Legal Implications



Telehealth is the use of technology in health and medicine that has slowly become more prevalent with the current pandemic. Examples of telehealth include live synchronous online meetings with patients and healthcare providers, electronic health record systems to share medical information (Epic, Meditech, etc.), remote patient monitoring, and mobile health such as Apple Watches. With the increased use of telehealth, discussions regarding the legal implications of these services have increased. The discussion of legal implications includes HIPAA (Health Insurance Portability and Accountability Act) violations, making decisions about who is at fault for negative outcomes, and deciding what care is best for the patient based on their concerns. More research on HIPAA regulations and legislation creations should be explored to minimize these issues.


In this project, the legal implications surrounding telehealth were carefully observed and analyzed. Telehealth has been increasingly popular in the past few years and legislation regarding its use has had trouble keeping up with the changes. The video linked in this page shares a statistic that displays the growth of telehealth between the years 2015 and 2018 (Bold Business, 2018). In 2015, there were 1.16 million telehealth users. In 2018, there were an estimated 7 million users. That is a large amount of growth for such a short amount of time. As telehealth’s exponential growth continues, the technology is continuously being altered to fit the needs of the users (both patient and healthcare workers). As technology is advancing and changing, the legal implications of telehealth have to adapt to consider these changes. “There is a lack of uniformity in state telehealth guidance, including site-of-service requirements and the types of technology that may be used.” (Fanburg and Walzam, 2018) The use of FaceTime has been popularly discussed as a possible live synchronous meeting choice for providers due to its user-friendly design and vast accessibility; however, the research available currently states that the platform does not adhere to HIPAA guidelines. An article written by Dr. Marlene Maheu argues that “HIPAA regulation demands that providers contracting with vendors must execute a contract known as a business associate agreement before any health information can be shared, exchanged, or transmitted via their services.” (Maheu, 2019). Apple, which is the company that owns FaceTime, notoriously does not sign business associate agreements. Therefore, providers are not legally able to use Apple’s FaceTime as their vendor for telehealth appointments. If laws were altered to still maintain patient safety, but also allow for the use of FaceTime as a medium for telehealth, more people would have easy access for their telehealth appointments. Another article mentions that “Although there has been a considerable amount of state policy activity in an effort to increase utilization and reimbursement for telehealth, health care providers continue to encounter conflicting and confusing policies in terms of requirements for insurance claims, practice standards, and licensure.” (Marcoux & Vogenberg, 2016). This information reiterates the fact that more research needs to be done regarding the legal implications of telehealth. There is also confusion surrounding the policies on payment for telehealth. “Reimbursement for telehealth services provided for non-Medicare patients depends on where the patient is located while receiving the services.” (Fanburg and Walzman, 2018) Different states have different laws regarding how the patient’s visits are covered either by insurance or private pay. This can make it very difficult for providers to bill their patients and educate patients if they need insurance.


 Health Care Is A Right, Not A  Privilege.

Healthcare workers are responsible for the care and interventions recommended to patients, and this applies to telehealth as well. If a patient is in a telehealth appointment and is experiencing an emergency, the healthcare worker is responsible to identify the emergency and advise the patient to go to the emergency room. The healthcare worker is held responsible for the outcome of the patient, and in telehealth this can increase the need for them to protect themselves and their licenses. Along with recommending treatment, nurses and providers will need to triage patients after performing assessments. A provider will be presented with signs, symptoms, and history and need to decide whether a patient needs to come into the emergency room, schedule an appointment, or continue to monitor symptoms. This puts responsibility on the provider for the outcomes of the patient. For example, if a patient is experiencing stroke-like symptoms and the provider recommends the patient to make an appointment in the next 3-5 days, the patient may suffer from further injuries that could have been prevented. The provider will be blamed for this mistake and this is why more regulations need to be put in place to protect the patient and provider. One research article mentions that “The question of whether telehealthcare might meet the needs of particular patients in particular healthcare interactions is complex and requires further exploration.” (Finch, Mort, Mair, & May, 2008). This highlights the fact that more research needs to be done in many areas of telehealth, including ethics. To summarize, privacy is a basic human right that needs to be upheld by healthcare providers both in person and online. The laws regarding telehealth practice need to protect the rights of patients while keeping up with the changes in technology.


Population/Stakeholders and current practices


Telehealth has benefited many communities and patients, while healthcare corporations and organizations have worked to incorporate these practices into the system. To begin the process, hospitals and healthcare companies need to adopt certain services, such as Epic, MediTech, Zoom, or remote medical monitoring, into their practice. The companies that design these services are responsible for ensuring that privacy is maintained throughout the whole process. For example, Zoom has safety settings that allow meetings to be locked and have a passcode to enter. This ensures only people authorized are accessing the health records and appointments. Also involved are insurance companies that deal with billing and monitoring cost differences between telehealth and standard healthcare appointments. Organizations, such as The Joint Commission, Institute of Medicine, Centers for Medicare and Medicaid Services, and Agency for Healthcare and Quality, help guide the creation of regulations involving telehealth. Telehealth appointments for patients speaking to healthcare workers start with the nurse or provider assuring the privacy of the appointment. “A rule of thumb could be to define privacy as the right of the client and confidentiality the duty of the service provider.” (Finch, Mort, Mair, & May, 2008). The healthcare worker should always ask the client to confirm their name and date of birth to assure the correct person is at the online appointment. It is the healthcare workers duty to monitor privacy and show the patient that there are only authorized people listening. The nurse or provider begins by assessing the patient about their signs and symptoms. Other appointments can be used to educate patients regarding a recent medication change or surgery. The healthcare workers need to be educated on the telehealth information and be confident in educating the patients. Many patients, such as older adults, disabled patients, or patients without internet access, may have hard times utilizing telehealth. This is where the nurse or healthcare worker can educate and work with the patient to get the most out of their care.

14 Essential Apps for Protecting Your Privacy Online

Current rules on telehealth are often vague and unclear. Discussed in lectures throughout this semester, proper etiquette for online appointments was outlined. The healthcare worker needs to appear professional, attentive, and informative. This includes the healthcare worker maintaining eye contact by looking into the camera and allowing the patient to feel heard and comfortable. Also, monitoring who has access to healthcare records should be carefully done. Electronic health records in hospitals, such as Epic or MediTech, are set up to have log-ins for authorized personnel only to access the records. There will be several warnings on the application if a non-authorized person tries to look at the records. For example, if a nurse tries to look at someone who is not their patient, it will ask the nurse if they want to continue. If this is not necessary, the nurse may face consequences because they are violating HIPAA.

Laws and regulations need to be further researched and created. “Requirements concerning the electronic communication of personal information are imposed by national legislation.” (Henriksen, Burkow, Johnson, & Vognild, 2013). The current laws regarding privacy and telehealth include HIPAA, Access to Health Records Act of 1990 and the Data Protection Act of 1998. (UK Legislation, 1990) The Access to Health Records Act of 1990 discusses the laws regarding who can access healthcare records and what is considered “health records”. Another law that discusses online healthcare is HITECH Act. “The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 [PDF - 266 KB] provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.” (Health IT Legislation 2020)



Ethical Concerns


With many health inequalities affecting the population, difficulties have emerged with trying to adapt to telehealth. “The idea of the "digital divide" refers to the growing gap between the underprivileged members of society, especially the poor, rural, elderly, and handicapped portion of the population who do not have access to computers or the internet; and the wealthy, middle-class, and young Americans living in urban and suburban areas who have access.” (Digital Divide, 2020) This brings up ethical concerns due to the lack of accessibility to telehealth for some populations. There needs to be improvements to bridge the gap of the digital divide to ensure equality among its users. An article by Ortega et al. emphasizes that “the sustainability of telemedicine must come alongside a strong commitment to equity.” (Ortega, Rodriguez, Maurer, Witt, Perez, Reich, & Bates, 2020) They also mention that much of the gap could be addressed by “Many of these patient needs can be met by partnering with local organizations that offer technology training courses, access to subsidized services, and donations of mobile phones and other hardware (health monitoring wearables or devices).” (Ortega et. al., 2020) If there were better suited laws to help guide the use of these interventions, more people would have access to telehealth which would help bridge the gap of the digital divide.

Are Privacy Fears Expanding the Digital Divide? - Student Privacy Compass


There have been several clinical risks associated with telehealth use increasing. Privacy, scope of practice, negligence of responsibilities, and communication issues have been identified. Patients need to be assured that their privacy is being maintained and only authorized healthcare workers are involved with their care. Healthcare workers need to take responsibility in following rules and regulations. “It is thus important for physicians practicing telemedicine to ensure that: They give all the necessary information to the patient and family, They answer all the patient’s concerns and questions, and They give the patient the opportunity to refuse or limit their consent where Applicable.” (Lateef, 2011) Providers and healthcare workers need to also be correctly licensed in the states they are practicing in. Different states have different rules regarding licenses; however, many states require the healthcare worker to be licensed in the state their patient is a resident in.


Telehealth has been discussed as not delivering the same care as standard health appointments. Many providers and healthcare workers find it difficult to build a rapport with their patients because it is not as easy to provide therapeutic communication. The benefit of telehealth is it follows some Nursing Code of Ethics and ensures that patients are provided with autonomy. Patients are able to access healthcare records themselves, schedule appointments from home, and choose the care they would like to receive. However, there can be an argument that telehealth does not provide justice. Some patients have a harder time accessing and using telehealth, which can compromise their care. The provider and healthcare worker should work with the patient to make sure they are receiving efficient care if using telehealth.

What Medical Interpreters Need to Know about HIPAA - Intelligere Solutions





While telehealth has allowed patients and healthcare workers more flexibility, it has also brought up issues regarding privacy, ethical decisions, and availability issues. More research needs to be completed to identify solutions to these issues. Starting off, telehealth should be more accessible to patients, such as older adults and disabled patients. Ways to allow access for older adults or disabled patients, include education from volunteers on how to use computers, where to gain internet access, and helpful platforms such as closed captions. As previously mentioned, there should be better laws in place to bridge the gap of the digital divide that prevents some individuals from accessing telehealth. Lower income families would benefit from telehealth because they may not have transportation to appointments. Programs to help lower income families gain access to computers and the internet should be implemented through the use of government spending or public use buildings, such as a library.


Current laws and regulations involving telehealth, privacy, or health records are vague and are not clear enough to healthcare workers. Further research is recommended on what platforms are HIPAA compliant, responsibility on healthcare workers, and what practice is allowed on telehealth. Listening to a lecture by Mary Lowry, different services of telehealth were discussed. Lowry discussed that Dartmouth Hitchcock has conducted research to further learn ways to change the ways telehealth is used in emergencies. For example, there is a program called TeleEmergency that allows a patient to discuss with a provider and find out whether an emergency room visit is necessary. As Lowry discussed, it can be difficult for the provider to see the whole picture of the patient and may become responsible for negative outcomes. To minimize negative outcomes, the providers from Dartmouth Hitchcock are available to other providers at emergency rooms. If these providers are unsure about care, they can discuss with Dartmouth providers.  Overall, telehealth has certainly benefited several different populations. Especially during the current pandemic, telehealth has been utilized to decrease exposure to high-risk patients. While these benefits are significant, difficulties have arisen. Whether providers can use their full scope of practice, privacy issues, and billing issues have become topics of research.