Medical Liability in Telemedicine: A Comparative Study Between Moroccan and French Law

Telemedicine allows for diagnosis based on symptoms described by the patient, a family member, or a healthcare professional in their presence. It provides monitoring for a patient living in a distant location. It also makes it possible to seek specialist advice or monitor a diabetic or hypertensive patient, for example, by citing blood sugar or blood pressure measurements so that the doctor can complete their monitoring remotely without having to travel to the hospital. Through this system, the doctor could prescribe medications based on the progress of the case. Consequently, telemedicine techniques have become a relevant and appropriate alternative in such circumstances, particularly for patients suffering from weakened immunity (diabetics, tuberculosis patients, cancer patients, etc.), allowing the patient to remain at home and the attending physician within the hospital [1]. This is a practical and effective solution, particularly for patients who do not need to travel to the hospital and who can simply have a remote consultation, share the necessary information and receive, in return, instructions and procedures for each case, thus avoiding congestion and long queues outside doctors’ offices.

Before Law 131-13 relating to the practice of medicine, Morocco did not have provisions relating to telemedicine in its legal arsenal. It was not until 2015, when it was published in the official gazette, that legal supervision was implemented. Before promulgating the decree on telemedicine in 2018, the same thing happened in some neighbouring countries, such as Tunisia, which promulgated Law No. 2018-43 of July 11, 2018, amending Article 23 of Law No. 91-21 of March 13, 1991, relating to the practice and organization of the medical and dental professions. France was familiar with telemedicine long time before them. Telemedicine is then governed by this law on the practice of medicine in its Section 4 of Chapter III (Articles 99 to 102), where it provides a definition of telemedicine through Article 99, which defines it as the remote use of new information and communication technologies in medical practice [2]. It connects one or more healthcare professionals, including necessarily a physician, with each other or with a patient, and, where applicable, other professionals providing care to the patient under the responsibility of the attending physician.

The Moroccan legislature also issued a decree pursuant to Article 102 of the aforementioned Law 131-13, which sets out the authorized acts of telemedicine and the technical conditions for their implementation. In France, telemedicine practices were not authorized by the National Medical Association until the promulgation of the Law of August 13, 2004, through Article 56, which authorized the creation of local information and coordination centres between medical-social teams for the elderly to ensure gerontological action. However, it was the Law of July 21, 2009, which was created to define and legally regulate telemedicine practices. In French law, telemedicine is governed by Articles L.6316-1 to L.6316-2 of the CSPF relating to telehealth (Chapter VI, Title 1, Book III, Part VI of the legislative part of the CSP) and Articles R.6316-1 to R.6316-6 relating to telehealth (Chapter VI, Title 1, Book III, Part VI of the regulatory part of the CSP). And by noting the French text and its Moroccan counterpart, it can be seen that they are almost identical in the wording of the definition of telemedicine except that the French legislator added a definition of telecare as a form of remote care practice using information and communication technologies.

Both laws (Moroccan and French) limit and define telemedicine acts [3]. The first is in Article 1 of the aforementioned decree on telemedicine and the second is in Article R.6316-1 of the CSP, which lists five procedures that can be performed remotely, namely:
a. Teleconsultation
b. Tele-expertise
c. Medical telemonitoring
d. Medical teleassistance
e. Medical response

The use of telemedicine or telecare is a decision made by a healthcare professional concerned, complying with the following conditions in accordance with Article R6316-3 of the CSPF, which corresponds to Article 14 of the aforementioned decree on telemedicine. However, the healthcare professional must ensure the following:
a. Authentication of the healthcare professionals involved in the procedure or activity,
b. Patient identification,
c. Access by healthcare professionals to the patient’s health data necessary to perform the procedure or activity,
d. The patient training and preparation for the use of telemedicine or telecare devices.

However, certain obstacles appear to influence the implementation of telemedicine activities, including: the competence of healthcare professionals to safely use digital devices, which could lead to the risk of medical malpractice [4]. Also, the availability of internet access for patients, particularly if they live in remote and isolated locations, as well as their expertise in handling digital devices. Similarly, there is the risk of interception of personal data due to violations of applicable laws.

It is true that legal texts regulate the use of telemedicine, but the question of liability in the event of faulty remote diagnosis or prescription, or misunderstanding of instructions leading to unexpected complications, remains ambiguous. Several questions are therefore raised regarding medical liability regarding remote healthcare practices [5]. Although telemedicine or telecare has multiple advantages, including increased access to care, opening up isolated areas, saving time, avoiding fatigue, travel and waiting in queues, reducing healthcare costs, access to specialized services, it also conceals particular challenges due to the absence of direct physical interaction between the patient and the healthcare professional , something that could lead to misunderstanding leading to errors and subsequently damage to the detriment of patients. Among which; we find an erroneous diagnosis, an inadequate prescription, delay in care, and especially the failure to comply with the obligations of protection of patients’ personal data.

Information relating to patients’ health must be afforded special protection, whether for individual care purposes or for epidemiological and public health purposes, particularly from a confidentiality and security perspective [6].

Protection of patients’ personal data

In French law, Article L.1110-4 of the CSPF (French Data Protection Regulation) establishes the need to respect the privacy and confidentiality of information concerning them of any person treated by a healthcare professional, healthcare facility, service, or organization. The Moroccan legislature has enacted a specialized law on the protection of personal data. This is Law No. 09-08 on the protection of individuals with regard to the processing of personal data, which regulates the use of information technology and makes it available to citizens while respecting collective and individual human rights and freedoms. To this end, the legislator created the Commission for the Control of Personal Data Protection (CNDP), which is responsible for establishing greater transparency in the use of personal data by public and private bodies and ensuring a balance between respect for the privacy of individuals and the need for bodies to use personal data in their activities; for this reason, the commission ensures the investigation of complaints from individuals, the processing of declarations and requests for authorization from data controllers [7]. In France, it is the National Commission for Informatics and Freedoms (CNIL) which ensures the protection of the data of natural persons of a personal nature whose missions are to verify the concrete implementation of the French law in force. In telemedicine, the Moroccan ministry of health has signed a partnership agreement that formalizes the ministry’s accession to the DATA-TIKA program created by the CNDP on July 9, 2020 to: first, strengthen the compliance of digital processes with the law 09-08 relating to the protection of individuals with regard to the processing of personal data. Also, consolidate the ecosystem of the field of biomedical research [8]. And also, strengthen capacities on topics focused around telemedicine and information protection mechanisms. This is a commendable initiative that demonstrates the interest shown in the protection of patients’ personal data and their sensitivity. This will allow a confidential exchange of documents and information between the doctor and his patient or between the health professionals themselves. The confidentiality and the security of the data is the heart of success of the practices of telemedicine.

Privacy and security

This rule requires individual authorization that allows access and use the personal health information of a sick person [9]. This is why the competent authorities require valid permission before using telemedicine practices to ensure that patient data is confidentiality and the safety of their use. This authorization was subject to article 3 of the decree relating to the accuracy telemedicine in which the Moroccan legislator imposed a valid authorization issued the telemedicine committee of the Minister of health. In the USA, the Department Of Health And Human Services (DHHS), to safeguard the confidentiality of American patient data, has established some programs for the protection of patient personal data during the Covid-19 period like HIPAA (Health Insurance portability and Accountability Act) or the HITECH program (Health Information technology for Economic and Clinical Health) that allow health professionals to communicate remotely with their patients by lectures using the various communication platforms (Zoom, Meet, Skype, etc.).The use of telemedicine techniques must be surrounded by security rules allowing to safeguard the personal health data of patients from any abuse or malicious use, certain measures must be taken , and we cite: -the security of the technological device used and which must be authenticated [10]. The French National Committee for Informatics and Freedoms (CNIL) has imposed on users of the telemedicine device the combination of two authentication devices (password, smart card, USB key, fingerprint, etc.). The French government authorities have also created a digital space in which data and documents are stored and shared so that patients are better cared for. It brings together several sections and in particular:
a. the shared medical file (DMP) which includes all the documents related to the patient, the acts performed, the vaccines administered, the examinations performed, the diagnosis established, the treatment prescribed, etc. and which can be added either by the patient or the health professional.
b. it is also preferable to use a secure messaging system with encryption in accordance with the CNIL’s Personal data security Guide created to share patient information and their documents between healthcare professionals in complete security and confidentiality.
c. also, a catalogue of services referenced by the State and which are applications and services in health and well-being.
d. The hosting of patient data must be entrusted to a professional data host who holds a certificate of compliance.

In Morocco, the competent authorities are on the road to the digitalization of the health system. The framework law 06-22 relating to the national health system indicated in its article 28 the creation of an integrated national health information system in which all data relating to public and private health institutions, their activities and their resources will be collected and processed in order to monitor and evaluate health performance. This approach will be concretized by the creation of a shared medical file that allows the identification, monitoring and evaluation of each patient’s care journey [11]. This is why the legislator has imposed on the organizers of telemedicine activities to provide a certificate or a reliability report of the techniques and devices that will be used in the practices of telemedicine acts.

In the face of this technological evolution, health professionals must be sufficiently trained to know how to use these devices and how to detect malevolencies [12]. Of course, they are likely to commit medical errors, but the use of telemedicine practices has increased their burden, especially with regard to personal data, documents, images and any other information provided by the patient. Patients can declare themselves aggrieved during a teleconsultation because of negligence, a misunderstanding, a diagnostic error, a technological malfunction [13]. A proven fault generates compensation in reparation and/or a sanction in punishment..

Civil liability of doctors in telemedicine

The issue of medical responsibility in telemedicine is a concern of health professionals and patients because it involves a foreign device in the doctor-patient relationship based essentially on the physical examination, a face-to-face interrogation with a certain humanization in their contact, it is the technological tool that separates the health professional from his patient. However, what is the legal nature of medical liability in telemedicine? Multiple divergences and an increased controversy between the doctrines on the legal nature of the doctor-patient relationship (contractual and tortious nature) [14]. What then to say with the intervention of an external and dangerous element, namely technology with all the risks of data interception, electronic malware, malfunctioning technological devices, etc.?

It is conceivable that when a patient chooses a doctor, a contract is concluded from the moment the latter agrees to grant medical services. It is an ordinary contractual relationship where the doctor is required to provide attentive care and in accordance with the data acquired from medical science in return for payment of fees by the beneficiary [15]. However, under the aegis of telemedicine, it cannot be said that the responsibility of the remote doctor is contractual, because there is a new technological intermediary on the classic relationship between the doctor and his patient based on direct human physical contact, and the doctor’s fault is easily known and appreciated and makes it easy to prosecute him, but, determining the responsibility for the fault committed remotely requires a pause for reflection and analysis [16]. The nature of the legal relationship in telemedicine poses ambiguities; when it comes to a synallagmatic contract, there is a reciprocal exchange of obligations medical services on the part of the doctor and the fees on the part of the patient, but in telemedicine, the related costs are covered or reimbursed for medical coverage in accordance with Article 16 of the aforementioned decree on telemedicine [17]. When a damage takes place during the practice of telemedicine, the responsible health professional must prove that the damage is from a foreign source and is not the object of forgetfulness or negligence during the tele-medical process ; as in the case of forgetting unencrypted or open tele-medical devices for everyone, even the staff working in the service, or forgetting the decryption means such as the professional card, USB, the registration of access data (user and password) in the device. He must absolutely make sure, in case of doubt, to consult the technical support staff that the necessary precautions are taken and the entire procedure is confidential and secure.

On the other hand, if a damage occurs to the patient because of a technological device, it is the producer who will assume responsibility for the damage in accordance with Article 1245 of the French civil code. In Moroccan law, the responsibilities are assumed in accordance with Article 88 of the Moroccan DOC which gives responsibility to the one who keeps the thing except intervention of a foreign intervener (force majeure, fortuitous accident, fault of the victim, fault of a third party). As well as the Moroccan law °84-12 relating to medical devices which recommends the use of safe and reliable medical devices and which must present a high level of safety of use for the patient, health professionals and third parties and meet the essential requirements of quality, safety and performance [18]. To do this, each device must be accompanied by an instruction or labelling manual containing the information necessary for the safe use of said device and allowing the identification of its manufacturer. In order to be exempt from any liability, the healthcare professional must prove that the damage caused is a consequence of a foreign element. The obligations incumbent on health professionals remains identical to those of common law and which emanate from a medical contract. They are bound by an obligation of means where they provide attentive, conscientious care and in accordance with the current acquired data of medical science. Their responsibility is engaged only in the event of a commission of misconduct in accordance with Article L.1142-1 of the CSPF, and article 77 and 78 of the Moroccan DOC.

In Morocco as in France, the legislator gives the right to doctors belonging to the public and private sector, public and private health institutions to use telemedicine within the framework of compliance with the texts in force relating to the protection of personal data, in particular the safeguarding of the confidentiality of data and reports contained in the patient’s medical file relating to the performance of telemedicine acts [19]. In this context, the legislator has listed a set of mainly ethical obligations that the health professional must comply with by using telemedicine acts, in particular:
i. The obligation to inform the patient in a sufficient and understandable way of any act of telemedicine and to obtain his consent which must be express, free and informed. Nevertheless, this consent is difficult to obtain, especially in front of elderly people who suffer from cognitive disorders or even people who have psychoses whose discernment is not quite complete. When it comes to a minor or a protected adult, consent must be obtained from his guardian or legal representative. This stipulation is not applicable in case of emergency.

The jurisprudence tended to keep the health professional from the burden of proof, this was the object of the famous Hederal judgment of February 25, 1997 by which the French court of cassation reversed the burden of proof in the question of informing the patient to the doctor on the occasion of a colonoscopy with removal of a polyp and which led to a perforation during the intervention [20].
i. The doctor is also required to ensure the identification of the patient so as not to confuse patients, as well as the authentication of remote health professionals before the process of performing the act.
ii. He must also ensure that all health professionals involved in the practice of telemedicine have access to the patient’s data and ensure that he identifies and recognizes him clearly to avoid any errors and subsequently process errors. For this, they are required to apply the traceability rules in the exercise of the act of telemedicine.
iii. The doctor is also required to take out professional civil liability insurance. Failing which, the injured patient is entitled to sue for compensation for the damage suffered against the failing health professional.
iv. The doctor must ensure the process of hosting and sharing patient data.
v. He is required in particular to respect the professional secrecy of the information that patients entrusted to him on the occasion of his quality as a doctor. He must take the necessary precautions to respect professional secrecy by using computer technologies, he must act vigilantly during the transmission of information. That is why he is obliged to choose reliable devices and computer systems capable of preserving the confidentiality of the patient data to be transmitted.

Failure to comply with one of these obligations may lead health professionals to the substantive judge.

Criminal liability in telemedicine

The responsibility of the remote doctor can be engaged if he does not respect the obligations incumbent on him. Thus, the disclosure of medical confidentiality is among the possible offenses in this remote practice and which, moreover, criminally and deontologically incriminated. On the criminal side, Article 446 of the CPM which prohibits and punishes it, and Article 11 of the CDM which provides that professional secrecy includes all information relating to the patient and which are entrusted to the doctor during the exercise of his profession, even after his death. French law surrounds professional secrecy with a special and strict protection by criminalizing its violation through Article 226-13 of the CPF and article 4 of the CDF. On the other hand, if it turns out that the telemedicine doctor has not taken into account the patient’s clinical picture, or the predisposing factors or also the apparent symptoms of a disease, his responsibility could be engaged [21]. The person responsible for the damaging act is not necessarily the patient’s attending physician or the health professional participating in the telemedicine activity, it is enough that the fault emanates from one of them, the compensation of the damage will be In Solidum.

In this light, and although judicial decisions in the field of telemedicine are rare or unpublished. However, in a decision of the administrative court of Grenoble in 2010, he retained the joint and several liability (In solidum) of two hospital centres for misdiagnosis causing the death of the patient. In the present case, the facts date back to a patient admitted to the general hospital for head trauma following a paragliding accident (paragliding). A first CT (Computed Tomography) scan had been performed for the patient but which showed no abnormalities. Out then on painkillers, and after a few days, he came back with intense headaches. A second CT scan was performed and the images obtained are videotransmitted to the neurosurgery specialists of the CHU who showed that it is a subdural hematoma requiring drainage. But, for the lack of space in the neurosurgical department, the patient had to wait, fell into a comatose state, worsened and died.

The administrative court was satisfied that the two hospitals committed a diagnostic error constituting medical malpractice involving their joint and several liabilities on the grounds that the CT scan performed presented a sufficient radiological sign to understand that the patient, despite his clinical tolerance, suffered from a hematoma which could lead to a coma and neurological complications, something which was overlooked by the doctors of both establishments. On appeal, the Court of Appeal noted that “the video transmissions of medical images between hospital establishments did not give rise to written reports”. She considers that “it does not appear from any element of the file that the doctors who received and interpreted them expressed reservations about the quality of the images and that they suggested repeating and completing them”. The decision pronounced an indemnity in favour of the deceased’s wife of 7500 Euros.

There is no decision in this matter emanating from the Moroccan courts.

To conclude, we consider that the benefits of telemedicine are multiple, its practices must be extended especially in rural, isolated and landlocked areas where the consultation of a specialist doctor is difficult due to the difficulty of the geographical area or the climatic difficulty especially in winter, the use of telemedicine is then an adequate and delicate solution. However, medical responsibility in the field of telemedicine must benefit from the same reforms recommended by our thesis insofar as it must submit to the theory of inevitability; that is to say that since the use of telemedicine practices is a purely medical decision and that the doctor is the only one able to practice it, his responsibility must be assessed concretely. If the damage suffered by the patient was preventable by the passive or active meeting of the doctor with his patient, his responsibility is engaged in the event of damage. And the one who decides assumes responsibility for his decision and the interest from which it derives in application of the adage “no interest, no action”.