Healthcare Information Security

Cybersecurity News

How Health Privacy Regulations Hinder Telehealth Adoption

By Elizabeth Snell

- Health privacy regulations are one of the potential deterrents when it comes to telehealth adoption, according to a report by the American Hospital Association (AHA). Moreover, numerous legal and regulatory challenges can also make the process difficult.


“As telehealth utilization expands, however, myriad significant federal and state legal and regulatory issues will determine whether and how hospitals, health systems and other providers can offer specific telehealth services,” the AHA stated. “In general, the provision of telehealth services requires compliance with federal and state rules that apply to how most types of health services are provided.”

In terms of health privacy regulations and security issues, the report said that telehealth technologies can create new electronic health information, but also create operational challenges for hospitals when it comes to staying HIPAA compliant, following HITECH rules or even trying to follow state laws.

“Hospitals may need to update their security risk analyses as well as modify and adapt their data privacy and security practices to respond to the specific risks and compliance challenges of using telehealth technologies,” according to the report, adding that existing policies should be carefully reviewed.

Healthcare organization’s current policies may also “need to be modified or adapted to ensure effective and reliable verification and authentication of the identities of patients and providers involved in a telehealth encounter.”

The AHA also highlighted issues that hospitals should consider as they review the types of electronic health data that are generated through telehealth encounters. First, facilities should consider if the data should be maintained as part of the “medical record,” which pertains to whether video sessions should be recorded or if remote patient monitoring data should be saved.

It is also important to consider if relevant state laws require that information be maintained or included in the medical record, or put in a HIPAA-designated record set. Finally, the AHA said that data that is included in an individual’s medical record – or maintained for other reasons – that it’s properly secured and maintained.

The AHA report highlighted six other areas where legal and regulatory challenges could arise when it comes to telehealth adoption:

  • Coverage and Payment;
  • Health Professional Licensure;
  • Credentialing and Privileging;
  • Online Prescribing;
  • Medical Malpractice and Professional Liability Insurance;
  • Fraud and Abuse.

Congress is also engaged in legislative efforts to ease the barriers to providing telehealth services, the AHA stated, keeping a focus on the barriers within the Medicare program. In addition to federal guidance, states “are undertaking legislative and regulatory reforms to give greater flexibility and access to telehealth services through state Medicaid programs and private insurers.”

It is essential that hospitals are careful to consider all potential legal and regulatory barriers, ensuring that they remain compliant while they implement new technologies. Easing these burdens are also possible, according to the AHA. Having more uniformity among federal and state privacy and fraud and abuse standards, can be beneficial. Additionally, it could be helpful to have consistent standards to guide development of telehealth clinical guidelines and protocols.

“Policy discussions should focus on increasing patients’ access to existing health care services by means of technology while remaining mindful of providing high-quality care and appropriate patient safety, privacy and fraud and abuse constraints,” the AHA said.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks