Telemedicine Bill Prompts Privacy Questions

Telemedicine Bill Prompts Privacy Questions

How Would Laws Handle Cross-State Data Breaches?

By Marianne Kolbasuk McGee, August 16, 2012.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.

A bill just introduced in Congress proposes that Dept. of Veterans Affairs physicians be allowed to practice across state lines when treating patients through telemedicine. While I believe telemedicine can facilitate many great services to patients seeking care from hard-to-find specialists, the bill does shine a spotlight on many unanswered data privacy and security questions.

For instance, what happens if there's a data breach and doctors and patients are in different states? If one of those states has privacy laws (such as breach notification) that are stricter than federal HIPAA rules, which laws trump?

 Physicians who begin serving patients in other states will need to be sensitive to privacy and security restrictions that other states may impose. 

I've spoken to several experts about this issue, and the potential legal and security issues are fascinating.

In the case of the House proposal for VA patients and docs, it's likely that federal HIPAA rules would prevail, since the VA is a federal agency, says Timothy Rider, a legislative assistant to Rep. Charles Rangel (D-NY) who introduced the Veterans E-Health & Telemedicine Support Act of 2012 (H.R. 6107) with Glen Thompson (R-PA) and 11 other bipartisan co-sponsors.

However, this bill aside, there's also been a push underway for some time among organizations promoting the use of telehealth, including the American Telemedicine Association, to loosen up state laws that currently prevent healthcare providers in the private sector from treating patients across state lines via telemedicine.

For instance, there have been industry and legal discussions about changing state laws governing the practice of medicine so that doctors can provide care via telemedicine technologies to patients in other states, especially where some specialists, like dermatologists or radiologists, are in short supply, says Jonathan Linkous, CEO of the American Telemedicine Association.

In fact, one of the key drivers for the proposed telemedicine bill is to make it easier for veterans suffering post-war mental trauma and stress disorders to connect from their homes with VA mental health professionals, says Rider.

Currently, doctors who provide telecare for patients across state lines need to have medical licenses in the states where the patients are located. Linkous says that approximately 20-25 percent of U.S. doctors have licenses in more than one state, costing U.S. healthcare providers about $300 million annually for those credentials. National medical licensing of physicians is among the ideas floated to address those issues, he says.

Still, whether state medical licensing issues get resolved anytime soon, legal experts eventually will be forced to tackle questions about applicable data privacy and security laws. Whether it's a data breach involving telemedicine, or even a breach related to the sharing of patient data across state lines via a multi-state health information exchange organization, privacy and security legal debates are unavoidable.

"Physicians who begin serving patients in other states will need to be sensitive to privacy and security restrictions that other states may impose," says Adam Greene, formerly of the Department of Health and Human Services' Office of Civil Rights, and now a partner at law firm Davis, Wright Tremaine.

For instance, in Massachusetts, laws require that any person who owns or licenses personal information on a resident of the state - regardless of where the owner/licensor is based - must comply with a laundry list of data security requirements, including encryption of transmitted data. While that's not a federal HIPAA requirement, out-of-state-based healthcare providers involved with patients in Massachusetts better be aware of the state's stipulation.

As for telemedicine, those technologies - including remote patient monitoring, web-conferencing, and digital medical imaging - aren't any more susceptible to hacking and intrusions than other forms of health IT, Linkous says.

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Google Discloses Microsoft Zero Day Flaw

Microsoft says it's prepping a patch for a Windows vulnerability that was recently disclosed by...

Latest Tweets and Mentions

ARTICLE Google Discloses Microsoft Zero Day Flaw

Microsoft says it's prepping a patch for a Windows vulnerability that was recently disclosed by...

The ISMG Network