Where Telehealth is Going and What It Means for Cybersecurity
This is part one of a two-part blog series about telehealth and privacy and security assessments. In part one, I take a look at the current state of telehealth services, the impact of COVID-19 on telehealth, and what the future may look like. I’ll also share a bit about the value of privacy and security assessments during this tech-driven transformation. In part two, I’ll take a deeper dive into those assessments, including tips for conducting an assessment for your organization.
Telehealth. It’s critical for healthcare across the nation today, but how will it fare once the impact of the COVID-19 pandemic tapers off?
While telehealth—or virtual doctor visits—have slowly been gaining popularity in recent years, the coronavirus outbreak has driven tele-visits to unprecedented levels.
According to a report from the U.S. Department of Health and Human Services (HHS), at the beginning of March 2020—just as the COVID-19 outbreak began picking up momentum in the United States—in-person primary care visits started to decline. By April, almost half, 43.5% of all primary care visits were telehealth visits.
How does that compare to February before the uptick of the outbreak? That month, only .1% of primary care visits were via telehealth.
Between March and April in 2020, nearly $4 billion in telehealth visits were billed nationally— and that’s in addition to federal spending through Medicare. In the same two months in 2019, that number was than $60 million.
Stay-at-home and social distancing orders likely fueled the increase, especially for Medicare and Medicaid recipients who may be at higher risk, but Center for Medicare and Medicaid Services (CMS) changes also likely played a role.
During the pandemic, CMS waived geographic and site of services restrictions to enable telehealth service delivery at a patient’s location, for example at home or other care site. CMS changes also enabled a wider variety of medical practitioners to use telehealth in lieu of in-person visits.
CMS telehealth analysis were similar to HHS’ findings. Before COVID, about 14,000 Medicaid/Medicare recipients a week received their care through a telehealth session, but from the middle of March to early July, that number increased to 10.1 million.
Interesting to note, practitioners in rural and urban areas both experienced increases in telehealth adoption and usage during the pandemic.
When Disruptions Fuel Innovation
It’s nearly impossible to overlook the impact of telehealth in healthcare today. And as a result, companies are spending record amounts to upfit their practices for safe, secure, virtual telehealth technologies.
Whether or not CMS will continue its geographic and similar restrictions for primary visits after COVID-19 is still not known, but there is some indication these changes could become permanent.
So what does that mean for the future of telehealth? Is it here to stay? Will it continue to grow after the virus subsides?
There are some good signs that may happen. Both political parties in U.S. government have expressed support and enthusiasm for telehealth coverage.
During the pandemic, private insurers have followed the government’s lead, with most broadening scope or loosening requirements for covered telehealth services. Will they make these changes permanent post-COVID? As of this writing, at least two large national insurers— United Healthcare and Anthem—have yet to decide.
The Future of Virtual Medicine
In a recent Newsweek opinion piece, Alaska Governor Mike Dunleavy lauded the power of telehealth, saying it can prevent unnecessary deaths that often result from lack of care for chronic disease. And that’s an important segment to take a closer look at when you realize that 100 million Americans suffer from a variety of manageable diseases such as heart disease or diabetes.
Through remote monitoring and extended care, Dunleavy pointed out, telehealth can help save lives.
And it’s not just politicians and industry health officials seeing the bigger impact. Consumers appear to be adjusting to—and rapidly adopting—telehealth services. According to the HHS report referenced earlier, even after patients were given the option to return to in-person Medicare primary care visits in May, there continues to be a demand for virtual medicine options, which may continue well after the pandemic is over.
HHS findings also indicate that practitioners are interested in continuing to offer these services. The survey connected with 300 practitioners, including primary healthcare providers, oncologists, and other specialists. Those respondents said they would anticipate telehealth visits to make up just more than 20% of visits after the pandemic. And while that’s a drop from 51% during the pandemic, it’s still a notable increase above the 9% before the outbreak.
More Tech Investments
Many people still prefer in-person interactions with their doctors, but, if the trend continues post-pandemic, many companies—large and small—are innovating to keep pace.
Philips Medical, for example, recently launched its Virtual Care Station Technology. The goal for these stations is to provide quality telehealth services in community, neighborhood-based settings, for example the local library, a retail setting, or town hall.
According to a press release from Philips Medical, these stations are pod-based solutions that connect providers and insurance networks so providers can offer more community care options. If successful, the healthcare pods could increase patient and staff satisfaction, while also lowering costs and improving outcomes.
While Philips’ announcement is just about a month old, more companies are likely to follow suit with a variety of innovative services and device options.
With that, we’ll likely see more start-ups and investor-led funding, as well as future mergers and acquisitions, as companies scale and need to adopt new technologies to keep up.
During the first quarter of 2020, venture capitalists invested almost $800 million in telemedicine. How does that compare to the first quarter of 2019? That quarter only $220 million went to telemedicine investments.
Here’s another example: In August, Teladoc Health, which providers telehealth technology and services, and Livongo, which specializes in personalized health signals, announced an $18.5 billion merger. They will work together to help physicians offer telehealth services with better outcomes and lower costs.
As a result of transitions in telehealth, we’re also likely to continue to see an expansion of direct-to-consumer healthcare models. For example, both CVS and Amazon now deliver prescription medicines and Amazon offers home-based medical supplies—like canes, walkers, and wheelchairs—delivered right to your home.
Telehealth Pros and Cons
Used correctly, telehealth visits have the potential to help reduce hospital re-admissions rates and help patients make more successful transitions from hospitals back to their homes.
Telehealth options mean more healthcare workers, like home health nurses, can work together to provide more streamlined care, including follow-ups. As we evolve, we’ll likely see increased uses of medical devices that also facilitate more remote-patient monitoring.
Other benefits of telehealth include more adoption and usage of machine learning and artificial intelligence (AI). Machine learning and AI can help providers with prediction and outcomes and help them create more proactive treatment programs for patients.
But along with those benefits, come challenges.
For example, HHS Office for Civil Rights (OCR) indicated that during the pandemic it would allow “enforcement discretion” and not impose Health Insurance Portability and Accountability Act (HIPAA) penalties for covered entities related to HIPAA violations associated with “good faith” delivery of telehealth services on non-public facing technology.
While that certainly helped spur adoption and usage, it also increases cyber risks, and those OCR regulatory changes are likely to only be temporary.
As we’ve seen throughout 2020, the healthcare industry continues to be a prime target for cyberattacks, and a recent study suggested that telehealth has become the biggest threat to cybersecurity. So while OCR penalties may be less likely now, it doesn’t eliminate the need to analyze cyber risk throughout the development and deployment of telehealth solutions.
Telehealth Needs Assessments and Readiness Assessments
If you’re a covered entity involved with telehealth, especially if you’re looking to innovate and offer new services, you may be hearing a lot these days about the importance of needs assessments and readiness assessments.
While the two have some complimentary areas, they are different at core levels, but both are important for your overall success.
For example, in a needs assessment, you look at the current needs in your marketplace and then determine which of those needs you want to address as part of your telehealth program. What you’re doing here is discovering the purpose and value of new services you want to offer—as those new services address a specific need of a target population. You can also use a needs assessment to help you uncover and potentially correct assumptions your team may have made about the value or intent of your new services.
A readiness assessment comes after your needs assessment. You’ll use that needs assessment to help you decide your target market and best patient communities, how you’ll plan that and what that means for your organization. Then, with your readiness assessment, you’ll be looking to discover if your organization is ready to implement the new services and what would you need to do to successfully scale those services over time.
We’ll go into more details about how to do a readiness assessment in part 2 of this blog series, but in general, just know a readiness assessment will help guide you on what you need to do to be ready—and improve readiness—for new telehealth service delivery, including addressing the cyber risks that come into play.
If you have questions about telehealth compliance or cyber risk management issues, reach out to a Clearwater advisor, and we’ll be happy to discuss your concerns. And don’t forget to look for part 2 of this blog series where I walk you through some key considerations and steps to successfully conduct a privacy and security readiness assessment for telehealth.