\With the advent of telemedicine came several challenges not limited to IT security, patient-provider connection, and a host of technological issues. As the adoption of digital medical care is now relatively widespread, there is a new challenge facing telehealth – distraction. According to new survey data, approximately 44% of Americans engaged in a telehealth appointment during the COVID-19 pandemic and a significant proportion of those also reported multi-tasking or being distracted by other tasks during their visit.
Alongside the increase in telemedicine use there has been a corresponding rise in ransomware attacks and other cybercriminal activity directly targeting healthcare organizations. In October 2020, the FBI and U.S. Department of Health and Human Services issued an alert regarding hackers which are increasingly using “RYUK” ransomware to target hospital systems during the second wave of the COVID-19 pandemic. The costs of such attacks can be very high; the agencies estimate that ransomware attacks have been responsible for loses of at least $61 million in the United States between 2018 and 2019.
With the increase in cybercrime there has been an increase in ransomware attacks specifically, with over 20 medical facilities recently affected. Since 2016, ransomware attacks have cost the U.S. healthcare system a minimum of $160 million, according to research by Comparitech. In September of this year, University Health Services which encompass over 400 facilities across the United States and United Kingdom experienced a “RYUK” attack which forced them to take 250 facilities offline. No patients were harmed; however, employee communications were severely hampered.
Recent changes to the practice of medicine are evident; no longer are patients coming in for routine appointments, follow-up visits, or elective procedures. Many patients and practitioners are opting for the use digital health services, while some individuals are refusing to seek needed care out of virus-spurred fears. Alongside a marked decrease in demand for in-person care has been a significant rise in telemedicine use – the number of online visits in March surged by up to 50% per data from Frost and Sullivan consultants.
With the widespread adoption of telemedicine, healthcare market analysts now anticipate to see the general number of medical care visits rise above 200 million – up from the 36 million predicted for 2020 – and estimate all virtual health encounters will surpass 1 billion by the end of the year.
A multitude of software developers has already begun capitalizing on the occasion by developing new technological solutions and telecommunication platforms to fulfill the rising demand for online medical services. Meanwhile, to ease the implementation of telehealth across specialties, federal regulations have been amended relaxing HIPAA enforcement rules, mitigating reimbursement barriers, and making other helpful policy changes. However, the widespread lessening of restrictions has also prompted cybersecurity concerns as a result of an increasing number of users sharing their protected health information and personal data online. Due to time constraints and a rushed speed of market entry, many of these novel software solutions are lacking in safety certifications and robust testing.
Changes in Telemedicine Regulations
Now that the U.S. Department of Health & Human Services’ guidance allows HIPAA-covered entities to “use any non-public facing remote communication product that is available to communicate with patients,” providers are turning to common audio or video communication technologies. Broadening access to remote care, the agency now permits providers the use of programs such as Apple’s FaceTime, Facebook’s Messenger video, and Skype. The agency notes, however, that patients should be made aware of the potential cybersecurity and data privacy risks associated with these platforms as they are not intended for telehealth-specific use.
“This exercise of discretion applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19,” the HHS outlined in a statement.
Evaluating Telemedicine Providers
Faced with a seemingly abundant amount of telehealth vendors, healthcare providers may find it difficult to determine which one will best fulfill the needs of their practice. Many may already have embedded telehealth functionality via their electronic health record (EHR) vendors or their employing organization; these solutions can allow for seamless integration into practice, be cost-saving, and tend to have proven safety records. For practitioners seeking new telehealth vendors, the selection process may be daunting although the steps outlined below can help navigate the crowded landscape of telemedicine providers.
Finding and Understanding Your Options
In beginning the search for a telehealth provider, physicians should focus on narrowing down the possible options by outlining their practice’s key criteria and goals. The evaluation of potential vendors must take into account these values and should focus on the perspective of a long-term partnership, not just that of a transactional business. The goal of integrating a telehealth provider into your practice is to develop a long-standing relationship with them in order to have an expert resource on hand, guaranteed support throughout the introduction process and beyond, as well as a reliable, secure platform for your patients.
Researching potential telehealth services and their reviews is a critical component of selecting a vendor, however, it may be challenging to choose from the 900+ platforms available. Asking for word-of-mouth referrals and recommendations from your professional network can often help narrow down a list of possible telehealth vendors. Practices can also consider consulting the American Telemedicine Association or their state medical association for further suggestions.
After sufficient research, medical providers should select a shortlist of a few quality vendors and schedule calls with each one to discuss their service offering, policies, and compliance with stat guidelines. It is also important to incorporate legal feedback and security standards when evaluating potential partners to assure any potential liabilities are minimized.
Finally, upon selecting a few prospective vendor candidates, practitioners should develop a Request for Proposal (RFP) that clearly outlines their goals and share it with the vendors that best align with them.
Getting to Know the Platform and Team
After receiving and reviewing RFP responses, providers and medical practices should ask telehealth vendors for case studies and referrals to determine whether they can be considered safe, reputable sources. Scheduling time to speak with product engineers and existing customers can help physicians obtain a more realistic understanding of how the platform could function in their daily practice.
The next important part of the selection process is familiarizing yourself with the platform itself as well as the vendor’s customer service team – which you will be primarily communicating with. To do this, healthcare providers should schedule live demos of the software and informational calls with the vendor team. During these interactions, physicians should focus on evaluating the software across the six key factors outlined below in order to determine whether the service will adequately address their practice’s needs.
Six Key Factors for Evaluation
Important aspects of the vendor’s business to keep in mind include: tenure, funding source, financial stability, notable customers, and other affiliations. Practitioners are also encouraged to consider the company’s business model, product cost, reimbursement rates, risk sharing, and payment program options to approximate their return on investment. Does the vendor have expertise in offering telehealth to other practices in your specialty? Are they aware of federal and private insurance requirements? These are also questions to assess while investigating potential vendors.
From a technical perspective, the ability of the program to be integrated within a practice’s current IT landscape – and the EHR system in particular – can have a significant impact on decision making. As does the cost, process, and timeline of implementation, all of which are important factors to consider in the current environment. Other valuable considerations include: patient geolocation for licensure requirements, patient access to data, customization capabilities, biometrics/RPM integration capabilities, and the impact of regular use on internet and local network usage.
With cybersecurity threats currently at an all-time high, security guarantees offered by telehealth vendors are paramount. In evaluating a potential telemedicine provider, physicians should ensure it complies with HIPAA and local regulations, has a clear liability structure in place for managing potential data breaches, and is transparent about its data use practices. Other important security factors include user authentication and authorization systems and whether it has in-platform patient consent capabilities.
The usability of the product itself is one of the most essential factors for consideration in choosing a telehealth vendor. During live demos, healthcare providers should note their personal reflections on user experience – will it be easy to use for other care team members and patients? How long does it take for the platform to launch? How many steps are required to launch the application? Other factors for consideration here are: dashboard/workflow assimilation, multi-specialty application, patient and care team engagement metrics, as well as billing and payout processes.
Another key variable to evaluate when selecting a telemedicine provider is the quality of the company’s customer service. Medical practices and professionals should consider the level of support that would be available to them during and after service integration, which can include staff training, patient education, project, management, data analysis, and many other practice-enhancing features. In addition, the vendor should be able to provide an adequate degree of technical support for patients who may need assistance with setting up the platform, accessing it from different devices, and troubleshooting IT issues.
The final factor healthcare practitioners should guarantee is the clinical validation of their chosen telehealth technology; this can be done by requesting any available documented clinical outcomes as well as published peer-reviewed research.
Test the Product
After selecting a telemedicine solution that best suits their medical practice, healthcare professionals are urged to test the technology with either a patient advocate, member of a patient advisory board, or other staff member to ensure it can be successfully implemented. Some platforms and services may prove to be too complicated for patients to use, requiring more time spent on training and technical assistance rather than offering an efficient method of digital care delivery.
Setting your practice up for success in the digital space requires careful consideration of a variety of factors, most notably the 6 key conditions outlined above. In addition, selections of telehealth vendors must be made in accordance with state and federal regulations; medical offices and health organizations can consult practices on the requirements and help them narrow down available options. Furthermore, risk and liability mitigation is essential to a safe online practice – clinicians are encouraged to incorporate legal feedback and cybersecurity best practices to mediate any potential threats.
To further assist practices and providers in determining which telemedicine service is right for them, Healthcare IT News has published an ongoing list of telehealth vendors and their service offerings, accessible here.