Multiple hospitals received warnings in 2023 regarding their online tracking technologies and telehealth regulations. The Federal Trade Commission (FTC) and the Department of Health and Human Services Office for Civil Rights (OCR) sent these warnings to over 100 hospitals, stating there were significant problems with the tracking technologies. The agencies found these privacy and security vulnerabilities increased the risk of exposing patients’ sensitive personal health information.
These warnings are only one of several ways agencies are cracking down on healthcare organizations that aren’t complying with regulations concerning telehealth appointments. Telehealth companies have also been fined for failing to protect this data.
Regulators are increasing their efforts to ensure patient health data is properly managed and shared. As the regulatory environment tightens, companies may struggle to keep up. They must remain proactive and monitor regulatory updates and changes to ensure they comply with the latest regulations. How can they achieve this goal?
A Complex Regulatory Landscape
Healthcare organizations may struggle to keep up with regulatory changes because multiple agencies oversee telehealth operations. For example, the Office of Inspector General (OIG) monitors telehealth billing practices. Healthcare organizations must also watch for changes to the 2025 proposed physician fee schedule. The Centers for Medicare and Medicaid Services (CMS) is introducing new payments and coverage for digital health services. A wrong billing code could lead to a provider not being reimbursed, and the codes are different for those with government-issued insurance and private insurance. As government payments are scrutinized, every healthcare organization must ensure it handles all telehealth visits correctly or risk fines, penalties, and other consequences.
Data Reviews
Every healthcare organization must review its data management practices to keep up with telehealth regulatory changes. When doing so, the organization needs to look for vulnerabilities associated with disclosing health information. When these risks are identified, the organization must find comprehensive solutions to mitigate them before problems arise. These reviews must be conducted regularly to confirm that the systems that disclose health information adhere to the latest best practices while complying with the most recent regulations.
Coding and Documentation Reviews
Coding and documentation reviews must also be completed routinely. As mentioned, the Centers for Medicare and Medicaid Services is implementing new codes. If a provider doesn’t use the correct codes, they may not be in compliance and risk not being paid for completed visits. Keeping up with changes across various agencies can be time-consuming, and one missed change could lead to penalties and the loss of payments. Many organizations today rely on the OIG toolkit to evaluate their billing practices. If any potential issues are found, the organization can dig deeper to learn whether it complies or changes must be made to prevent future problems and penalties.
Training and Awareness
Every employee must comply with these rules and regulations. Organizations must foster a compliance culture to ensure the actions of one employee don’t harm the entire organization. Regular training sessions ensure all workers know the latest regulations and best practices regarding data safety and security. When everyone works together to protect this data, the organization lowers its risk exposure, which benefits all.
Telehealth options continue to grow as providers and patients benefit from them. However, the number of regulations regarding this healthcare delivery method also continues to grow, and every organization must comply or risk penalties, fines, and other negative consequences. Organizations can easily navigate the regulatory landscape when they complete the steps outlined above and ensure their patient data remains safe. That should always be the top priority.
