The explosion of telemedicine and telehealth, or virtual patient care and monitoring, presents many opportunities for enhanced, more streamlined care. But it also threatens to outpace laws regarding the delivery of care, as well as health care compliance.

Emergency waivers and suspensions were set in motion in the early days of the COVID-19 pandemic, then extended – and then rescinded. But we believe telehealth is here to stay. With the move to electronic medical records and the need to quarantine or social distance due to COVID-19, telehealth has grown exponentially – by one health research report, over 4,000 percent. In one sense, this is welcome news, as the evolution of telehealth has traditionally been saddled with restrictions and regulatory hurdles. The opportunity to extend telehealth with more reach and flexibility supports the goal of broader access and better outcomes for patients who live in medically underserved areas, or who cannot travel from their homes. And for those who need to quarantine but need medical care due to COVID, telehealth is an important public health service.

But the patchwork of waivers, emergency rulings, extensions and dial-backs can present a challenge to health care providers when it comes to understanding compliance, payment for services and pursuing telehealth as a viable option for their organization, during the pandemic and beyond. What’s more, the threat of a cybersecurity breach of protected patient data looms even larger, as hackers grow trickier. Here are some key points to remember regarding compliance:

Telemedicine is more than just appointments over video. It includes phone, text or email exchanges, posting photos, appointment reminders, online portals, scheduling apps, remote monitoring systems, and even implanted devices capturing data like insulin pumps, oximeters or pacemakers – any way that patients interact or exchange information with health care providers virtually.

Privacy regulations still apply. As more patient data flies through the cloud, measures are essential to ensure encryption of protected health information (PHI), insurance information, and the discretion expected in a medical setting. That could include two-factor authentication, passwords to portals, and avoiding sensitive details in an email or text – the equivalent of shouting patient details into a crowded waiting room. It’s also important to ensure secure wireless networks for telehealth sessions or medical devices. The best security programs for your organization involve both technology and training: reminding personnel to go through the steps every time, even with a learning curve.

Providers need to comply with both state and federal laws. From treating patients across state lines, to obtaining patient consent for virtual treatment, to filing insurance claims and obtaining reimbursement, providers must abide by a patchwork of state and local mandates that govern telehealth. For example, although New York state’s telehealth emergency waivers have expired, the New York State Department of Health has issued guidance for Medicaid’s continued coverage of telemedicine and digital health.

Our team of health care compliance and cybersecurity attorneys are closely following the landscape of digital medicine in New York state. Subscribe to our blog, contact us with questions, and follow us for updates.