By Marcus Soori, Founder — Tricorder.Zero
The surge in telehealth use triggered by the COVID-19 pandemic occurred in a relaxed regulatory atmosphere. Under the terms of a Notification of Enforcement Discretion issued by the US Department of Health and Human Services in response to the pandemic, a healthcare provider could offer a “good faith provision” of telehealth without fear of penalties for non-compliance. Regulators felt the enforcement discretion was justified by the nationwide public health emergency posed by Covid.
However, once the pandemic passed, so did the regulatory leeway supporting telehealth growth. This has left telehealth providers with a new challenge to overcome. If they are to continue offering patients the enhanced accessibility and efficiency of telehealth, they must take steps to ensure their services align with the growing body of telehealth regulations.
Key concerns affecting telehealth compliance
During the COVID-19 pandemic, shelter-in-place restrictions kept most patients from connecting with their care providers in traditional ways. Patients who were prohibited from attending in-office visits — or who voluntarily avoided them due to concerns about COVID-19 exposure — turned to telehealth to continue their care. For the most part, telehealth was used to facilitate appointments between patients and their local physicians.
As telehealth has evolved in the aftermath of Covid, it has opened doors for patients to connect with providers outside their immediate area. Those in underserved and rural areas can now access care via telehealth without the challenges they faced in the past. To facilitate that access, providers must consider the regulatory implications of crossing borders and serving patients across a broader landscape.
The technology supporting today’s enhanced telehealth activity also introduces compliance concerns that must be considered and addressed. To optimize telehealth services, healthcare providers typically rely on technology platforms managed by third-party providers. To stay compliant, providers must ensure that those platforms safeguard the sensitive information exchanged during telehealth.
For example, several states now have laws focused on protecting patient data. If telehealth platforms don’t support the protections required by these laws, they can expose providers to compliance issues and vulnerabilities that may lead to data breaches.
Key controls addressing telehealth compliance
The Health Insurance Portability and Accountability Act (HIPAA) is one of the key laws impacting telehealth services. Its primary focus is data security, which requires telehealth providers to ensure strong encryption is used to protect patient data shared during telehealth appointments and data stored by providers. HIPAA also imposes strict controls on who can access patient data, so telehealth platforms must carefully address confidentiality, patient consent, and access authorizations.
Risk management is another key to HIPAA compliance. Telehealth providers must take steps to identify and address the vulnerabilities in their systems that could lead to unauthorized access of patient data. HIPAA compliance also requires an incident response plan that details the steps providers will take to respond to data breaches and mitigate their impact.
Telehealth can also expose providers to various state laws focused on protecting patients. Many of these laws apply to healthcare providers and other businesses that serve a state’s residents, even if the business is not physically located within the state. For example, the California Consumer Privacy Act requires data protection practices for companies that collect personal information from California residents, regardless of the company's location.
State privacy laws typically require the same type of security measures that HIPAA imposes. In addition to compliance duties, state laws also require a high level of transparency regarding healthcare data. They grant patients the right to know what information providers are gathering, to access that data, and to request that it be deleted. State laws also commonly require telehealth providers to be transparent with patients about the ways they share data with third parties.
Telehealth providers may also be subject to laws specific to telehealth that address issues such as licensure requirements, reimbursement policies, and data privacy standards. Florida law, for example, defines the specific technology that qualifies as “telehealth,” the circumstances under which out-of-state physicians can provide services to Florida residents, and what providers can expect in terms of reimbursement from insurance companies.
Providers that accept Medicare and Medicaid must comply with regulations that address technology, documentation, and billing. Failure to comply with these requirements, which can vary by state, may negatively affect the Medicare and Medicaid reimbursement process.
Key steps to ensure telehealth compliance
Establishing Business Associate Agreements (BAAs) with vendors is a key compliance step for telehealth providers. These contracts, which are required by HIPAA, aim to establish the steps that will be taken to secure protected health information. BAAs define the type of data vendors can access, how the data will be protected, and what steps will be taken in the event of a data breach.
BAAs extend data security measures by requiring vendors to ensure that their subcontractors have safeguards to protect patient information. They also typically give telehealth providers the right to audit operations and confirm that the BAA specifications are being followed. By utilizing third-party auditors, telehealth providers can ensure BAA compliance and determine whether vendors follow best practices and are up to date with relevant telehealth regulations.
Studies show patients had favorable experiences with telehealth during the Covid pandemic and want to see it continue as an option. By taking steps to understand and comply with the growing number of applicable state and federal regulations, providers can meet patients’ expectations and take advantage of telehealth technology to enhance and expand the care they offer.
— Marcus Soori is the founder of Tricorder.Zero™, which is a device that revolutionizes health and fitness tracking. Tricorder.Zero™ is a portable touchscreen tracker equipped with seven sensors. It combines features such as medication monitoring and the ability to share data with healthcare professionals or fitness trainers. With this cutting-edge technology, Tricorder.Zero™ is positioned to become a major player in the growing "connected telehealth" market, projected to reach a value of $1 trillion by 2032. Tricorder.Zero™ will allow users to simplify their health monitoring routine by replacing devices and apps with a comprehensive solution accessible anytime, anywhere.
No comments:
Post a Comment