As local governments start reviewing and preparing telemedicine rules for 2022, it is important to stay on top of what may be changing for your practice in your area.
Posted in Risk Management on Tuesday, October 12, 2021
As 2022 draws near, it’s a good time to take note of any upcoming changes to telemedicine rules. Changes vary by state - for example, effective December 31, 2021, Ohio will be going back to enforcing pre-COVID telemedicine rules. Telemedicine may not be as in-demand as it was at the peak of the pandemic, but it’s still important to remember some key points:
Staff and Environment
Telemedicine and HIPAA
- Telemedicine services are included in HIPAA Privacy policies and the Notice of Privacy Practices for your practice.
- Your telemedicine technology is included in the HIPAA Security Risk assessment and policies.
- Telemedicine providers and support staff members must receive HIPAA Privacy and Security Awareness training specific to the telemedicine services being provided. Their training should be documented in personnel files.
Comply with State Laws and Regulations
- The type of telemedicine service(s) contemplated is (are) permissible/covered under state law. Contact the appropriate professional board for more information.
- The providers who will be used to deliver telemedicine services must be permitted to do so under state law. Unsure? Contact the appropriate board for more information.
- The providers who will deliver telemedicine services are licensed to practice medicine in the state where the patient is located (directly or by interstate compact).
- Telemedicine treatment, prescribing, and documentation comply with applicable state standards.
Assessments and Scopes
- A needs assessment must be conducted and should support the type(s) of telemedicine services under consideration.
- A scope of service must be identified and documented for each type of telemedicine under consideration/in use. The scope of service includes:
- The type of provider who will perform the services.
- What type(s) of patients will receive services.
- The clinical conditions, including severity, that will be covered by the service.
Privacy and Security
- The provider workspace must be private, soundproof, and have a door to prevent unauthorized people from entering during telemedicine visits.
- Telemedicine visits must be conducted over systems that provide “end to end” electronic security, such as encryption.
Telemedicine Policies and Procedures
Telemedicine policies and procedures include the following:
- Definition of when the provider/patient relationship begins
- Management of privacy and security of telemedicine visits and protected health information
- Patient identification requirements
- Process for receiving and responding to patient messages
- Process for managing patient-provided health information
- Hours of operation, appointments, and scheduling
- Process for patient choice in provider assignment
Informed Consent and Refusal
Informed Consent must be obtained for telemedicine services and includes:
- Any state-specific requirements.
- Patient identification
- The names and credentials of providers and staff members who will be involved in providing telemedicine services
- Patient rights, including the right to stop or refuse treatment by telemedicine
- The type(s) of telemedicine service(s) being provided and the technology that will be used
- Potential privacy and security risks and measures taken to reduce the risks
- Technology-specific risks, such as interruption of the audio/video link, poor transmission quality, and/or electronic tampering
- Permission to bill insurance, as applicable
- Instructions for alternative care in case of an emergency or technology malfunction
- Billing and payment
- Complaint and grievance handling
- Telemedicine clinical documentation expectations, including distant site, as applicable
- Archiving and retrieval of video, as applicable
- Quality measurement and monitoring
Informed Refusal is the term for when your patient refuses to sign an informed consent form. Make sure you and your staff are aware of the process to follow when a patient refuses to provide consent.