Telehealth Consent Guidance

Do I need to use a special consent form prior to a telehealth visit?

A special consent form for a telehealth visit is not required. Physicians and physician assistants, however, should be following your office’s informed consent process prior to providing services via telehealth just as they would in your office setting. Consent should be documented in the patient record.

What should be covered in consent to telehealth?

As a best practice, a telehealth consent process should address the technologies being used to provide the service and some basic consent information.
  1. A reasonable understanding by all parties of the technologies being used, their capabilities and limitations, and mutual agreement that they are appropriate for the situation.
  2. The credentials of the provider.
  3. Statement of acknowledgment either documented in the chart or through use of a consent form:
    • “You have chosen to receive care through the use of telehealth. As with any healthcare service there are risks and the risks associated with telehealth may include equipment failure, poor image resolution, and security issues.”
    • “Do you understand the risk and benefits of telehealth as explained to you?”
    • “Have your questions about telehealth been answered?”
    • “Do you consent to the use of telehealth for your medical care today?”
    • “I, Dr. XXX, have reviewed and discussed the information above with the patient.”
  4. Be sure to document consent in the patient’s chart.

Is verbal consent acceptable?

In some situations, verbal consent may be appropriate and is allowed. Be sure to document in the patient chart that verbal consent was obtained.

What security steps should I consider?

Although there is a temporary relaxation regarding enforcement of some Health Insurance Portability and Accountability (HIPAA) standards and the security of technology to provide telehealth services, there are steps you can take to mitigate security risks.

The use of unsecure text messaging is not a recommended method for providing telehealth services. Texts can be deleted and lost and are not secure unless a secure messaging platform is used and one that captures the information for the medical record.

Here are other steps to consider for strengthening security measures especially if communicating with a workforce that may be working remotely:
  • Secure wireless router that’s cabled or wireless secured with WPA 2
  • A strong router password
  • A strong device password
  • Up-to-date anti-malware and firewall protection
  • If connecting to your network, a secure connection to the network (e.g., VPN, TLS, HTTPS, etc.)

Now more than ever, as well, your employees need to be reminded of increased phishing and other fraudulent activity. There are some emerging phishing attacks associated specifically with COVID-19. Always go to reputable sources for information and do not rely on links that are sent to you.