Authors
Alison Dennis

Alison Dennis

Partner

Read More
Sarah Parkin

Sarah Parkin

Associate

Read More
Authors
Alison Dennis

Alison Dennis

Partner

Read More
Sarah Parkin

Sarah Parkin

Associate

Read More

7 June 2022

Digital Health – 6 of 8 Insights

Issues with regulation of telemedicine in the UK

  • In-depth analysis

The UK's telemedicine market has been established for a number of years, however, there has been a significant increase in the provision of telemedicine services since March 2020 due to the COVID-19 pandemic. Data from the Royal College of General Practitioners shows that at the peak of the pandemic, around 71% of GP consultations were conducted remotely, compared with 25% in the same period in the previous year. Telemedicine services remain a key part of healthcare provision in the UK, and have many benefits, however they also come with an array of challenges.

Lack of legislation and regulations

There are currently no specific laws or regulations in the UK which address telehealth and telemedicine. These services are therefore regulated in the same way as other healthcare services. 

Healthcare providers (for example clinics offering medical and dental services) are regulated by different organisations in each of the countries in the UK: the Care Quality Commission (the CQC) in England, Healthcare Improvement Scotland (HIS), Healthcare Inspectorate Wales (HIW), and the Regulation and Quality Improvement Authority in Northern Ireland (the RQIA).

Under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, "transport services, triage and medical advice provided remotely" is a regulated activity and in England the CQC considers the activities of telemedicine providers to fall under this. Providers must register with the CQC and satisfy it that they meet the requirements of the relevant regulations. This effectively means that telemedicine providers are regulated in the same way as face-to-face providers.

Professional regulation

There is therefore no difference between the regulation of telemedicine providers and healthcare professionals in a digital setting compared to a non-digital setting.

Individual medical practitioners are regulated by the General Medical Council (the GMC). All doctors that practise medicine in the UK must be registered with the GMC and meet certain standards for good medical practice that are set by the GMC. The standards for doctors set by the GMC apply equally to remote and in-person consultations. Similarly, the General Dental Council (the "GDC") regulates the dental profession in the UK and publishes standards of conduct, performance and ethics that govern dental professionals. These apply equally to remote and in-person consultations. The General Optical Council (the GOC) is the regulator for optical professional in the UK and the General Pharmaceutical Council (the GPC) is the independent regulator for pharmacists.

Given the lack of regulations, various regulatory bodies have issued guidance to the professionals that they regulate. In November 2019, a number of bodies (including the four organisations that regulate healthcare providers in each of the countries in the UK, the GMC, the GDC, the GOC and the GPC) co-authored and published a set of high -level principles for remote consultations and prescribing (the "High Level Principles"). These state that UK registered healthcare professionals must prioritise patient safety, protect vulnerable patients, ensure patients understand how remote consultations work and that there may be limitations on prescribing, obtain informed consent, undertake an adequate clinical assessment, give patients all the available options, arrange after care, keep notes, and stay up to date with relevant guidance.

In addition, the GMC has issued numerous guidance documents relating to remote consultations and prescribing. These highlight that doctors must always consider whether a remote consultation is appropriate, ensure that patients have all the information they need (and can understand it), and ensure that patients have capacity to make decisions. In addition, doctors should obtain a patient's history from their GP to ensure continuity of care., The GPC has issued guidance for registered pharmacies providing pharmacy services at a distance, including online. This sets out standards, grouped under five principles, that pharmacy owners should consider before deciding whether their pharmacy service can be provided safely and effectively at a distance, rather than in the traditional face-to-face way. They must ensure the arrangements, the staff, the environment and condition of the premises, the way in which the service is delivered, and the equipment and facilities used safeguard the health, safety and wellbeing of patients.

The British Medical Association, a trade union and professional body for doctors in the UK, has also published advice on remote consultations which is regularly updated. The advicey emphasises the importance of safeguarding confidential patient information by ensuring that consultations are conducted using secure internet access and encryption tools, and notes that doctors must ensure that a remote consultation is appropriate in the circumstances.

In March 2017, the CQC set out proposals for regulation of digital healthcare providers in primary care. It states that the CQC will request information from providers, including the services provided, complaints and adverse events, and medications dispensed. The CQC will also carry out inspections which will have a clear assessment framework and site visits. After each inspection, the CQC will produce a report. If concerns are identified, the CQC may take enforcement action. 

Patient risks

The High Level Principles document identified that remote consultations and prescribing pose potential patient safety risks due to issues such as increased attempts to gain access to medicines which can cause serious harm and the need to ensure safe ongoing monitoring of those with long term conditions.  

Following the CQC's inspection of online healthcare providers in 2016 and 2017, it published a report which identified that some online clinicians are lowering the threshold of at which point they prescribe antibiotics, which goes against guidance from the Department of Health intended to address antibiotic resistance. In addition, some clinicians were not prescribing in line with evidence-based guidance (for example from the National Institute for Health and Care Excellence). Further, not all providers had systems in place for doctors to undertake regular monitoring in cases where patients required such monitoring due to their conditions or the medicines they had been prescribed. This is contrary to the GMC's standards which emphasise the importance of continuity of care.

These practices demonstrate that while the immediacy of online consultations means they are a welcome addition to our healthcare services, the remote nature of these interactions make it more difficult firstly to fit them within the context of our public healthcare framework, and secondly for practitioners to keep in mind the longer-term continuity of individual patient care. More guidance, and perhaps even regulations and procedures, might be necessary to ensure that public health and longer-term health implications are kept to the fore in video and telephone consultations, in particular with remote prescribing.  

Cross-jurisdictional issues

One of the key issues arising out of the lack of regulation in this area is whether the telemedicine service is deemed to take place in the jurisdiction where the patient is based, the jurisdiction where the doctor is based, or the jurisdiction where the telemedicine providing company is located. According to a report by Europe Economics , most US and Canadian regulators consider that the relevant jurisdiction is that of the patient. In the European Union, it is not clear. In relation to the UK, doctors treating patients based in the UK must be registered with the GMC and hold a licence to practise. Therefore, a patient in the UK can only receive treatment from a doctor based outside the UK if that doctor is also GMC registered. Whilst the GMC does not have jurisdiction to take enforcement action outside of the UK, they can advise the individual of the law and send cease and desist notices. The Advertising Standards Authority prohibits persons not registered with the GMC or the GDC from using the title "doctor" or "Dr" in advertising directed to individuals in the UK, including on the internet. Where the advertising originates from a country outside the UK, then it is treated as a cross-border complaint and referred to the local regulator, although the ASA accepts that its own powers are limited in this regard.

Medical devices

There is also the issue of the regulatory treatment of the software used in telemedicine. Software in the form of a digital health app might be considered to be a medical device under the Medical Devices Regulations 2002 (UK MDR). The definition of a medical device includes both standalone software and software that is used in combination with a device that is “intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes.” However, it is not always easy to determine what software falls within this definition. The Medicines and Healthcare products Regulatory Agency (MHRA) will look at the intended purpose of the product, its mode of action, how similar products are regulated and its presentation in labelling, packaging, advertising and promotion. According to recent guidance from the MHRA, telecare alarm systems are unlikely to be considered medical devices, however some specific telehealth systems or products used with such systems may come within the remit of the UK MDR.

If digital health app software is considered a medical device, the software must meet various requirements set out in the UK MDR. For more detail see our article written by Tasmina Goraya on medical device regulation for software products.

Data protection

Another issue with telemedicine is the protection of patient data. Much of the data collected via telemedicine will be considered "data concerning health" under the UK General Data Protection Regulation, and therefore "special category data". This means there will be much more stringent requirements for processing than for other data. Healthcare providers must ensure that they correctly determine the category of data and comply with the appropriate requirements. For more detail see our Towards big data in health article by Mattias Rättzén.

The future of telemedicine in the UK

The regulatory system for telemedicine in the UK is a patchwork of regulation across devices and healthcare services, and as such does not fully capture the wider public healthcare goals of our health system. This has the potential to leave patients at risk and may have wider public healthcare implications which have not been properly taken into account. Given the increasing reliance placed on telemedicine services, which is highly likely to continue after the COVID-19 pandemic subsides, the UK government is likely to have to introduce more legislative measures to help build the provision of healthcare by remote means into public healthcare goals. 

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Blue Robotic Arm
Life sciences & healthcare

Has the MDCG found the answer to the slow rate of MDR certifications?

1 November 2022

by Alison Dennis

Click here to find out more
Petri dishes
Life sciences & healthcare

MHRA response to consultation on UK regulation of medical devices

15 August 2022
In-depth analysis

by Alison Dennis

Click here to find out more
Lights on network server
Digital health

Digital health in the metaverse: legal and regulatory challenges in the virtual world

25 May 2022
In-depth analysis

by Alison Dennis and Alice Matthews

Click here to find out more