9/16/2015
1
©2015 Foley & Lardner LLP • Attorney Advertising • Prior results do not guarantee a similar outcome • Models used are not clients but may be representative of clients • 321 N. Clark Street, Suite 2800, Chicago, IL 60654 • 312.832.4500
1
Wednesday, September 16, 2015 – 12:00 pm Central
©2015 Foley & Lardner LLP
Presenters2
Nathaniel M. Lacktman(Moderator)PartnerFoley & Lardner [email protected]
Brandon M. Welch, M.S., Ph.D.Co-Founder of Doxy.me; AssistantProfessor, Medical University ofSouth [email protected]
Michael CarterEnterprise Manager of Mediaand Telemedicine Systems,Partners [email protected]
Leeann HabteSenior CounselFoley & Lardner [email protected]
9/16/2015
2
©2015 Foley & Lardner LLP
3
Telehealth
Virtualvisits
Remotemonitoring
Storeand
forward
©2015 Foley & Lardner LLP
■ Telehealth: Security Risks and Vulnerabilities
4
•Security of mobiledevices
•Multiple systems,technologies,platforms
•Large volumes ofdata – secure storageof video/images
•Transmission ofinformation viawireless/wifi/internet/communicationlines
•Privacy ofConsultation
PhysicalSecurity
TransmissionSecurity
UnauthorizedAccess
DataManagement
9/16/2015
3
©2015 Foley & Lardner LLP
5
■ Legal Framework
Sector-specific.
Jurisdiction-specific andmay apply to eithercertain providers or tocertain types ofinformation.
Consumer ProtectionLaws.
Health Information Portability & Accountability Act (HIPAA) andHealth Information Technology for Economic & Clinical Health(HITECH).
Federal Communication Commission.
Informed consent for telemedicine. Mental health information. Substance abuse information. HIV/AIDS/communicable disease data. Genetic data. Marketing restrictions. State breach reporting.
Federal Trade Commission. Food and Drug Act.
STATE
LAWS
FEDERAL
LAWS
©2015 Foley & Lardner LLP
6
HIPAA Issues for Telehealth
Is the telehealth company a Covered Entity, Business Associate,both, or neither?
Role of telehealth company -- data storage, reporting, billing,other
Data Management –chain of custody, liability, access/use ofconsumer data, deidentification (mining, re-sale)
Data Security – encryption, authentication, data storage
9/16/2015
4
©2015 Foley & Lardner LLP
7
Privacy Compliance
Notice of Privacy Practices (who provides,MSO, vendor, provider)
Website Privacy Statement (different thanNPP)
Terms of Use
Informed Consent to Telemedicine
Online “pop-up” authorizations
Electronic signatures
©2015 Foley & Lardner LLP
8
Privacy Considerations
Which state law applies to interstate consults?
Laws that govern use and disclosure of informationData breach notification laws
Ownership of telehealth record
Who owns the record? Provider or patient?
Medical record requirements
Is the video/audio recording part of the medical record?What are the retention requirements?
9/16/2015
5
©2015 Foley & Lardner LLP
9
International Considerations
National/local data collection and privacy laws –What triggers laws? Data collection? Data storage?
Data transfer issues
International security protocols
©2015 Foley & Lardner LLP
9/16/2015
6
©2015 Foley & Lardner LLP
Technology and HIT Systems
BusinessProcess
Technology
IT SystemsBusinessSolutions
BusinessChallenges
©2015 Foley & Lardner LLP
IT Components
12
InformationSystems
ComputingDevices
OperatingSystems
EnterpriseSystems
NetworkingTelecommSecurity
Integration
DataManagement
9/16/2015
7
©2015 Foley & Lardner LLP
Mediating Factors
Environmental Cultural Structure
BusinessProcesses
PoliticsDecisionSupport
13
©2015 Foley & Lardner LLP
Technology Selection
▪ Build vs Buy
1. Agility versus sustainability
2. How to choose the right technology partner
How to address internally developed solutions
The use of technology consultants
▪ What is feasible?
▪ What does scale look like?
▪ Could this be an Enterprise System?
9/16/2015
8
©2015 Foley & Lardner LLP
Integration
▪ How can technology integration add value?
1. Automation
2. Cost Reduction
3. Capacity building
▪ Where to focus
1. Reducing disparate systems
2. Tying in with clinical systems
3. SaaS and PaaS based models
©2015 Foley & Lardner LLP
Privacy and Security Overview
The challenge: protect PHI as it moves through thehealthcare system
▪ Potential obstacles:
1. Internal
▪ Workflow
▪ Politics
▪ Organizational Culture
2. External
▪ Hackers
▪ Identify Theft
▪ State Sponsored Attacks
▪ Consumerization of IT
9/16/2015
9
©2015 Foley & Lardner LLP
Approaches to Security
▪ Cyber Security Changing Landscape
▪ Encryption and HIPAA compliance
▪ Two Factor Authentication
▪ Data Management
©2015 Foley & Lardner LLP
Security Breaches
▪ 62% increase in security breaches since 2013
▪ 2.5 billion exposed records in 2014
▪ Telehealth is an unfamiliar territory to most securityprofessionals
▪ How to prevent IT security breaches
1. Third Party Code Audits2. Hosting Security Reporting3. Active Monitoring4. Standards
9/16/2015
10
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
9/16/2015
11
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
9/16/2015
12
©2015 Foley & Lardner LLP
Media relayserver
©2015 Foley & Lardner LLP http://chimera.labs.oreilly.com/books/1230000000545/ch18.html
Peer-to-peer(P2P)
Real-time
interaction
9/16/2015
13
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
HIV TREATMENTCLINIC
9/16/2015
14
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
9/16/2015
15
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
vs
Communication andinteraction Documentation
9/16/2015
16
©2015 Foley & Lardner LLP
©2015 Foley & Lardner LLP
9/16/2015
17
©2015 Foley & Lardner LLP
Contact Information33
Visit: www.foley.com/telemedicine www.healthcarelawtoday.com
■ Brandon M. Welch, M.S., Ph.D.Co-Founder of Doxy.me; AssistantProfessor, Medical University of [email protected]
Twitter: @WelchBM
■ Michael CarterEnterprise Manager of Media andTelemedicine SystemsPartners [email protected]
■ Nathaniel M. LacktmanPartnerFoley & Lardner [email protected]
Twitter: @Lacktman
■ Leeann HabteSenior CounselFoley & Lardner [email protected]
Register Today at personalizedmedicinesummit.com
Foley Web Conference Attendees Save 40%!
VIP Rate: $175 • Discount Code: FOLEYVIP15
Join Us Next Month for the Best Value inPersonalized Medicine Thought Leadership!