As the novel coronavirus COVID-19 continues to spread, medical systems around the world are stretched thin. And with people practicing social distancing and staying at home to slow the spread of the virus, more medical consultations are moving online. Telehealth, or telemedicine, allows patients to meet with doctors and other medical personnel via video over the internet, often through a third-party videoconferencing platform. While the technology has existed for years, the urgency of avoiding in-person contact and facilities where people with COVID-19 are being treated, as well as the possible cost savings of virtual visits, have led to a recent surge in its popularity. In fact, when IT vendor Sykes recently surveyed 2,000 U.S. adults, two-thirds said that COVID-19 has made them more willing to try telehealth options, with one-quarter reporting that they had not considered it before the outbreak.
According to telemedicine provider American Well’s Telehealth Index: 2019 Physician Survey, 20% of physicians use this technology, an increase of 15% since 2015. More than 60% who are not currently using it also indicated that they would be likely to start in the next two years. But providers appear to be reticent about telehealth due to prohibitive costs. Before the COVID-19 outbreak, the American Medical Association (AMA) noted, “despite regulatory and legislative changes to encourage the use of telemedicine, the financial burden of implementing it may be a continuing barrier for small practices.” These costs can include setting up expensive IT infrastructure and ensuring that this infrastructure is secure against cyberattacks and compliant with HIPAA regulations governing patient confidentiality.
In response to the COVID-19 outbreak, the Federal Communications Commission (FCC) announced a $200 million program to help fund telehealth programs to encourage adoption among U.S. health care providers. The FCC will provide up to $1 million per facility, with a particular emphasis on underfunded facilities that rely mostly on Medicare payments, as well as facilities in areas hit hardest by COVID-19. The FCC also authorized a longer-term program to encourage telehealth use, allocating an additional $100 million “to help defray health care providers’ costs of providing connected care services” and to assess how to offer long-term support for telehealth. The U.S. government has also expanded Medicare coverage for telehealth services, which could allow more elderly patients to access virtual medical services while sheltering at home.
Benefits of Telehealth
According to a study of 650 Philadelphia patients by Jefferson Health, those who used a telehealth platform reportedly saved $300 to $1,500 per visit. Most of the savings came from using the platform instead of going to an emergency room or urgent care. Some insurance companies have also reduced copays for virtual doctors’ visits. In addition to insurance savings, employers can benefit from their employees using telehealth services because it means less time away from work.
There is also evidence that the ease of accessing a doctor via telehealth could increase the number of people seeking medical attention before health problems require high-cost emergency care. In the Jefferson Health study, 16% of patients who used a telehealth platform said that they would not have sought medical care if the telehealth option had not been available. “This population of patients who would have done nothing may represent improved access and incorporation of patients into the health care system that might not have participated previously. This might actually prevent more costly care further down the line,” the researchers said.
While in-person testing is required to definitively diagnose COVID-19, telehealth services can provide an initial consultation to help patients determine if they need to seek in-person treatment. This can relieve some of the pressure on medical providers and emergency rooms, which are struggling to balance the influx of COVID-19 patients and other urgent cases.
Dangers for Providers and Patients
Adopting this technology also presents serious potential liabilities, such as privacy risks for patients, providers and insurance companies, as well as the risk of cyberattacks.
Even during a pandemic, health care providers have a legal and ethical obligation to protect patients’ private health information (PHI), and providing services remotely may complicate this. The U.S. Department of Health and Human Services (HHS) advised, “Providers should always use private -locations and patients should not receive telehealth services in public or semi-public settings, absent patient consent or exigent circumstances.” HHS also recommended using lowered voices, not using speakerphones, and suggesting patients move away from others when discussing PHI.
Many health care providers, even large hospital networks, likely do not have the IT resources or infrastructure to host and maintain their own telehealth platform, so they use third-party platforms, which creates additional risks.
Health care facilities are particularly vulnerable to cyberattack. “The amount of sensitive information that hospitals, labs and health care organizations have on individuals is staggering; it’s no wonder they are a prime target for hackers,” said Fred Kneip, CEO of third-party cyberrisk firm CyberGRX. “Ransomware is an attack of choice for bad actors targeting doctors’ offices. In these instances, new, unvetted tools can be a wolf in sheep’s clothing used to breach information.” Providers eager to meet their patients’ needs via telemedicine may also rush into using platforms that do not meet HIPAA requirements or lack adequate privacy protections. “If not properly vetted and known to be secure, these tools put doctor/patient confidentiality at risk and violate regulations designed to protect patients and practices alike,” Kneip added.
Establishing Telemedicine Best Practices
“Just as hospitals have emergency response plans to deal with mass casualty events, or epidemics, so too must they institute good cyber hygiene practices in order to protect sensitive data,” Kneip said, “Due to the sensitive and unique nature of the information they possess, all players within the health care industry must harden their networks and verify their third-party providers to ensure the data they are responsible for is protected.” These measures include features like end-to-end encryption, two-factor authentication and secure logins.
To this end, the AMA recommends reaching out to state medical associations for guidance on trusted platforms and vendors. Health professionals using telehealth technology should also routinely monitor the landscape for new risks or best practices as the technology evolves and adoption increases.
Patients can also help make their telehealth experience more secure by engaging in basic cybersecurity best practices, including making sure they are on secure networks, using strong passwords and taking advantage of provided security measures to ensure they are secure from their side, Kneip said.
For providers that are new to telehealth, the AMA suggests establishing a specific team to facilitate establishing and maintaining a telehealth service, and checking with the institution’s malpractice insurance carrier to make sure that these services are covered.
During the COVID-19 pandemic, HHS’s Office for Civil Rights (OCR) announced that it would not levy penalties against health care providers for HIPAA noncompliance as long as they were attempting to provide telehealth services in good faith and the platform being used was not public-facing. Every effort should be made to fully protect patient privacy and secure patient information, however. “Providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications,” OCR stated.
As health care needs evolve, telehealth technology can offer benefits for patients, providers and insurers. But with greater efficiencies also come new risks. Understanding and addressing these threats will be vital as providers seek to improve the overall quality of care.