Mike Braham (mike.braham@trapollo.com) is CEO of Trapollo, a Cox Business Company, located in Herndon, VA.
Even though telehealth technologies and services have been around for years, widespread adoption among healthcare providers and patients has been relatively slow. However, what was once thought to be a five-year horizon for pervasive telehealth adoption by both physicians and patients was transformed in just five weeks during the rise of COVID-19. As the need for patients to see their doctors, therapists, and other healthcare practitioners remotely has become a necessity, the future of telehealth moved to now—and the future of compliance in healthcare will depend on how well remote patient services are implemented today.
Without a doubt, telemedicine is revolutionizing healthcare, enabling practitioners to see patients and clients virtually and allowing patients to attend appointments and get much-needed healthcare from afar. However, both Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) compliance and security are in question as the telehealth story continues to unfold and providers enact measures to ensure both. According to the Health Resources and Services Administration, “The federal government has taken concrete steps to make telehealth services easier to implement and access during this national emergency. These changes are temporary measures during the COVID-19 Public Health Emergency and are subject to revision.”[1]
Although the federal government has allowed for HIPAA flexibility during the COVID-19 pandemic, no one really knows what those guidelines will look like in the future. Even Centers for Medicare & Medicaid Services Administrator Seema Verma recently said, “‘I think the genie’s out of the bottle on this one.’”[2]
And because these temporary measures are subject to revision, it’s imperative for telehealth providers to take steps to ensure they are HIPAA compliant and secure client data—not only now but going forward. Further, it’s crucial to continue to monitor for updated regulatory actions since chances are good that what is acceptable today might not be tomorrow. Lastly, along with developing and updating compliance policies and procedures, organizations should keep up with government changes to ensure compliance both now and when the pandemic is in the rearview mirror.