Printer Friendly, PDF & Email

Is your telehealth environment ready for 2021?

Carol L. Amick ( is Director of Healthcare Services at CompliancePoint in Duluth, GA.

As all of us can attest, 2020 has been a unique year, one that we are unlikely to ever forget! When you think about that time-honored interview question, “Where do you see yourself in five years?” I don’t think anyone can say they expected to be dealing with a pandemic that could have significant changes in the delivery model for healthcare for the future.

COVID-19 has dramatically changed the way healthcare is delivered. Providers were forced to pivot quickly from total reliance on in-person visits to almost total reliance on alternative delivery methods. A recent McKinsey & Company survey stated that telehealth adoption soared “from 11 percent of US consumers using telehealth in 2019 to 46 percent of consumers now using telehealth.”[1] McKinsey & Company predicted that up to $250 billion of the current healthcare spending could transition to telehealth and that consumers were significantly more likely to use telehealth going forward. Providers also view telehealth more favorably than they did before COVID-19. A recent Accenture survey also supported increased adoption of telehealth, noting that 60% of patients surveyed want to continue to use telehealth services in the future.[2]

One of the facilitating factors for the rapid move to telehealth was the decision by the Office for Civil Rights (OCR) at the Department of Health & Human Services to exercise its enforcement discretion related to potential Health Insurance Portability and Accountability Act (HIPAA) violations in connection with good-faith use of telehealth services.[3] The OCR guidance indicated that providers could use popular applications such as FaceTime, Google Hangouts, or Zoom to provide telehealth.[4] The OCR did caution against using any public-facing application such as Facebook Live or TikTok. The OCR waiver, combined with changes in reimbursement models, has allowed telehealth to become a much more relevant care delivery method.

While there are several compliance concerns related to consent, care delivery, and billing that a compliance officer needs to consider when evaluating their organization’s compliance with telehealth, you cannot afford to ignore privacy and security risks related to telehealth. Performing an assessment of your telehealth environment now, while the OCR is granting us this grace period, will help reduce the future risk to your organization. Additionally, while the OCR may not be exercising its enforcement efforts, a breach of protected health information (PHI) related to telehealth could still have devastating impacts on your organization and the organization’s reputation in your community.

This document is only available to members. Please log in or become a member.