Basic telemedicine regulations

For centuries, healthcare providers only met their patients face to face. After all, medical professionals needed to examine and talk to their patients in person to accurately treat them. This all changed with the creation of telemedicine.

Telemedicine has enabled healthcare providers to treat patients wherever they are, whether at home, work, or school. With the introduction of telemedicine, patients can attend healthcare appointments that would have been inconvenient or impossible in the past. Medical providers can also monitor a patient’s condition without keeping the patient in the hospital. Telemedicine has truly opened up exciting new ways to care for patients, but it has also created a new problem.

Healthcare organizations now need to research and comply with the complicated legal regulations governing telemedicine services. By following these laws, healthcare companies can ensure that their telemedicine services don’t cause basic legal problems. Let’s discuss three telemedicine regulations you need to follow and learn how your practice can comply with them.

1. HIPAA’s privacy and security standards for PHI

HIPAA, a federal data privacy law, sets privacy and security standards for covered entities that handle people’s protected health information (PHI). Even though these requirements aren’t specifically for telemedicine, they do apply to telemedicine services. These standards include

• Signing a BAA with your videoconferencing provider and any other telemedicine service. Having a business associate agreement (BAA) with your service provider makes them legally obligated to comply with HIPAA standards.    
• Using secure data storage and transmission channels. Some telemedicine practices accept medical information before or after a patient’s visit and then store it until a doctor can examine it. These store-and-forward services need to be secure so that only medical staff can access them.  

Staying HIPAA compliance is an important preventative step for your healthcare organization, as dealing with HIPAA violations can be expensive. But HIPAA compliance isn’t the only thing that can affect your organization’s finances. To ensure you get full reimbursement for your electronic healthcare visits, you also need to understand Medicare’s telemedicine and billing standards.

2. Medicare’s new telemedicine reimbursement standards

Telemedicine provides many of the same services as an in-person visit, but providers haven’t always been compensated the same way for virtual visits. Before COVID-19, Medicare would only reimburse a limited set of telehealth services. However, the recent public health emergency has caused the government to expand covered online services and billing codes, at least temporarily. What do healthcare providers need to do to get adequate payment from Medicare now?

• Know what Medicare will pay for and what it won’t. The new Medicare regulations have added numerous codes that you can now bill for. 
• Keep up with any changes for Medicare reimbursement. It seems as though some of the COVID-19 revisions for telemedicine reimbursement will become the new standard. Make sure you know what will be sticking around and what will go away once the pandemic is over. 

Even though it can be hard to stay up to date on Medicare regulations, getting reimbursed for your services is crucial for your organization. COVID-19 has changed the way healthcare organizations interact with HIPAA and Medicare, but these regulations are still in place to some extent.

There’s one more law you need to know about that COVID-19 has completely suspended.

3. The Ryan Haight Online Pharmacy Consumer Protection Act for prescriptions

Telemedicine allows you to provide many of the same services online as you can in person, with one notable exception: prescribing controlled substances. The Ryan Haight Online Pharmacy Consumer Protection Act prohibits you from prescribing controlled substances, such as opioids, through an online healthcare visit unless it meets certain conditions.

While this act is temporarily suspended due to COVID-19, it will be in force again as soon as the pandemic is over. How can you comply with the Ryan Haight Act now and in the future?

• Prescribe medication responsibly. You’re still responsible for any medication you prescribe to a patient, even online. Think carefully before you prescribe a new medication to a patient — make sure it’s the best choice for them.  
• Prepare your organization to comply with the Ryan Haight Act. Once the Ryan Haight Act is in effect again, you’ll have to either see patients in person before prescribing a controlled substance or research whether you meet one of the seven exceptions to the Ryan Haight Act. Plus, any telemedicine visit where you prescribe controlled substances should be a two-way simultaneous visit.    

The Ryan Haight Act can make it more difficult to prescribe needed medications, but it’s important to remain in compliance to protect your organization from serious legal trouble. In fact, following all the federal regulations listed here will help make your telemedicine service a success.

Legally speaking, you’re in good shape

Telemedicine has created a whole new way to treat patients. However, it also requires healthcare organizations to follow additional legal regulations. By understanding basic telemedicine laws, you’ll be able to set up a telemedicine service that will help both your patients and your business.

At Jotform, we have the telemedicine tools you need to care for your patients. Our telemedicine toolkit offers HIPAA-friendly online forms, scheduling, and payment options.