Ask Me MD: Medical School for the real world
Ask Me MD: Medical School for the real world
Heidi Kocher, JD - Telemedicine Regulations
In this episode, Dr. Verret interview Heidi Kocher, JD about rules and regulations around telemedicine, including some of the changes enacted around COVID-19.
If you have questions or ideas for a show, send us an email at questions@askmemdpodcast.com. Hear the latest podcast at http://askmemdpodcast.com or through your favorite podcast directory.
Ask Me MD, medical school for the real world with the MD, Dr. D.J. Verret.
D.J. Verret, MD, FACS :Greetings and welcome to another edition of Ask me MD medical school for the real world. I'm Dr. DJ Verret. Today we're joined by Heidi Kocher to talk about regulations and rules around telemedicine. We'll talk to Heidi right after this. Welcome back to Ask Me MD, medical school for the real world. I'm Dr. D.J. Verret and today we're talking with Heidi Kocker, a partner at the law firm of Lyles Parker about telemedicine. Heidi, thanks for joining us.
Heidi Kocher, JD :Happy to be here.
D.J. Verret, MD, FACS :I know there's been a recent increase in telemedicine with the onset of COVID. And I think personally, I think that the telemedicine landscape is going to change and there will definitely even when COVID resolves, there'll be an increase in telemedicine. So I'm, I'm excited to have you on to talk about some of the regulations around telemedicine. So my first question to you is, if we have physicians thinking about telemedicine, what rules and framework would you give them to think about all of the regulations involved?
Heidi Kocher, JD :You know, I'm glad you're asking such a detailed question because many physicians sort of think, Oh, I can just sort of jump into telemedicine and, you know, I'll sign a contract with somebody and, and off we go to the races and I can do telemedicine for all of my patients. And it's actually a little bit more complicated than that. And, as you said, you know, with with COVID-19, we have some flexibilities in place, but I think many of those flexibilities will go away come next year. So I do think it's very important for physicians to kind of think more generally about these rules in the framework. So one of the big things, of course, is going to be the technology, what technology are you using, and what technology is your patient using? The original goal of telemedicine was really to expand into rural health areas. And and if you're relying something on, you know, zoom or WebEx or something computer based then the whole question of technology availability, you know, and broadband availability and so on is is a key question for the physician and the patient. Second question to consider is licensure and scope of practice. And most state licensing laws permit telemedicine as part of the scope of practice. There are a couple of specific niches where it's a little bit more circumspect and the practitioner actually has to register to do telemedicine. And again, during COVID, those flexibilities the government's the state governments signed flexibilities to to make it easier but again, once COVID goes away, I think those flexibilities will disappear. So you need to consider scope of practice and then licensure in terms of states Many states have reciprocity, many do not. And so the entire thought about the interstate compact on licensure, medical licensure is interesting. But again, many states don't belong to the compact. So you have to consider what the licensure requirements are not just where you are situated and licensed but also where your patient may be. And, and again, we've got a lot of flexibilities with COVID. But I think some of those will disappear once we move out of the COVID time. Another thing to consider is insurance. Once you're doing telemedicine, you're really in the cyberspace realm. And my experience is that many providers, most providers have insufficient cyber liability insurance. You know, this is HIPAA, of course, but really much more broader than HIPAA, just the the technology aspect of cyber liability. So you should be double checking to make sure that your insurance policy covers something like telemedicine, and then make sure that the limits are high enough. And another major consideration is, of course, HIPAA. You can't control what's in the patient's background, um, you need to however control what is your in your background, and I know that many physicians are doing telemedicine from home, which is which is okay. But you need to make sure that from a HIPAA standpoint, your space is secure, that you don't have people wandering in and out that, you know, people aren't interrupting you when you're doing a telemedicine visit. And if you're maintaining notes that you don't have anything sitting around on your desk, and so on. So again, we have some flexibilities on some of these during the time of COVID. But I think a lot of those aren't going to disappear once the pandemic subsides, and once we have a vaccine that's going to help the pandemic subside.
D.J. Verret, MD, FACS :And I'd like to talk a little bit more about the flexibilities. But one point of clarification, you mentioned cyber liability and malpractice. Really, those are two different coverages, though, that you're talking about, correct?
Heidi Kocher, JD :Yes. So, um, there's the cyber liability, and there's sort of general medical malpractice liability. I don't think that telemedicine usually adds that much more in terms of liability under General malpractice liability, although I suppose there are specific practice areas where it might be more of an issue. So, specifically, I'm thinking of something like a dermatologist. So if if a patient uses an iPhone and says, This is my rash, you know, and you can't really tell, then you might might have some med mal liabilities there. Fortunately, with dermatology most of the time, it's not a serious issue. And so, you know, the liabilities aren't too serious. But I do think that a bigger liability is again going to be the cyber liability. Because now everybody's online, everybody's remote. And that just really offers a lot more opportunity for bad actors, for hackers and so on. to two, breach your systems and for accidental breaches to happen as well.
D.J. Verret, MD, FACS :Back to what you were kind of mentioning earlier, what temporary changes have you seen in telemedicine law with COVID-19, that maybe physicians need to be aware of that we'll be reverting back in the changes going away within the near future.
Heidi Kocher, JD :And so one of the big ones is again, the licensing flexibilities across state practice, I think is a big one. In terms of specifics, there are certain codes, CPT codes and hickspicks codes that have time limits on them. There were some flexibilities. Granted in relation to those, you know that you can only do so and so many procedures during a certain timeframe. There were conditions that could not be performed via telemedicine and Again, we have some flexibilities there, I would anticipate that some of those diagnoses and ICD 10 codes will be removed from what is acceptable to do telemedicine right now, pretty much anything can be handled telemedicine, if it's if it's appropriate. I mean, obviously, you can't do surgery by telemedicine, but in terms of office visits, you know, much of that is now acceptable to do by telemedicine. Another discretion is, or a flexibility is on the type of platform to be used Office for Civil Rights which enforces HIPAA explicitly granted some flexibility on the type of platform that you can use. And they also granted some flexibilities in relation to HIPAA. And I completely expect all of those to go away. Once we sort of move beyond the pandemic.
D.J. Verret, MD, FACS :You mentioned HIPAA, and obviously, there are some exceptions, as you mentioned right now, but lead generally makes a telemedicine platform HIPAA compliant. So what we're talking about here is the security aspect of the HIPAA rule, mostly, although there's some administrative aspects as well. I think you know, the technology in particular is a particular concern that providers should be aware of. So one of the main things you want to be thinking about is the level of encryption. You want to be looking for at least 128 bit encryption. And I will note here that Skype actually has 256 bit encryption, but that doesn't make it HIPAA compliant. So but the first thing to consider is encryption. Another thing that you want to think about is, again, some some security measures, such as who has access to the platform, and who has access to the data that you have, where is the data stored, and where is it backed up. And obviously, you preferably have data stored and backed up here in the US, as opposed to the Philippines or Thailand or India. Another thing that you may want to consider is whether or not the platform has a history of security breaches. And this has actually been an issue with Skype, Skype has actually had a pretty significant history of security breaches, and people aren't really aware of them. But there are a lot of loopholes in the Skype coding for lack of a better term that permits security breaches. One of the biggest indicators that I think you will have as to whether or not a platform is HIPAA compliant, is whether or not the platform provider is willing to sign a business associate agreement. Now, again, this is one of the flexibilities that OCR has has put in place, they've they've waived temporarily the requirement to sign a business associate agreement. But personally, that is not something that I would waive, because a business associate agreement really, to me indicates that the platform provider is aware of what their responsibilities are and so on. So if you have somebody who wants to do telemedicine and offers their platform, but they're not willing to sign a business associate agreement, even though there's a flexibility in regard to that I would run screaming from that provider, because it indicates to me that they're not really serious about doing what they need to do to keep the platform secure. Seems like it would be a red flag there. I think it's a major red flag if they're not willing to sign a business associate agreement. So a couple of the terms I've heard mentioned in regard to telemedicine are synchronous versus asynchronous telemedicine. Can you maybe describe that a little bit more, especially if there's a regulatory difference between the two? Sure. So synchronous basically means at the same time, and this is the what I think most people think of when they talk about telemedicine. So that's where you are on audio at the same time. For example, like we're doing on this podcast, Or on audio visual at the same time. And that would be things like zoom, WebEx. Some of the other platform providers, you know, but again, where you have a visual and audio at the same time patient and physician. asynchronous means that you are not looking at the data at the same time. So a synchronous might be something where a patient sends an email to the physician. Let's say again, using the dermatology example, the patient takes a photo of a rash and attaches that to an email and emails it to the physician. And then the following day, the physician looks at that and responds and says, yes, you have, you know, contact dermatitis, here's a prescription, you know, for some kind of steroid. So that would be an example of a synchronous, it's usually used again, in context of things like email, readings of of radiographs and images and laboratory work, and so on. That's typically where you see a synchronous, there are some differences in terms of regulatory stuff, mostly in relation to reimbursement. Many of the CPT codes have actual differences in relation to synchronous versus asynchronous, so you need to make sure that you're coding the service correctly, with what kind of transmission you have. And again, there may be some some differences from a security aspect and standpoint. Again, if we're if we're online at the same time, presumably all of that is encrypted, and we want to have a very secure platform. Whereas if, if you're just emailing back, and fourth, you may have differences in terms of security and encryption there, you should still be secure and encrypted, but how it how it is achieved may be a little bit different. Those are probably the biggest differences. If I'm, if I'm looking at practicing telemedicine, obviously, if I'm seeing somebody in person, they are in front of me, we're in the same physical area. I'm practicing, obviously practicing medicine in the state that I'm in. But in telemedicine, it kind of opens things up or potentially I would get a telemedicine call from somebody who's out of state. Can I treat a patient who may be in a state where I don't have a medical license? And that is a fantastic question. And I think it is one of the least understood aspects for physicians practicing telemedicine. And your listeners are going to hate me because I'm going to give the standard lawyer answer which is it depends and maybe they won't hate you. But you're right. That is the standard lawyer answer. So I think one of the things is going to be you need to look at the state level laws. Again, with COVID-19. Many states have implemented flexibilities that do permit that kind of cross state practice. So here in Texas, for example, you know, Governor Abbott, he signed an executive order back in March, specifically permitting that. And and pretty much I think everybody or I don't know of any state that hasn't signed a flexibility. But that's that's a key thing. Again, once COVID goes away, that is one of the things that I do expect that flexibility to go away. And then there will be a lot more focus in on. Are you properly licensed in the state where the patient is one of the things that again, I think I mentioned this previously, but the interstate compact on medical licensure. Once COVID goes away, I would anticipate that there is much more of a push to permit cross state practice and licensure. But I also can see states being pretty jealous of their licensing and oversight rights and responsibilities. So again, once COVID goes away, I don't know that I would put my eggs in the basket of being able to cross state tape. treat a patient unless I meet with licensing requirements in that state. I think that the take home I'm hearing is basically check the regulations in your state for telemedicine and check the regulations in the state where the patient is for telemedicine to be that's exactly correct. Yes. We talked about it a little bit in malpractice versus cyber insurance, but is does malpractice liability change with telemedicine? I know you gave the example of Dermatology but kind of from a regulatory perspective. And I think I know the answer is probably going to be check with your malpractice carrier. But are there any constant regulatory framework that kind of changes when you go from in person to telemedicine in the malpractice space? There isn't generally and and you're correct, I wasn't going to say so much check your malpractice, go to your malpractice insurer, but to check your policy and talk to your malpractice insurer. Again, I think that telemedicine is a great tool. It has opened up treatment for many, many more people. But I think we are not completely aware yet of ways that it can impact a provider from a liability standpoint. And there are always create plaintiff's attorney creative plaintiffs attorneys out there that constantly come up with with new theories for which to try to impose liability. So definitely check your insurance make sure a that it, it covers telemedicine and if it's not clear, figure out how you can get that explicit in your coverage. And again, you know, we need to make sure that cyber liability insurance is covered, you know, which which may or may not be included in your standard policy, you may have to have a rider and again make sure that the coverage limits are sufficient to cover telemedicine And as a physician, I I just throw this out there i i'd say as well don't ever compromise your treatment of the patient, because it's on telemedicine if the patient needs to be seen in person then see the patient in person, right.
Heidi Kocher, JD :Yeah. And that's actually you brought up another good point. So one of the things that I always recommend is, is don't just jump into telemedicine, don't just sign a contract and say, well, whoa, now we're open for telemedicine business. I think physicians really do need to think through, you know, what can be handled via telemedicine and what needs to be seen in person. You know, and, and also, if you're on a telemedicine call, at what point do you escalate from either telemedicine to to either in person or perhaps even emergency services? You know, if somebody says they have chest pain, you know, at what point do you go from saying, Okay, well sounds like it might be, you know, GERD, to saying you're having a heart attack, you know, you need to call 911 and get an ambulance and or the physician staff needs to call 911 and get an ambulance there. So they need to think through the the escalation procedures and protocols as well.
D.J. Verret, MD, FACS :I think that's great advice. Ultimately, the standard of care is the standard of care and it's not going to matter whether you're talking to somebody on Skype or zoom or they're in person sitting in front of you in the office.
Heidi Kocher, JD :That's exactly right.
D.J. Verret, MD, FACS :We've been talking with Heidi koecher about telemedicine. Heidi, thanks so much for joining us some great some great information once again to take home.
Heidi Kocher, JD :You're welcome. I hope your your listeners found it useful.
D.J. Verret, MD, FACS :You're listening to ask me MD medical school for the real world. Until next time, make it an awesome week.
Announcer :Thank you for joining us for another episode of Ask Me MD, medical school for the real world with Dr. D.J. Verret. If you have a question or an idea for a show, send us an email at questions at asked me Md podcast.com. The contents of the podcast do not constitute any type of professional advice do not reflect the opinions of this company and do not create any type of professional relationship between the audience and presenters. No person listening to any episode of Ask Me MD should act or refrain from acting on the basis of the content of a podcast without first seeking appropriate professional advice. Nor should the information be used as a substitute for professional advice. W.J. Sonnier expressly disclaims any and all liability relating to any actions taken or not taken based on any or all contents of its podcasts