Remote Patient Monitoring: Real-Time Patient Data, Real Liability Risks
Three million patients worldwide are currently connected to a remote monitoring device that sends personal medical data to their healthcare provider.1 Each year alone, 600,000 cardiac patients are implanted with pacemakers, one of the most common monitoring devices.2
Remote medical devices allow healthcare providers to closely monitor patients outside of the office. This helps doctors catch potential problems earlier, when they’re easier to treat, and can reduce the number of hospitalizations, improving patient health and containing healthcare costs.
Remote monitoring devices perform routine tests—such as checking glucose levels for patients with diabetes or checking blood pressure for patients receiving cardiac care—and send the data to the patient’s doctor in real time over the Internet or through phone lines. The doctor can then assess the information and adjust the patient’s treatment plan as needed.
Despite the many advantages, remote patient monitoring has liability risks. Because remote monitoring devices transmit patient data, there is a risk of a data breach if the information is not properly encrypted. The Health Insurance Portability and Accountability Act (HIPAA) requires that all personal health information (PHI) be encrypted when transmitted, and providers who fail to properly safeguard PHI can face significant penalties.
Medical devices may be vulnerable to viruses and malware that can compromise patient privacy and the effectiveness of the device. Last year, the U.S. Food and Drug Administration (FDA) outlined serious cybersecurity risks for medical devices. The FDA noted that providers who use medical devices cannot rely solely on device manufacturers to ensure security—providers must also take steps to safeguard patient information within their network. These steps include ensuring antivirus software and firewalls are up to date, monitoring the network for unauthorized use, and reporting any medical device cybersecurity problems to the device manufacturer.
If a remote device fails or malfunctions, physicians may be named in the lawsuit against the manufacturer, under the claim that the physician failed to use the device properly. To help reduce this risk, physicians should stay up to date on the latest information for the device, including manufacturer’s warnings, the device’s safety record, and the device’s approved uses. Providers should also be aware of any FDA alerts or recalls and should thoroughly read all contracts with medical device vendors. Ensure that the contract outlines who is responsible in the case of device malfunction or failure.
Providers should also be aware of the need for additional staff members to handle the incoming data. In the case of a potential problem, these staff members should respond either directly to the patient or alert the appropriate professional for intervention. The amount of patient data from a remote monitoring device can be overwhelming, and medical practices often need a dedicated team to process the information and respond to it in a timely manner. Each practice should have written guidelines for:
- At what times the device will be monitored.
- Which members of the care team will monitor the data at each point in time.
- Under what circumstances the appropriate clinician will be alerted to a potential problem.
Providers should also be aware of the risk of “alert fatigue,” when an overwhelming number of alerts are received and it causes staff members to ignore, override, or disable them. Anytime an alert or a potential patient problem is ignored, the reason for that decision should be documented.
Patient selection is also an important issue, as successful remote patient monitoring is dependent on each patient’s motivation to actively manage his or her health, as well as the patient’s ability to understand and use the technology. Patients who are not tech-savvy may not be good candidates for remote monitoring. To help ensure patients effectively use remote devices:
- Complete and document a thorough informed consent process.
- Educate the patient on:
- How to use the device. Explain the treatment plan, such as at what times the device will be monitored and how alerts will be handled by the healthcare team.
- What device failure or malfunction looks like, and what the patient should do if that happens.
- How to properly maintain the device.