The use of technology to provide healthcare has existed for decades; however, recent advances in technology and changes in reimbursement have increased the prevalence of telehealth for diagnosing and treating patients. Telehealth is an emerging and promising method of providing healthcare in areas where healthcare may be limited or unavailable. Telehealth provides quality, cost-effective healthcare and can reach individuals in remote or underserved locations. It has also been shown to increase patient satisfaction.
The Health Resources and Services Administration of the U.S. Department of Health & Human Services defines telehealth as “the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, public health and health administration, and may include non-clinical services.” The Centers for Medicare & Medicaid Services and all 50 states have regulations governing the use of and reimbursement for telehealth services, and commercial payers are increasingly covering these services. Reimbursement policies for telehealth services vary and may limit or restrict the type of facilities and providers who may seek reimbursement, setting geographical limitations on reimbursement for certain medical conditions. Because of the surge in the use of telehealth, healthcare providers need to be aware of the risks associated with the use of this technology and implement mitigation strategies to reduce these risks.
Telemedicine, which is a subset of telehealth, is defined by the Federation of State Medical Boards as “the practice of medicine using electronic communications, information technology, or other means between a licensee in one location and a patient in another location with or without an intervening health care provider.” Telemedicine can be delivered via real-time videoconferencing for (1) provider-patient consultations; (2) provider-to-provider consultations; (3) store-and-forward technologies; (4) direct to consumer upon demand; and (5) remote patient monitoring in which electronic devices transmit patient health information to providers.
With nearly all healthcare providers currently using some form of telehealth to care for patients, or planning to implement a telemedicine program, the laws and regulations surrounding the practice of medicine are extended to using telehealth technologies to deliver patient care. Legal issues surrounding telemedicine include:
Healthcare providers should develop a detailed telemedicine program that identifies the need for specific services and the available or required technologies and resources to implement such a program. Telehealth services should be incorporated into a provider’s overall health information technology structure to support the access to and exchange of health information between healthcare providers. This strategy includes an analysis of the associated risks and implementation of risk mitigation strategies and oversight in order to comply with various laws and regulations. Healthcare providers will also want to evaluate and revise their telehealth programs as new technologies, processes and services are developed and implemented.
Privacy and Security Considerations
Patients expect healthcare providers to protect their health information, and adoption of telemedicine by patients will be dictated, in part, by assurances that their health information will be secure and their privacy maintained. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act and the regulations promulgated apply to covered entities that use and disclose protected health information (PHI) in any medium, including electronic PHI (ePHI). Additionally, state privacy and security laws that protect personal information will also apply to telemedicine. The originating site where the patient is located and the distant site where the healthcare provider is located must coordinate implementation of the telemedicine program to ensure that the confidentiality, integrity and security of PHI are maintained. Privacy and security considerations include:
Provider state licensing requirements, scope of practice, credentialing and liability of providers using telehealth services will be discussed in the next blog post.