About Napa River’s Risk Knowledge Series

Risk is unavoidable and evolving, but preparing for risk doesn’t have to be a daunting task. The Napa River Risk Knowledge Series brings you the latest in trending themes and insights for risk management.

mpty heading

This article highlights

  • Telehealth policy and regulations that providers must follow, such as state licensing requirements, HIPAA compliance, and malpractice insurance coverage for telehealth visits
  • Requirements for treating patients across jurisdictions through jurisdictions through mechanisms like licensure compacts
  • Consent requirements
  • Privacy and security measures
  • Billing and reimbursement policies for telehealth
  • Risk management strategies to reduce the likelihood of legal claims
  • Scope of practice considerations
  • Resources including guides on best practices, policy summaries, stories from the field and other agencies contact information

Cybersecurity, HIPAA compliance and other Telehealth tips. What are the most important takeaways:

  • While inappropriate employee use and disclosure of PHI (e.g., inappropriate sharing or selling of patient information) are more of a concern among large health systems, phishing and viruses are the most common types of cyberattacks in small practices. — from the American Medical Association
  • Cautioning hospitals and telehealth providers about the privacy and security risks related to the use of online tracking technologies that may be integrated into their websites or mobile apps and may be disclosing patients’ sensitive personal health data to third parties. — from the American Medical Association
  • Know your organization’s protocols in case of a potential shutdown or attack against medical devices. Help patients and staff by understanding the processes and procedures; this can help mitigate the impacts. That means asking:
    • How do we notify patients if their medical devices are compromised?
    • How do patients notify us if they suspect their medical devices are compromised? — from the Health Sector Coordinating Council
  • Tell patients that they can file a privacy complaint. — from Health and Human Resources.
  • Have thorough documentation of virtual visits. Proper records support defense against malpractice suits. — from Health and Human Resources.
  • Establish the below processes:
    • Routinely review your telehealth privacy and security policies.
    • Schedule regular deletion of files on mobile devices.
    • Utilize data back-up and recovery processes in case of breach.
    • Conduct a security evaluation from an independent party on your telehealth system to verify security features such as authentication, encryption, authorization, and data management. — from Health and Human Resources.

Brief insert from the article.

Before you offer telehealth:

  • Check with your insurance company to make sure they cover telehealth. In some cases, liability insurance will already cover it, and in others, you may need to purchase supplemental coverage.
  • If you plan to offer telehealth in more than one state, you will need to confirm that your insurance policy covers you for all locations.
  • You will also want to be aware of any state laws that regulate how you collect, and store protected health information. To find out more about the state laws where you practice, visit State Health Care Law .

Get the full content here.

Empty heading