pre-pandemic. Understandably, when only 1% to 20% of patients opted for them. Today, though, 75% of practitioners expect it to account for at least of 40% their future business.      

Another pressure point for medical professional liability

Managing the downsides is always an issue, and the risk of misdiagnosis is a familiar one to the medical community. Medical professional liability insurance has been under pressure anyway, a function of a series of extraordinarily high claims and a hard insurance market. 

With the addition of another potential pressure point, it’s important that practitioners not let down their guard against compromising their quality of care. It’s not just negligence or misdiagnosis that can trigger a claim – sometimes it’s simply sloppy practices that can cause big issues. It all can be compounded with virtual health. 

A 2016 study made that point, finding a failure among practitioners doing virtual consults to ask basic questions that can inform better diagnoses. In it, no dermatological clinician asked a patient who had inflammatory acne about her visible facial hair or whether she had irregular menstrual periods. It meant her polycystic ovarian syndrome was not identified. 

And, of course, the view of a patient is different through a camera lens than it is in person – especially when conditions may present in a subtle way. Can the fluid buildup that often accompanies heart disease be detected with a virtual exam? And is the skin lesion a melanoma or just a faulty image being projected?

Other professional liability issues arising with virtual health revolve around informed consent and the potential for the patient relationship to deteriorate. Practitioners must be as careful to explain the potential risks of telehealth and the patient’s rights as they are a surgical procedure. Managing expectations adequately goes a long way in reducing the risk of claims. Another risk to guard against is the deterioration of the personal doctor/patient connection.

Another possible entryway for cybercriminals

Not a week goes by, it seems, without news of yet another ransomware attack on a healthcare organization – the most popular industry targeted by criminals. A new report found that only a quarter of healthcare organizations had not been attacked in the last year – and don’t expect to be.    

That’s a lot of confidence, given the explosion in cybercrime since the pandemic – up 470%, thanks to the hefty price-tag the black market has placed health records of $250 to $1,000 or more. 

With each additional technological advance, the door opens wider to cybercriminal, and it’s not just healthcare organizations that are opening it. Their vendors are, too, and were responsible for 75% of the industry’s cyber exposures in 2020. Another issue: As mobile apps proliferated in 2020 to accommodate the boom in virtual health services, their developers’ cybersecurity testing and measures didn’t necessarily measure up. 

It calls for hyper-diligence in following best cybersecurity practices. And in this environment, adequate cyber insurance coverage is not optional. 

The strongest risk mitigation programs demonstrate a serious commitment to deterring cyber crime. They should cover:

• Ongoing staff education and training on digital safety, including how to recognize and avoid common schemes.
• Firewalls and antivirus software and other basic protections in place and regular system backups.
• Advanced security measures like dual authentication, encryption and virtual private networks.
• Routine network audits by independent digital security experts are invaluable for identifying potential weaknesses. Similar audits should be expected of vendors. 

A qualified broker is key to ensuring an organization secures the right cyber insurance coverage for its risk posture and mitigation strategy effectiveness. This partner should also check vendor contracts, not just for indemnification but to ensure cyber security measures up.  

Pete Reilly is the practice leader and Chief Sales Officer of global insurance brokerage Hub International’s North American healthcare practice.

In this role, he directs and coordinates HUB’s healthcare planning, growth and strategic initiatives. He also works with other leaders and experts within HUB to develop and introduce proprietary products that will help healthcare organizations and providers across the care delivery spectrum.

Pete has been a featured speaker at numerous professional conferences, including ASHRM, the Bermuda Captive Conference as well as having been a guest lecturer on topics of insurance and risk management at The Wharton School, a Metzger-Conway Fellow at his alma mater, Dickinson College and he has been twice recognized as Med Pro Group’s Buffett Award winner. Additionally, Pete has served on numerous insurance carrier Agency Advisory Councils and various ASHRM National Advisory Committees.