How to Mitigate the Risks of Remote Patient Monitoring

By Susan Shepard, MSN, MA, RN, CPHRM | Published 12/7/2018 0

Woman doctor in telemedicine mhealth concept 1500 x 1000

Photo source: Adobe Stock Photos

Three million patients worldwide are currently connected to a remote monitoring device that sends personal medical data to their healthcare provider.1 Each year alone, 600,000 cardiac patients are implanted with pacemakers, one of the most common monitoring devices.2

Benefits of remote patient monitoring devices

Remote medical devices allow healthcare providers to closely monitor patients outside of the office. This helps doctors catch potential problems earlier, when they’re easier to treat, and could reduce the number of hospitalizations, improve patient health, and contain healthcare costs.

Remote monitoring devices perform routine tests—such as checking glucose levels for patients with diabetes or checking blood pressure for patients receiving cardiac care—and send the data to the patient’s doctor in real time over the Internet or through phone lines. The doctor can then assess the information and adjust the patient’s treatment plan as needed.

Liability risks of remote patient monitoring devices

Despite the many advantages, remote patient monitoring has a number of liability risks, including the following:

1. Data breach

Because remote monitoring devices transmit patient data, there is a risk of a data breach if the information is not properly encrypted. The Health Insurance Portability and Accountability Act (HIPAA) requires that all personal health information (PHI) be encrypted when transmitted, and providers who fail to properly safeguard PHI can face significant penalties.

2. Viruses and malware

Medical devices may be vulnerable to viruses and malware that can compromise patient privacy and the effectiveness of the device. Last year, the U.S. Food and Drug Administration (FDA) outlined serious cybersecurity risks for medical devices. The FDA noted that providers who use medical devices cannot rely solely on device manufacturers to ensure security—providers must also take steps to safeguard patient information within their network. These steps include ensuring antivirus software and firewalls are up to date, monitoring the network for unauthorized use, and reporting any medical device cybersecurity problems to the device manufacturer.

3.  Device malfunction

If a remote device fails or malfunctions, physicians may be named in the lawsuit against the manufacturer, under the claim that the physician failed to use the device properly. To help reduce this risk, physicians should stay up to date on the latest information for the device, including manufacturer’s warnings, the device’s safety record, and the device’s approved uses. Providers should also be aware of any FDA alerts or recalls and should thoroughly read all contracts with medical device vendors. Ensure that the contract outlines who is responsible in the case of device malfunction or failure.

4.  Inadequate staffing

Providers should also be aware of the need for additional staff members to handle the incoming data. In the case of a potential problem, these staff members should respond either directly to the patient or alert the appropriate professional for intervention. The amount of patient data from a remote monitoring device can be overwhelming, and medical practices often need a dedicated team to process the information and respond to it in a timely manner. Each practice should have written guidelines for:

>Times when the device will be monitored

>Which members of the care team will monitor the data at each point in time

>Under what circumstances the appropriate clinician will be alerted to a potential problem

5.  Alert fatigue

Providers should also be aware of the risk of “alert fatigue,” when an overwhelming number of alerts are received and it causes staff members to ignore, override, or disable them. Anytime an alert or a potential patient problem is ignored, the reason for that decision should be documented.

Related content:
Wearable Heart Rhythm Monitors. Which ones, When, and Why?
Update on Heart Rhythm Detection Devices for Remote Patient Monitoring

Patient selection

Patient selection is also an important issue, as successful remote patient monitoring is dependent on each patient’s motivation to actively manage his or her health, as well as the patient’s ability to understand and use the technology. Patients who are not tech-savvy may not be good candidates for remote monitoring. To help ensure patients effectively use remote devices, it is important to complete and document a thorough informed consent process and educate the patient on the following issues:

  • How to use the device.
  • Elements of the treatment plan, such as at what times the device will be monitored and how alerts will be handled by the healthcare team.
  • What device failure or malfunction looks like, and what the patient should do if that happens.
  • How to properly maintain the device.


  1. Report: 19 million will use remote patient monitoring by 2018. MEDCITY News. httpss:// Accessed June 26, 2018.
  2. Remote monitoring proven to help prolong life in patients with pacemakers. Heart Rhythm Society. httpss:// Accessed June 26, 2018.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

This post was sponsored by The Doctors Company, the nation’s largest physician-owned medical malpractice insurer.


Susan Shepard, MSN, MA, RN, CPHRM


Susan Shepard is the Senior Director of Patient Safety and Risk Management Education at The Doctors Company. She earned her Master’s Degree in Nursing Administration from Medical Colleges of Virginia–Virginia Commonwealth University. She also received a Master of Arts in Management from Webster University and a Bachelor of Science in Nursing from St. Louis University. She holds the rank of Colonel (retired) in the U.S. Air Force, Nurse Corps. Ms. Shepard spent seven years as a nurse and administrator surveyor for The Joint Commission (TJC) and was a highly acclaimed speaker for Shared Visions New Pathways, Ambulatory Care, and the AHA Continuous Readiness Program in Tennessee, Alabama, Mississippi, and Arkansas. She is also a Certified Professional in Healthcare Risk Management (CPHRM).

Ms. Shepard has over 30 years of leadership experience in acute care hospitals, ambulatory care systems, health maintenance organizations, and in conducting comprehensive health care evaluations. She has expertise in change leadership, utilization management, complex organizations, managed care and wellness, staff development, strategic vision development and implementation, and multidisciplinary collaboration.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comment will held for moderation