Risk Mitigation Strategies For Your Telehealth Business

By November 2020, Australian doctors had delivered over 40 million telehealth consultations (1) in response to the COVID-19 pandemic, prompting the government to make telehealth a permanent feature of Medicare. 

It’s likely that many of these consultations took place in an environment of unmitigated risks, without proper consideration given to privacy, consent, security and insurance (among other key issues). 

Most new health services are introduced after careful planning where there’s time to consider both the medical and the legal aspects of care, to learn from a pilot program, then to start a staged roll-out. 

Telehealth did not have this carefully planned delivery. 

In the anxious early days of a global pandemic, your focus was probably on speedy implementation to maintain patient care while protecting your staff. 

And it worked. Over the last year, telehealth has proven its benefits in terms of patient convenience, access to care, and more flexible working options for doctors. But its hasty birth means you could be exposed to significant medico-legal risks. 

Though COVID-19 still casts a long shadow, you’re now (mostly) in a calmer environment. Hopefully you’re planning to keep your telehealth service as a permanent part of your primary care business – after all, it’s a great way to attract and retain patients. 

That means it’s time to protect your practice by ensuring your telehealth service has solid foundations, going through all the detail you’d usually consider for a new service but couldn’t attend to at the height of a global health emergency. 

So, what do you need to think about? Quite a bit, actually. 

1. Risk Assessment

Your practice was most likely set up to deliver face-to-face care in the clinic. Every risk assessment you’ve done for your practice was done with that situation in mind. 

Telehealth is a paradigm shift; the patient engages with your practice completely differently. They’re not in the clinic, noticing all your signs about billing practices. They’re not in an environment that you control where you close the consulting room door to ensure their privacy. The whole consultation relies on technology which, no matter how robust and secure, may fail at some point or prove beyond the patient’s skills – what’s your back-up plan if that happens?

You yourself may be providing telehealth from a home office. Though it may seem odd, that’s officially a workplace that should be assessed to ensure it’s a safe working environment and is covered by your practice insurance. 

So, dig out every risk assessment you have for your practice and go through each one again from a telehealth perspective. What risks or gaps have you identified? How will you address them? 

(Tip: Jeanette, a Principal Lawyer at Onyx Legal covers all of this in our our Foundational Activity. Enrol in Telehealth Mastery Foundational Activity now to learn exactly how to reduce risks and save yourself the effort of reinventing the wheel.) 

2. Consent and Privacy

As always in healthcare, you need patient consent for everything you do. Though their presence in a telehealth appointment
implies consent you need to explicitly seek and document it in some situations.

Most telehealth consultations are not recorded but, if you do have particular reasons for wanting to record a session, you must get the patient’s written consent and document this on their health record. For your own protection, make clear that the patient must not record the session. 

As a doctor, you’re already aware that you’re dealing with highly sensitive information. Your practice would routinely collect people’s contact details, payment information and concession card status alongside their age, gender, and health status. Your patients trust you to keep this very private information secure. 

As a telehealth provider, you need to take reasonable steps to secure personal information in an online context. Do your current policies, procedures and risk management protocols include provisions for securely storing video recordings, images and teleconferencing in accordance with the provisions of Australian Privacy Principle 11? Does your website have a privacy policy

3. Billing

Your telehealth service is part of your business and you need to get paid for the service you provide. 

For in-clinic appointments, patients are familiar with the billing process. They’ve probably seen a big poster that says ‘We bulk bill’ (if you do) or were told about your fees when they registered or when they booked. Your clinic is probably built with the reception desk near the front door, meaning it’s natural for patients to stop there to pay or book another appointment on their way out. 

Those cues are missing with telehealth so you have to make your billing process explicit. Patients need to give informed financial consent before their telehealth appointment, not afterwards. 

Ask yourself:

  • Have we considered how we will obtain informed financial consent from the patient about any out-of-pocket costs for telehealth?
  • Have we considered how we will gain and record a patient’s consent to assign a Medicare benefit for telehealth? 
  • Have we considered how we will collect payment from the patient following a telehealth conference?
  • How do our telehealth patients learn about our billing process? Have we considered how we make our policies clear to patients before their appointment? 
  • Are we up to date with the latest (ever changing) guidance on Medicare items for telehealth? (Check out this December 2020 crib sheet produced by Australian Doctor.) 

4. Telehealth Appointment Process

What types of care do you consider suitable for a telehealth appointment? Do patients (and your reception staff) know what’s in and what’s out?

How does a patient book a telehealth appointment? If it’s done online, are there screening questions to ensure that, for example, the patient has attended the practice in person during the last 12 months? If booking happens over the phone, do your receptionists know what questions to ask? 

Once someone has booked a telehealth appointment, what information do they receive next? You need to guide them through the process, ensuring they understand what software may be needed and have considered privacy aspects. Patients like the convenience of telehealth but perhaps need reminding that this is not just another Zoom meeting that can be conducted in their open-plan office! 

It’s also worth planning and communicating what will happen if it becomes clear that this patient needs to be seen in person. If you’re providing telehealth to patients who live in the vicinity, then you can see them in person yourself. If you’re providing care to patients who live far away, then what will you do if the person needs to be seen in person? 

If you’re going to provide the face-to-face appointment yourself, then how does the patient book? Ideally, this should be a smooth process which is completed before your consultation ends rather than something that’s on the patient’s to-do list afterwards. 

5. Insurances

Don’t assume your existing insurance policies, including your professional indemnity insurance, cover telehealth. Call and check. 

Remember, your telehealth service is now intended to be an integral part of your practice’s operations. So, call your insurance broker and start from a fresh premise that includes telehealth as a mainstream service. Find the right policies that meet your needs now as a provider of both in-clinic and telehealth care.

(More on insurance is covered in our Telehealth Mastery Foundation Activity/ Enrol in Telehealth Mastery Foundational Activity today.) 

6. Delivery

Australia’s healthcare system is complex with responsibilities shared between the states and territories and the federal government. 

Rules and regulations may vary from one state to another. Traditionally, that’s rarely made a difference to your practice since you were embedded in one particular area. 

Now, though, telehealth potentially expands your practice beyond your local patch. Have you thought about that? 

Have you checked if there are any jurisdictional limits to where your services can be provided? If you’re operating across Australia’s internal borders, have you checked and identified any legislative requirements that apply to the provision of your services in other states and territories?

It’s a lot to think about!

As you can see, there are significant risks to running an ill-planned telehealth service. Clinical care is only part of the picture. It’s important to surround your telehealth service with a robust framework that meets your obligations as an online healthcare provider. Mistakes can be costly to both your reputation and your bottom line. 

The Telehealth Mastery Foundation Activity has been created to guide you through the process of creating a fully fledged telehealth service that complies with Australian law. It’s a 6-week, self-paced online course that covers the practicalities of running a telehealth service that benefits your practice and your patients. For a small up-front fee, you’ll gain all the knowledge you need to mitigate risks, protect your practice, attract patients, and save yourself stress. You’ll also earn 40 CPD points with the RACGP. 

Sounds good, doesn’t it? Register today




(1) RACGP:


Ellie Bakker
Director Telehealth Mastery and Splice Marketing

Recent Posts