Telehealth can be the right call for cost-conscious employers—if HIPAA standards are met
Tuesday June 14th, 2016
Telehealth—an alternate means of providing medical services by phone or video consultations, email, remote passive monitoring services or the electronic transmittal of medical information—has been around for years, but it is fast becoming a medical service option provided by employers as an alternative to traditional health care benefits.
A 2016 health plan design survey from the National Business Group on Health found that 74 percent of large employers now offer telehealth (also known as telemedicine) to employees, compared with just 48 percent in 2015.
Adding value to mental health benefits
For many employers, offering telehealth to their employees can be both a driver for health plan utilization and a tool to lower health care costs.
Mental health care in particular is a medical service well-suited to telehealth, because the typical patient is not necessarily required to be in a doctor’s office to receive treatment. A study published by law firm Epstein Becker & Green estimates that serious mental illness costs the U.S. $200 billion in lost earnings, and an estimated $300 billion in total costs, every year.
The EBG study notes that mental health is critical to focus on because only 40 percent of Americans with mental illness report receiving treatment, and there is only one mental health care provider for every 790 individuals.
The combination of these statistics—lost earnings and productivity costs, and the lack of proper treatment opportunities for individuals—makes a strong case for employers to offer telemental and telebehavioral health services.
Telehealth and patient privacy laws
The biggest challenge associated with telehealth is a typical one in health care benefits: maintaining compliance with the federal Health Insurance Portability and Accountability Act (HIPAA) requirements to protect the privacy and confidentiality of an employee’s health records and data.
Due to its paperless nature, telehealth poses particular challenges for HIPAA compliance, according to a fact sheet published by the Telehealth Resource Centers, an information and assistance service funded by the Department of Health and Human Services.
“The transmission of information over communication lines lends itself to hackers and other potential exposure,” the TRC states. “Protocols must be scrupulously followed to ensure that patients are informed about all participants in a telemedicine consultation and that the privacy and confidentiality of the patient are maintained, as well as ensuring the integrity of any data/images transmitted.”
When selecting telehealth providers, employers should ensure that the provider they select has the infrastructure to comply with HIPAA requirements, state privacy and informed consent standards, and all other laws related to protecting a patient's protected health information.
Employers must also consider if additional parties will be used to process telemedicine claims and if a business associate agreement is necessary. Additionally, multiple state privacy laws may apply if a telehealth program extends across state lines and provides services to employees and their dependents in multiple states.
The EBG report notes that some states that regulate telemental health have informed consent requirements—meaning that patients must be made aware of the risks associated when providing personal information and receiving health care through email, phone, and other technology.
Thirty states have telehealth laws, but only 13 specifically mention privacy requirements and/or HIPAA. For example, Connecticut and Vermont specify that telehealth interactions should comply with HIPAA requirements, while Idaho, New Mexico, Oregon and Washington mandate that health care services provided through telehealth comply with federal and state security and privacy laws regarding an individual’s health information.
Employers should thoroughly review both health plan documents and state telehealth laws to ensure compliance with patient privacy protections prior to offering this potentially cost-savings benefit to employees.