Navigating the path to long-term telehealth…
The COVID-19 pandemic has driven an explosion in the use of Teleconference capabilities. These technologies that were only used for convenience for specific meetings and purposes are now critical services. Workers seeking to communicate and collaborate or merely connect socially have turned to a variety of voice/video tools. Providers looking for opportunities to reduce exposure risk and Personal Protective Equipment (PPE) utilization deployed voice/video tools for tele-consults that allow critical staff to consult on treatment without entering an exposed space. Some hospitals and post-acute care providers have deployed similar technology to facilitate no-exposure, remote patient/family visits. Centers for Medicare & Medicaid Services (CMS) temporary expansion and payment rates for allowable teleservice, along with the Office of Civil Rights’ temporary relaxation of HIPAA security enforcement has further promoted the rapid expansion of these tools and services. The large national telehealth providers have seen exponential growth, citing anywhere from a 50%-300% increase in utilization. Local and regional medical groups have gone from zero to 100% utilization of telehealth in a matter of weeks.
IT Organizations have been asked to rapidly expand existing or deploy acquired teleconference capabilities while simultaneously allowing and supporting business-unit or end-user driven purchases and/or the adoption of “free” teleconference software. Some healthcare providers are using whatever tools they have at their fingertips, that is also available to their patients including, Gmail meetings and Apple FaceTime Network. Security teams may not yet have a complete inventory and analysis of how and where these technologies are in use, nor the security implications and risks they present. This is exacerbated by many of these teleconferences happening “off the network” from home computers and user-owned mobile devices.
Care providers and staff have created new, ad-hoc workflows to integrate these tele-visit technologies into their workflow. New processes for capturing health plan membership and eligibility may result in missing/incomplete information. Handling credit card information for co-payments remotely may have created non-PCI compliant card information handling that increases the risk for fraud. Scheduling across a practice management system, a separate telehealth solution and/or a new teleconference can create multiple calendars that are not kept in sync, increasing the possibility of double booking or under-utilization. Non-integrated telehealth software may be fragmenting the medical record, increasing provider burden, and burnout. This would impact the ability to provide continuity of care, increasing the documentation processes for revenue cycle, and compromising the ability to generate mandated quality-of-care reporting.
Re-opening the economy and the new “normal”
The details of reopening the economy will differ from state to state and city to city. Governors and Mayors will assess and manage the risk of a potential rebound, PPE and drug supplies, hospital capacity to balance with increased testing capabilities, and the desire to restart economic and social activities. While many local officials will follow the COVID task force, CDC, and other published guidelines of a phased approach, they are likely to make locally informed decisions on when, where, and how business resumes, schools and universities reopen, and when elective healthcare appointments and procedures may resume. There is increased public and local pressures to begin easing work and social restrictions, so some locals may reopen faster and broader than others.
The effects of these reopening plans have yet to be determined. The size of the rebound infection rate is unclear, the timeline for effective and approved treatments is unknown and the wide availability of a vaccine is probably a year away. We can assume that healthcare providers and health systems must continue to exercise their duty of care and operate in ways that protect their patients and staff from exposure and transmission. Remote work, teleconference, and telehealth will be a part of that operating model.
While we believe that in-person contact and in-person care can never be completely replaced, patients, families, and care providers themselves are realizing the convenience and efficiency of telehealth. While CMS and other payors will likely reduce reimbursement for telecare, they too will recognize the value of this delivery model and will not reduce the payment to the previous low payment levels. Teleconference for in-patient and post-acute patient/family visits will continue to be a preferred tool for high-risk individuals and for remote family members. Continuing to use a full-time or part-time remote workforce will allow healthcare providers to reduce the operating costs of real estate and utilities and/or repurpose their current space for revenue-generating activities. Teleconference and telehealth use will decrease but are here to stay.
To have a complete
Security Risk Assessment Overview
e-mailed, complete the form below ⇓