Health Information Compliance Alert

Published on Thu Mar 16, 2017 PDF

With the right tools and utilization, telemedicine boosts both workflow and income.

Advancements in technology and the digitization of practice management have improved healthcare in ways most never dreamed possible.

Telehealth falls into this category as it allows providers to virtually interact with their patients, improving the delivery of care for those unable to come into the office. But connecting with patients remotely can be a compliance headache if your tools aren’t user-friendly or lack the proper security protocols to ensure the process is both safe and compliant.

Get the Scoop

Telemedicine can be a boon for folks left behind by hospital consolidations and the lack of medical resources in rural areas of the country, but it is actually more than just a replacement of an office visit and it’s not for everyone. Both the provider and the patient have to be on board, and depending on the type of telemedicine you’re practicing, the upfront hardware cost can be high.

Reasoning: There are many factors that go into the successful utilization of telemedicine at your practice, but the primary one is educating your staff on the how and why of telehealth. “Hospitals, healthcare systems, and practices should first understand the value of a telehealth solution,” says Lee Horner, president of telehealth at Stratus Video in Clearwater, Fla. “The ideal telehealth solution works with existing workflows and helps to automate your established processes.”

Fundamentals: Telemedicine covers more than just the virtual consultation that most people think of when they hear “telehealth.” It is actually broken down into three distinct areas and involves real-time online visits, recorded and saved interactions, and long-term observation via telehealth tools:

• Store-and-forward data collection allows the physician to share data and the recorded visit with other providers, usually a specialist, who may be needed to remedy the patient’s diagnosis.
• Remote patient monitoring is extremely helpful with chronic conditions and lets the provider check-in with the patient and monitor reports and changes in his health with the right equipment.
• Synchronous telehealth refers to the real-time virtual delivery of telemedicine using audio and video technologies to perform the visit.

Here’s the Rub

Telemedicine can be an incredibly useful tool, but if you don’t keep HIPAA regulations in mind, you can get yourself in hot water. “HIPAA compliance is a must-have for any telehealth solution,” advises Horner. “Because hospitals and healthcare systems are dealing with electronic protected health information (ePHI), any telehealth system must first and foremost ensure that all the required physical, network, and process security measures are in place and followed.”

Consider this: Telemedicine delivery is dependent on mobile devices and software that allows you to talk with your patient one-to-one during the virtual consultation, so it’s no surprise that following the HIPAA Security rule is essential.

To avoid problems, you need to include this type of communication in your compliance planning, ensuring that the office staff knows the rules of engagement. “I think the challenge comes more with Security Rule compliance than Privacy Rule compliance,” says attorney Michael D. Bossenbroek, Esq., of Wachler & Associates, P.C. in Royal Oak, Mich. “However, there is what I would refer to as ‘low hanging fruit’ or basic HIPAA compliance issues that the OCR has repeatedly identified and that a practice could address without much difficulty.”

Remember: A breach can happen with telehealth services just like it can with a patient portal in an EHR, a front office breakdown, or a misaddressed postcard. You need to outline from the beginning what’s at stake and enlist a reputable and experienced telehealth vendor.

As you go about setting up your system, ask yourself these questions from the HIPAA Security Rule:

• Who’s authorized to access ePHI through telemedicine in the office?
• Are the communications’ materials and hardware safe, secure, and HIPAA-ready to protect the integrity of ePHI?
• How are you going to monitor the telehealth solutions in your practice?
• Who is going to assess and analyze the risk to protect against a breach?

Think About What Your Practice Needs

For you to successfully offer telehealth services to your patients, you have to invest in the right applications, software, and hardware for your practice.

Nuts and bolts: Whether you are a telehealth novice or have been engaged in telemedicine for a while, understand that the best system is one that enhances your patients’ care not hinders it.

It’s important to note that both physicians and staff work better when they are able to use devices they are familiar with when adopting new telehealth technologies, suggests Horner. “This will help drive quick adoption and ongoing usage as it will not require significant behavioral change from physicians and staff,” he adds. “Also, the ideal telehealth solution should be able to leverage the investments an organization has already made in personal devices and technology.”

Apps matter: Seek out a vendor with telehealth street cred that understands HIPAA and business associate agreements (BAAs). Their programs should be easily adaptable to your office tech and translatable to your patients. “Physicians and staff will appreciate being able to use everyday devices (such as smartphones, tablets, etc.) with a HIPAA-compliant technology that delivers on convenience and optimizes patient care,” Horner says.

Tip: Function and ease-of-use are essential to telehealth implementations, especially when dealing with critical care crises. “Intuitive solutions allow staff to react quickly and immediately reach needed specialists,” explains Horner.

For more information on telehealth and Stratus Video, visit https://www.stratusvideo.com.