OF DIGITAL INTEREST

Trending in Telehealth: October 17 – 23, 2023

by Dale C. Van Demark and Ashley Ogedegbe | Oct 27, 2023 | Data breach, Telehealth

Trending in Telehealth highlights state legislative and regulatory developments that impact the healthcare providers, telehealth and digital health companies, pharmacists and technology companies that deliver and facilitate the delivery of virtual care.

Trending in the past week:

Interstate Licensure Compacts
Telehealth Practice Standards
Disciplinary Guidelines
Behavioral Health
Regulatory Licensing

A CLOSER LOOK

Finalized Legislation and Rulemaking

Alaska adopted a final rule creating new standards for optometrists providing telehealth services. To provide telehealth services, optometrists must: establish an optometrist-patient relationship verbally, in writing or in-person; verify the patient’s identity; maintain patient confidentiality; provide telehealth services at the same quality as in-person services; diagnose patients at the time of the patient visit; maintain complete and timely records; and perform additional examinations, in addition to telehealth, when dispensing prescription eyewear.

Legislation and Rulemaking Activity in Proposal Phase

Highlights:

In Wisconsin,
- Three Interstate Compact bills advanced through the first chamber:
  - SB 196 would enact the Counseling Compact;
  - SB 391 would enact the Social Work Licensure Compact; and
  - SB 197 would enact the Audiology and Speech Pathology Compact.
- The legislature is also considering AB 364, which advanced through the second chamber.
  - AB 364 would amend the Wisconsin tax code by adopting certain Internal Revenue Code provisions relating to high-deductible health plans (HDHPs) under the Consolidated Appropriations Acts of 2022 and 2023. Specifically, AB 364 authorizes individuals, covered by an HDHP, to claim a state income tax deduction for contributions to a health savings account, even if the plan has a $0 deductible for telehealth or remote services. The tax deduction would be available for taxable years beginning after 2021.
In Ohio, SB 90, a bill to enact the Social Work Licensure Compact (the Compact), passed through the first chamber. While Missouri is currently the only state to officially enact the Compact, Ohio is one of six states with pending legislation to join the Compact.
Oregon proposed a rule to implement and clarify SB 232. The Oregon Legislature passed SB 232 to enact certain exemptions for telemedicine licensure, clarify that the “temporarily” definition includes patients in Oregon for business, vacation or education, and authorize out-of-state physicians or physician assistants to provide telemedicine intermittently to Oregon patients when the healthcare professional has an established patient relationship. The proposed rule amendments align with these updates.

Why it matters:

Hybridization of Healthcare. Alaska’s final rule is an example of the further acceptance of hybrid healthcare models. While the new initiative authorizes optometrists to provide telehealth services to established patients, optometrists in the state must combine telehealth with other forms of examination, likely in-person, to dispense eyewear prescriptions to patients.
Modernizing Licensure Infrastructures. The legislative activity in Wisconsin, Ohio and Oregon facilitates the provision of services across state lines by standardizing licensing requirements for healthcare professionals. The streamlined licensure process also enables a [...]

Continue Reading

Digital Health 101: OCR Issues Resources to Educate Patients on Telehealth, PHI

by Amanda Enyeart, Jayda Greco and Angela Irene Theodoropoulos | Oct 24, 2023 | Cybersecurity, Data Privacy, Telehealth

BACKGROUND

On October 18, 2023, the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) issued two resource documents to help explain the privacy and security risks to patients’ protected health information (PHI) when using telehealth services, along with ways to reduce these risks. In a press release announcing the guidance, OCR Director Melanie Fontes Rainer stated that “[t]elehealth is a wonderful tool that can increase patients’ access to [healthcare] and improve [healthcare] outcomes. [Healthcare] providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices, so patients are confident that their health information remains private.”

These new resources exemplify the trend of increased scrutiny in the digital health environment, aimed at ensuring that patient data is protected, secured and confidential (including with respect to pixel technology disclosures, artificial intelligence usage guidelines, state-level data privacy laws and medical board guidelines).

IN DEPTH

Resource #1: Outlining the Risks of Telehealth

With the release of this educational resource, developed on a recommendation from the Government Accountability Office (GAO) in a September 2022 report, OCR intends to help healthcare providers explain to patients, in plain language, the health information privacy and security risks that are present when using remote communication technologies such as video conferencing websites and applications for telehealth.

OCR notes that the Health Insurance Portability and Accountability Act Privacy, Security and Breach Notification Rules (HIPAA Rules) do not require covered healthcare providers to educate patients about privacy and security risks. However, the OCR’s educational resource is intended to assist providers who would like to 1) explain the privacy and security risks to patients’ PHI when using telehealth services and 2) share ways to reduce these risks. This information may also be helpful to a patient’s family or personal representative. HHS encourages and reminds providers to be mindful of inclusionary mechanisms when communicating with individuals with disabilities (e.g., providing auxiliary resources, using language assistance services or providing written translations of materials).

The educational resource provides suggestions for discussing the following:

What telehealth is, and which technologies will be used during the telehealth encounter
The importance of PHI privacy and security
Risks and mitigation strategies when PHI is shared, stored or transferred using remote communication technologies
Which communication technology vendors are used in delivering the services and how to view their privacy and security policies
The right to file a privacy complaint with OCR under HIPAA

Resource #2: PHI Security Tips for Patients

OCR’s patient tips resource provides recommendations that patients can implement to protect their privacy, security and confidentiality when interacting via telehealth technologies, including the following:

Conducting the telehealth appointment in a private location (e.g., a private room or a parked car), wearing headphones and avoiding using a speakerphone
Turning off nearby electronic devices that may overhear or record information
Avoiding using a [...]

Continue Reading

Trending in Telehealth: October 11 – 16, 2023

by Stacey Callaghan and Ashley Ogedegbe | Oct 20, 2023 | Telehealth

Trending in the past week:

Reproductive Health
Telehealth Practice Standards
Disciplinary Guidelines
Behavioral Health
Regulatory Licensing

A CLOSER LOOK

Finalized Legislation and Rulemaking

In California, the governor signed the Nursing Facility Resident Informed Consent Protection Act of 2023. The new legislation amends the bill of rights for patients in skilled nursing facilities and establishes that healthcare professionals must disclose all material information regarding the administration of psychotherapeutic drugs to the patient to obtain the patient’s informed consent. Under the law, healthcare professionals may use remote technology, including telehealth, to obtain consent. The willful or repeated violation of these provisions will be punishable as a misdemeanor. However, the State Department of Public Health, in consultation with interested stakeholders, will not penalize facilities until December 31, 2025, when the Department plans to publish its standardized informed consent form.

Legislation and Rulemaking Activity in Proposal Phase

Highlights:

Connecticut’s Department of Consumer Protection proposed a rule to expand the prescribing authority of pharmacists. The rule would authorize licensed pharmacists who undergo the necessary training to prescribe emergency and hormonal contraceptives to patients. The rule would require pharmacists to assist patients with a Department-issued and interactive “screening document,” which includes questions to determine whether a hormonal or emergency contraceptive is clinically appropriate for a patient, age-appropriate health screening information, and a treatment algorithm for hormonal or emergency contraceptives. The screening document’s “treatment algorithm” is generated based on the clinical history entered by the patient, and it sets forth the steps of a treatment pathway and outlines when a referral to a practitioner is recommended. Licensed pharmacy technicians who undergo the necessary training can assist with the screening process, but ultimately the prescribing pharmacist must decide whether to issue the prescription or refer to a practitioner.
In Pennsylvania, HB 1300 passed the second chamber. If signed by the governor, the bill would allocate additional funds to the state’s Behavioral Health Commission for Adult Mental Health. It would also increase access to behavioral health via telemedicine services by providing funds for providers to purchase equipment such as computers, tablets, webcams, mobile devices, and telemedicine carts and kiosks; securing funds to assist with training and technical assistance for telemedicine services; providing grants to primary-care practitioners and organizations using telemedicine to deliver behavioral health integration services; and allocating additional funds for providers to purchase or maintain Healthcare Insurance Portability and Accountability Act (HIPAA)-compliant software, platforms, secure Wi-Fi hotspots and increased broadband speed and training beyond what is offered by the Department of Human Services.

Why it matters:

Continued Demand for Mental Health Initiatives. Pennsylvania’s proposed rule highlights ongoing demand for behavioral and mental health services. Increasing resources and funding for telemedicine services will give more patients convenient access to behavioral health [...]

Continue Reading

Trending in Telehealth: September 26, 2023 – October 10, 2023

by Purnima Boominathan and Ashley Ogedegbe | Oct 13, 2023 | Telehealth

Trending in Telehealth highlights state legislative and regulatory developments that impact the healthcare providers, telehealth and digital health companies, pharmacists and technology companies that deliver and facilitate the delivery of virtual care

Trending in the past two weeks:

Reproductive Health
Telehealth Practice Standards
Interstate Compact
Disciplinary Guidelines
Regulatory Licensing

A CLOSER LOOK
Finalized Legislation and Rulemaking

California signed into law SB 345, which goes into effect on January 1, 2024. The legislation states that California law applies to any civil, administrative or criminal proceeding involving individuals (that is, patients) located inside and outside of California engaged in providing, receiving, supporting, or attempting to provide or receive reproductive health and gender-affirming healthcare services via telehealth or other means. This “shield law” also provides legal protections for healthcare practitioners located in California who provide or dispense medication or other services for abortion, contraception or gender-affirming care to out-of-state patients. These protections apply regardless of the provider’s location during the activity. This law also prohibits California law enforcement, government officials or government contractors from cooperating with out-of-state prosecutions related to abortion, contraception or gender-affirming care. The law prohibits California-based corporations, including social media and tech companies, from disclosing to law enforcement any private patient communication regarding healthcare that is legally protected in the state.
New Hampshire enacted legislation effective October 7, 2023, that amends the prior law to permit out-of-state healthcare professionals to treat patients in the custody of the Department of Corrections via telemedicine, without a New Hampshire license, as long as the professionals are licensed in the state where they provide services. The prior law required all out-of-state healthcare professionals providing telehealth services to be licensed in New Hampshire, regardless of the patient’s location.

Legislation and Rulemaking Activity in Proposal Phase
(more…)

How Not to Lose $1 Million: Preparing for OIG’s Information Blocking Enforcement

by James A. Cannatti III and Alya Sulaiman | Oct 4, 2023 | Consumer Protection, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Telehealth

OIG’s long-awaited final rule on investigating and imposing penalties for information blocking dropped in July 2023 and is effective as of Sept. 1, 2023 – almost three years after OIG released its proposed rule (April 2020) and two years after the start of information blocking compliance on April 5, 2021. The final rule codifies OIG’s authority to investigate information blocking complaints, including against developers of certified health IT and health information networks/health information exchanges (HIN/HIEs), and assess CMPs of up to $1 million per violation.

OIG defined a “violation” as a practice that constitutes information blocking as set forth in ONC’s information blocking regulations—a broad definition that is important because each distinct act or omission could be subject to a separate $1 million CMP. OIG also provided examples of what it would consider constituting a single violation versus multiple violations subject to multiple CMPs:

Single Violation: A certified health IT developer denies a single request by a healthcare provider to receive multiple patients’ EHI via an API and no legal requirement or information blocking exception applies. OIG would consider this a single violation even though it would result in preventing access to multiple patients’ EHI.
Multiple Violations: A certified health IT developer takes multiple separate actions to improperly deny multiple individual requests by a healthcare provider for EHI through an API. Each separate action would be considered a separate violation.

OIG has stated that while it does not intend to impose CMPs on conduct that occurred before Sept. 1, 2023, it may consider a regulated entity’s behavior from the April 2021 compliance date onwards in deciding if alleged information blocking conduct was part of a pattern of behavior. Other factors OIG anticipates considering when deciding penalty levels include the nature, circumstances, and extent of the information blocking and resulting harm, including the number of patients and/or providers affected and the number of days the information blocking persisted. OIG will also consider other factors, such as the degree of culpability, history of prior offenses, and other wrongful conduct.

When deciding whether to pursue a particular information blocking allegation, OIG indicated that it plans to prioritize enforcement for actions that:

Resulted in/had the potential to cause patient harm;
Significantly impacted providers’ ability to care for patients;
Are of long duration;
Caused financial loss to Medicare, Medicaid, or other federal healthcare programs or private entities; and
Were performed with actual knowledge.

Each allegation will require a facts and circumstances analysis, which OIG will conduct in coordination with ONC and other federal agencies as appropriate. Further, while OIG’s enforcement priorities may inform its decisions about which allegations to investigate, OIG states that the priorities are not dispositive, meaning it can investigate any allegations it chooses.

READ THE FULL ARTICLE ON THE HIMSS ELECTRONIC HEALTH RECORD ASSOCIATION BLOG HERE.