
Telepsychiatry: The Perils of Using Skype
What Skype does not offer is a means of communication clearly suitable for clinical services-especially in mental health and psychiatry.
First released in 2003, Skype offers free, worldwide video access to any patient with an Internet connection, either by mobile device or desktop computer. What it does not offer, however, is a means of communication clearly suitable for clinical services-especially in mental health. According to estimates reported by groups such as the Institute for Healthcare Consumerism,
The Health Insurance Portability and Accountability Act
Ordinarily, neither federal nor state law is designed to regulate specific proprietary entities such as Skype and its competitors. Video-chat platforms were developed for marketing to the general consumer, and not for health care. The Health Insurance Portability and Accountability Act (HIPAA) holds professionals responsible for conducting their own internal risk assessments regarding their chosen technologies. Before using any equipment, the professional should require documentation that explicitly promises ”HIPAA compliance” or “HIPAA compatibility.” One could take further comfort in a designation of
HIPAA requires the use of equipment that allows for audit trails. According to the American Health Information Management Association,
It is not certain that HIPAA applies to clinical use of Skype. If Skype were strictly a conduit for information, it might not satisfy the definition of a business associate. Text-based messages exchanged by parties using Skype, however, are stored for at least 6 months, likely making Skype more than a “simple conduit.”
Furthermore, as soon as one opens his computer or smart device, Skype’s settings allow it to automatically issue a real-time notice to everyone in one’s contact list, announcing that the person is now online. Skype also has had a problem with recurring hacks,
Legislation
In light of newly enacted, sweeping changes in privacy law, technology choice is more of a concern. Under these
In response to alleged physician violations of norms of online professionalism, state regulators have recently stepped up their enforcement. The HHS Office for Civil Rights (OCR) has also been hard at work. Since OCR publishes monthly,
If a particular state law privacy or security requirement is more restrictive than HIPAA, then state law trumps HIPAA and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Among other provisions, HITECH increases the penalties that may be imposed for HIPAA violations and makes business associates directly liable for HIPAA violations. In some states (eg, Texas, California), privacy and security regimens are quite sophisticated and detailed. Issues related to privacy and security potentially involve jurisdiction of 3 sovereigns-the US federal government in Washington, DC; the practitioner’s state capital; and, maybe the patient’s state capital.
In a noteworthy statement regarding Skype, the
Following the recommendations and protocols suggested by professional and security experts is valuable to reduce the risks of inadvertent disclosure of confidential mental health information when using Skype to provide confidential mental health services; however, use of Skype or similar VoIP communications systems still presents some privacy risks. Expanding access to mental health services in rural or underserved areas is an important value fostered by the availability of Skype services, but professional social work standards for security and privacy of data at this time are better supported by the use of electronic services and communications programs that are dedicated to the delivery of secure telemental health services and that offer detailed HIPAA compliance information and/or HIPAA Business Associate agreements.9(p2),10
Disclosure
A well-crafted informed consent document, combined with well-considered intake procedures, may diminish exposure to tort liability on consent theories. Considerations for such documents may include a discussion of power outages, for example, including their unpredictability. Whether the exchange will be recorded is pertinent to the informed consent process. Accurate documentation of informed consent demonstrates that after the provider disclosed the inherent risks, the patient said, “I understand and I still want to proceed.” In some states, however, this approach can fall short with vulnerable populations: the mentally ill, minors, those with protected conditions such as HIV, and other groups.
No informed consent process or agreement with a patient who will be using technology to mediate care will be adequate for all situations in all states of the US or foreign countries. Choosing technology wisely is of importance to mental health professionals, not only as we practice, but also as we make referrals to colleagues.
Professionals should inquire whether they might be held responsible for referrals to practitioners who are not informed of the risks of using consumer-grade as opposed to health-grade technology for care. Some HIPAA compatible platforms are available for $30 to $150 per month for unlimited use. [Note: A list of over 50 HIPAA compatible video teleconferencing (VTC) platforms is maintained at the
Conclusion
This area of the law is still in a relatively primitive state. It is apt to change considerably over time. Practitioners offering services at a distance are well advised to keep abreast of developments in the field, and to adapt their practices accordingly
It would be entirely possible to comply perfectly with applicable federal and state regulations and statutes and still face liability exposure as a result of using Skype or competing Web-based platforms. If an expert (this can merely be “someone in your field”) is prepared to say that in spite of compliance with applicable, positive law, statues, and regulations, your decisions represented a departure from what reasonable people in your field would do under similar circumstances, and if someone can make a colorable claim of having been harmed as a result of this alleged departure from accepted practice, nothing else may be required to create a jury issue and thus liability exposure.
References:
References1. Slabodkin B. Worldwide telehealth market to grow 55% in 2013. Fierce Mobile Healthcare. January 1, 2013.
2. Terry K. Telehealth to grow six-fold by 2017. Information Week Healthcare. January 23, 2013.
3. National Institute of Standards and Technology (NIST). Federal information processing standards.
4. American Health Information Management Association. Security audits of electronic health information (updated).
5. Centers for Medicare and Medicaid Services. Covered entity charts. guidance on how to determine whether an organization or individual is covered entity under the Administrative Simplification provisions of HIPAA.
6. Skype: Reported Security Issue-RESOLVED.
7. Heussner KM. Are health care companies prepared for the new HIPAA privacy and security rules? GigaOM. January 18, 2013.
8. US Department of Health & Human Services. Enforcement highlights (as of January 31, 2013).
9. National Association of Social Workers. Social workers and Skype: part I. 2011.
10.Greysen SR, Chretien KC, Kind T, et al. Physician violations of online professionalism and disciplinary actions: a national survey of state medical boards. JAMA. 2012;307:1141-1142.
Newsletter
Receive trusted psychiatric news, expert analysis, and clinical insights — subscribe today to support your practice and your patients.