Law in the Internet Society
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Telehealth, Privacy, and Covid-19 pandemic

-- By KatharinaRogosch - 08 Dec 2021

Since the start of the Covid-19 pandemic, healthcare has moved from in-person appointments to the provision of services through telehealth consultations. Telehealth services use telecommunications and information technology to provide access to health assessment, diagnosis, intervention, consultation, supervision, and information across distance. This means that telehealth encompasses both electronic and telecommunication technologies to support health care delivery, for both preventative and administrative activities. Telehealth services also use electronic health records and health information exchanges, targeting these primarily towards patients who otherwise could not obtain medical care, such as those who live in distant rural settings, the elderly, and high-risk patients.

Regulation of telehealth services and Covid-19

While telehealth services have been gaining popularity in the last couple of years, during the onset of the Covid-19 pandemic, both the Centres for Medicare and Medicaid Services (CMS) and the US Department of Health and Human Services (HHS) took unprecedented action to expand telehealth. This expansion was two-fold; first, by CMS’s waiver to Medicare program requirements allowing all beneficiaries to receive telehealth in any location, including their homes, and secondly, through the HHS relaxing the standards that apply to technologies that “include video-conferring, the internet, streaming media, and wireless communications” underlining that healthcare providers may use technologies that “may not fully comply with the requirements of the HIPAA privacy rules” if the provider makes a good faith effort to keep patient data private. It is this second expansion of telemedicine that is the focus of this paper.

One important aspect of the broadening of telemedicine services by the HHS and CMS waivers is that these services are no longer limited to telemedicine platforms designed by healthcare providers themselves. As part of HHS’s Notification of Enforcement Discretion, telemedicine services can now be provided on acceptable service vendors that use non-public facing platforms such as FaceTime? , Facebook Messenger video chat, Google Hangouts video, Zoom, and Skype.

Doximity and implications for the future of telehealth services

Doximity is a professional medical network for U.S. healthcare professionals as part of which more than 80% of US doctors and 50% of nurse practitioners and physician assistants are members. Doximity functions as a separate application as part of which physicians can “securely” connect and collaborate with other healthcare professionals about patient treatment and patient referrals. Doximity is unique because it also acts as a telemedicine provider (through Doximity Dialer and Video), however, the way it addresses physicians’ privacy and security makes it an interesting case study for the interactions between telehealth, the Covid-19 pandemic, and privacy.

There are two features of Doximity’s application that make it a unique telemedicine provider: Doximity Dialer and Video, which is a feature on the company’s mobile application that allows physicians to call patients using cell phones while displaying any phone number of choice on the patients caller-ID, and secondly, the fact that Doximity Dialer is HIPAA secure platform that facilitates encrypted communications with patients. Unlike the majority of telemedicine providers, Doximity developed video-call capabilities as part of their own application and made these HIPAA-complaint in a time when HIPAA compliance has been waived by the HHS.

The case of Doximity Dialer and Video lends itself to the broader analysis and implications of how the relaxation of the standards regulating telemedicine impact the privacy of patient data discussed, collected, and relayed on these applications. Pre-pandemic the use of telemedicine services was limited both by geographic area (i.e. available only to some Medicare and Medicaid recipients that lived in rural areas) and by how these services were provided (through specific hospital-designed platforms such as Northwell Health’s own telehealth service). This meant that the data collected and exchanged as part of telehealth visits was retained on these platforms, and as per HIPAA’s Privacy Rule contained audit controls that allowed system administers to record and follow audit trials whenever protected health information was created, modified, accessed, shared, or deleted.

The pre-pandemic provision of telehealth services must be heavily contrasted with the current situation, where a balancing exercise occurs between privacy and the pandemic risks of seeing medical personnel in person. The HHS opening-up of telemedicine calls through platforms such as FaceTime? , Facebook Messenger, Zoom, Google Hangouts, and Skype exposes individuals and their private medical data. For example, with over 200 million users, Zoom is the most popular video application but still faces cybersecurity challenges with “zoombombing”, a term used when calls are infiltrated by hackers. Concerns about the HIPAA compliance of Zoom were even expressed as early as March 2020, with one commentator underlining that “there are not serious concerns about the security of Zoom” and that “this creates doubts about using Zoom for communicating medical information, which needs to be fully protected”. If worries have been raised about the provision of telemedicine appointments through the Zoom platform have been raised, it is even more worrisome that these online medical appointments can be handled through Facebook Messenger as well.

If the platforms through which telemedicine services can now be provided are not secure, do not protect patients’ data, and are riddled with cybersecurity risks, the question is what future is there for telehealth? Are the Doximity Dialer and Video a better standard for the protection of individual data? While this essay has heralded the design of the Doximity application, namely for its HIPAA compliance and ability to protect the physician’s privacy, the design of the application targets physicians and not patients. This means that the focus is on ensuring that physicians are not harmed by direct contact with patients, and the protection afforded to the patient using the platform happens to be a positive consequence of this design. At the end of the day, the Doximity Dialer still retains patient information, however, in comparison to applications such as Facebook Messenger and Zoom, individual patients can view the data that is collected on the application and remove it. This creates a dilemma this essay was hoping to explore, namely, that how to balance individual privacy with increased access to telemedicine during the Covid-19 pandemic.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r1 - 08 Dec 2021 - 17:27:06 - KatharinaRogosch
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM