If the online visit requires a prescription, 22 Tex. Admin. Code § 174.5 stipulates that one of the following must be satisfied:
There must be an existing patient-physician relationship;
The physician can contact the patient pursuant to a call coverage agreement; or
They physician must meet all applicable technology standards (as set forth above).
Given the pandemic, however, the Drug Enforcement Agency (DEA) has granted leniency in the existing patient-physician relationship by now allowing DEA-registered providers to issue prescriptions for controlled substances to patients where there has not been any previous medical evaluation, subject to the following requirements: (a) the prescription is issued for a legitimate medical purpose by a provider acting in the usual course of professional practice; (b) audio-visual, real-time, two-way interactive communication devices are used; and (c) the provider is still subject to federal and state laws.
 Additionally, CMS will not enforce the existing patient-physician relationship required under H.R. 6074, which stipulates that telehealth services could only be provided to patients who had been treated by the provider within the previous three years and had services billed under Medicare.
After the prescription has been filled, the physician must continue to have follow-up instructions and have access to use all relevant clinical information required by the prescribed standard of care. We have seen an influx of mobile app developers providing follow-up services and monitoring for various healthcare specialties just to address this specific need. Despite such flexibility in Texas law, physicians are limited to using telemedicine to treat acute pain with prescribed drugs and strictly prohibited from treating chronic pain with scheduled drugs.
With such forward-thinking legislation by Texas, technology will be the first pillar of defense to bolster our healthcare system against future diseases and pandemics. For digital healthcare to succeed, a patchwork of existing technologies will need to be integrated seamlessly to provide accurate diagnosis and quality of care, within a frictionless logistics chain. From electronic medical record (EMR) systems to wearable devices, from mobile apps to medical transport, technology will allow officials to track and predict the overall public health of a population so that it can anticipate any unexpected surges that overwhelm the delicate balance of a healthcare system.
Given the staunch requirements of privacy, identity verification, and portability of patient data, it is imperative that healthcare providers incorporating telemedicine into their operations reassess their privacy policies and cybersecurity protocols to identify any areas of vulnerability. For a robust privacy and cybersecurity policy, some structural items to consider are:
Properly disclosing what personal data is collected and how it will be used and disclosed;
Obtaining all necessary consents or opt-outs required under the jurisdiction of each patient;
Identifying all vendors and contractors who have access to patient data and having appropriate security and contractual restrictions in place;
Confirming that all services agreements with IT vendors contain audit provisions to police any vendors who are misusing or inadequately protecting patient data;
Verifying that all cybersecurity defenses in the data supply chain are, at minimum, industry standard;
Ensuring the software or app architecture is designed for privacy;
Integrating functionality into the software or app that allows patients to access their information and requesting its deletion; and
Contractually, limiting any unnecessary exposure by including proper warranty disclaimers and limitations of liability in any related Terms of Service or End User License Agreements.
In response to the pandemic, on March 17, 2020, OCR lowered restrictions and penalties to HIPAA violations for providers implementing telehealth services in the wake of the pandemic so long as they used reasonable care and good faith judgment.
Because telemedicine transcends physical boundaries, a meshwork of privacy laws is now implicated, including HIPAA, the California Consumer Privacy Act (CCPA), and the General Data Protection Regulation (GDPR). How such privacy laws intertwine and supersede each other will still need to be interpreted at the administrative, national, and local levels. As such, the selection of the choice of law and jurisdiction for the telemedicine platform will be critical in reducing any compliance burdens to a healthcare provider.
Given this legal framework, where is the technological frontier of telemedicine heading? Blockchain (an immutable, trusted source of information that is not controlled by a single party) will be a pivotal technology for the transition of physical, in-person patient care into a post-COVID world of digital healthcare. Blockchain technology will aid research, promote efficiency, and instill security in a digital healthcare system where patient data and healthcare records could be safely shared and accessed across multiple institutions. Due to a prevalence of falsified claims by patients, Blockchain will also be crucial in healthcare identity management and records management by reducing patient fraud, inaccuracies, and misdiagnosis by the physician. Any reduction of fraud and improvement of care will certainly be embraced by government payors and private insurers, who are ultimately responsible for determining reimbursements to physicians and facilities.
Here in the Texas Medical Center, artificial intelligence (AI) and machine learning have replaced humans in performing certain critical, life-monitoring functions.. Some of the basic tasks under the previous responsibilities of a nurse or tech are now detected by a variety of devices that alert staff and physicians if readings become abnormal. AI has become an irreplaceable component on the hospital floor to relieve the constraints of human staffing. With infectious diseases, AI can serve as an additional barrier to socially distance and insulate human staff fighting on the frontlines from unnecessary contagion while still ensuring a high quality of care.
Outside of the hospital, wearable devices and the Internet of Things (IoT) will be an additional layer of technology in the next frontier of digital healthcare. The well-being of a patient can be remotely monitored after a patient has returned home and into society. Real-time instructions can be given to a patient if the need arises or something abnormal is detected. Real-time data obtained by the wearables and devices can be simultaneously reconciled with any EMR system (on a Blockchain) containing the patient’s medical history.
Nonetheless, cybersecurity must be the highest priority as healthcare and patient data becomes entwined in a digital web of devices and information. Cybercriminals have used ransomware to hold entire healthcare systems hostage by hacking into the networks of a hospital and threatening to disable all system-critical, life-sustaining devices. As such, it is critical for healthcare administrators and Chief Information Officers to establish a relationship with the U.S. Department of Justice, Computer Crime and Intellectual Property Section (CCIPS) to thwart any potential threats and avail themselves of time-sensitive remedies. Additionally, cybercriminals are also using the internet to submit fraudulent claims, sell fake vaccines, and create a variety of other healthcare related scams. If a healthcare provider or hospital systems suspects foul play with its IT network, it must immediately report such activity with the FBI’s Internet Crime Complaint Center (IC3). But before a cyber-incident cripples a healthcare organization, the Healthcare Information and Management Systems Society (HIMSS) can advise on the latest industry standards and aid with taking proactive and preventative measures.
As the law is forever catching up with innovation, much is still unaddressed by our judicial system. The future of healthcare raises a plethora of policy, legislative, and legal issues that must be considered to promote the overall health of our population while protecting the quality of care and human rights of each individual patient and healthcare provider. Nonetheless, it is reassuring to see the various U.S. healthcare enforcement agencies embrace digital medicine by timely responding with more accommodating telemedicine laws in response to our current national crisis.