How to Mitigate the Risks of Remote Patient Monitoring

By: Susan Shepard, MSN, MA, RN, CPHRM

Despite many advantages, real-time remote patient monitoring has liability risks that must be ensure safe & effective use of remote devices.

Image for post
Image for post

Three million patients worldwide are currently connected to a remote monitoring device that sends personal medical data to their healthcare provider.1 Each year alone, 600,000 cardiac patients are implanted with pacemakers, one of the most common monitoring devices.2

Benefits of remote patient monitoring devices

Remote medical devices allow healthcare providers to closely monitor patients outside of the office. This helps doctors catch potential problems earlier, when they’re easier to treat, and could reduce the number of hospitalizations, improve patient health, and contain healthcare costs.

Remote monitoring devices perform routine tests — such as checking glucose levels for patients with diabetes or checking blood pressure for patients receiving cardiac care — and send the data to the patient’s doctor in real time over the Internet or through phone lines. The doctor can then assess the information and adjust the patient’s treatment plan as needed.

Liability risks of remote patient monitoring devices

Despite the many advantages, remote patient monitoring has a number of liability risks, including the following:

1. Data breach

Because remote monitoring devices transmit patient data, there is a risk of a data breach if the information is not properly encrypted. The Health Insurance Portability and Accountability Act (HIPAA) requires that all personal health information (PHI) be encrypted when transmitted, and providers who fail to properly safeguard PHI can face significant penalties.

2. Viruses and malware

Medical devices may be vulnerable to viruses and malware that can compromise patient privacy and the effectiveness of the device. Last year, the U.S. Food and Drug Administration (FDA) outlined serious cybersecurity risks for medical devices. The FDA noted that providers who use medical devices cannot rely solely on device manufacturers to ensure security — providers must also take steps to safeguard patient information within their network. These steps include ensuring antivirus software and firewalls are up to date, monitoring the network for unauthorized use, and reporting any medical device cybersecurity problems to the device manufacturer.

3. Device malfunction

If a remote device fails or malfunctions, physicians may be named in the lawsuit against the manufacturer, under the claim that the physician failed to use the device properly. To help reduce this risk, physicians should stay up to date on the latest information for the device, including the manufacturer’s warnings, the device’s safety record, and the device’s approved uses. Providers should also be aware of any FDA alerts or recalls and should thoroughly read all contracts with medical device vendors. Ensure that the contract outlines who is responsible in the case of device malfunction or failure.

4. Inadequate staffing

Providers should also be aware of the need for additional staff members to handle the incoming data. In the case of a potential problem, these staff members should respond either directly to the patient or alert the appropriate professional for intervention. The amount of patient data from a remote monitoring device can be overwhelming, and medical practices often need a dedicated team to process the information and respond to it in a timely manner. Each practice should have written guidelines for:

>Times when the device will be monitored

>Which members of the care team will monitor the data at each point in time

>Under what circumstances the appropriate clinician will be alerted to a potential problem

5. Alert fatigue

Providers should also be aware of the risk of “alert fatigue,” when an overwhelming number of alerts are received and it causes staff members to ignore, override, or disable them. Anytime an alert or a potential patient problem is ignored, the reason for that decision should be documented.

Patient selection

Patient selection is also an important issue, as successful remote patient monitoring is dependent on each patient’s motivation to actively manage his or her health, as well as the patient’s ability to understand and use the technology. Patients who are not tech-savvy may not be good candidates for remote monitoring. To help ensure patients effectively use remote devices, it is important to complete and document a thorough informed consent process and educate the patient on the following issues:

  • How to use the device.
  • Elements of the treatment plan, such as at what times the device will be monitored and how alerts will be handled by the healthcare team.
  • What device failure or malfunction looks like, and what the patient should do if that happens.
  • How to properly maintain the device.


The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

This post was sponsored by The Doctors Company, the nation’s largest physician-owned medical malpractice insurer.

Originally published at on December 7, 2018.

Written by

Dr. Patricia Salber and friends weigh in on leading news in health and healthcare

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store