Privacy should not be an obstacle to telemedicine
The practice of telemedicine is seen as potentially aiding the lack of healthcare professionals in the country, particularly in geographically isolated and disadvantaged areas. The Philippine Statistics Authority reported that in 2016, six out of 10 deaths in the country were not medically attended, possibly reflecting how accessible health facilities are to the people.
Many private hospitals and companies are already providing telemedicine services. While there is no specific regulation yet, there is a pending eHealth bill in Congress. The UP National Telehealth Center, under the leadership of Dr. Portia Marcelo, is at the forefront of telehealth services, exploring standards and addressing challenges to the use of information and communications technology (ICT) towards making telehealth an integral part of the Philippine’s health care delivery system.
Today, as we are in community quarantine and as we practice social distancing, telemedicine may be the answer to the need of patients seeking consult but unable to travel or unwilling to take the risk of additional exposure to the novel coronavirus.
We know that hospitals have been discouraging out-patient consults, and many health professionals are getting sick or are PUIs (persons under investigation). While we see Covid patients possibly overwhelming the capacity of hospitals, there remains many other patients with medical conditions requiring physician consults. In telemedicine, this care can be provided to the patients without need of face to face consults.
Concerns have been raised, however, that physicians may be reluctant to practice telemedicine because of fear of violating existing regulations. Some colleagues have pointed to the US announcement that they will not be imposing penalties for “noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the Covid-19 nationwide public health emergency.”
They wonder whether similar issuances have been released in the Philippines in relation to the Data Privacy Act. The DPA remains in effect, and how it is enforced and interpreted depends on the National Privacy Commission (NPC). To date, there is no specific regulation from the NPC for telehealth services, such as specific technical requirements or prohibitions. Even while it is in effect, the DPA should not be an obstacle to the provision of telehealth services.
The DPA provides that processing personal data, including health information, will be allowed when processing is for medical treatment purpose. It is likewise allowed when necessary to protect the life and health of a person, in cases where patients are unable to legally or physically give consent.
Adequate safeguards should be in place. What is adequate depends primarily on a consideration of risks. Considering the role of telemedicine at this time, the attendant risks to privacy may be balanced by the benefit of making it available for patients.
In order to manage these risks, the following are suggested:
Be transparent to patients. Inform them that the platform being used entails privacy risks. Inform them too, that a telehealth consult may not be equivalent to a face to face consult. Patients should likewise be told if the consult is being recorded.
Any personal information obtained in the course of the consult should be kept confidential, and only those involved in patient’s care should have access.
Personal information of patients should not be used for any other purpose, other than medical treatment.
Store only information that is necessary for patient’s care. Information should be secured when saved in computers and electronic devices such as password protecting files or folders, and securely deleting files when no longer needed.
Where the hospital or a private clinic does not have a system in place providing secure platforms to their physicians, the physicians who opt to use messaging applications and other platforms should check the privacy settings of the platform. Patients should be informed that the available platforms are not fully secure, and they should be given the option not to proceed with the consult.
Do not use public-facing platforms like YouTube or Facebook Live for telehealth consults.
Healthcare providers should choose a place to conduct the telehealth consult beforehand, so that it is conducive to communicating with the patient, and that interruptions or potential unwarranted disclosures are avoided.
Talk to the patient about their privacy concerns, if any.
Indeed, there are lots of issues that need to be addressed in Telemedicine, such as what standards to follow, whether there will be certifications in the future, health financing aspects such as Philhealth coverage. Privacy concerns should not be one of the reasons why physicians are discouraged from practicing telemedicine, particularly at this time, where medicine at a distance may be the safest option for many patients.
This article first appeared on Newsbytes on 19 March 2020.