patient data
Subscribe to patient data's Posts

Digital Health 101: OCR Issues Resources to Educate Patients on Telehealth, PHI

BACKGROUND

On October 18, 2023, the Office for Civil Rights (OCR) of the US Department of Health and Human Services (HHS) issued two resource documents to help explain the privacy and security risks to patients’ protected health information (PHI) when using telehealth services, along with ways to reduce these risks. In a press release announcing the guidance, OCR Director Melanie Fontes Rainer stated that “[t]elehealth is a wonderful tool that can increase patients’ access to [healthcare] and improve [healthcare] outcomes. [Healthcare] providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices, so patients are confident that their health information remains private.”

These new resources exemplify the trend of increased scrutiny in the digital health environment, aimed at ensuring that patient data is protected, secured and confidential (including with respect to pixel technology disclosures, artificial intelligence usage guidelines, state-level data privacy laws and medical board guidelines).

IN DEPTH

Resource #1: Outlining the Risks of Telehealth

With the release of this educational resource, developed on a recommendation from the Government Accountability Office (GAO) in a September 2022 report, OCR intends to help healthcare providers explain to patients, in plain language, the health information privacy and security risks that are present when using remote communication technologies such as video conferencing websites and applications for telehealth.

OCR notes that the Health Insurance Portability and Accountability Act Privacy, Security and Breach Notification Rules (HIPAA Rules) do not require covered healthcare providers to educate patients about privacy and security risks. However, the OCR’s educational resource is intended to assist providers who would like to 1) explain the privacy and security risks to patients’ PHI when using telehealth services and 2) share ways to reduce these risks. This information may also be helpful to a patient’s family or personal representative. HHS encourages and reminds providers to be mindful of inclusionary mechanisms when communicating with individuals with disabilities (e.g., providing auxiliary resources, using language assistance services or providing written translations of materials).

The educational resource provides suggestions for discussing the following:

  • What telehealth is, and which technologies will be used during the telehealth encounter
  • The importance of PHI privacy and security
  • Risks and mitigation strategies when PHI is shared, stored or transferred using remote communication technologies
  • Which communication technology vendors are used in delivering the services and how to view their privacy and security policies
  • The right to file a privacy complaint with OCR under HIPAA

Resource #2: PHI Security Tips for Patients

OCR’s patient tips resource provides recommendations that patients can implement to protect their privacy, security and confidentiality when interacting via telehealth technologies, including the following:

  • Conducting the telehealth appointment in a private location (e.g., a private room or a parked car), wearing headphones and avoiding using a speakerphone
  • Turning off nearby electronic devices that may overhear or record information
  • Avoiding using a [...]

    Continue Reading



read more

Surfing “Tech’s Next Big Wave”: Navigating the Legal Challenges in Digital Health

Fortune’s April 2018 cover story, “Tech’s Next Big Wave: Big Data Meets Biology,” conveys loudly and clearly that technological innovation is transforming the health care continuum—changing the way care is delivered, as well as how patients manage their ongoing health—and as patient demand for health innovation increases, more companies seem eager to hop on the digital health bandwagon. The article provides a thoughtful, realistic (and somewhat sobering) perspective on digital health innovation’s successes and other results to date. It also quite effectively uses real world stories to convey the human dimension of digital health. One is the story of a mother who manually sampled and recorded her son’s glucose levels 20 times a day before an automated monitoring system connected to a mobile app allowed them both to live their lives without constant interruption by this critical care management function. Another describes use of an artificial intelligence “command center” to expedite access to life-saving surgery by a man with an aortic dissection. These real-world examples drive home the fact that digital health is already making a profound difference in our lives by removing barriers to care that are critical to saving lives and managing chronic diseases.

What the article does not touch on, however, are the myriad, complex legal challenges that must be addressed at the earliest stages of the planning process and the intensifying interest of government oversight and enforcement bodies, such as the Federal Trade Commission, the Food and Drug Administration, the Office of Civil Rights of the Department of Health and Human Services, and the Securities and Exchange Commission, interested in protecting the safety and privacy of patients and consumers. Just last month, we saw the SEC charge Theranos’ CEO Elizabeth Holmes with fraud for allegedly misleading investors about the company’s ability to detect health conditions from a small sample of blood. Earlier this year, another “unicorn” start-up, Outcome Health, settled with the federal government after The Wall Street Journal reported that they allegedly misled advertisers with manipulated information. The United States has also brought claims against the private equity company investor of a compounding pharmacy that allegedly paid illegal kickbacks to marketing firms to induce prescriptions written by telemedicine providers for costly compounded drugs reimbursed by TRICARE.

Opportunities and Challenges of the Patient Data “Gold Rush”

Eric Topol, MD, director at the Scripps Research Institute, told Fortune that “the quest to retrieve, analyze and leverage” data “has become the new gold rush. And a vanguard of tech titans—not to mention a bevy of hot startups—are on the hunt for it.” There is no doubt that harnessing and analyzing big data provide virtually limitless fuel for digital health innovation of the type patients and consumers are demanding and that tech companies are eager to develop and commercialize. While optimism about the quest for big data is certainly justified, it must be tempered by caution and careful consideration of complex, multi-dimensional legal [...]

Continue Reading




read more

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law