The Health Insurance Portability and Accountability Act – enacted in 1996 by the U.S. Congress and signed by then-President Bill Clinton – has long served to maintain the standards of electronic health records and patient privacy, among many other provisions. Violating HIPAA can result in both criminal prosecution as well as steep civil penalties. As the healthcare industry transitioned from the use of paper records to storing patient data on electronic health records over the last two decades, health organizations have learned to adapt to HIPAA compliance, with many increasing their compliance programs by hiring full-time compliance officers, designating an individual as the compliance manager, and/or appointing a compliance committee within the organization.
With COVID-19 rapidly spreading, telehealth services have been seeing an explosion of demand. On March 17, 2020, President Trump announced during a White House press briefing an unprecedented expansion of telehealth services for the 62 million Medicare beneficiaries who are amongst the most vulnerable to the disease. The Department of Health and Human Services (“HHS”) and Centers for Medicare and Medicaid Services (“CMS”) have since vowed to work with the administration by temporarily relaxing certain HIPAA, altering licensure, cost-sharing, and auditing requirements. As the number of patients increases, compliance and privacy risks associated with telehealth also surge.
COVID-19 has rapidly changed the healthcare field unlike anything has before. With the continued spread, healthcare providers have started to adopt telehealth as a way to access patients and continue to provide quality care, without breaking their self-isolation. One avenue that has long been closed off for physicians has been online prescribing, but COVID-19 appears to be changing even that.
Telehealth allows for the delivery and facilitation of medical services through technology. It is rapidly evolving as the tech industry grows. Ten years after the passage of the Ryan Haight Act, the Drug Enforcement Agency (DEA) has still not taken any action to assist physicians in their usage of telehealth. Recently, Congress finally stepped in and passed a bill that requires the DEA to take action within the next year. But, the question still remains whether the DEA will finally act, or continue their history of avoidance?
In April 2013, members of the Federation of State Medical Boards (FSMB) and the Council of State Governments (CSG) embarked on a venture to create the Interstate Medical Licensure Compact (the Compact or IMLC), a voluntary, expedited pathway to licensure for qualified physicians who wish to practice medicine in multiple states. On April 20, 2017, the Interstate Medical Licensure Compact Commission, (IMLCC) issued its first Interstate Medical License to a Wisconsin physician who applied to practice in Colorado, setting a groundbreaking precedent in medical licensure portability. While the IMLC is a great first step toward increasing access to healthcare by expanding licensure portability, this initiative faces multiple regulatory hurdles.