The COVID-19 pandemic prompted health care providers and systems to rapidly adopt and expand telemedicine services. Telemedicine provides a safer alternative to in-person visits during the pandemic, but simultaneously introduces multiple decision points for implementation.
While many providers already have telemedicine in place, emerging evidence, policies, and guidance on implementation and maintenance indicate that answers to the question, “how do we implement telehealth equitably, safely, and sustainably?” are very much still evolving. Here, we summarize one of the many of the components of telemedicine implementation for health care system leaders. This is particularly important in safety-net settings that already face challenges related to limited resources and fragmented health information technology.
Regulations. The U.S. Department of Health and Human Services eased enforcement of telehealth regulations in March 2020 as a result of the COVID-19 pandemic. This discretion allows providers to use any nonpublic audio or video communication tool to connect with their patients remotely. More details about these changes in telehealth regulations can be found in the resources provided below.
- U.S. Department of Health and Human Services Office for Civil Rights: FAQs on Telehealth and HIPAA during the COVID-19 Nationwide Public Health Emergency — This PDF has answers to frequently asked questions about the enforcement discretion regarding telehealth during the COVID-19 pandemic, such as which parts of HIPAA are included, and what telehealth services are covered.
- Health Information Evaluation and Quality (HITEQ) Center: Using Non-Traditional Technology for Telehealth during COVID-19 Pandemic — This is a link to download a PDF tip sheet with important considerations for using non-traditional technologies for telehealth. It includes a color-coded guide of which technology platforms are most secure for telemedicine, which are permissible during the public health emergency, and which are not suitable for telehealth.
Cybersecurity. In implementing telemedicine, cybersecurity is a critical consideration for health systems. Main recommendations for improving cybersecurity include using encrypted devices and technology, utilizing a Virtual Private Network (VPN), and employing strong authentication parameters.
- U.S. Department of Health & Human Services and the Healthcare & Public Health Sector Coordinating Councils: Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients — This PDF report provides guidance and solutions for mitigating cyberthreats facing the health care industry. Main scenarios include email phishing attacks, ransomware attacks, loss or theft of equipment or data, insider data loss, and attacks against connected medical devices that may affect patient safety.
- Technical Volume 1 (PDF; for small health care organizations) and Technical Volume 2 (PDF; for medium and large health care organizations) provide practical steps to implement these cybersecurity practices.
- UCSF Center for Vulnerable Populations: Resources for Telehealth at Safety Net Settings — This webpage provides resources for telehealth in safety net settings. The section “For Clinicians” includes a link to download a word document “Setting up your Zoom account for patient video visits” with concrete guidance on ensuring waiting rooms are enabled to maximize video visit security.
PCMag: How to Prevent Zoom-Bombing — This article includes concrete tips on how to keep Zoom video calls secure and prevent them from being hijacked by hackers. It goes through settings like waiting rooms, making sure only the host can share their screen, and removing someone from a call.