TechHealth Perspectives

STRATEGY, ANALYSIS, AND COMMENTARY ON CURRENT AND NEW HEALTH TECHNOLOGIES

The Lenovo/Superfish Scandal: What You Need to Know

LinkedIn Tweet Like Email Comment

superfishReports in the last week stated that the computer manufacturer Lenovo had preloaded software onto various lines of computers which critically compromised cybersecurity. The software in question is a product called Superfish Visual Discovery, a program generally designed to replace advertisements seen while browsing the Internet with ads provided by Superfish. However, the method of implementation opens up a universe of potential problems.

What Does Superfish Do?

Superfish is designed to replace Internet advertisements with advertisements provided by their sponsors. In order to do this, Superfish installs its own signed root certificate to the operating system. Furthermore, the Superfish certificate key being used is the same across all the affected systems.

What Does This Mean?

Secure browsing is based on a system of certificates. When you look up any website starting with https://, you are loading a secure website whose identity is verified using a certificate, usually validated by a third party. Normally, sites claiming to be secure that are not will trigger warnings from your browser. Superfish installs its own certificate and functions as a Man in the Middle, injecting its own content into the ostensibly secure connection between your computer and the secure website.

Because the certificate key used by Superfish is the same across all affected systems, it is easy to exploit that certificate to attack systems with the software installed. Reports indicate that people have been able to decrypt all data sent by HTTPS, including passwords, using this exploit.

Which Computers Are Affected?

Lenovo has published information containing a list of affected computers. The affected computers are laptops not in the ThinkPad series manufactured between September 2014 and February 2015. ThinkPad laptops, desktops, and smartphones are unaffected. Enterprise systems (e.g., servers and storage) are also safe.

Even if your organization has computers on the list of affected products, your organization may be safe. Generally, your IT department should be installing a clean version of Windows or an organizational system image on any new computer before it is brought into your network ecosystem. If your IT department does not do this, or your organization allows personal computers to perform work functions, you may be at risk.

Another potential issue is remote access. If anyone with remote access was using an affected computer, the user’s logon information potentially could have been compromised.

How Do We Remove Superfish from Affected Systems? 

The easiest and most secure way to ensure the removal of any issues is to install a clean copy of Windows on the affected computer. This should not be the backup copy provided by Lenovo, as that copy will still have Superfish. However, reinstalling Windows will cause you to lose any data on the computer. If you need to keep the data on the computer or otherwise cannot back up the data, a good guide on how to uninstall Superfish without reinstalling Windows can be found at ExtremeTech.

What Else Should We Do?

If your organization does not install a clean version of Windows or an organizational system image on new computers, you should put into place a procedure ensuring that all new computers get a fresh install of Windows or a fresh system image prior to introducing them to the network.

Because your employees may potentially have used an affected computer for remote access, you should identify any employees who have used Lenovo computers for remote access in the past six months. Those users should have their credentials changed as a precautionary measure.

CMS Hosts MLN Connects National Provider Call to Review New CCM CPT Code

LinkedIn Tweet Like Email Comment

CMSProviders, take note: the Chronic Care Management (CCM) CPT Code 99490 is now payable by the Centers for Medicare & Medicaid Services (CMS). Effective January 1, 2015, the Medicare program began making payments under the Physician Fee Schedule (PFS) for certain non-face-to-face management and care coordination services provided to beneficiaries covered under the traditional Medicare fee-for-service program. CCM services include, but are not limited to, development and maintenance of a plan of care, communication with other treating health care professionals, and medication management. In order to be eligible for CCM services, beneficiaries must have two or more chronic conditions, expected to last at least 12 months or until the death of the beneficiary. Claims for CCM services are payable on a monthly basis, must include at least 20 minutes of qualifying services, and are subject to beneficiary coinsurance and deductibles. Information on the availability of CCM services must be conveyed to the beneficiary through a face-to-face visit and the beneficiary must consent to receiving such services. Only one Medicare provider can provide and be paid for CCM services provided to an individual beneficiary during each calendar month.

CMS hosted an MLN Connects National Provider Call on February 18, 2015 to review the requirements for physicians and other practitioners to properly bill the new CCM CPT code. During the call, titled “Chronic Care Management Services: CY 2015 Medicare Physician Fee Schedule,” CMS provided an overview of the requirements for physicians and other practitioners to bill using CPT code 99490. CMS discussed the eligible beneficiary population for CCM services, the scope of CCM services, the Medicare providers who are eligible to provide CCM services (including on an “incident to” basis), and how CCM services might overlap with current demonstration and other initiatives by CMS. CMS noted that portions of the CCM requirements were finalized in two different PFS final rules, some in the CY 2014 final rule and the remainder in the CY 2015 rule. This overview was followed by a robust question and answer session, which provided some of the most interesting takeaways:

  • CMS has not established a specific list of chronic conditions that would be covered by the new CCM CPT code. CMS suggested referencing the Chronic Conditions Data Warehouse[1] to identify possible chronic conditions, but cautioned that use of the CCM CPT code would not be limited to the conditions identified therein. According to CMS, until such a time when more prescriptive restrictions could be established, the only limitations with regard to eligible chronic conditions are those outlined in the CPT code description itself.
  • Beneficiary consent to receive CCM services remains effective until withdrawn, even if the provider is not able to or otherwise does not bill for the CCM services for a period of time.Cash 5
  • CMS is deferring to the Medicare Administrative Contractors (MACs) many of the specific billing questions about which participants inquired during the call, including how to capture place and date of service details, how to document time spent performing CCM services, and whether time spent by Certified Medical Assistants can count toward the 20 minutes required per calendar month to bill for CCM services.

CMS recently published a new Fact Sheet regarding CCM services (ICN 909188). The Fact Sheet will be a helpful resource for providers seeking to utilize the CCM CPT code and other interested stakeholders, as it covers much of the detail discussed during the CMS call and includes a helpful table that illustrates the alignment between the CCM scope of service elements and billing requirements with the certified Electronic Health Record (EHR) or other electronic technology requirements.

So have the MACs weighed in yet regarding the use of new CPT code 99490? Stay tuned for our next post, in which we will “consult the MAC” to see what helpful guidance, if any, they have provided to date.

[1] Chronic Conditions Data Warehouse, https://www.ccwdata.org/web/guest/home.

 

Prescribing and Telemedicine: The “Physical” Exam

LinkedIn Tweet Like Email Comment

As so many of you know, the barriers to the wider adoption of telemedicine are numerous.  In listening to various stakeholders in the telemedicine space over the years, I consistently hear the same barriers being discussed:

One issue, however, that gets short shrift in my view is the issue of online prescribing—an issue that presents as formidable a barrier to the wider adoption of telemedicine as any other.  Before I take a deeper dive, I should mention that by online prescribing I do not mean e-prescribing, which generally refers to the issuance of a prescription electronically instead of in written form.  What I mean by online prescribing is physicians prescribing medications to patients via a telemedicine visit when the physician has never had an in-person encounter with the patient. Instead, the physician relies solely on information obtained through the telemedicine encounter.

Generally, and unless one of a very limited number of exceptions applies, states require that a physician first establish a valid physician-patient relationship before he or she may prescribe for the patient. In most states, a physical examination or evaluation of the patient is one of the requirements to be met in order to establish that relationship. But just what constitutes a valid “physical examination” varies from state to state? As you might imagine, this is critical in telemedicine because in many cases, telemedicine providers will be unable to physically examine or evaluate new patients in-person or face-to-face.  States address the issue in a variety of ways which has predictably led to a patchwork of sometimes inconsistent state laws. 

In- Person Physical Exam

Some states explicitly require an in-person examination or evaluation before a physician may engage in online prescribing for a patient. Under Arkansas law, for example, in the absence of a prior and proper patient-practitioner relationship, a physician must perform an in-person physical examination of the patient adequate to establish a diagnosis and to identify underlying conditions or contraindications to the treatment recommended or provided.

Physical Exam

Other states, while requiring a physical examination or evaluation, do not explicitly use terms such as “in-person” or “face-to face” to describe the exam.  Many have taken that to mean that the physician must have an in-person encounter with the patient—a very reasonable conclusion in my view—and one shared by most medical boards with which I speak.  Some observers, however, have concluded that because the requirement in these states is not as explicit as it is in other states (i.e., Arkansas), a reasonable argument can be made that a physical examination may occur by electronic means—especially if the examination results in the same information being obtained had the exam occurred in-person.  This is a gray area that will likely become clearer as many states re-examine their telemedicine standards.    

Physical Exam by Other Means

Significantly, there are a number of states that explicitly allow physical examinations or evaluations to be performed by electronic means or via telemedicine technologies. For example, in Maryland, if no prior in-person, face-to-face interaction with a patient has been done, a physician may “incorporate real-time auditory communications or real-time visual and auditory communications to allow a free exchange of information between the patient and the physician performing the patient evaluation.”  In Virginia, a physician must perform an examination of the patient “either physically or by the use of instrumentation and diagnostic equipment through which images and medical records may be transmitted electronically.”  Hawaii, New Mexico, and a handful of other states take a similar approach. 

Model Policy

Given the various approaches, what is a telemedicine provider to do? Some help is on the way.  The Federation of State Medical Boards, a national organization that represents 70 medical and osteopathic state medical boards in the United States, has developed the “Model Guidelines for the Appropriate Use of the Internet in Medical Practice” which among other things addresses the issue of prescribing head on:

  • Prescribing. If using telemedicine technologies, where prescribing may be contemplated, providers must implement measures—left to the discretion of the physician—to uphold patient safety in the absence of traditional physical examination. Measures should guarantee that the identity of the patient and provider is clearly established. To assure patient safety in the absence of physical examination, telemedicine technologies should limit medication formularies to those considered safe by the state medical board.

Some states have adopted the FSMB’s Model Policy in whole or in part. It is my hope that many more states will adopt the Model Policy as it represents a very positive step in the right direction toward harmonizing the disparate, inconsistent, and often confusing patchwork of state laws governing online prescribing. 

Telemedicine Has an Unlikely Ally: The FTC

LinkedIn Tweet Like Email Comment

As a lawyer practicing in the telemedicine space, I am rarely surprised these days.  But every once in a while I will read or hear something that stops me in my tracks. That is exactly what happened when I read a blog post by an FTC Commissioner which, among other things, calls for government policies that help facilitate greater adoption of telemedicine.  The post was part of a broader piece about the FTC’s role in promoting competition and innovation in health care.

By way of quick background, the Federal Trade Commission is the federal agency charged with protecting consumers and promoting competition, which includes challenging anticompetitive business practices.  The agency has been active in the health care sector, challenging several hospital and physician practice mergers. In an effort to highlight some of the FTC’s non-enforcement efforts, one of the agency’s five commissioners, Maureen Ohlhausen, wrote a blog post touting the agency’s advocacy efforts in the health care arena, and specifically highlighted how the FTC’s competition policy could help facilitate greater proliferation of telemedicine.

Among the highlights in the post related to telemedicine:

  • Telemedicine can reduce costs and increase access to care, but such advantages often run afoul of state professional licensing schemes that were developed to regulate local medical practices.
  • The variation in state licensure and other requirements continues despite “the fact that the core entry requirements for physicians are essentially uniform across the U.S”.
  • Legacy statutes and regulations are barriers “to the efficient flow of health care information and expertise and, indeed, specialized labor — barriers that can be costly to public and private payers and, in the end, individual patients,” without necessarily offering better consumer protection benefits.
  • Lawyers and policymakers need to creatively address ways to lower barriers without sacrificing the good in state regulations.
  • It is critical that policymakers “approach new technologies with a dose of regulatory humility” and should educate themselves about technological innovation, and:
    • Understand its effects on consumers and the marketplace;
    • Identify benefits and likely harms, and;
    • If harms do exist, consider whether existing laws and regulations sufficiently address the issues before assuming that new laws would be required.

Ms. Ohlhausen goes on to call for the FTC to use its policy research and development tools to better understand innovative technology, new business models facilitated by the new technology, and the likely risks and benefits for consumers.  More significantly, Ms. Ohlhausen also challenges the agency to educate itself “about undue impediments to innovation and competition” while also using its authority to enforce against harm to consumers from the use of new health information technology vehicles.

I can only applaud Ms. Ohlhausen’s approach.  It is encouraging to see a policymaker acknowledge the role regulations may play in stifling innovation and call for government agencies to find creative ways to lower barriers while balancing consumer protection.  I only hope other regulators follow Ms. Ohlhausen’s lead.


New Jersey Law Requires Encryption of Personal Information

LinkedIn Tweet Like Email Comment

On January 9, 2015, New Jersey Governor Chris Christie signed new legislation that will require health insurance carriers authorized to issue health benefits plans in the state—including insurance companies, health service corporations, hospital service corporations, medical service corporations, and health maintenance organizations—to encrypt personal information. Triggered by a series of data breaches involving the health information of almost a million residents, Senate Bill No. 562 (“SB 562”) was passed unanimously by both houses of the state legislature and will take effect on August 1, 2015.

Under SB 562, health insurance carriers will be prohibited from maintaining computerized records that contain personal information unless the information is “secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.” The use of a password protection program that prevents general unauthorized access will not suffice to meet the encryption requirement. “Personal information” is defined as an individual’s first name or first initial and last name linked with at least one of the following: (1) Social Security number, (2) driver’s license number or state identification card number, (3) address, or (4) identifiable health information.

The law applies only to end user computer systems and computerized records transmitted across public networks. “End user computer systems” include desktop computers, laptop computers, tablets and other mobile devices, and removable media.

The requirement to encrypt makes the New Jersey law stricter in this regard than the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), under which encryption of electronic protected health information (“ePHI”) is an addressable specification. Nonetheless, given that encrypted ePHI is exempt from HIPAA’s breach notification requirements, it is considered a best practice to encrypt ePHI.

Violation of New Jersey’s encryption mandate will constitute a violation of the New Jersey Consumer Fraud Act, which imposes penalties of up to $10,000 for the first offense and up to $20,000 for any subsequent offense. The state Attorney General may also issue cease-and-desist orders to violators and award treble damages and costs to affected individuals. Given these potential penalties, health insurance carriers in New Jersey should carefully review their policies and procedures and ensure compliance with the new law.

A Telehealth Tutorial: The Promise of Telehealth

LinkedIn Tweet Like Email Comment

As telehealth grows and becomes more mainstream, all kinds of questions often arise.  They range from administrative to operational to legal issues. In conjunction with the American Hospital Association, my colleague Amy Lerman and I have co-written two white papers for the American Hospital Association Trendwatch series focusing on telehealth issues. Among other things, the white papers discuss telehealth, operational, legal, regulatory, and policy issues.  The first white paper entitled “The Promise of Telehealth for Hospitals, Health Systems and Their Communities,” focuses on the following:

  • How the terms “telehealth” and “telemedicine are defined by various stakeholders;
  • Telehealth market trends and drivers of future growth;
  • Various applications of telehealth by hospitals;
  • The benefits of telehealth for hospitals;
  • Payment for telehealth services provided by hospitals; and
  • Various hospital case studies involving telehealth.

The second part of the white paper series focuses on the legal and regulatory issues implicated by telehealth.  You can read the entire first white paper by clicking here. 

President Obama to Announce New Privacy Initiatives in SOTU

LinkedIn Tweet Like Email Comment

The State of the Union Address, scheduled for January 20, 2015, will contain new initiatives related to privacy, White House officials say. The known initiatives are the introduction of a data breach reporting bill, a bill restricting the sale of student information, and a Consumer Privacy Bill of Rights.

SETTING A NATIONAL DATA BREACH REPORTING STANDARD

President Obama is planning on introducing a data breach bill that would standardize the reporting period nationwide at 30 days. The proposed Personal Data Notification and Protection Act would require direct customer notification. The law would also criminalize selling consumer identities overseas.

Presently, most states have their own consumer data protection laws requiring customer notification in the event of a breach. The new bill may preempt stricter state laws such as California’s 5-day window for reporting.

RESTRICTING THE USE OF STUDENT DATA

The White House will also propose the Student Digital Privacy Act, based on a California law passed last September. The main purpose of the bill is to restrict the sale of student data for use unrelated to education as well as restricting targeted advertising based on school-collected data. The bill seeks to restrict commercial uses while at the same time ensuring that outcome-based studies are allowed to continue.

ENACTING THE CONSUMER PRIVACY BILL OF RIGHTS

In 2012, the White House revealed plans for a Consumer Privacy Bill of Rights. This white paper laid out a set of seven guiding principles for consumer privacy (see Appendix A of the linked PDF). After receiving and incorporating suggestions during the last three years, the President will reportedly ask Congress to enact a revised Consumer Privacy Bill of Rights into law. The bill would ensure more control over personal data for individuals, more closely in line with the rules in place in the European Union.

STAY TUNED FOR UPDATES

As more information is released regarding the President’s privacy and security plans, we will cover it here, so check back in the coming days.

ATA Gets Clarification Regarding New Medicare Reimbursement Rules for Telehealth

LinkedIn Tweet Like Email Comment

Earlier this week, the American Telemedicine Association reported an important clarification regarding the Centers for Medicare & Medicaid Services’ (“CMS’s”) plans for expanding reimbursement for telehealth services provided to Medicare beneficiaries.  The October 31, 2014 final rule with comment period regarding payments to physicians generated much excitement in the telehealth community, particularly because it opens a door, albeit only slightly, to possible Medicare coverage for remote patient monitoring services.

However, the ATA has clarified with CMS just how far this door is ajar at the present time.  While CMS has added a new CPT code (99490) for “chronic care management” (described by CMS in the final rule as a service “designed to pay separately for non-face-to-face care coordination services furnished to Medicare beneficiaries with multiple chronic conditions”), and this new code does not require the patient to be present during the care encounter, CMS still will not allow any additional payments for CPT code 99091 (collection and interpretation of physiologic data) if it is bundled with the new code 99490.  According to the article, “[CMS] will allow providers to count the time they spend reviewing data towards the monthly minimum time for billing the chronic care management code.  CMS expects that this accommodation will enhance the utilization of the 99490 service.”  As the ATA article points out, while CMS has acknowledged that data collection is a valuable service and should be incorporated into chronic care management, the CY 2015 PFS apparently will not allow additional payment for these data collection efforts.

Telehealth providers still should feel encouraged by the positive strides that the final rule makes to reimburse providers for a widening range of telehealth services provided to Medicare beneficiaries.  Interested providers should follow related Congressional efforts to pursue payment under Medicare for remote patient monitoring.  While the recent final rule may have yielded less momentum on the Medicare reimbursement front than originally thought, it is momentum nonetheless.

CMS Expands Telehealth Reimbursement in New Rule

LinkedIn Tweet Like Email Comment

Who knew?!  Buried among more than 1,000 pages of a new final rule with comment period on payments to physicians, released on October 31, 2014, the Centers for Medicare & Medicaid Services (“CMS”) finally has given telehealth providers a glimpse of its plans to expand reimbursement for telehealth services provided to Medicare beneficiaries. 

The final rule includes a provision that would cover remote chronic care management using a new current procedural terminology (“CPT”) code, 99490 (with a monthly unadjusted, non-facility fee of $42.60).  This new CPT code can be bundled with the existing CPT code 99091 for collecting and reviewing patient data, which does not require the beneficiary to be present and pays an average monthly fee of $56.92 to the physician.  The final rule also includes a provision that would cover remote-patient monitoring of chronic conditions using existing CPT code 99091 (with a monthly unadjusted, non-facility fee of $56.92).  This provision will significantly broaden Medicare payments for remote patient monitoring of chronic conditions—while CPT code 99091 has been available for coverage of patient monitoring for many years, CMS traditionally has required (and will continue to require), that 99091 be billed in conjunction with evaluation and management (“E&M”) services (CPT codes 99201-99499), the most common of which are office visits.  Yet, since the new CPT code 99490 is an E&M code and is intended for coverage of monitoring chronic conditions, the two services can now be combined as chronic care management and remote patient monitoring with a combined monthly fee of approximately $100.  Notably, the 99490 and 99091 codes are available nationwide, as they are not considered by CMS as rural-only “telehealth” services.  CMS also added seven new procedure codes for telehealth services, including annual wellness visits, psychotherapy services, and prolonged services in the office.  Coverage under these new codes would begin in 2015.

Historically, Medicare has provided limited coverage for telehealth services, which has included coverage for interactive audio and video telecommunications that provide real-time communications between a practitioner and a Medicare beneficiary while the beneficiary is present at the encounter (Social Security Act § 1834(m); 42 C.F.R. § 410.78; Centers for Medicare & Medicaid Services, Medicare Benefit Policy Manual, ch. 15, § 270).  Medicare only has covered the provision of telehealth services if the beneficiary is seen: (a) at an approved “originating site” (e.g., physician offices, hospitals, skilled nursing facilities); (b) by an approved provider (e.g., physicians, nurse practitioners, clinical psychologists); and (c) for a small defined set of services, including consultations, office visits, pharmacological management, and individual and group diabetes self-management training services.

In a November 1, 2014 news release, American Telemedicine Association CEO Jonathan Linkous stated that the new final rule “has been a long time coming, but this rulemaking signals a clear and bold step in the right direction for Medicare” and, importantly, “allows providers to use telemedicine technology to improve the cost and quality of healthcare delivery.”

The 5 Issues That Trouble Regulators When Evaluating Direct-to-Consumer Telehealth

LinkedIn Tweet Like Email Comment

There can be no question that telehealth has gone mainstream.  The numbers speak volumes. Telehealth companies have been able to raise almost $500 million since 2007 according to a noted venture capital analyst.  A recent study indicated that U.S. employers could save up to $6 billion a year through telehealth.  Per the American Telemedicine Association, more than half of all U.S. hospitals now offer some form of telehealth service.  Some leading analysts estimate that global revenue for telehealth will reach $4.5 billion by 2018, and the number of patients using telehealth services will rise to 7 million by the same year.   I can cite countless examples showing the bullish trajectory of telehealth.  But problems remain.

One of the issues I constantly deal with is the patchwork of state statutes and regulations governing various aspects of telehealth. Some of these issues are being addressed by stakeholders such as the Federation of State Medical Boards—which has released a draft model physician licensure compact that could go a long way in streamlining multistate licensure for physicians.  The Federation has also developed a  model telemedicine policy it hopes states will adopts.  Other leading organizations such as the American Medical Association, the American Academy of Pediatrics, the American Academy of Dermatology, and the American Telemedicine Association are addressing various issues in their own way.

These initiatives, however, cannot hide the fact that many state regulators are troubled by a number of issues when evaluating whether various direct-to-consumer telehealth models comply with state law. This is especially true in situations in which the telehealth provider does not have a pre-existing relationship with the patient.  Even beyond the legal issues, the state regulators I have spoken to express unease with various aspects of direct-to-consumer telehealth.  Essentially, their concerns can be boiled down to the following five:

  • Overprescribing.  E-visits drive over-prescription.  That is a view voiced by many state regulators.  Often cited is a study examining urinary tract infections among other things which showed significantly higher antibiotic prescriptions as a result of e-visits for UTIs when compared to in-person provider office visits.  Patients were also more likely to be prescribed an antibiotic for sinusitis if they were treated via an e-visit as opposed to an in-person visit—although that disparity was nowhere near as significant.  The CDC notes that the drivers of inappropriate antibiotic prescribing are more pronounced with telephone and e-visits.
  • Lack of Access to a Patient’s Medical Record.  State regulators also point out that providers in many direct-to-consumer telehealth models usually do not have access to a patient’s full medical record.  In the vast majority of cases, telehealth providers are making diagnoses and treatment recommendations relying on questionnaires the patients are required to complete immediately prior to obtaining services.  Critics believe providing health care without the full context of a patient’s complete medical record is simply not good medicine.
  • No Ability to Document E-Visit Into a Patient’s Medical Record.   Related to the last point, some state representatives voice concern that providers in direct-to-consumer models are unable to document the e-visit into a patient’s medical record—meaning that subsequent health care providers are unable to see the diagnosis, treatment recommendations, or medications prescribed to the patient from the e-visit.
  • No Follow-Up Care.  The nature of how direct-to-consumer telehealth is currently structured does not lend itself easily to follow up care as a normal course of practice.  And many medical board representatives I have spoken to believe that follow-up care is critical to sound medicine.
  • Quality of Care.  Perhaps the most troubling issue for many of the regulators I talk to is the belief that many of the models they see cannot deliver the same quality of care as patients walking into their doctor’s offices.  They point out that quality is compromised without: 1) direct in-person physical examination of the patient by the distant providers; 2) the lack of access to a patient’s full medical record; and 3) the general lack of follow up care.  Moreover, many regulators simply refuse to believe that conditions such as strep throat or ear infections, for example, can be treated via an e-visit—especially when no pre-existing provider/patient relationship exists.  These concerns, they emphasize, are exacerbated by the lack of highly developed protocols and guidelines governing telehealth.  While many recognize that organizations have been developing such guidelines, they warn a lot more work needs to be done.

No one can doubt that regulators raise very valid concerns.  In talking to various clinicians and providers, however, they indicate that many of the issues have been or are being addressed.  One of the problems is that the lines of communication between regulators and industry have not always been open.  In my next blog post, I will discuss what telehealth stakeholders have been doing to address the regulators’ concerns.