Telehealth During the COVID-19 Pandemic: Social and Regulatory Considerations

A person using a computer Description automatically generated

Image Source: https://ww2.frost.com/news/press-releases/telehealth-to-experience-massive-growth-with-covid-19-pandemic-says-frost-sullivan/

Danielle Maor
BCL/JD II
Faculty of Law, McGill University

15 April 2021

On March 11, 2020, the World Health Organization declared COVID-19 a pandemic. Governments have responded to the threat of the outbreak by, among other things, implementing travel and border restrictions, issuing mandatory quarantine orders, and closing public spaces. In the medical field, stay-at-home orders have forced providers and patients to resort to remote health care services to prevent the spread of the virus. Consumer research by McKinsey & Company has revealed that telehealth use among American consumers has increased from 11% in 2019 to 46% in May 2020. Forrester also predicts more than 1 billion virtual care visits in the United States by the end of 2020.

Although the terms “telehealth” and “telemedicine” are often used interchangeably, telehealth is a broader concept. It refers to any exchange of health information using telecommunication technologies and includes other services such as wellness promotion, health education, and home monitoring using wearable devices. Telemedicine, on the other hand, is a subset of telehealth that includes only direct clinical services, such as diagnosis, treatment, and monitoring, performed remotely by a health care provider.

With the increasing use of telehealth and telemedicine technologies, it is important to review the way they modify the provision of traditional medical services. This probe will start by examining the way telehealth affects the use of the senses and the doctor-patient relationship. Then, it will review the legal framework surrounding telehealth in the United States, particularly in terms of privacy and security, both before and after the pandemic.

Part I: Changing Interactions

Physicians have been using their five senses to diagnose and treat patients since time immemorial. The sense of sight has always had a particular importance in medicine as it provided critical visual data about the body, such as color and shape. For example, in early medicine, physicians often used detailed uroscopy charts to assess the color of a patient’s urine and determine any potential diseases. Next in importance is the sense of hearing; the voice of the patient, the sound of their breathing and coughing, and the beating of their heart are routinely used to assess their condition and form a diagnosis. Physicians use their sense of touch to take the patient’s temperature, to feel the texture of their skin, and to palpate the abdomen for any tenderness. Though sight, hearing, and touch are most-frequently used, the senses of smell and taste – the lowest senses in the hierarchy – have also been employed in the medical field to assess bodily fluids.

The use of the human senses remains crucial for the practice of modern medicine, though it is now mediated by technology. In her paper titled “Layers of sense: the sensory work of diagnostic sensemaking in digital health,” Maslen uses the term “layers of sense” to refer to the interaction between human senses and technological sensors. To come to a diagnosis, physicians must engage in a back-and-forth between human sensing and a sensing of the sensors. For instance, Goodwin reports that in the diagnosis of an abdominal aortic aneurysm, the body of the patient is positioned in a way that allows the doctor to palpate the abdomen to sense “what the eye cannot know.” However, because the sensory diagnosis is not enough (standing on its own), the physician might also resort to an ultrasound test to locate the aneurysm and decide of the proper treatment.

Maslen and Lupton argue that while “mainstream health care policy discourses portray telemedicine as a neutral technological medium with predictable outcomes analogous to conventional health care,” telemedicine is actually a “fundamentally different type of healthcare.” In fact, telemedicine changes the way doctors use their senses and interpret technological sensors as a full range of information is no longer available to them. Whereas the traditional practice of medicine involves face-to-face and hands-on interactions that incorporate the use of all the senses, the practice of telemedicine engages at-most two senses – sight and hearing – which are considerably compromised. Doctors report that telemedicine hinders their ability to make nuanced judgements. Though they have access to visual data through a screen, the low resolution of the video prevents them from seeing details such as a patient’s skin texture and color or pupillary response.

Due to the lack of proximity, telemedicine also involves a delegation of the work of diagnosis from the doctor to the patient. Patients using telemedicine must inspect their own bodies and transmit their findings to the physician, thus becoming “diagnostic agents” alongside health care professionals. In some cases, such as in remote hospitals that are connected to a telemedicine network, a nurse might be physically present with the patient and may participate in the sensory assessment. However, as pointed out by the physicians interviewed by Maslen, nurses do not necessarily have the same sensory expertise as specialized doctors.

Not only does telehealth change the nature of the diagnostic work, but it also changes the doctor-patient relationship. As noted by Borgetti, Clapham, and Young, “the practice of medicine has a tradition of establishing trusting, and often emotionally intimate, relationships with patients.” These relationships of trust are essential for the patient to disclose their symptoms and medical history. With telemedicine, however, technology can depersonalize the relationship between patients and physicians as was the case of a Californian woman who received the devastating news that her grandfather was near death by a doctor appearing on a video screen. This story made headlines in various newspapers in the United States because it highlighted how telemedicine can render interactions between doctors and patients cold and how doctors using this technology might not seem as compassionate as those appearing in person. In fact, technology might not be able to convey sensitive social cues like body language and tone of voice.

The importance of relationships of trust in medicine is also exemplified by interactions involving a nurse alongside the patient. One of the physicians interviewed by Maslen reports that during virtual consultations in which the patient and nurse are in the same physical space, they will often have conversations amongst themselves as if the doctor is not part of the consultation since they can more easily form a relationship.

Hence, many scholars and doctors believe that while telemedicine has great potential to reduce medical costs and connect remote rural communities to specialized doctors, it is better suited when there is a pre-existing relationship between doctor and patient and when the conversations are not about sensitive issues such as end-of-life care. However, in dire situations such as the coronavirus pandemic, there is no choice but to use telemedicine, which is why more research should be done on how to mitigate the changes in physician-patient interactions.

Part II: Legal Framework and Challenges

Currently in the United States, there is no universal regulatory mechanism governing telehealth and telemedicine. Rather, these technologies are regulated by a “patchwork of federal and state rules” that contains overlaps, gaps, and contradictions. The complex and confusing legal framework presents various legal challenges to both patients and providers, particularly in terms of privacy and security.

a) HIPAA regulations

Enacted in 1996, the Healthcare Insurance Portability and Accountability Act (HIPAA) provides protections for patients’ health information collected by “covered entities” – health care providers, health plans, and health care clearinghouses – and their business associates. More specifically, the HIPAA Privacy Rule limits the use and disclosure of individuals’ “protected health information,” meaning all “individually identifiable health information.” This information includes demographic data that relates to “the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.” It also includes many common identifiers such as a patient’s name, Social Security Number, address, and birth date.

As a subset of the Privacy Rule, the HIPAA Security Rule was enacted to specifically cover electronically-transmitted protected health information. This rule establishes the technical, physical, and administrative safeguards that covered entities and their business associates must put in place to securitize electronic health information. In terms of technical safeguards, they are required to implement measures related to access control, audit controls, integrity, person or entity authentication, and transmission security.

During pre-pandemic times, provider-to-provider telehealth communications typically required both entities to implement authentication, data encryption, and other security measures, rendering communications more secure against data breaches. However, when it comes to telehealth communications where one end is a patient, such as with implantable devices that send health information to a provider or mobile health applications, the companies producing these devices and applications fall outside the scope of HIPAA as they are not “covered entities.” As such, these types of communication pose additional security threats like breach of confidentiality during data collection and unauthorized access to the patient’s device and the data it contains.

b) Other federal protections

Given the lack of comprehensive telehealth law, other federal regulations come in to fill the gaps created by HIPAA. Most notably, under Section 5 of the U.S. Federal Trade Commission Act, the Federal Trade Commission (FTC) has the power to prohibit “unfair or deceptive acts or practices in or affecting commerce,” which it has used to force companies to abide by their privacy policies. The FTC cannot, however, dictate the terms of a company’s privacy policy and has limited powers to fine companies for privacy-related violations. As pointed by Hall and McGraw, in the field of telehealth, this means that consumers must rely on the privacy policies and license agreements of the companies producing health devices and applications and trust that they will abide by their policies.

Telehealth technology that qualifies as a “medical device” may receive additional protection by the Food and Drug Administration (FDA). Although the FDA is not directly concerned with privacy issues, it is responsible for the overall safety of a medical device, which includes any potential security risks.

c) Legal framework during the COVID-19 pandemic and future directions

In response to the pandemic and in hopes of increasing the use of telehealth to minimize contact between patients and providers, the U.S. Office for Civil Rights at the HHS announced on March 30, 2020 that it will not enforce HIPAA’s requirements “against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” Providers can now use any “non-public facing remote communication product” such as Zoom, FaceTime, Facebook Messenger, and Skype to conduct their virtual visits.

Scholars have noted that allowing the use of these popular – albeit not HIPAA-compliant – platforms was an important step to increase the use of telehealth. In fact, the stringent HIPAA regulations are considered one of the main barriers to the broader adoption of telehealth prior to the pandemic. Nevertheless, this period of deregulation may carry unforeseen security and privacy risks. Commentators are therefore urging for additional research to be conducted after the pandemic to determine the extent of these risks. Of particular interest is how health data obtained by the companies operating the video chat platforms may be transferred or sold to third-party advertisers, considering the surge in consumer privacy and data security breaches by social media companies in recent years.

In addition to the much-needed research, commentators are advocating for the adoption of a comprehensive telehealth law since the current “patchwork” of various state and federal regulations is both inadequate and confusing. Hall and McGraw believe that after creating this comprehensive telehealth law, U.S. Congress should vest authority in one federal agency, that agency being the FTC. They argue that despite the HHS’s experience with implementing and overseeing HIPAA regulations, the FTC is the only agency with substantive experience with privacy and security risks in consumer-facing technologies. Additionally, they argue that the FTC should have the power to develop its own regulations to protect privacy and security in the telehealth field.

While the rapid adoption of telehealth during the coronavirus pandemic was necessary to minimize direct physical contact between physicians and patients, it has also shed new light on the importance of doctor-patient relationships and the need for legal reform. As pointed out by various scholars, it is incumbent on governments to commission studies of the provision of telehealth services during this period to develop better practices for the future.

All links accessed on August 23rd, 2020