The Texas Medical Board (TMB) Telemedicine Committee met on Thursday, August 27, 2015. During the meeting they discussed potential changes to the on-call services telemedicine rule (174.11). At the end of the meeting, they instructed board staff to draft proposed revisions to the rule to allow for changes to the rule.

Although the direction to staff was verbal, they focused on several items: expanding the scope of on-call physician specialties a physician can choose from for their on-call services; a diminishing of the current requirement that the on-call physician provide reciprocal services to the original physician; and there also appeared to be consensus that the rule should include a provision which requires the original physician to have responsibility for the on-call care.

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, employees and its CEO, Joseph R. Swedish. The haul is reported to have included names, birthdates, social security numbers, medical identification numbers, street and email addresses and employee income data. Fortunately, there’s no indication at this point that credit-card numbers, claims information, test results or diagnostic codes were compromised as part of the crime. That said, to minimize the potential harm, Anthem has called in the FBI and is notifying affected individuals and offering free credit and identity-theft monitoring.

Seemingly picking up where we left off in our recent white paper and Advisory Board article, the Obama administration released a 166-page draft plan January 30th intended to drive providers and patients toward a common set of electronic clinical information and a commitment to more fully connected EHR systems by the end of 2017.

After a protracted legal battle resolved in the favor of Teladoc, Inc. (Teladoc) on Dec. 31, 2014, (see Teladoc, Inc. v. Texas Medical Board, No. 03-13-00211-CV, Tex. App. 3rd, Austin) and clarifying that Teladoc physicians could prescribe dangerous drugs based on a telephonic evaluation, the Texas Medical Board (TMB) wasted no time in issuing an emergency rule Jan. 16, 2015, that significantly limits the use of telephones in the practice of medicine.

By now you have probably heard about the ongoing FIN4 cyber attacks on publicly traded entities in the healthcare and pharmaceutical industries. If not, here’s a brief recap.

On Sunday, Nov. 30, security consulting firm FireEye published a report on the current hacking efforts of a group dubbed FIN4. FIN4 has targeted more than 100 organizations, 68 percent of them publicly traded healthcare and pharmaceutical companies, stealing non-public information for illicit trading advantage. Additional targets include law firm partners and M&A consultants privy to proprietary information on imminent merger and acquisition transactions or other non-public, market-moving developments.

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks.

Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues.

A new White Paper, Driving the Golden Spike:

The Food and Drug Administration (FDA) released a new Draft Guidance June 20, 2014, that would make significant changes to the way mobile medical devices are regulated, despite only being claimed by the FDA in September 2013. In that original Guidance, the FDA defined a new industry that it intended to regulate: the creators and providers of mobile medical apps. Such apps originally included many different kinds of apps, from blood glucose monitors to apps that displayed MRI or ECG visual data.

The Federation of State Medical Boards recently endorsed a model policy that addresses the proper use of telemedicine services.  Only a few weeks later, a not-for-profit foundation released  a report highlighting the benefits of telemedicine and making recommendations for telehealth services.  It’s no surprise that telehealth and telemedicine have been in the news with increasing frequency given that the demand for telemedicine services are rising sharply.  According to a Law360 article, Deloitte Touche Tohmatsu Ltd. estimates that 75 million digital doctor visits will occur this year in North America.

“End-users, sysadmins, and developers lead the pack when it comes to mucking things up, though pretty much all of us are guilty.” These are simple, yet telling, words from the 2014 Data Breach Investigations Report released this week by Verizon.

The report statistics indicate:

  •  46 percent of all data security incidents in healthcare come from theft or simply losing a laptop or other device containing confidential information—triple that of almost all other industry sectors