Informed Consent and Health Information Security Essential: New American Medical Association Guidelines for Telemedicine

american medical associationOn June 13, 2016, the American Medical Association (AMA) approved new ethical guidelines pertaining to the appropriate use of audio-video technologies to connect with and treat patients remotely. Through these guidelines, the AMA advocates for greater use of telemedicine by physicians while concomitantly encouraging such providers to inform patients regarding the limitations of any technology, including explaining the capabilities and limitations of such services and documenting the same. Further, the new AMA guidance emphasizes the need for appropriate protocols to prevent unauthorized access and to protect the security and integrity of patient information obtained through telemedicine or disseminated to subsequent health care providers following a telemedicine encounter.

The new ethical guidelines will be codified in Opinion E-5.025, “Physician Advisory or Referral Services by Telecommunication,” and Opinion E-5.027, “Use of Health-Related Online Sites.” Through these guidelines, physicians who provide telemedicine services to patients remotely should:

(a) Inform prospective patients about the limitations of the telemedicine relationship and services.

(b) Advise prospective patients regarding the potential need for follow-up care as indicated.

(c) Encourage patients who have existing primary care providers to inform such physicians about the patient’s receipt of telemedicine consultations and services, even if subsequent in-person care is not immediately needed.

(d) Be proficient in the use of relevant technologies.

(e) Recognize the limitations of such technologies and take appropriately steps to overcome or address any such limitations.

(f) Prudently perform appropriate diagnostic evaluations or prescribe medications by:

  • Establishing the patient’s identity;
  • Confirming that the telemedicine services are appropriate for that patient’s individual situation and medical needs;
  • Evaluating the indication, appropriateness and safety of any prescriptive medication in accordance with best practices and state prescriptive formularies; and
  • Sufficiently documenting the clinical evaluation and prescription and a medical record.

(g) Obtain an appropriately documented informed consent regarding the distinctive features of telemedicine in addition to information regarding the specific medical issues and treatment options.

(h) Take appropriate steps to preserve continuity of care, including giving consideration to the preservation of information and accessibility of such information for subsequent providers.

In addition to disseminating the above guidelines – violation of which could expose a physician to professional licensure sanction by state licensing boards – the AMA is encouraging physicians to collectively advocate for the access of telehealth and telemedicine services for all patients who could benefit from receiving care electronically. The AMA is similarly advocating for professional organizations and institutions to monitor telehealth and telemedicine developments to identify and proactively address both positive and negative outcomes to bring about further improvement in such technologies.

In light of the AMA’s advocacy of telehealth and telemedicine, such support could lead to relaxed restrictions on physician’s use of such technology to treat patients remotely and encourage greater levels of reimbursement by Medicare, Medicaid and private insurers for such treatment. Nonetheless, physicians should recognize that their fundamental duties to ensure patient safety and quality of care are not lessened when providing services via telehealth and telemedicine. Moreover, physicians should also be cognizant that the AMA guidelines do not supersede or displace state laws pertaining to telehealth and telemedicine; rather, the guidelines complement such regulations.

© 2016 Dinsmore & Shohl LLP. All rights reserved.

HIPAA Considerations In The Event Of Employee Death or Incapacitation

McBrayer NEW logo 1-10-13

The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, acts in part to provide federal protection for identifiable health information retained by covered entities, which includes most businesses that offer company health plans. While many employers have policies and procedures in place to ensure HIPAA compliance in routine, every day matters relating to the management of employee health data, few employers have developed policies or even considered how to manage protected health information in the unfortunate event of employee death or incapacitation.

Employee Benefits Folder

Importantly, HIPAA’s protection of identifiable health information does not expire in the event of incapacitation or even the death of an employee. In fact, HIPAA continues to protect identifiable health information for 50 years after death. Consequently, it is important for employers to know to whom protected health information may be disseminated during this time period in order to continue to ensure compliance and avoid the assessment of steep penalties and fines.

Covered health information for the deceased or incapacitated employee during this time may be released to their legal representative under state law. In most instances involving a diseased employee, this would be the appointed administrator of the deceased’s estate. It is permissible to release protected health information to non-representative family members, including but not limited to spouses, domestic partners, parents, children, or siblings, unless doing so is inconsistent with any prior expressed preference that is known to the covered entity. However, the information released to a non-representative family member must be limited to that information which is relevant to that person’s involvement in the decedent’s or incapacitated employee’s care or payment for care. The regulations leave the determination of this relevancy up to the entity’s “professional judgment.” 45 CFR 164.510(b)(5).

The Department of Health and Human Services gives the following example of what could be released: “For example, a covered health care provider could describe the circumstances that led to an individual’s death with the decedent’s sister who is asking about her sibling’s death. In addition, a covered health care provider or pharmacy could disclose billing information or records to a family member of a decedent who is assisting with closing a decedent’s estate. However, in both cases, a provider generally should not share information about past, unrelated medical problems.” (Click here to directed to The Department of Health and Human Services website.)

Consequently, unless protected information is requested by the legal representative of the deceased’s estate, or the information requested is directly related to the requestor’s involvement in the deceased’s care prior to death or payment for the deceased’s care prior to death, a signed HIPAA release by the legal representative is required prior to release of the protected information. Other exceptions allowing the release of protected health information covering special situations are also available, including the allowance of release to law enforcement to assist in a criminal investigation.

Medical History Questionnaire with Pen

It is important that employers understand their responsibilities to protect identifiable health information covered by HIPAA and develop policies to ensure compliance.

ARTICLE BY

OF