Skip to main content

How Healthcare Providers Can Mitigate 3 Telehealth Risks

Analysis  |  By Christopher Cheney  
   June 04, 2021

Using telehealth poses risks for healthcare providers including misdiagnosis.

There are three primary risks associated with telehealth, a risk management expert says.

Telehealth has expanded significantly since the start of the coronavirus pandemic last spring. The expansion of telehealth has included growth in specialties such as oncology that previously experienced modest adoption of telemedicine.

The main risks that generate potential liability for healthcare providers are related to misdiagnosis, data security, and privacy protection, says Peter Reilly, MS, North American healthcare practice leader and chief sales officer for Chicago-based HUB International.

1. Misdiagnosis risk

Misdiagnosis is the biggest malpractice risk in telehealth, Reilly says.

"The biggest malpractice risk is misdiagnosis simply because what the medical professional heard or saw during the interaction was incomplete, resulting in a misdiagnosis. There could also be the failure to diagnose a condition. For example, a dermatologist could fail to diagnose a skin lesion that could be more serious than just a rash. The other malpractice risk is if the doctor recommends a treatment plan that is not accurate. A doctor could get a treatment plan wrong because they are not skilled in telehealth visits. Very few physicians were trained to treat patients virtually," he says.

Technology failures can lead to a misdiagnosis, Reilly says. "There can be a short glitch that occurs in the visual or audio interaction that leads to the doctor hearing the wrong thing or missing something important."

He suggests two strategies to mitigate the risk of misdiagnosis in telehealth.

"In most instances, if the provider has any sense that there was not a very clear picture or robust opportunity to examine the patient, they need to recommend that the patient seek medical care in person. That may be challenging during the pandemic, but if there is any sense from the medical professional that something is not right, they should refer the patient to an outpatient facility or emergency room," Reilly says.

"While more costly, another option is to have another medical professional such as a nurse or physician assistant present during a telehealth visit. If that other medical professional gets a sense that something has gone wrong, it provides another level of risk mitigation. For some of the more complex specialties, this is a strategy that we have seen where medical providers can protect themselves," he says.

2. Data security risk

Healthcare providers face three primary risks in the realm of telehealth data security, Reilly says.

"Number One, you are relying on a data technology platform, which may be good, but it does not compare to the privacy of sitting with a patient in an exam room. The technology platform can be subject to an attack. Number Two, the physician must rely on the technology platform to not only examine the patient but also make a diagnosis or recommendation for treatment. That data can be hacked. Number Three, a patient's data could be stored incorrectly. If a physician relies on that data for future treatment plans, there is potential exposure to a medical malpractice claim," he says.

Mitigating the risks associated with data security include having protection built into the technology platform, Reilly says.

"The technology platform needs to be robust and well protected with firewalls. The technology platform also needs to be maintained. One of the biggest issues in healthcare cyber-liability is that patches are not utilized and are not kept up to date. The technology platform should be in the most current state possible," he says.

In addition, healthcare providers should be cognizant of patient information custody and rules around patient information—who has access to it and how it can be utilized, Reilly says. "There are checklists and other services that can help outline best practices in data security. There also needs to be training of staff to understand how to mitigate data security risks and to know when there has been a breach."

3. Privacy protection risk

Healthcare providers using telehealth should be familiar with rules and regulations for privacy protection, he says. "Privacy protection starts with an understanding and knowledge of state and federal rules and regulations for privacy protection that have to be offered or maintained if you house personal health information. The same applies to housing debit or credit card information."

Telehealth providers need to have robust procedures, protocols, and protections in place to make sure that third parties cannot accidentally or intentionally take data, Reilly says.

If data is taken, it is important for physician practices, hospitals, and other healthcare facilities to have a breach response in place, he says. "The breach response is important to comply with local, state, and potentially federal rules for notification of a breach. Having a breach response plan can avoid compliance penalties and/or potential liability."

Related: Healthcare Cybersecurity Budgets Are Still Falling Short

Christopher Cheney is the CMO editor at HealthLeaders.


In telehealth, misdiagnosis is the biggest malpractice risk.

Mitigating the risks associated with data security in telehealth include having protection built into the technology platform.

Healthcare providers using telehealth should be familiar with rules and regulations for privacy protection.

Get the latest on healthcare leadership in your inbox.