Whilst efficiency, convenience and access to healthcare may be improved by telemedicine, regulation in this area can be a minefield.
COVID-19 has altered our lives in many ways, one of which being the significant increase in accessibility and use of telemedicine and, more generally, telehealth services. Telemedicine is the practice of medicine using technology to deliver care at a distance, whereas telehealth is the umbrella term encapsulating all healthcare services provided remotely using technology. For example, telehealth also includes online education or video conferencing between healthcare professionals.
During the pandemic, the NHS has increased its use of remote medical consultations to minimise contact and consequently the risk of infection. It is unsurprising that during one of England’s national lockdowns, seeing a general practitioner (GP) remotely became the default position and the number of GP appointments taking place virtually rose from around 25% to 71%. According to the Digital Healthcare Council (which represents British telemedicine firms), this shift has meant that digital providers are rushing to meet demand.
Even though there has been a global increase in the use of telemedicine, there is a lack of coherent legislative frameworks in this field. This can create additional difficulties for businesses when navigating the already complex domain of telehealth.
UK regulation
Despite the healthcare industry being heavily regulated within the UK, there are currently no specific laws addressing telehealth. Some regulatory bodies such as the General Medical Council (GMC), which oversees medical education, registration and revalidation of doctors within the UK, and the General Pharmaceutical Council, the regulator for pharmacists and pharmacy technicians, have issued guidance on the provision of remote consultations and online pharmaceutical services respectively.
All healthcare providers based in England are regulated by the Care Quality Commission (CQC). Helpfully, the CQC has produced guidelines on compliance for telehealth providers in England. However, the situation becomes unclear if medical practitioners in a different country provide telemedicine services within England.
Location of services
One of the biggest questions in telemedicine is whether the location of services for regulatory purposes should be determined by where the practitioner or the patient is based. For example, if a patient is receiving healthcare advice in the UK from a medical practitioner in Germany, is the service being provided in the UK or Germany?
Unfortunately, there is no clear-cut answer to this in the UK. Some countries take the approach that the patient’s location determines where the services are provided. For example, the United States generally requires providers to be licensed in the state in which the patient is receiving the services. In the example above, this approach would mean that the German medical practitioner would need to be registered in the UK and obtain a UK licence in order to practice telemedicine, despite being based in a different country. While this could be a sound approach from a regulatory perspective, it may be unnecessary, inefficient and difficult to achieve in practice. A report by Europe Economics commissioned by the GMC noted that where a doctor outside the UK provides remote medical services to a patient within the UK, the GMC cannot require registration of that medical professional.
Data protection
Telemedicine businesses must also consider data protection legislation, regulation and protection. This will vary depending on where the service provider and the patient are each located, and how/where the business processes personal data.
Under the UK General Data Protection Regulation (GDPR), it is likely that patient data will be considered special category data and high-risk. If this is the case, the steps required for compliance with the GDPR are more stringent than in other circumstances, including a requirement on the business to conduct a Data Protection Impact Assessment.
Given the lack of congruent laws across different countries and broadly inadequate legislative frameworks, coupled with the risk areas of patient safety and data protection, telemedicine businesses must venture cautiously.
Jessica Gregson