Health Law Advisor

We all know that telehealth is going mainstream.  The numbers speak for themselves.  A leading research firm predicts that 2.8 million patients worldwide used home-based remote monitoring devices in 2012—expected to increase to 9.4 million connections globally by 2017.  Another firm projects that the number of patients using telehealth services in the United States will grow to 1.3 million in 2017, up from 227,000 in 2012.  Even less rosy projections predict growth to 2 million patients worldwide by 2017.  The news is even better in subspecialties like telepsychiatry   that are ...

In the healthcare industry we often associate information privacy and security enforcement with HIPAA and state privacy laws.  However, a lesser known but in some cases just as significant regulator of information privacy is the Federal Trade Commission (“FTC”). This is especially true with regard to mobile health applications, which depending on how they function and collect personal information, may not be regulated by HIPAA.  Regardless of whether or not you have to comply with HIPAA, if you run applications or software that can access personal information, then the FTC’s ...

While telehealth technology advances, unresolved legal issues continue to deter wider adoption of telehealth as a means of delivering health care services. One issue that telehealth providers must consider is the standard of care that applies in telehealth encounters. Generally, a plaintiff in a medical malpractice suit must prove, among other things, that the provider breached the standard of care. Therefore, knowing what standard of care applies is critical for any telehealth provider that wishes to insulate itself from potential malpractice liability.

In traditional ...

Telehealth is going mainstream. Once limited to rural or remote communities, the use of telehealth is increasingly being used to address critical shortages within many medical specialties (such as dermatology, neurology, radiology, critical care and mental health), and as a more efficient means to provide health care services. Many leading nationally-recognized health care providers, health plans and others have significant telehealth initiatives underway often in partnership with telecommunications vendors and government entities.  And developments in this space tend ...

As the technologies used to deliver telehealth services become more complex, telehealth providers as well as other HIPAA “covered entities” have an increasingly demanding role to play in ensuring the security of protected health information (PHI).  To fulfill this role, both telehealth providers and their business associates (such as the information technology companies and data storage providers that support telehealth platforms) must implement not only technical safeguards, but also physical security measures.  From locks, to security guards, to alarm systems ...

During and after a recent presentation regarding telehealth before a health care executive group, we were inundated with the following question:  Why should a hospital provide telehealth services when often times it will not get paid for those services?  It is, on its face, a great question.  After all, few of us would want to provide services we know will not be reimbursed.  But, in many ways, the question misses the boat.  While a hospital may not be paid directly for providing telehealth services, it nevertheless could significantly benefit in a number of ways that prove just as valuable ...

Too often, companies try to re-invent the wheel.  This is especially true in the telehealth sector where new models of care are constantly being tried and tested.  Fortunately for U.S. hospitals, health systems, and companies, however, we have great examples of telehealth models from around the world that have built successful business models in telehealth.

Take the example of Calydial, a company based in Lyon, France, that specializes in remote dialysis. Launched in 2006, Calydial started with 25 patients with renal impairment who needed remote treatment and monitoring. Today ...

Telehealth is expanding rapidly outside of the U.S. in both developed and developing countries.  Not surprisingly, the expanded use of telehealth presents many of the same regulatory and reimbursement challenges abroad that it does here in the U.S.  One region in particular that has taken steps to expand telehealth across borders is Europe, where in an effort to confront the legal issues raised by telehealth, the E.U. has removed and revisited existing regulations.  The E.U. has also issued guidance through the European Commission (an institution that is responsible for ensuring ...

When evaluating the various legal and regulatory hurdles associated with telehealth—such as licensure, reimbursement, and privacy—one hurdle that often goes overlooked is the corporate practice of medicine.  Many states have enacted laws which directly or indirectly are viewed as prohibiting the “corporate practice” of medicine.  While variations exist among states, the doctrine generally forbids a person or entity, such as a general business corporation, other than a licensed physician, professional corporation (“PC”) or a professional limited liability ...

We are all too familiar with the many hurdles that stand in the way of the greater proliferation of telehealth.  This blog has examined various legal and regulatory stumbling blocks such as licensure, reimbursement, and privacy that continue to stand in the way of telehealth fulfilling its great promise—at least in the United States.  Other countries are increasingly embracing telehealth.  A recent spate of legislative and other activities, however, point to an evolving environment in which legislators and regulators are beginning to understand and grapple with the many legal and ...

The rapid development and utilization of remote patient monitoring tools in health care exposes the limitations of state licensure laws that generally require physicians to be licensed in states where their patients are located.  These laws are predicated on the physician and patient being in the same jurisdiction.  However, when using mobile-devices to actively monitor patients (such as a device sensor with 4G chipset that can directly connect to cellular networks), there is no single geographic anchor or fixed moment in time from which to define the encounter, episode or point of ...

While tech companies looking to provide health solutions must figure out early on whether they are HIPAA-regulated, HIPAA is not the be-all and end-all of privacy law. Even entities not regulated under HIPAA must abide by other privacy rules, including a wide array of state privacy laws. On December 6, 2012, in the state’s first legal action under its online privacy law, California Attorney General Kamala Harris filed a lawsuit against a major airline for not including a privacy policy in its smartphone app. The complaint alleges violation of California’s Online Privacy ...

While tremendous strides continue to be made in the growth and adoption of telehealth services, significant legal obstacles remain.  Among these obstacles are state drug prescribing laws.  In many states, physicians cannot lawfully prescribe drugs during a telehealth encounter, except in very limited circumstances.  For example, California requires that physicians perform a “physical exam” before prescribing drugs, and explicitly outlaws prescribing on “the internet” without a prior examination.  These restrictions vary from state to state, but many share certain ...

The recent discovery of a security flaw that allows Skype accounts to essentially be hijacked has again raised the issue of the security of web-based platforms—and whether providers can meet their HIPAA obligations when using these communication tools.  The issue of Skype and similar platforms and HIPAA compliance is one that I am often asked about.  In a previous post, I addressed the issue and concluded that providers who wish to use Skype or similar platforms proceed with great caution.  I noted that the use of web-based platforms, especially those that are proprietary, may make it ...

As telehealth continues to grow, there are a number of legal, regulatory, and operational issues that threaten to stall its progress.  We have tackled many of these issues in previous blog posts.  But no obstacle looms larger than the issue of payment.  How can providers get consistently and appropriately reimbursed by payers for use of telehealth?  Absent a clear answer, telehealth will likely find it difficult to fulfill its great promise—at least in the United States.  Other countries are pulling ahead.  Here is a look at the current reimbursement landscape facing providers and what ...

By Ross K. Friedberg and Ophir Stemmer

This year we’ve seen a continuation of the trend toward heightened regulation and enforcement of the privacy and security requirements under the Health Information Portability andAccountability Act (“HIPAA”) and under other state and federal health privacy laws. Although there have not been any significant changes to federal health privacy laws this year, federal enforcement activity continues to be strong.

This post provides a summary of the developments in privacy and security law throughout the past year; discusses the ...

by Joel Rush and Dawn Helak

All indications are that international telemedicine is well positioned for strong growth over the next several years. The global healthcare marketplace is ripe with opportunities for U.S. based healthcare systems and providers to take advantage of the expanding use of telemonitoring systems and other telemedicine technologies to deliver top flight healthcare to patients across the globe.

However, wherever there are opportunities, there are challenges. In addition to the economic and financial barriers to launching an international telemedicine ...

With a new era of active enforcement of the HIPAA privacy and security laws upon us, companies need to figure out early-on whether they are regulated under HIPAA, either as covered entities or business associates.  However, determining whether a company is subject to the HIPAA privacy and security requirements is not always straightforward, especially for companies in the health technology space.  There are two ways in which a company can become subject to HIPAA: (1) it functions as a health plan, health care provider or health care clearinghouse which could potentially make it a HIPAA ...

by Katherine R. Lofft

There are myriad opportunities right now for new businesses and talented entrepreneurs targeting healthcare, particularly in the IT sector.  It’s an exciting time for people and companies looking to harness the promise of innovation and the power of technology to improve health care delivery, empower patients and lower costs.

However, even the best ideas usually require money to get off the ground.  Sometimes they require more capital than the founders or management, or their family and friends, have available. While there are many individuals and ...

Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured.  Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps.  While protecting privacy and security of personally-identifiable information is generally important, privacy and security concerns typically do not rank as high priorities in decision-making when developing these types of apps.

By ...

Imagine there are two hospitals (or two physician groups). One is highly specialized and has developed a telemedicine program for treating stroke patients; the other is a community hospital or physician practice that would like to take part in this telemedicine program but does not want to pay for the technology needed to virtually connect with the program’s specialists. Can the telemedicine provider buy this technology for the receiving hospital or physician group, or rent it out at a deep discount, without violating the law?

This turns out to be a hard question. Under federal law ...

The following may surprise some: FDA approval or clearance is never enough. Not if manufacturers want a commercially successful product. There is no doubt that addressing FDA issues is critical. But without data to show effectiveness, payers will not reimburse a particular product or technology—and even the most promising product will languish in the market without the appropriate coverage and reimbursement.

The use of remote monitoring devices has increased significantly over the last few years. I think it is fair to say that many manufacturers of these devices worry ...

In the past few months, we’ve seen a number of federal agencies take important steps to promote telemedicine. In May, the Department of Agriculture began a $15 million grant and loan program that will provide funding to innovative rural telemedicine programs; the Veteran’s Administration, building on its already impressive telemedicine capabilities, reported in July that it will be testing a new telemedicine system designed to support rural primary care providers; and in May and June the Centers for Medicare and Medicaid Services Center for Innovation awarded funding to a ...

by Pamela Tyner

They say that everything is bigger in Texas, and the Lone Star State’s new privacy protection laws are no exception. Texas House Bill 300 (“HB 300″) amends the Texas Medical Records Privacy Act (“Texas Act”) and takes effect on September 1, 2012. HB 300 significantly expands patient privacy protections for Texas covered entities beyond those federal requirements as outlined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.

Read ...

I’m sure most of you know about BYOB, but do you know about BYOD (Bring Your Own Device).  This is the term used when a company chooses to forgo issuing company-owned mobile computing devices (think smartphones and tablets), and encourages its employees to use their own personal mobile devices for business purposes.  And in the healthcare context, BYOD has important implications.

For better or for worse, many companies have opted to institute a BYOD policy for a number of reasons.  Here are just a few rationales for BYOD:

• Employees likely already have a smartphone or tablet or both.

Dale C. Van Demark

Recent reports suggest the telemedicine industry will grow rapidly and broadly in the next few years. Patient surveys seem to lend support to these suggestions as the surveys suggest that around the world people are ready and able to adopt more telemedicine solutions

At the same time, there is a great deal of uncertainty here in the United States about the future. With the Supreme Court upholding the constitutionality of the Affordable Care Act, eyes are now turned to the many reforms that appear in the ACA - accountable care and payment reform; health insurance ...

 A significant yet little-noticed trend is underway. And its effects could be far-reaching.  A growing number of states are enacting so-called telehealth parity statutes. These laws generally require health insurers to pay for services provided via telehealth the same way they would for services provided in-person. Almost a third of all states have enacted these statutes, and I predict more states will be jumping on the bandwagon. Telehealth is indeed going mainstream.

Maryland became one of the latest states to jump on the bandwagon when the state’s governor signed a telehealth ...

Is Skype HIPAA-compliant? This is probably the question I get asked the most. For the sake of this post, I am using the term Skype to include Skype and similar free web-based communication platforms relying on proprietary voice over Internet technology.

As with so many things, the answer is complicated. But the question itself is misleading. Many vendors and manufacturers market their technology and products using terms such as “HIPAA compliant.”

However, products or technology cannot themselves be “HIPAA-compliant.” Hospitals, providers, and other covered entities ...

Many legal obstacles have long stood in the way of telehealth. There are licensure laws, prescribing laws, practice of medicine requirements, credentialing rules, insurance coverage issues, and concerns about privacy, among others.  These hurdles have until recently relegated telehealth to the most geographically remote corners of health care where the only means of obtaining medical care is by phone or computer connection to a provider hundreds of miles away.  But now, with physician shortages and the ubiquity of the smart phone, telehealth is beginning to show up all over the ...

There is a proposal moving through Congress that has some interesting implications for telemedicine.  Sen. Diane Feinstein (D-CA) and Rep. Bill Cassidy (R-LA) have proposed an amendment to the Online Pharmacy Safety Act that would impose additional restrictions on when and under what circumstances practitioners can prescribe medication under the Federal Food, Drug, and Cosmetic Act.  Although the Online Pharmacy Act is primarily intended to put an end to illegitimate pharmacies and the fraudulent sale of drugs online, as the American Telemedicine Association, HealthLeaders