chevron-down Created with Sketch Beta.

Litigation News

Litigation News | 2020

Legal Considerations for Remote Healthcare Work

Christina Michelle Jordan


  • As remote services become more widely used in healthcare, there likely will be increased access to, and electronic transmission of, confidential health information.
  • Telehealth and telemedicine services have become more attractive to both patients and healthcare providers. 
  • Attorneys should become familiar with legal issues surrounding remote healthcare work, including potential measures for mitigating risk and protecting devices and data.
Legal Considerations for Remote Healthcare Work
Luis Alvarez via Getty Images

Jump to:

Ongoing safety precautions due to the COVID-19 pandemic have required millions of people, regardless of their profession, to work from home. The pandemic has resulted in a turn toward technology to help people work from home effectively. Workers in the medical field face unique challenges when performing healthcare work remotely.

While healthcare providers expand efforts to provide care for a growing patient population in view of the COVID-19 pandemic, telehealth and telemedicine services have become more attractive to both patients and healthcare providers. Expanded availability of services allows individuals to limit their exposure to COVID-19 by receiving care outside of healthcare facilities. Remote use of healthcare tools also reduces the number of in-person patient visits that could otherwise overwhelm hospital care units and medical equipment supply chains. Healthcare providers’ and patients’ homes have become the doctor’s office waiting room, the examination room, and the emergency room.

The telecommunication applications used for providing remote healthcare services provide a convenient way for personal two-way communication. Healthcare providers should be mindful of choosing an application that is user friendly, choosing a private location in the home, and testing equipment in advance of communicating with patients. There are small steps healthcare providers can take to impress upon their patients that the nature of the discussion is similar to what it would have been if it was in person, and demonstrate professionalism, respect, and privacy of the discussion.

As telehealth and telemedicine services become more widely used, there likely will be increased access to, and electronic transmission of, confidential health information. Attorneys should become familiar with legal issues surrounding remote healthcare work, including potential measures for mitigating risk and protecting devices and data.

What Are Telemedicine and Telehealth?

Telemedicine refers to traditional clinical care, like diagnosing and monitoring patients, performed remotely. Telehealth is slightly broader than telemedicine and can include services such as patient education, wellness promotion, and monitoring of wearable devices. There are four main categories of telehealth: (1) live two-way communication with a healthcare provider using audiovisual telecommunications technology; (2) transmission of digital images, such as x-rays, through a secure electronic communications system; (3) remote patient monitoring of vital statistics by clinicians; and (4) mobile health using smartphone and wearable device technology, such as cameras, microphones, sensors, and applications.

Many remote healthcare workers are turning to new technologies that help facilitate telehealth services, such as videoconferences, data sharing, and project management. Healthcare workers should be mindful of whether technology has been developed specifically for handling protected health information. It is important that technology used for telemedicine and telehealth support Health Insurance Portability and Accountability Act (HIPAA) compliance and ensure that health information is properly protected.

Government Facilitates Access to Remote Healthcare Services

As the United States continues efforts to address the COVID-19 pandemic, federal and state governments have implemented measures and provided additional guidance for expanding access to telehealth services. For example, some states have revised the technology requirements for telemedicine services and have relaxed telemedicine standards to address medical- and health-related needs arising out of the COVID-19 pandemic. While changes to the regulations have created a much more favorable environment for providing telemedicine and telehealth services, healthcare workers nevertheless should become familiar with legal risks they could face, which include those associated with traditional, in-person care and those arising out of aspects particular to providing remote healthcare services.

Relaxed Technology Requirements

Congress passed new legislation providing emergency funding for federal agencies, including expanding Medicare coverage for telehealth services during the COVID-19 public health emergency. With the exception of virtual check-ins with patients, the Centers for Medicare and Medicaid Services typically did not permit reimbursement for furnishing telehealth services at home or across state lines. During the current COVID-19 public health emergency, telehealth services such as remote monitoring, emergency room visits, therapy services, and other non–face-to-face care management may be billed as if they were provided in person.

With respect to audiovisual telecommunications technology for providing live two-way communication with a healthcare provider, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) advised that healthcare providers may use non–public-facing applications to deliver care. Examples of permissible applications include Zoom, Skype, and Apple FaceTime, whereas examples of public-facing applications that are impermissible for telehealth services include Facebook Live, Twitch, and TikTok. HHS OCR recommends that providers notify patients of privacy risks from using audiovisual telecommunications technology. Providers are also encouraged to seek additional available privacy protections for confidential health information.

Transmission of Protected Health Information

Remote healthcare workers can store and transmit large amounts of confidential patient information, resulting in risks associated with protecting data and electronic devices. Technology used for remote healthcare work must meet HIPAA security and privacy requirements. Digital data transmission increases the risk of sensitive patient information being intercepted and exploited by a third party. Remote healthcare providers should regularly audit security measures and data privacy and protection policies to ensure they are being HIPAA compliant.

With increased use of videoconferencing platforms to provide two-way communication, many telecommuters are using free versions of videoconferencing platforms, which do not support HIPAA compliance. Remote healthcare providers should consider licensing specialized videoconferencing solutions that provide additional privacy protections and HIPAA-compliant platforms.

While healthcare providers are working remotely, they are often using personal devices, such as smartphones and personal computers, to provide care. It may be difficult to distinguish between different patients’ medical records on personal devices and to ensure that personal devices meet security and regulatory compliance. If possible, practitioners should refrain from using personal devices, and instead use devices dedicated to remote healthcare work that have been verified to meet organizational security configuration requirements.

Virtual private networks (VPNs) provide another layer of data security, offering a secure, encrypted connection between the office and a device. A VPN connection to the office provides firewall protection, among other data security features, for remote users. VPNs can also help protect the confidentiality of information stored and transmitted by remote users.

Currently, there is no cure or vaccine for COVID-19, and minimizing physical contact is an effective way to limit the spread of the virus. Until COVID-19 is controlled, patients and healthcare providers will likely continue to take advantage of telehealth and telemedicine platforms even after the spread of the virus has decreased to more manageable numbers. And the importance of understanding the legal issues that arise as a result of the nature of remote healthcare work will remain after the COVID-19 pandemic is over.