Fundamentals of Telehealth Technology
Original Editor - Tarina van der Stockt
- 1 Introduction
- 2 Types of Telehealth Technology
- 3 Terminology
- 4 Factors Influencing Telehealth Technology Choice
- 5 Selecting a Suitable Platform for Telehealth
- 6 Data Security in Telehealth
- 7 Key Principles
- 8 Conclusion
- 9 References
Telehealth is the delivery of health-related services and information via electronic communication. Technology is a key aspect of this service delivery but telehealth is not confined to one particular type of technology. While technology enables a clinical interaction to take place over any given spatial distance, the choice of technology can determine how these interactions take place.
Types of Telehealth Technology
The choice of technology will determine if telehealth is asynchronous or in real-time.
- Asynchronous Telehealth or Store and Forward (S&F)
- Information is recorded and transferred - can be stored locally or in a server, depending on the availability of connectivity
- There is a time delay between when a message is sent from one party and when it is received by the second party
- Common Store and Forward technologies used include:
- secure messaging
- web-based self-management programs
- Newer technology such as virtual reality or "wearables" use “store and forward” technology to transmit data back to the therapist
- Viewing and comments of the data can be done at the participants' (client/patient or healthcare provider) convenience
- Less dependent on connectivity
- More difficult to administer
- Software choice and interconnectivity standards play a role
- Real-time or Synchronous Telehealth
- Information provided by one part is received almost instantaneously by the second party
- Information or data is transferred live
- It is a convenient and easy form of telehealth
- requires high bandwidth
- constant connectivity
- investment in related hardware
- Video conferencing between patient and healthcare provider is the prime example - physiotherapist and client can see and interact with each other in a live fashion
- This is more prevalent in physiotherapy for heart and lung disease, diabetes management and musculoskeletal conditions for example osteoarthritis and for the rehabilitation of patients after orthopedic surgery
- It is a convenient and easy form of telehealth
Medical insurance companies like in the USA might use the following terminology:
- True Telehealth visits: Real-time, synchronous using two-way video, not only for established patients, and does not have to be patient-initiated
- E-visits: Asynchronous, assessment and management via information exchange and secure messaging (patient portal), for established patients only, patient-initiated
- Virtual check-ins: Real-time, audio-only phone call (no video) but can be supplemented by recorded videos or information transmission. Done through phone calls, secure messaging like a portal or email. For established patients only and patient-initiated
- Remote Evaluations of Images and Recorded Video: Synchronous and Asynchronous via phone, real-time video or audio, texts, secure messaging, and email. For established patients only and patient-initiated
- Telephone Visits: Synchronous, real-time via telephone. For established patients only and patient-initiated
- Online Digital Evaluation and Management Services: Assessment and management via information exchange and secure messaging. For established patients only and patient-initiated
Factors Influencing Telehealth Technology Choice:
- Task - assessment or management
- Interaction - between physiotherapist and patient
- Stimulus needed for interaction - a phone call or video demonstration or real-time?
- Type of response needed from the patient
- Technical function to facilitate interaction between physiotherapist and patient
Determining the Type of Technology to use
- Make a list of the specific patient types you would like to see with telehealth and list the assessment tasks and different management strategies that need to be used in the management of your patients.
- For each of these assessment tasks and management strategies think about the interaction needed with your client.
- How do you need to interact with your patient?
- Could the assessment task or management strategy/task be done with asynchronous (Store and Forward) technology or do you need real-time technology to adequately and effectively convey the information to the patient?
- What stimulus is needed to facilitate this interaction between physiotherapist and patient? Will a telephone call suffice or is a video demonstration needed? Is a real-time interaction necessary in order to actively provide feedback to the client/patient?
- Consider the specific action that you require from your patient in response to the stimulus (phone call, video, real-time) i.e the performance of a specific movement by the patient.
- Consider and think about the technical function that is needed from the specific telehealth technology to facilitate the interaction between physiotherapist and patient.
Orthopedic Post-Operative Patient Example
Consider the factors listed above when consulting with an orthopedic post-operative patient.
- Task: Movement analysis
- Interaction needed:
- can the patient record a video of the specific movement and send to you (asynchronous or store and forward)?
- is real-time interaction needed in order to provide feedback and queues to the patient to control the movement?
- The stimulus for the patient
- Does the patient only require instructions for specific movement?
- Video of the movement needed (someone doing the specific movement)
- Is real-time feedback necessary to ensure movement is accurate?
- Client response
- Active movement - can the patient do it by themselves or is assistance or supervision needed by carer or spouse?
- Technical functions needed by the Telehealth system
- Platform with the ability to screen share or share videos
- Measurement capabilities to measure the range of motion (ROM)
- Still images or videos of the client for your record
Use this list to determine the most appropriate platform that will work for your specific patient population.
See also: Practical Considerations in Telehealth
Selecting a Suitable Platform for Telehealth
- Is the necessary technology available for physiotherapist and the client?
- Is the technology allowed within your country/organisation/state?
- Consider the type of technology the client will have available i.e only a smartphone
- Privacy and security
- Technology needs to conform to required levels of security as mandated by state or country laws
- safe and secure passage of data over internet through end to end encryption
- patient confidentiality and privacy requirements as part of the platform
- Technology needs to conform to required levels of security as mandated by state or country laws
- Ease of use
- for both parties - physiotherapist and client
- Is a download required for the client? Simpler is better, try and avoid extra layers of complications for your clients such as software downloading and installing. Platforms that only require a click on a link to start the call is easier and better for clients
- relevant for clients with physical or cognitive disabilities
- User friendly for physiotherapist - software should be easy to navigate, well-designed and logical to use
- level of training required to use technology and will this be practical in your clinical set-up?
- some platforms allow the physiotherapist to manage all technology on their end, thus limiting the client's interaction with the technology and making it easier for the client
- Does the platform automatically record the consultation or should you use a third-party application to record the consultation (if this is the case it just adds to the list of things to remember and think about)
- Do you require the client to agree to certain disclaimers or legal acknowledgements before the start of the consultation? Does the platform allow for this?
- See also Ethical and Professional Considerations with Telehealth
- This needs to be considered within the context of the overall business model. Will it be sustainable over time?
- Does the pricing suit your call volume? If you are having frequent telehealth consults - a monthly fee may be an option. If you are only having a few calls - rather consider a "per use" fee
- Can the selected technology be integrated with other technologies
- Are the client details connected to your practice management software
- Keep in mind different states have different technologies if you are practising across a jurisdiction
Suitable Video Platforms
Security and privacy of client data and records are paramount in healthcare. This does not change when consulting via telehealth. Safety and security with video platforms is therefore extremely important and a necessity.
Countries and states have their own legislation, regulations and privacy acts related to health services. These can regulate how a client's personal information is handled and kept secure. Therefore it is important that the video software and platform that you use must be:
- not interceptable
You as the practitioner may be held liable if sensitive information is not well-protected as the result of using a less secure or poor quality platform.
The practitioner has to demonstrate that the selected platform is secure and private and if that changes in the future, a different platform needs to be considered. End to end encryption is necessary for video calls. A comprehensive risk assessment should be done on the platform. During the COVID-19 crisis, the need for this comprehensive assessment is relaxed, specifically in the USA, but it will return to normal again afterwards. Follow your country or state guidelines regarding GDPR, BAA agreements, and HIPAA. 
Available Telehealth Platforms
There are many telehealth platforms available and the practitioner should choose the one that best suits their needs. Some platforms are cloud-based (Coviu, Doxy.me), others are app-based (Physitrack) or embedded in practice software management (Cliniko).
Common Publicly used Platforms
- less streamlined interface
- download required for first-time use - may create difficulty for the client
- designed for meetings and webinars
- may work for group classes/exercise classes where it is not likely that sensitive information will be shared
- media-reports of security breaches of the platform - not ideal for health services where secure and private health information is conveyed
- calls may not be encrypted by default - the "Require Encryption for 3rd party Endpoints" setting needs to be switched on
- Zoom for Healthcare - higher subscription fee. Integrates with some physiotherapy software and gives higher-level security with HIPAA compliance.
- clients can reach you anytime they want- not advisable
- data from chat and video call on Facetime can be stored in your personal iCloud - this may lead to non-compliant and legislative issues on the storage of private and confidential health records
- have had security flaws in the past
- reports of poor quality of calls
- privacy and security issues and vulnerabilities
- application is connected to your mobile phone number and then also to your client's mobile phone number
- issues for data security and compliance (right of removal of data - are you allowed to delete a message from a patient for instance?)
- reports of security issues and hacking
- more secure than Skype
- set-up can be tricky
- user-friendliness can be an issue
If the therapist is using their own phone for consultations (call, Whatsapp, or FaceTime) they need to make sure that their private number is kept secure. For instance, a calling service can be used such as Google voice which provides an alternative number. 
Summary on use of Platforms
There are many available platforms for video calls, new ones are created often and existing ones may undergo changes with regards to security, functionality, user-friendliness and quality. It remains your responsibility as a healthcare provider to ensure the privacy and security of sensitive health information of your clients and this needs to be key when considering what platform to use for telehealth.
Data Security in Telehealth
As a healthcare provider, it is your legal responsibility to keep patient data safe and secure. With telehealth becoming prominent these days, patient data and information are being transmitted online more frequently. This increases our medico-legal responsibilities. Many of the telehealth technology platforms are global and health care providers need to be aware of the global data security standards and concepts.
- Health Insurance Portability and Accountability Act
- US law
- purpose of the act - ensure that the healthcare providers keep protected health information safe
- Under the act:
- health care providers are "HIPAA covered entity"
- providers of assistance and support to health care providers are "business associates"
- Requires health care providers (covered entity) that stores and conveys confidential health data through technology platforms, to sign a business agreement with the technology platform (business associate)
- HIPAA compliant platforms ensure that security requirements fall within HIPAA guidelines
- General Data Protection Regulation
- implemented by the European Union (EU)
- highest levels of data security standards in the world
- although not healthcare specific - it incorporates the storage and transmission of patient health data
- Under GDPR:
- healthcare provider known as the "data controller"
- data controllers have specific legal obligations such as "the right to be forgotten" - this allows the data controller to delete patient info upon request
With the integration and implementation of telehealth, there are certain administrative, clinical, technical and ethical principles that need to be applied.
- Healthcare professionals should be aware and comply with the laws and regulations by their professional associations and as well as regulatory requirements for accreditation and continuous professional development for the use of ICT (Information and Communication Technology) in providing services.
- Healthcare providers should be aware of state and federal laws and regulations about providing telehealth services.
- Healthcare providers should be aware of and comply with all operational and contractual requirements with the implementation of telehealth services.
- Healthcare providers should be aware of and be informed of the current billing and coding processes in their country.
- Healthcare providers should be compliant to the various requirements on safety, security and confidentiality when providing telehealth services as it is outlined by the specific country.
- Healthcare providers should ensure that clients know their rights and responsibilities when making use of telehealth services.
- Healthcare providers should ensure that an appropriate telehealth presenter, translator or e-helper (spouse, family member or caregiver) is available to meet the client's needs before, during and after the telehealth consultation.
- Healthcare providers should have mechanisms in place in case of emergencies or in the case of technical or communication interruptions a secondary mode of communication should be available.
- Healthcare providers should have performance and quality improvement measures in place to assess their telehealth services.
- Healthcare providers using ICT hardware, software or devices to provide telehealth should be trained in the equipment and software operation and troubleshooting.
- Healthcare providers should know how to operate videoconferencing peripherals such as data sharing tools to aid or modify education during a telehealth consultation.
- Whichever technology type (synchronous or asynchronous) a healthcare provider choose, the provider should consider modifications of techniques, equipment or the physical setting during a telehealth consultation.
- Healthcare providers should comply with all laws, regulations and rules for technology and technical safety.
- Healthcare providers should ensure that all equipment is safe to use.
- Healthcare providers should have infection control measures in place for the use of telehealth equipment.
- Healthcare providers should comply with rules and regulations and laws for the protection of health information and the security and confidentiality of data and record storage, retrieval and transmission when practising telehealth.
The specific technology that is chosen by the healthcare provider:
- Needs to be fit for purpose.
- Needs to enable safe, secure and effective healthcare interaction between the healthcare provider and client.
- Don't just opt for the technology everyone uses or for free technology.
- Be specific in your technology selection with regard to features and security that is required to provide a high-quality interaction between the healthcare provider and the client.
- Gogia,S. Chapter 2 - Rationale, history, and basics of telehealth. In Fundamentals of Telemedicine and Telehealth. Academic Press. 2020. p 11-34.
- de Thurah A, Bremander A, Primdahl J. High-quality RMD rehabilitation and telehealth: Evidence and clinical practice. Best Practice & Research Clinical Rheumatology. 2020 Apr 16:101513.
- Karen Finnin: Digital Health. Synchronous vs Asynchronous Telehealth. Published on 29 March 2019. Available from https://www.youtube.com/watch?v=9x3sRxnJG0Q. (last accessed 12 May 2020)
- WebPT. The Rehab Therapist’s Guide to Practicing Telehealth
- Fundamentals in Telehealth Technology. Course. Physioplus 2020.
- Karen Finnin. How to choose a telehealth video platform. Published 7 May 2018. Available from https://www.karenfinnin.com/how-to-choose-a-telehealth-video-platform/ (last accessed 13 May 2020)
- Karen Finnin: Digital Health. How to choose a telehealth platform. Published on 28 May 2018. Available from https://www.youtube.com/watch?v=d0M2zjjqX7w. (last accessed 13 May 2020)
- Karen Finnin. What video platforms are suitable for telehealth. Published on 8 April 2020. Available from https://www.karenfinnin.com/what-video-platforms-are-suitable-for-telehealth/ (last accessed 13 May 2020)
- Karen Finnin. Data security in digital practice. Published on 5 March 2019. Available from https://www.karenfinnin.com/data-security-in-digital-practice/ (last accessed 13 May 2020)
- US Department of health and human services. Summary of the HIPAA Security Rule. Available from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html (last accessed 13 May 2020)
- GDPR.EU. Complete guide to GDPR compliance. Available from https://gdpr.eu/. (last accessed 13 May 2020)
- Richmond T, Peterson C, Cason J, Billings M, Terrell EA, Lee AC, Towey M, Parmanto B, Saptono A, Cohn ER, Brennan D. American Telemedicine Association’s principles for delivering telerehabilitation services. International journal of telerehabilitation. 2017;9(2):63.