Online Continuity

Addressing Telehealth Risks Today to Ensure Continuity of Care

By Megan Headley

After years of efforts to change telehealth regulations that would broaden use of remote medical care, the COVID-19 pandemic has seemingly removed a great deal of resistance to the idea. Thanks to waivers that have allowed reimbursement for a broader range of services, exponentially more providers and patients have moved their healthcare online. And now that patients are becoming more accustomed to seeking care this way, healthcare organizations are expecting telehealth will continue to grow. Frost & Sullivan researchers are projecting a sevenfold growth in telehealth usage by 2025, for a five-year compound annual growth rate of 38.2%.

During the pandemic, telehealth solutions have proven critical in ensuring continuity of care and communication—the “most important parts of healthcare,” says Heather Annolino, senior director of Ventiv Technology’s healthcare practice. Yet Annolino calls for providers to ensure they’re not implementing solutions today without due attention to the risks tomorrow might bring.

“There are still the same risks that were in place before COVID-19,” Annolino points out. That makes now a perfect time to make sure your risk management is caught up.

Security risks

On March 17, as social distancing policies began to impact U.S. hospitals, CMS issued guidance to states seeking to expand telehealth for Medicaid in response to the pandemic. During a White House coronavirus briefing, CMS Administrator Seema Verma lifted a variety of federal restrictions on the use of the service and praised telehealth’s potential to keep at-risk populations from needing to leave home for care. The lifting of restrictions also relaxed many HIPAA requirements so that doctors could provide telehealth with their own electronic equipment.

While this federal action did fill critical gaps in care, it has also opened health systems to many of the security risks that had long been feared from telehealth implementation. Back in 2017, a federal task force on healthcare cybersecurity said staffing problems and outdated equipment and software put healthcare at risk of creating a public health crisis. As of September 2019, a report by cybersecurity firm Kaspersky found that one in four U.S. healthcare workers had never received cybersecurity training from their employer. In mid-2020, these remain real concerns.

Investigators are seeing “tons” of fraud cases linked to COVID-19, Kaiser Health News reports. These cases have included using patient accounts to bill for bogus coronavirus emergency kits, or billing for thousands of dollars’ worth of useless tests.

It was a June data breach of U.K. telehealth app Babylon Health that demonstrated the security risks many had feared. The breach allowed app users to access other patients’ appointments. Although Babylon Health stated the breach was likely the result of a software error, rather than a cyberattack, the incident still points to the importance of having risk management processes in place.

Process gaps

While there are always risks of hacking and phishing, many of the perils health systems face today have more to do with a lack of the proper safeguards that make up traditional risk management. As Annolino says, it’s critical that providers put a consistent risk management framework in place to mitigate the compounding risk factors associated with COVID-19. That framework should include the following steps:

  • Ensure proper credentialing. In March, the National Committee on Quality Assurance exempted organizations through September 1 from credentialing practitioners outside their network or practice if they were providing care as a result of the public health emergency. Insurance companies are offering provisional credentialing to expand their network of providers. However, this opens patients and providers up to serious fraud risk. Before connecting patients to their next step in care, ensure you have medical credentialing processes in place.
  • Check licensing. CMS has allowed states to request a waiver to temporarily allow out-of-state practitioners to provide services locally, so long as they are licensed in another state. Although industry advocates such as the American College of Physicians have requested CMS extend waivers for “interstate licensure flexibility” through the end of 2021, or until a vaccine or effective treatment for COVID-19 has been developed, there is no guarantee this exemption will remain in place. Ensuring appropriate licensure now will help guarantee seamless care later.
  • Update liability insurance. Health systems working with out-of-state specialists should verify that these providers have professional liability insurance through their employer or individually.
  • Create processes for standard IT procedures. Do you have backup and downtime procedures in place for managing remote visits? Are clinicians using secure employer-issued equipment, or are they making unsecured calls from their personal laptops? Are telehealth visits being conducted in private, away from high-traffic areas? Educating providers on security protection will reduce risks of data breaches.

“Establish as many of these things now as you can. It will help in the long run,” Annolino says.

Minimize gaps in care

Annolino offers a few additional tips to ensure a seamless telehealth experience for patients and avoid exposure to harm through gaps in care. First, she advises, ensure providers have easy access to their patient’s permanent medical records while conducting the telehealth visit. Make sure any documentation is maintained in a central location where it can be easily accessed by other providers who may be also treating that patient via telehealth.

Of course, shared access to information has been a sticking point for transitions of care even prior to the pandemic. “For instance, [if] you go into a [CVS] MinuteClinic or your local pharmacy, your physician doesn’t know you’ve done that unless you personally tell them,” Annolino explains. “How do we make sure that communication goes back to the medical records and to the people who typically see you? That’s a huge risk.”

But it’s also an opportunity. Encouraging more patients to seek services from one easy-to-reach physician or practice presents a chance to create a more continuous flow of care.

Create a program with staying power

Putting risk management processes in place today allows health systems to gather data on what works and what doesn’t, even if analyzing that data may have to wait for calmer times. If practitioners want to maintain telehealth’s tremendous momentum, it’s critical for them to understand what aspects of remote care function best.

As of June 29, 340 organizations had signed a letter urging congressional leaders to make telehealth flexibilities created during the COVID-19 pandemic permanent. Following proper strategies for reducing risk will help prove that telehealth is a trustworthy option for ensuring consistent communication and continuity of care.

“Some things have gone by the wayside, like physician-patient relationships being established prior to meeting,” Annolino says. “But you still need to know there’s a follow-up plan. We don’t want this to impact the continuity of care.”

Megan Headley is a freelance writer and owner of ClearStory Publications. She has covered healthcare safety and operations for numerous publications. Headley can be reached at megan@clearstorypublications.com.