A long-standing and key patient challenge within the U.S. healthcare system is lack of physical access to healthcare providers, a challenge that affects healthcare providers as well—particularly those in private practices struggling to meet ever-growing financial objectives but unable to support a sudden influx of new in-person patients. For some time now, telemedicine has been touted as the solution to the problem for patient and provider alike. Thanks to the maturation of the cloud and the WAN, 2015 looks to be the year when telemedicine can truly come into its own.
Telemedicine, the cloud, the WAN, and the specter of HIPAA compliance
In nearly all cases, an effective telemedicine service will be heavily reliant on the cloud and the WAN. Cloud hosting makes the service a more affordable option for most healthcare providers than attempting to build out and then operate, maintain, and service in-house infrastructure for remote consulting purposes, after all. It takes much of the hassle out of the healthcare provider’s hands. Typically, patients and healthcare providers will connect to and communicate through a cloud-hosted consultation application. Some applications may rely primarily on synchronous or asynchronous messaging to facilitate consultations; the more advanced will enable live video consultations, a must in some specialties. And those live video consultations will demand a fast, stable, and secure WAN connection.
This last point is particularly critical for healthcare providers. The necessity of HIPAA compliance often holds enterprises in the healthcare vertical back from adopting technologies, such as cloud computing, that may otherwise be of great benefit to the business. Using the cloud to deliver remote healthcare consultations complicates matters. For the most part, organizations are making progress in getting a handle on securing electronic Protected Health Information (ePHI), but remote doctor visits mean that not all ePHI will be collected in structured and easily handled data formats. Messages, emails, and audio and video visit recordings will need to be secured as well to remain in compliance with HIPAA requirements.
Complying with HIPAA while operating a telemedicine service in the cloud will demand especial care at every step of the process. One particularly important area is the choice of cloud hosting provider. A number now cater to the healthcare industry’s growing demand for compliant cloud infrastructure by providing HIPAA-compliant hosting solutions. Cloud hosting provider Atlantic.net is one competitor in this field, offering a solution that has been audited by a third party for HIPAA and HITECH compliance and that includes a HIPAA Business Associate Agreement as well as encrypted backup, storage, and VPN capabilities.
Healthcare providers who want to make sure they’re covered from every angle cannot stop there, however. Host-provided encryption is better than no encryption but presents a key vulnerability in that the healthcare enterprise may not have exclusive access to the encryption keys, increasing the risk of intentional or inadvertent ePHI exposure originating at the CSP. For fuller coverage, healthcare providers may want to turn to additional data protection tools, such as client-side encryption with support for exclusive encryption key control and rotation as well as robust logging and auditing capabilities, in the vein of CipherCloud’s cloud encryption offerings.
Finally, an affordable billing model is vital to a successful telemedicine initiative. The aforementioned Atlantic.net has been billing customers per second rather than by the hour or in twenty-minute increments, as its competition often does. A telemedicine service will most likely not launch with a full patient load; keeping costs down will help ensure that the initiative is cost-effective enough to provide room for growth.
“When we turn off the light at our house, we don’t expect the utility to bill us for the rest of the hour,” Atlantic.net founder, president, and CEO told me.
Telemedicine in practice: The rise of teledermatology
One specialty to keep an eye on when it comes to telemedicine is dermatology. In recent months, two teledermatology services have made headlines for their innovative service models, which enable patients in covered geographical regions to access affordable remote dermatologist consultations via the cloud.
Available to patients in California, Florida, New York, and Pennsylvania, Spruce offers $40 dermatologist consultations that include 24-hour response from the patient’s assigned dermatologist, a diagnosis and treatment plan, and a month of post-visit messaging. The board-certified dermatologists in the Spruce network treat conditions ranging from acne and rosacea to insect bites, stings, rashes, poison oak and ivy, and even male hair loss. Getting a consultation requires little more than the Spruce iOS mobile app and a few pictures of the symptoms, and the company boasts HIPAA compliance to protect its patients’ confidentiality and privacy. Founded by investor Ray Bradford, who formerly led a core product management team at Amazon Web Services and was instrumental in several Big Data initiatives, including Amazon Redshift, Spruce utilizes a backend built upon Amazon Web Services (AWS).
“We’ve put a great deal of thought into designing a system with multiple layers of security and strict access controls to protect patient health information. We have a Business Associates Agreement with AWS and all our other vendors, only using services that are HIPAA-eligible,” Bradford told me.
PocketDerm treats fewer concerns than Spruce but goes a step further in its treatment strategy, providing not only remote dermatologist visits but also custom-compounded prescriptions for its patients. The service operates on a subscription basis, with membership costing $19.95 a month, which covers the doctor consultations, messaging, and even shipments of the medicines prescribed. Rather than limiting patients to an iOS app, PocketDerm utilizes a web application to facilitate doctor-patient communication and works with any computer or mobile device. Longer-established than Spruce, PocketDerm doctors are available in Alabama, Alaska, Arizona, California, Colorado, Connecticut, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Maine, Michigan, Minnesota, Missouri, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, Washington, D. C., Wisconsin, and Wyoming, and the growth of the service is a promising sign for the future of telemedicine.
“Many [of our patients] are in rural areas where seeing a dermatologist is almost impossible, but there are many others who live in metro areas where they could see a specialist but choose to use teledermatology instead via PocketDerm,” Dr. David Lortscher, the dermatologist behind PocketDerm’s inception, told me. And he sees the PocketDerm model as applicable to other medical specialties, too. “Psychology and psychiatry lend themselves particularly well to telemedicine, but I think you can find an important application for telemedicine within every medical specialty,” Lortscher said.
As mobile devices become ever more widespread and reliance on the cloud continues to grow, expect telemedicine to expand its footprint in the healthcare system. The accessibility and affordability benefits are encouraging to patients who would otherwise find specialized healthcare services out of reach.
“I think that as long as we continue to see more and more people use technology in more and more aspects of our lives, telemedicine will be commonplace within the next 4-5 years,” Lortscher said.
Photo courtesy of Shutterstock.