One potential reason this process has not yet blossomed fully is the concern regarding confidentiality, especially as pertaining to the dreaded HIPAA Privacy Rule and health-related data transmission via the internet. Please recall that not all providers are considered to be a covered entity under HIPAA, and it is not clear whether live video-teleconferencing data qualifies as an electronic transmission (sending) of a "covered transaction".
In any event, Skype (TM) is HIPAA-compliant. According to emails I have received from representatives of The Office of eHealth Standards and Services at the CMS Headquarters in Baltimore, Maryland,
"CMS does not advise on technology specific issues,
because the HIPAA [Privacy] Rule specifically allows for flexibility
in the approach to safeguarding information..."
because the HIPAA [Privacy] Rule specifically allows for flexibility
in the approach to safeguarding information..."
So there you have it, myth busted. Who can argue that use of Skype's 256-bit encryption technique does not meet HIPAA's intentionally vague requirement that covered entities safeguard the transmission of private health information?
The representatives further communicate that to be absolutely compliant, a covered entity must assemble a Risk Management Plan, documenting its understanding of the risks (i.e. transmission via standard internet lines means potential access to the data at all nodes, and a plan to address them (i.e. sophisticated 264-bit encryption).
In my next entry I will address the issue of the Ryan Haight Act, otherwise known as the Internet Pharmacy Consumer Protection Act of 2008, and its potential impact on home-based telepsychiatry, or lack thereof...
The representatives further communicate that to be absolutely compliant, a covered entity must assemble a Risk Management Plan, documenting its understanding of the risks (i.e. transmission via standard internet lines means potential access to the data at all nodes, and a plan to address them (i.e. sophisticated 264-bit encryption).
In my next entry I will address the issue of the Ryan Haight Act, otherwise known as the Internet Pharmacy Consumer Protection Act of 2008, and its potential impact on home-based telepsychiatry, or lack thereof...
I read in my Skype that private video sessions are no longer available, only options are chat rooms that could be hacked by anyone at any time
ReplyDeleteIs that still considered safe? How about msn messanger?
Live video teleconferencing, whether between two individuals or more, appears to be a primary aspect to the Skype business model...so where are you reading that Skype no longer supports 'private video sessions'?
ReplyDeleteI think you put too much emphasis on HIPAA, and OCR enforces the law, not CMS. Read my post: http://behavenetopinion.blogspot.com/2009/08/its-nice-to-be-nace-not-covered-entity.html
ReplyDeleteYou need to look at state statutes, too. And what about your malpractice carrier? Will they cover you for this? Can you claim insurance reimbursement?
I testify in malpractice cases. If there's a bad outcome it will be very easy for a plaintiff's expert to hang you out to dry for not meeting standard of care.
Having said all that I wish you the best. H1N1 cannot be transmitted via Skype. People will die this year because they went to a doctor's office and transmitted it. Shame on our government and professional associations, esp. APA, for dragging their feet on this. It needs to happen yesterday.
Regarding HIPAA, what difference does it make who enforces it? The rule still allows for flexibility with regard to the safeguarding of information. My only point here is that HIPAA should not be a barrier to practicing telepychiatry via Skype.
ReplyDeleteI agree that state statutes are important regarding the prescribing of medications without an in-person evaluation. Some states endorse this practice in their Medical Board's regulations; some do not. My next post will address this point.
Regarding malpractice insurance, The Campania Group offers full coverage for home-based telepsychiatry via Skype, as defined here. See http://www.telmedinsurance.com. There may be others now.
Medicare covers telepsychiatry 100% - same as in-person evaluations. Medicaid is state-specific and in some cases region-specific. Private insurance companies vary by state on their reimbursement.
Regarding your comment about standard of care, please elaborate on how you believe this model varies from the standard of care, given that telepsychiatry has a long track record (30+ years) of safe and effective treatment of mental illness?
State statutes may also address some of the same issues as HIPAA, and states differ considerably with regard to practice at a distance, even by phone, by professionals unlicensed in their state. I would argue the initial evaluation should always be in person, but not necessarily follow up visits.
ReplyDeleteI'm glad to hear about the availability of insurance and Medicare.
As for standard of care, remember that's ultimately in the hands of judge and jury, all of whom are accustomed to seeing their docs in person, and the vast majority of cases are settled, sometimes without the doc's consent. Easy work for a plaintiff's expert if there's been a wrongful death or adverse medication effect to blame claim it would not have happened but for the lack of face to face contact. Informed consent might help. Also, I understand that some telemedicine setups include a paraprofessional on the patient's end. This could also be interpreted as necessary and probably contributed to that track record.
What we need is mandated reimbursement, mandated coverage by malpractice carriers, and practice guidelines that say when it's clearly OK or even preferred.
And CMS or OCR should issue a statement endorsing telemedicine via Skype or whatever technology they deem secure immediately.
Devil's advocate again: Someone is bound to ask how you handle patient emergencies when routine contact is via Internet. I say all should call 911. What do you say?
ReplyDeleteWhy can the initial evaluation not occur via telepsychiatry assuming that the information obtained by the physician meets standard of care for a routine outpatient psychiatric intake? Keep in mind that physical examination is not part of the standard of care of traditional outpatient psychiatry. My model includes a requirement that all patients visit with a PCP to proceed with follow-up, representing a frequency of referral to primary care uncommon in the traditional outpatient setting.
ReplyDeletePoint well-taken about judge and jury having not yet seen a mental health provider via telepsychiatry but I predict that will change. Also, I find it difficult to envision a scenario whereby an in-person evaluation could have prevented a wrongful death or bad outcome, again assuming that the information transferred between patient and physician meets the standard of care of traditional outpatient psychiatry, including informed consent for all treatment and for the telepsychiatry process itself.
You are correct about the historical presence of a paraprofessional on the patient side during most of the history of telepsychiatry. But I would challenge you to describe how the absense of a paraprofessional increases risk. I argue (and Campania agrees) that there is no increased risk.
You are correct that 911 is the answer in case of an emergency. Note that this is also the recommended way to handle an emergency in the traditional outpatient setting. For this and other reasons, the patient must disclose his location/address at the onset of every telepsychiatry appointment.
Theoretically a televisit should work even for initial contact. Maybe the best argument is in the interest of proceeding gradually. Also, please comment on televisits, esp. first one, in light of the Red Flag Rule that takes effect Monday.
ReplyDeleteThe bad outcome problem would probably involve an argument that communication was inadequate even if baseless. I don't see the need for a paraprofessional either.
911 is not necessarily recommended for emergencies. Even APA ethics committee implied in answering my question about this that in rural areas or if you have not "determined" that 911 can handle the situation (absurd), the doc is responsible. And risk managers I have spoken to even regarding patients I see in the office, but who live or travel a long distance away, ask questions like, "How would you admit them to hospital?" Never mind that I can't admit them if they're standing in front of me. I send them to the ER.
You should put some of this together as a guideline on the Web.
Interesting discussion - I hadn't realized this strategy was in play as much as it appears to be.
ReplyDeleteI'm generally a supporter of IT-enabled care; I think there are tremendous potential benefits, but in transposing "meat world" concepts and standards we need to be careful. For example, I've been involved in trying to figure out how to provide clinical support for persons with diabetes in Second Life, and I know of some projects around PTSD and related issues. Potentially great technology, for which we don't yet have sufficient understanding for what I would consider a valid basis for protocols.
As to Skype and telepsychiartry, I would have a few concerns. In the first place, I personally don't feel Skype has been sufficiently vetted for security vulnerabilties to allow it on a computer I use for client-confidential information or critical activities. I don't know that it is particularly vulnerable; I do know that a couple of security experts I trust a great deal have told me they have tried to look into it and don't know enough to trust it themselves. If I can't get enough information to feel I can do an informed risk analysis, I won't install it.
Now, obviously Skype is not really the point for telepsychiatry - it's an optional application, valuable because it lowers costs etc. But really we are talking about verbal consultation (I assume no video?), which could be done using any VOIP application or phone. Especially given the growing ubiquity of smart phones (not sure something can be both "growing" and "ubiquitous," but it seems to fit) this could be a very useful model and I would expect it to meet some real needs and demand.
Which means it should be handled carefully. For our purposes I'd analogize it to physician-patient email or portal-based messaging, also valuable and in some demand, which also happens to be something I've done a lot of work in. (Probably one reason the analogy appeals.) The AMA and a number of researchers and analyzts, me included, put a fair amount of work into protocols for that, which might be helpful in figuring out protocols here.
In particular, these protocols suggest that online clinical communications should only take place in the context of a physician-patient relationship which has already been established - the communications channel should not be used to set it up. Patients should be enrolled in such a program based on informed consent, which to a lawyer means documented affirmation of the limitations and conditions which apply. Nor will all patients qualify.
I guess I'd specifically recommend against establishing the relationship in the first place with a televisit. I think there's a lot of nonverbal communication which may be essential to ensuring an accurate understanding of the patient, and that the patient has an accurate undertanding of what's going on and what can go on. Anyway there is some literature out there; I can provide protocols on physician-patient email in particular as a potential model.
Helpful perspective, John. Here's why I don't even keep patient email addresses in my patient contact app, much less send them messages: I once sent a very personal message to the Exec Dir of a professional organization by mistake because of similar names. This should not be a problem with televisits that include video.
ReplyDeleteThanks for your post, JRC. Clearly there are a myriad of issues regarding the physician-patient relationship as it pertains to communication through means such as VOIP, phone, email, and virtual reality i.e. Second Life.
ReplyDeleteFor the purposes of this blog, I'd like to limit discussion to the use of live videoconferencing, as it stands the best chance of become widely accepted as a medium for offering legitimate psychiatric treatment, including the prescribing of medicines, without patient-physician physical proximity. The reason for this is due to the inherent ability to make visual observation and therefore the ability to document a mental status examination, bringing it into line with the standard of care of traditional outpatient psychiatry.
I have addressed the issue of security and HIPAA compliance in a previous post. Briefly, breeching of a live Skype communication would require both (a) high technological capability and (b) malicious/criminal intent, the combination of which I perceive to be rare when directed at private psychiatric treatment.
Regarding your statement that there is "a lot of nonverbal communication which may be essential to ensuring an accurate understanding of the patient", I would argue using the extreme example that Skype telepsychiatry provides infinitely more visual information than would be obtained by a blind psychiatrist...and I'm not aware that highly acute vision is a requirement for board certification and/or professional aptitute in the practice of psychiatry?
More relevant to forensic evaluation, but I understand research has shown that psychiatrists are BETTER able to detect lies when they cannot see the subject.
ReplyDeleteWondering if Skype should be signing a HIPAA Business Associate Agreement? The new terms go into effect this week. I have talked with Hushmail and they are willing to sign such agreements for practitioners.
ReplyDeleteThe best answer to HIPAA is to be "not a covered entity". But if the feds consider Skype a business associate, what about your cell carrier, landline company, broadband provider, etc? And you don't necessarily have to indicate the patient's name or other ID info during a Skype contact.
ReplyDeleteThe concern is that Skype states they own the correspondence- so in terms of record storage- chats that are archived- if therapist is owner of the record...well that opens up a new can of worms- and since you can archive chats on skype, then does that mean Skype is the 3rd party record storage entity?
ReplyDeleteThe issue is that landline and cell conversations are not archived- chat via skype is- (video is not).
DeeAnna: Best policy is to use Skype only for a/v. I only use the messaging/chat feature for sending a URL or a brief greeting. In fact even the a/v part almost never includes mention of who I am or who the pt. is, or any private info other than discussion of meds, doses, side effects, symptoms. I heard at a conference yesterdays that the Austrian police claim to be able to tune in to any Skype conversation in the world. Maybe we should get all Skypiatric patient to authorize release of info to Austrian police.fasin
ReplyDeleteMost definitions of 'telepsychiatry' require the use of live two-way videoconferencing. I do not advocate the use of telephone consultations, email, or text chat for clinical purposes. When using those media, it becomes impossible for the physician to document a mental status examination (MSE), which is the hallmark of psychiatric documentation for both clinical and medico-legal reasons.
ReplyDeleteThis is one of the primary reasons that Skype telepsychiatry meets the standard of care set for traditional outpatient psychiatry - the notion we can document an MSE makes all the difference.
The security issue is irrelevent because even if you argue that Skype is not HIPPA-compliant, it all comes down to informed consent; if the patient wishes to take the risk of being 'hacked' (and many patients do) then the issue instantly dissolves.
If we include telephone and all the other modalities it helps emphasize that videoconferencing is BETTER than the others, rather than the fact that it is limited relative to a live visit.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteWho did you email exactly? I would like to send an email asking the same question. That way I can cover my butt if needed. Thanks for this post because I feel that SKYPE is a great way to connect with people who might not otherwise ask for help.
ReplyDeleteBeverly.Mendicello [at] cms.hhs.gov
ReplyDeleteAccording to the HIPAA rules, every worker whose working in a covered entity and handles medical records of patients, must undergo HIPAA certification training. That is must.
ReplyDeleteNice stuff..i really enjoyed reading this blog!thanks for adding this content ..keep posting!
ReplyDeleteHIPAA Training
nice site and given to great post thank you for nice post.
ReplyDeleteHIPAA Certification
When I read the statement in the original post above, it doesn't Skype is HIPAA-compliant. Rather, it says CMS is not commenting. It's up to us to read the law and get our Business Associate documentation in place.
ReplyDeleteWhat am I missing?
Here is a site that summarizes info on the 2009 HIPAA/HITECH Act:
ReplyDeletehttp://www.hipaasurvivalguide.com/hipaa-survival-guide-21.php
It meets encryption standards, but does not met the other requirements
Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!
ReplyDeleteHIPAA Compliance
thanx for info, but as for me, i usually record skype calls using this tool http://www.imcapture.com/IMCapture_for_Skype/, it's simple and nice!)
ReplyDeleteI am the co/founder of www.e-psychiatry.com and our psychiatrists have been seeing patients via Skype for a few months now. The answer to the HIPAA compliant question is yes. Skype can legally used in telepsychiatry, along with Face Time and Mettings IO. Our lawyers did a lot of research befor we went into practice, so I can answer that question once and for all for everybody.
ReplyDeleteThanks for sharing the informative blog. I truly appreciate your work. Keep posting your views. The blog is really having a good and useful content.
ReplyDeleteHIPPA Certified Software
Really cool! Good work! I gave it a test run. It was really quick to setup and is super powerful, muuuuch better than standard instrumentation. If anyone is interested you can see a basics tutorial I put together here:
ReplyDeleteAndroid Development
Ipad Applications development
HIPPA Certified Software
medical software Development
EHR integrations