Technological Innovations & Implications for Data & Privacy

Screen Shot 2016-03-31 at 1.34.24 PM
Retrieved from


Anyone in the healthcare field is familiar with the Health Insurance Portability and Accountability Act or HIPAA, a federal law created to ensure individual privacy and protect personal health information.1,3 There have been concerns regarding telehealth’s ability to uphold this guarantee of privacy – concerns of increased vulnerabilities. Telehealth involves more than just the patient and provider. The companies who create the equipment, the vendors who work to transmit the data, and others are also held accountable for protection of patient information by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.2,3 While technological advancements alone cannot guarantee protection of personal health information, they can aid in the process with features such as software and network encryption, password protection, etc..1

Often included as a branch of telehealth is mHealth or mobile health where tools such as wearable devices and mobile applications transmit data intended to go to pre-approved parties like a healthcare provider or friends and family. However, there are limitations on the regulation of this information sharing – for example, financers and third party advertisers that sponsor mobile applications can access and use information collected by these devices.2 This information is often disclosed in small, lengthy, legal print that few people read and/or understand.2 The Fair Trade Commission Act and to some extent the Food and Drug Administration (FDA) are responsible for preventing and managing deceptive uses of this information; however, if the patient agrees to the terms and conditions (which we often do without reading just so we can use the product), that protection is somewhat minimized.2

Screen Shot 2016-03-31 at 1.44.18 PM
Retrieved from

When telecommunication is taking place between two providers or two healthcare settings, networks are HIPAA-compliant making them more secure – privacy can be more easily ensured.2 However, as many states break down the barriers around eligible telehealth sites and use of mHealth equipment becomes more utilized, that same security cannot be as easily ensured on the patient’s end.2 These scenarios make breaching of confidentiality or unauthorized access to protected health information a greater risk.2

As mentioned above, data encryption makes great strides at protecting personal information. “End to end” encryption (meaning from provider to patient and vice versa) ensures that all information is only unencrypted if accessed at either of those two end-points. Data that is accessed between those two end points (i.e. during transmission or storage) is essentially meaningless to the hacker.2

Screen Shot 2016-03-31 at 1.52.20 PM
Retrieved from

Authentication or other access control mechanisms are also useful tools in controlling who has access to the protected health information.2 Another data protection strategy involves limiting the distribution of telehealth software and devices to in-person visits to verify who is attaining this technology and who it is coming from.2 Requiring a face-to-face initial visit in order to get the telehealth system set-up can be seen as a nuisance to some, and possibly a relief to others.

The very foundation of telehealth is technological innovation. As with all technology, privacy is always a concern. However, the implications of misusing healthcare data carry a heavier weight to many people. Concerns over data security and patient privacy are at the very root of telehealth barriers. Much progress has been made as discussed above, but in no way is the struggle over.



Center for Connected Health Policy (CCHP). (2016). HIPAA. Retreived from

Hall, J.L. & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs, 33(2), 216-221. doi: 10.1377/hlthaff.2013.0997.

Schweitzer, E.J. (2013). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of American Medical Informatics Association, 19, 161-165. doi: 10.1136/amiajnl-2011-000162.


Private Sector Innovation & Policy Advancements

Alternative payment methods, such as those utilized in many Accountable Care Organizations (ACOs), are fitting for telehealth services. ACOs view telehealth as a means of increasing revenue by reaching more patients and keeping existing patients out of the hospital, engaging patients through ease of access to providers resulting in greater patient satisfaction, and saving costs by avoiding ER visits and hospital readmissions. (3)  Policy advancement, such as NE LB 556, and private sector innovations, like ACOs, are the driving force in making telehealth services available to a broader population.

Screen Shot 2016-03-15 at 9.14.45 AM
Retrieved from


The passing of NE LB 556 in 2013 harnessed the support and efforts of the University of Nebraska Medical Center in expanding behavioral health teleservices. In addition, the bill amended managed care plans to add reimbursement rates that are comparable to in-person consultations for healthcare services delivered through telehealth technology (8). However, managed care plans are pertinent to only those with Medicaid coverage.

Screen Shot 2016-03-15 at 9.16.42 AM
Retrieved from

ACOs are the joining of various healthcare stakeholders with a shared goal of meeting the Triple Aim. ACOs believe that the Triple Aim can best be met by veering away from fee-for-service payment models that are driven by volume and procedures and rather, focusing on rewarding outcomes, which stem from quality care and care coordination. (6)

In the early stages of ACOs, the concept was simultaneously trialed by both CMS and private sector entities. Both the public and private sector saw promise in this new concept and have gone on to form many ACOs in each state. (6)

Screen Shot 2016-03-15 at 9.30.47 AM
Retrieved from



Private sector ACOs, whom are created and run by healthcare providers, hospital systems, physician groups, insurers, and/or community-based organizations, have more flexibility in the core concepts that they wish to employ (i.e. whether or not they want to model their ACO after Medicare’s Shared Savings Program, use bundled payments, pay-for-performance incentives, etc.). (6) The partners in an ACO are equally invested in meeting the Triple Aim goals and thus they are equally at risk if they do not. Having shared risk and cost makes investment in innovative systems like telehealth more attainable.

Screen Shot 2016-03-15 at 10.19.10 AM
An example of how the risk/benefit is shared among stakeholders.  Retrieved from

Quality benchmarking is a common requirement among public and private sector ACOs as an evaluation of the quality of care a provider or healthcare system provides and this equates to the level of reimbursement they receive. (6) Thus telehealth (and it’s reimbursement rate) has become a hot topic throughout these ACOs because of the efficiency of care and great outcomes it has shown to provide.

Screen Shot 2016-03-15 at 11.10.24 AM
Retrieved from

The benefit (and purpose) of being a part of an ACO is the cost-sharing. Cost-sharing allows small, independently owned clinics to attain the benefits of offering telehealth services without the unreachable price tag that comes along with starting up the program. (4)  An example of this is the Midwest Health Coalition ACO, which is made up of more than 900 independent healthcare providers across Nebraska and Iowa (5).

Funding the start-up of telehealth programs may not be the primary barrier for larger organizations. Large organizations are often driven by other factors such as decreasing readmission rates and improving the outcomes of care. These, and other, driving forces led to Nebraska Medicine and Methodist Health Systems to join together forming the Nebraska Health Network, an accountable care alliance. (7)

While there are many other ACOs, I want to mention one last ACO partnership that represents shared risk, responsibility, and reward. The Aetna Whole Health – CHI Health Accountable Care Network is an example of a commercial, product-based ACO that offers business owners/employers in Nebraska and Iowa a healthcare model that creates a savings of up to 15% by improving the health outcomes of their employees. (1) This ACO focuses on creating and utilizing innovative products and services in order to improve the use of healthcare screenings, improve primary care services, and avoid hospitalizations – telehealth is an important tool in meeting these goals.

Private sector innovations are of great importance. While many view CMS as the leader in changing healthcare, they struggle to lead in an avenue that doesn’t have sufficient existing data that proves it’s success. Medicare relies on the private sector for trial and error from which they can then base their models of care on. (2)


  1. Aetna. (2015). Aetna and CHI health create Nebraska’s first product-based accountable care organization. Retrieved from
  2. Evans, M. (2015). Headed for risk: Health systems sign private-sector ACO deals that may lead to capitation. Modern Healthcare. Retrieved from
  3. Hyatt, A. (2014). Three ways telehealth drives revenue for ACOs. American Well. Retrieved from
  4. Lacktman, N. (2015). Telehealth reimbursement under the microscope. Retrieved from,1
  5. Midwest Independent Physicians Practice Association (MIPPA) ACO. (2016). Independent physicians working for you. Retrieved from
  6. Muhlestein, D. (2013). Continued growth of public and private accountable care organizations. Health Affairs Blog. Retrieved from
  7. Nebraska Health Network. (n.d.). Nebraska health network: Led by the physicians and health systems of your community. Retrieved from
  8. Nebraska Legislature. (2013). Legislative bill 556. Retrieved from