Last week, the House Energy and Commerce Committee held a legislative hearing to review 15 proposed bills that aim to maintain the COVID-19 telehealth flexibilities, which expire on December 31, 2024. If Congress does not act to extend or make the flexibilities permanent, patients will lose access to telehealth services, which have grown in popularity or both physical and mental health care delivery. While leveraging telehealth has bipartisan support, recent cybersecurity attacks and the projected cost of extending the flexibilities (approximately $25 billion over 10 years) have lawmakers thinking about appropriate guardrails to adopt. While many legislators argue that the telehealth flexibilities will be extended in December, for how long and at what cost remains to be seen as Congress continues to consider necessary guardrails.

Top Bills Discussed

There are several bills to extend the current flexibilities but the Telehealth Modernization Act of 2024 and the CONNECT for Health Act of 2023 have been getting the most support. Both bills aim to expand access and permanently extend several telehealth flexibilities post-pandemic. The Hospital Inpatient Services Modernization Act would extend the Hospital-at-Home model, which also expires at the end of the year. In the Committee hearing, Dr. Ateev Mehrotra, a physician and professor at Harvard Medical School, stated that telehealth visits should be reimbursed at a lower rate than in-person visits due to lower practice expenses. He also recommended mandating video visits while temporarily covering audio-only visits to ensure equitable access. Ranking Member Eshoo questioned what types of services and flexibilities should not be included, encouraging the discussion of guardrails.

Home-Based Care and Data Protection

Although legislators are supportive of home-based care through virtual technology, cybersecurity specialists caution that the exchange of data between home settings, vendors, and health care providers heightens the potential for ransomware attacks. Following the recent cyber-attack on Change Healthcare, experts are closely examining home-based health care and its potential unintended consequences. According to recent studies, roughly 25% of traditional Medicare and Medicare Advantage services, an estimated $265 billion dollars, will shift towards home-based care by 2025.

Home-based health care can invite potential cyber-attacks due to several factors. Digital health care practices heavily rely on data being transmitted between patients’ homes and health care providers. This includes sensitive information such as medical records and personal data. Cybercriminals can intercept this data during transmission if it isn’t adequately protected. Additionally, home-based health care often involves third-party vendors or contractors who provide services or equipment. If these third parties do not maintain strong cybersecurity measures, they could inadvertently expose the health care system to cyber threats. Wearable technology such as smartwatches, unsecured Wi-Fi networks, and phishing attempts are all susceptible to further attacks as well. To mitigate these risks, health care providers and patients must prioritize cybersecurity measures such as encryption, strong authentication, regular updates, and education on security best practices.

AHPA extends our gratitude to Kevin Lopez, guest author of this article.
Kevin is a graduate student in the Master of Healthcare Administration program at Loma Linda University