What Are Telemedicine and Telehealth?
Telemedicine refers to traditional clinical care, like diagnosing and monitoring patients, performed remotely. Telehealth is slightly broader than telemedicine and can include services such as patient education, wellness promotion, and monitoring of wearable devices. There are four main categories of telehealth: (1) live two-way communication with a healthcare provider using audiovisual telecommunications technology; (2) transmission of digital images, such as x-rays, through a secure electronic communications system; (3) remote patient monitoring of vital statistics by clinicians; and (4) mobile health using smartphone and wearable device technology, such as cameras, microphones, sensors, and applications.
Many remote healthcare workers are turning to new technologies that help facilitate telehealth services, such as videoconferences, data sharing, and project management. Healthcare workers should be mindful of whether technology has been developed specifically for handling protected health information. It is important that technology used for telemedicine and telehealth support Health Insurance Portability and Accountability Act (HIPAA) compliance and ensure that health information is properly protected.
Government Facilitates Access to Remote Healthcare Services
As the United States continues efforts to address the COVID-19 pandemic, federal and state governments have implemented measures and provided additional guidance for expanding access to telehealth services. For example, some states have revised the technology requirements for telemedicine services and have relaxed telemedicine standards to address medical- and health-related needs arising out of the COVID-19 pandemic. While changes to the regulations have created a much more favorable environment for providing telemedicine and telehealth services, healthcare workers nevertheless should become familiar with legal risks they could face, which include those associated with traditional, in-person care and those arising out of aspects particular to providing remote healthcare services.
Relaxed Technology Requirements
Congress passed new legislation providing emergency funding for federal agencies, including expanding Medicare coverage for telehealth services during the COVID-19 public health emergency. With the exception of virtual check-ins with patients, the Centers for Medicare and Medicaid Services typically did not permit reimbursement for furnishing telehealth services at home or across state lines. During the current COVID-19 public health emergency, telehealth services such as remote monitoring, emergency room visits, therapy services, and other non–face-to-face care management may be billed as if they were provided in person.
With respect to audiovisual telecommunications technology for providing live two-way communication with a healthcare provider, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) advised that healthcare providers may use non–public-facing applications to deliver care. Examples of permissible applications include Zoom, Skype, and Apple FaceTime, whereas examples of public-facing applications that are impermissible for telehealth services include Facebook Live, Twitch, and TikTok. HHS OCR recommends that providers notify patients of privacy risks from using audiovisual telecommunications technology. Providers are also encouraged to seek additional available privacy protections for confidential health information.
Transmission of Protected Health Information
Remote healthcare workers can store and transmit large amounts of confidential patient information, resulting in risks associated with protecting data and electronic devices. Technology used for remote healthcare work must meet HIPAA security and privacy requirements. Digital data transmission increases the risk of sensitive patient information being intercepted and exploited by a third party. Remote healthcare providers should regularly audit security measures and data privacy and protection policies to ensure they are being HIPAA compliant.
With increased use of videoconferencing platforms to provide two-way communication, many telecommuters are using free versions of videoconferencing platforms, which do not support HIPAA compliance. Remote healthcare providers should consider licensing specialized videoconferencing solutions that provide additional privacy protections and HIPAA-compliant platforms.
While healthcare providers are working remotely, they are often using personal devices, such as smartphones and personal computers, to provide care. It may be difficult to distinguish between different patients’ medical records on personal devices and to ensure that personal devices meet security and regulatory compliance. If possible, practitioners should refrain from using personal devices, and instead use devices dedicated to remote healthcare work that have been verified to meet organizational security configuration requirements.
Virtual private networks (VPNs) provide another layer of data security, offering a secure, encrypted connection between the office and a device. A VPN connection to the office provides firewall protection, among other data security features, for remote users. VPNs can also help protect the confidentiality of information stored and transmitted by remote users.
Currently, there is no cure or vaccine for COVID-19, and minimizing physical contact is an effective way to limit the spread of the virus. Until COVID-19 is controlled, patients and healthcare providers will likely continue to take advantage of telehealth and telemedicine platforms even after the spread of the virus has decreased to more manageable numbers. And the importance of understanding the legal issues that arise as a result of the nature of remote healthcare work will remain after the COVID-19 pandemic is over.