By Adam Herbst and Ira Bedzow
In this new era of COVID-19, many of us have pushed off going to see the doctor out of fear of the pandemic—
Ignoring potentially dire consequences and leading to greater distress, more complicated treatments, and longer suffering. Telehealth has been – and will continue to be – a way to care for patients who need it but cannot, or will not, seek out conventional care. It has permitted a new “normal” with respect to access to care when in-person medical visits are impractical or ill-advised. It has also become the option of choice for those patients and parents who are simply too afraid to go to the doctor, but can’t wait to see someone.
Recently, one of us (Ira Bedzow) had to see a hand-surgeon when his daughter partially amputated her finger while playing with her sisters. Out of worry of contagion, my wife and I immediately thought that her dangling digit didn’t look so bad, but when we came to our senses, we knew we couldn’t just wish her finger back in place. A telehealth visit became the saving grace that gave us the information and confirmation we needed to go to the hospital.
This experience is not unique. It is not even rare in today’s times. In fact, experiences like this one helped precipitate the rapid pivot to telehealth, which happened virtually overnight. Yet while this tool has the potential to revolutionize patient care – both during the pandemic and into the future – the greatest threat to telehealth’s future development is in how to adapt our country’s privacy laws, so that patients’ privacy can still be protected yet in a way that accounts for the evolving technology.
One of the most important legal and ethical obligations in healthcare is respect for patient autonomy, which is grounded in a person’s right to privacy and is expressed by maintaining patient confidentiality. Common law rules to protect patient privacy have been developed in most jurisdictions, and most states have adopted one or more comprehensive medical confidentiality statutes The Federal Medical Privacy Rules under HIPAA and the amendments provided by the Health Information Technology for Economic and Clinical Health Act (HITECH) offer an extended protective framework for patient information.
While the values that undergird patient autonomy and confidentiality must be maintained, HIPPA and common laws rules to protect patient privacy are ill-equipped to handle the complexities that arise from telehealth. To ensure that these values are protected, new legislation must be passed that specifically responds to the new healthcare delivery setting that telehealth creates.
Conventional health care is delivered in a variety of settings – hospitals, clinics, nursing homes and doctors’ offices. Common law has defined the start of the patient-provider relationship to be when a clinician commits to becoming the patient’s doctor, which occurs at some point during the initial conversation between them.(The patient-physician relationship does not start when the patient makes an appointment or even when he or she signs all of those forms in the waiting room). Through distance and technology however, the creation of the patient-physician relationship – and how that relationship can remain private – becomes even less clear for patients and for providers. Ambiguity arises since communication devices allows patient and clinicians to communicate anywhere. People no longer need to rely on brick and mortar offices for visits, which means that traditional expectations of what happens when people go see a doctor is disrupted.
This ambiguity will cause telehealth to take steps back when it should be taking steps forward. Telehealth should be a tool that builds trust between patient and clinician, and because of this, the concerns created by the new technology must be addressed, particularly if patients are not fully aware of who will be responding to or sharing their personal medical information.
The privacy and security standards implemented by HIPAA helped mitigate much of the concern heightened by the rise in electronic recordkeeping and the Internet. However, most recently, the Department of Health and Human Services, which is responsible for enforcing the Privacy and Security Rules, supported and promoted telehealth technologies during the pandemic by granting leniency for good faith telehealth use and disclosure errors. But these measures are only short-term. We still need good laws to protect privacy and confidentiality as telehealth grows.
In the future, we will require guardrails around the use of the telehealth technology to earn genuine trust. HIPAA, for example, should be amended to demand new encryption and security tools within telehealth services to more adequately protect patient information. Ultimately, we should think about the same ethical issues with telemedicine that we have always considered in other forms of health care. If we focus on maintaining a strong patient-doctor relationship and protect patient privacy, telehealth can enhance medical practice and patient care in ways with which we can all feel comfortable.