Everyone has been encouraged to distance themselves from unnecessary contact in order to avoid the spread of Covid-19, and this includes health care professionals and providers. As a result, many providers of health care services, including social workers, health professionals, and unregulated providers, are providing or proposing to provide health care services to their clients (or patients) remotely. And with good reason: telehealth services are seemingly necessary in the current social distancing climate, and have been found to be increasingly useful in providing effective and timely health care.
On the other hand, providing health care services to clients via telemedicine and videoconferencing may not be ideal and is not always practicable, but the current global health climate seems to be calling for such a change. Some regulatory health colleges have responded to this need by publishing directions to their members on offering telemedicine and providing videoconferencing services to clients during this novel pandemic.
This blog outlines some considerations for the delivery of remote health care services during this Pandemic.
Risk of Providing Telehealth Services Generally
Providing telehealth services is inherently risky from a privacy perspective, because there are numerous opportunities for a privacy breach related to both the technology used and to user error which, if not managed appropriately, could result in the delivery of health care services remotely not being compliant with the Personal Health Information and Protection Act, 2004 (PHIPA). Further, obtaining informed consent from clients for the services provided remotely and for the use of telehealth or other remote service delivery options can be challenging. While there are certain secure platforms used by health information custodians (HICs), and many mobile apps offer security through end-to-end encryption, there are risks associated with providing services on mobile devices, particularly where both the health professional and the patient are using mobile devices (such as a laptop computer or mobile telephone). Such risks include:
- The risk of mobile devices being lost or stolen;
- Videos being screenshotted and forwarded;
- Clients’ (and – to the chagrin of privacy officers and lawyers – professionals’) devices not being encrypted;
- Clients’ Wi-Fi networks not being secure;
- Clients not having adequate password protection on devices; and
- Clients not having taken the same and necessary steps to protect their personal health information (PHI) that the HIC would take.
In other words, even if the health professionals ensure that their own mobile devices and Wi-Fi connections are secure, there remains a risk that the patient has not taken the necessary steps to ensure their mobile devices and Wi-Fi services are secure when accessing them from home.
These risks must be managed, to the extent possible, and providers should discuss these risks with clients as part of the informed consent process.
Many regulatory Colleges offer guidance to their members when providing telehealth and telemedicine services. Further, some Colleges have posted recent Covid-19 publications that provide direction to their members. Some notable publications of colleges are summarized below. Each of these guidance documents has valuable tips and insights, and will be of value to employers and providers of multi-disciplinary health care services, and to care providers who are not regulated professionals as they develop policies and procedures for virtual health care services.
College of Physicians and Surgeons of Ontario (CPSO)
The Canadian Medical Protective Association allows clients to connect remotely with a healthcare provider through text, video chat or phone. The healthcare provider is required to be satisfied that security protocols are in place to adequately protect patient information from being transmitted electronically. In the wake of Covid-19, the CPSO has communicated that it allows virtual care when it is appropriate to do so, and published draft clinical guidance, “Adopting and Integrating Virtual Visits into Care” on March 12, 2020.
The College of Physiotherapists of Ontario (CPO)
The CPO ordinarily states that telerehabilitation is appropriate in order to deliver services not otherwise available, so long as care and regulatory accountability is not compromised and patient care remains safe and effective. If a hands-on examination or assessment is required for a proper clinical analysis, then telemedicine is not preferred. Recently, the CPO provides information about “Tele-Practice” as an alternative to in-person visits during Covid-19, and provides a list of questions for members to consider before providing services to clients by phone or video.
The College of Occupational Therapists of Ontario (COTO)
COTO encourages its members to use professional judgement to determine the essential services that can still be provided to clients, which depends on the employment setting, sector, and clinical population served. In the current pandemic crisis, Occupational Therapists (OTs) must wear personal protective equipment (PPE) when providing care to clients. If PPE cannot be obtained, OTs can consider providing virtual care. Generally, when OTs provide telehealth services, COTO’s Guidelines for Telepractice in Occupational Therapy require its members to, among other steps, ensure the technology is of sufficient quality to: communicate effectively; provide safe care; and form an accurate professional opinion. In order to do this, COTO members must consider the clients’ needs, the reliability and security of the IT systems and internet access, and the technical support available. Before engaging in telehealth services, members are expected to be sufficiently trained in the use of technology and to take reasonable measures to ensure minimal service interruptions.
The Ontario College of Social Workers and Social Service Workers (OCSWSSW)
On its website, the OCSWSSW lists existing publications and resources that are relevant in the Covid-19 culture of social distancing. For example, the publication, “Professional and Ethical: Communication Technology Practices and Policies for a Digital World”, states that members who engage in sessions with clients via email, Skype or other video chat platforms must have transparent discussions about confidentiality with clients. OCSWSSW also provides its members with a list of considerations when using communication technology (text, email, videochat, social media platforms and other types of online communication) in practice.
College of Registered Psychotherapists of Ontario (CRPO)
CRPO advises its members that if they have the appropriate technology in place and possess competencies that are necessary to engage clients in a safe, effective therapeutic process, electronic practice is available to members to provide care to clients remotely during the Covid-19 pandemic. Members are encouraged to consider issues of consent, confidentiality and professional liability insurance and refer to CRPO’s general information with respect to electronic practice.
While CRPO does not provide advice about specific platforms to use for videoconferencing, it warns that “security vulnerabilities are not limited to a particular platform, but rather, extend from end to end – including security of the internet access point, devices being used, how devices are being used, software intended to offer security protection…” CRPO has developed a Security Practices Checklist to help its members assess their own IT infrastructure and information security practices. The security checklist is a helpful tool in encouraging its members to consider the internet connection, member’s devices, client considerations, videoconferencing, records management etc. when providing videoconferencing services.
The College of Naturopaths of Ontario (CNO)
The CNO advises its members to consider providing telepractice services to clients as Covid-19 numbers continue to increase across Ontario. Members are required to comply with CNO regulations and the Standards of Practice when providing telepractice services and meet all the requirements of an in-office patient visit, including obtaining informed consent and keeping proper records. CNO refers its members to its usual information on telepractice which include the questions its members must consider before providing telepractice services
Generally, PHIPA requires health professionals to take steps that are “reasonable in the circumstances” to ensure that PHI is protected against theft, loss and unauthorized use or disclosure. In order to ensure health professionals remain PHIPA-compliant and practice in accordance with the standards of practice of their regulatory colleges, health professionals should consider the following when providing remote services to clients by way of telehealth, telemedicine or videoconferencing:
- Providers should consider their expected standards of practice and guidelines and whether offering telehealth services is complaint with same, appropriate in the circumstances, and will provide safe and effective care to clients.
- Providers should explain to clients the risks and limitations of using telehealth, and should document that discussion.
- Providers should obtain their clients’ express consent to communicate via the application or service proposed, and should document this discussion in the client record.
- Providers should encourage clients to keep their mobile devices safe and to protect them by: screening incoming messages to reduce spam and unwanted content; installing malware detection and filters; keeping browsers and other software up to date; and using complex passwords.
- Providers should take steps to ensure the technology employed is secure, confidential and appropriate in the circumstances.
As Covid-19 directives continue to change rapidly, we encourage you to check with the College websites for updates and guidance for new, up-to-date information.
Please contact us if you have any question about providing remote services during this pandemic or at any time.
Posted in: Blog