There are several measures OCR/HHS has taken to lessen the regulatory burden of HIPAA for health care providers amidst COVID-19. Here is the latest breakdown of important pronouncements and guidance set forth by OCR/HHS to help providers deal with COVID-19 and HIPAA compliance:
I recently worked on a telepsych agreement for a hospital client. Under the agreement, a distant site will provide mental status assessments of emergency department patients remotely. Some of the issues flowing from the contract that we addressed were whether patient consent was required for the telepsych consult and how to credential the distant site providers. Legal and regulatory requirements for patient consent vary state by state and there are credentialing options for distant site providers. With or without a legal or regulatory requirement for patient consent, we recommended obtaining patient consent, when possible as best practice. We addressed how our hospital client would pay the distant site providers, but one thing we didn’t address in the telepsych agreement was payer coverage for telepsych services.
We understand that 31 states and the District of Columbia require private insurers to cover telehealth, but that the laws differ state to state. Medicaid and Medicare also cover telehealth in varying degrees.
In March, I attended a three day meeting of women business leaders in health care where telehealth was a topic in multiple formal and informal discussions. My previous experience in telehealth had been limited to working with a few direct to consumer telemedicine platforms and intensive care monitoring. I now know that I can get psychiatric, nutrition and a multitude of other services via telehealth. Telehealth is expanding exponentially. While it will never fully replace a face to face visit with a health care provider, it does offer a way to better address certain patient needs.
Stay tuned to this Blog for more thoughts on telehealth.
Mobile health (“mHealth”) medical app developers, including health information technology (“HIT”) and telemedicine app developers, tend to focus on FDA requirements. Indeed since many of these apps may be categorized as medical devices, and the FDA approval process is lengthy, developers are wise to focus on whether an app is regulated by the FDA. But a successful developer should also build privacy protections (e.g., privacy policies) and security protections (e.g., disaster recovery) into its product from the earliest stages. The Federal Trade Commission (“FTC”) calls this “Privacy By Design.” “Security By Design” is the corollary. Continue reading Attention mHealth, HIT and Telemedicine App Developers: Privacy and Security By Design Is Critical