Telemedicine Regulations: An In-Depth Look

Igor Izraylevych

4 min read

The world of HealthTech increasingly involves the creation of apps and solutions in support of telemedicine. 

Especially with the advent of the pandemic in 2019, telemedicine has become increasingly relevant to care providers and patients alike. 

CTOs, project managers, and other top-tier decision makers in the healthcare space are starting to ask a lot of questions around telehealth, including how to best develop a telehealth solution.

When engineering a Telemedicine solution, what telehealth regulations do you need to consider? What telemedicine accreditation standards exist? It varies from region to region. Let’s take a look at four regions: 

  • the United States
  • the United Kingdom
  • the European Union
  • and Switzerland

Telemedicine Laws in the United States

Regulations around telemedicine in the states involve several different components from different agencies. 

More importantly, different states have their own regulations. 

There have been efforts made in recent years to create more cohesion across the 50 states via telehealth parity laws. Federal acts that have created oversight with regard to telehealth include:

Health Insurance Portability and Accountability Act (HIPAA)

The Office for Civil Rights (OCR), which is a subset of the U.S. Department of Health & Human Services (HHS), created what are known as the HIPAA rules. 

These rules ensure that the privacy and security of patient health information (PHI) is protected. These rules also demand that healthcare entities notify patients when PHI privacy is breached.

What are the requirements for telemedicine under HIPAA for using telemedicine?

According to the Department of Health and Human Services, providers should always use private locations when delivering telehealth. Additionally, patients should not receive telehealth services in public or semi-public settings, unless the patient gives consent to that or there are exigent circumstances.

There are additional exceptions. 

If telehealth cannot be provided privately, covered health care providers should work to ensure that reasonable HIPAA safeguards are in place that will limit incidental uses or disclosures of protected health information (PHI). 

Examples include using a lowered voice, avoiding using speakerphone, or asking the patient to move away from others when discussing PHI.

Federal Food, Drug, and Cosmetic Act (FD&C Act)

The Federal Drug Administration enforces the FD&C Act, which oversees medical devices with regards to safety. 

This ‘safety’ applies to the security of mobile medical apps used in telehealth. 

Federal Trade Commission Act (FTC Act)

Those developing telehealth solutions also need to consider the FTC Act, which is overseen by the Federal Trade Commission. 

This act states that it is unlawful to engage in “deceptive or unfair acts or practices” related to commerce, which includes practices related to data security and privacy. 

In other words, a telehealth company, for example, cannot make false claims about how secure their telemedicine solution is.

The FTC Health Breach Notification Rule

Mirroring HIPAA regulations, the FTC also maintains a Health Breach Notification Rule that requires certain businesses to notify patients when breaches of personal health records occur.

Telemedicine Laws in the EU

As in the U.S., regulations in the EU can vary from country to country. At the federal level, the EU Commission began drafting a framework for telehealth laws in 2012. 

These include clear language on the right of all Europeans to receive healthcare, including telemedicine, from any member state, in accordance with (Article 4(1) of the E-Commerce Directive 2011/24/EU on the application of patients’ rights in cross-border healthcare. 

It is the responsibility of each member state to ensure that healthcare professionals in-country are honoring professional rules and standards when delivering telehealth services.

Telemedicine Laws in the UK

In the United Kingdom, the Care Quality Commission (CQC) oversees healthcare institutions and providers. 

This commission requires that telemedicine providers register before performing services. Since the UK is still in transition since leaving the EU, the E-Commerce Directive 2000/31/EC will apply to telehealth services in the country for the duration of the period of transition.  

Telemedicine Laws in Switzerland

In Switzerland, there is no specific legislation regarding remote healthcare or telehealth. 

Telehealth professionals are expected to adhere to the standard practices and ethics related to medicine in the country. Individual cantons within the country may restrict prescriptions via telemedicine and require in-person consultation.

HL7 Data Exchange Standards in Healthcare

Finally, there are some international standards that apply globally to telehealth and that have been adopted by 50 countries internationally. 

These are the HL7 Data Exchange Standards, which oversee the transfer and sharing of data between healthcare providers. It provides telemedicine apps with easier and more efficient ways to share healthcare data.

The HL7 standards, in summary, include seven sections:

Section One: The primary set of standards that define how systems integrate along with compliance methods.

Section Two: Defines the foundational standards users should employ when building a solution’s infrastructure.

Section Three: Provides cohesive methods for messaging and maintaining documents.

Section Four: Defines the construction of electronic health records.

Section Five: A supplemental section that outlines implementation methods with support documents.

Section Six: Rules regarding programming structures for software.

Section Seven: Educational materials on developing and adopting HL7 standards.

Within the larger HL7 standards, there is also the HL7® FHIR® (Fast Healthcare Interoperability Resources 1) standard. 

This standard lays out protocols for the exchange of healthcare data between computer systems. It also provides a way to make clinical and administrative data available to relevant providers who need access in order to provide care.

FHIR builds on previous standards, such as HL7 V2, HL7 V3, and Clinical Document Architecture, which was part of HL7 V3. Unlike these legacy standards, however, FHIR leverages RESTful web services and open web technologies, including XML, JSON and RDF data formats.

Policy Changes During the Pandemic

Federal and governmental entities around the world relaxed some telehealth requirements during the COVID-19 pandemic. 

This was out of necessity, as the shutdowns in many regions prevented individuals from receiving quality healthcare. 

Telemedicine also provided an effective method for triaging patients remotely so as to avoid too many unnecessary visits to already busy emergency rooms and hospitals.

What Documentation Is Required for Telemedicine Services?

As for documentation, within the US, telemedicine requirements are the same as they would be for an in-person visit. 

Any information related to a telemedicine appointment, including doctor notes, medical history, and prescriptions, should be documented and stored within a telemedicine solution.

In Conclusion

If it was clear before that telemedicine was a popular trend in healthcare, that fact is now established post-COVID. 

Patient demand is driving the adoption of telemedicine, according to a study conducted by the Medical Group Management Association

According to McKinsey, telehealth usage has increased 38 times over the baseline before the pandemic began. 

For thought leaders in the healthcare space, exploring how to integrate telemedicine into a business or practice is increasingly relevant. 

If you wish to learn more about how to implement a secure and performant telemedicine solution into your current business model fill in the online contact form or email the team at [email protected].

Igor Izraylevych