Documentation required to practice telemedicine, also known as telehealth, varies by state.
CTeL is a non-profit organization in the field of telehealth and e-health related issues whose mission is to overcome the regulatory barriers that impact the utilization of telehealth. They also analyze and disseminate information on many of the legal issues associated with telemedicine.
A brief description of the necessary documentation:
Licensing is under the purview of states to control and regulate. During a telehealth encounter the service is considered to take place at the physical location of the patient (as opposed to the provider). This requires providers to comply with the laws and regulations associated with the appropriate professional licensing board in the patient’s state. Policies vary across states and often requires providers to obtain some form of licensure, whether a full license or a specially issued one (for example, a telemedicine license), in each state the provider wishes to practice. The Federation of State Medical Boards has developed language for an Interstate Medical Licensure Compact that would allow member states to create an expedited process to obtain a license in member states. This in as ongoing work in progress.
Many providers have concerns around malpractice and telehealth. There have been few cases that involve telehealth, and many have revolved around teleradiology. The low number of cases, however, is likely due to the low adoption of telehealth. Additionally, there have been a few negligence cases that involve the non-use of telehealth. Theoretically, telehealth malpractice cases are likely to increase the more it is widely used. However, one thing related to malpractice that providers should be aware of and which has become an issue to some providers is malpractice coverage. Not all carriers will cover for malpractice involving telehealth delivered services and not all coverage a provider has will be viable in another state. Additionally, some carriers will provide malpractice coverage, but may charge high premiums. Very little policy has been related to addressing these issues. Hawaii recently passed legislation that would require malpractice carriers in the state to offer telehealth malpractice coverage, but this is the only example that currently exists as of July 2016. Providers should ensure that their malpractice insurance does cover telehealth delivered services and that it is viable in any other states they wish to practice in. A provider may find he or she will need to purchase additional insurance.
In order to fully treat a patient, a provider must have the ability to prescribe. A relationship entirely built via telehealth may not be considered a valid means of establishing a relationship, limiting the ability of a provider to do so. The Ryan Haight Act dictates how telehealth (telemedicine is the term used in the Act) may be used to prescribed controlled substances. The Act provides specific scenarios on how the interaction between patient and provider must take place that include:
- A patient is being treated and physically located in a hospital or clinic registered to distribute under the Controlled Substance Act.
- Is conducted when the patient is being treated and in the physical presence of a practitioner registered to distribute under the Controlled Substance Act.
- The practitioner is an employee or contractor of the Indian Health Service (IHS) or working for an Indian tribe or tribal organization under contract or compact with HIS.
- Has obtained a special registration from the US Attorney General In an emergency situation (21 USC 802(54).
States have control over how everything else is prescribed when telehealth is used and as mentioned in earlier sections, the policies vary across states. Some states have very specific rules for the use of telehealth in prescribing while others are more vague or silent. Some of the rules center on whether telehealth is adequate to establish a patient-provider relationship which, again, vary across the states. This question of telehealth and prescribing has gained increasing attention in the last few years and will likely continue to be an area where states continue to develop their policies.
Health Insurance Portability and Accountability Act (HIPPA) – SECURITY
Utilizers of telehealth often have questions around HIPAA, privacy and security issues. Frequently, they will encounter vendors who say their equipment or software is HIPAA compliant. The technology alone cannot make one HIPAA compliant. Human action is required in order to meet the necessary level of compliance that is required. HIPAA does not have specific requirements related to telehealth. Therefore, a telehealth provider must meet the same requirements of HIPAA as would be needed if the services were delivered in person. However, to meet those requirements an entity may need to take different or additional steps that may not have been necessary if the service was delivered in person. For example, a tech support person who would not be exposed to protected health information if a practice was strictly in person may be in a different situation where telehealth is involved because that tech support person may be required to enter an exam room to help with the equipment. Additionally, states may have their own privacy and security laws with which providers must be familiar. HIPAA is a baseline to protecting health information and some states may actually have a higher bar a provider must meet in order to be compliant. Additionally, states may have specific internet vendor laws that may not be directed at health services, but nonetheless impact them because they are services sold via the Internet. If a provider is offering services in another state, it would be prudent to look into the state laws covering these areas.
Credentialing is the process used by health care organizations to obtain, verify, assess and validate previous experience and qualifications. Privileging is the process used by organizations, after review of credentials, to grant authorization for a practitioner to provide a specific scope of patient care services. Small and/or rural clinics may need certain specialists but do not have the resources or demand to hire one as a full-time staff members. Telehealth would be an option to these organizations but the process to credential a provider can tax already limited resources. CMS approved regulations to allow hospitals and critical access hospitals (CAH) to credential by proxy which allows a clinic (the originating site) to contract with another hospital, CAH or telemedicine entity (the distant site) to provide services via telehealth and credential those providers by relying on the credentialing work done by the distant site, if certain conditions are met. This creates a faster, more cost effective method for clinics and hospitals to access needed specialty care. The Joint Commission created parallel guidelines to the federal regulations. Both are optional to use and a clinic or hospital may still utilize a full credentialing process.
These links are for research only. They are not endorsed by the American Academy of Allergy, Asthma & Immunology (AAAAI).