Top 4 Things to Consider Before Using Skype for Telemedicine
Here are my top four things to consider before using Skype – or any other technology – for telemedicine:
1) Does the technology comply with HIPAA’s requirements? Under the Privacy Rule, the technology vendor is a Business Associate if it stores (for any amount of time, no matter how short) or has access to protected health information (patient demographic and medical information). Whether the vendor stores information should be stated in the privacy policy. A Business Associate must provide you with a Business Associate Agreement, documenting its promise to protect the confidentiality, security, and integrity of your patients’ information. Under the Security Rule, Business Associates must provide you with audit trails, documenting who has accessed protected health information, and must comply with all of the other Rule’s requirements. And under the Breach Notification Rule, Business Associates must notify you of any breach of protected health information
2) Does the technology comply with licensing board requirements? As an example, Oklahoma law requires telemedicine technology to be sufficient to provide the same information to the provider as if the exam has been performed face-to-face, and HIPAA compliant. Another board, the West Virginia Board of Psychology Examiners has a Policy Statement,“Telepsychology – Skype” wherein the Board notes the American Psychological Association task force comments about Skype – the lack of encryption means Skype is not a confidential means of communication. The Board also agreed with the task force that “providing telepsychology on unencrypted sites is ill advised.” (www.wvpsychbd.org/policy_statements.htm)
3) Does the technology comply with payer requirements? For example, some state Medicaid program will pay for telemedicine services only when an approved telemedicine vendor is used.
4) Does the technology comply with professional standards? For example, the American Telemedicine Association has specific standards for adequate bandwidth and resolution.
Donna Vanderpool, MBA, JD – Vice PresidentAs Vice President of Risk Management, Ms. Vanderpool is responsible for the development and implementation of PRMS’s risk management services for The Psychiatrists’ Program. Ms. Vanderpool has developed expertise in the areas of HIPAA and forensic practice, and has consulted, written and spoken nationally on these and other healthcare law and risk management topics. She most recently wrote a chapter concerning the risks of harm to forensic experts for Robert L. Sadoff, MD’s book Ethical Issues in Forensic Psychiatry: Minimizing Harm, (Feb. 2011/Wiley). Ms. Vanderpool received her undergraduate degree from James Madison University, and her MBA and JD from George Mason University. Prior to joining PRMS in 2000, Ms. Vanderpool practiced criminal defense law, taught business and legal courses as an adjunct faculty member at a community college and spent eight years managing a general surgical practice in Virginia. |