The COVID-19 pandemic forced healthcare providers to embrace new strategies in the ongoing provision of patient care. The adoption of telehealth strategies soared, including the use of remote patient monitoring and patient self-monitoring using mobile wellness and medical devices.
Remote monitoring devices collect data and send it to the patient’s doctor in real time over the internet or through phone lines. The doctor can then assess the information and adjust the patient’s treatment plan as needed. Remote monitoring is useful for managing chronic conditions—such as heart failure, chronic obstructive pulmonary disease, and diabetes—and patients with implanted cardiac defibrillators or pacemakers. During the pandemic, hospital critical care units used remote glucose monitoring to decrease the number of times staff members had to enter a patient’s room, thus decreasing the risk of disease transmission and preserving personal protective equipment.1
Advantages and Disadvantages
Remote monitoring is a double-edged sword for both providers and patients. Advantages for the provider include timely access to clinical information that can lead to early identification of problems, early intervention reducing hospitalizations, and increased patient satisfaction. Providers, however, need to have some level of confidence that the data provided by the remote monitoring devices is valid and reliable.
Advantages for patients include more autonomy over their self-management and greater participation in their treatment plans, which can enhance patient satisfaction. Some patients, however, are overwhelmed by the responsibility of managing the communication technology, learning to use the device properly, or managing the associated costs.
Until the coronavirus pandemic forced the increased use of these technologies, many third-party payers did not provide coverage for remote monitoring, and those that did required significant preauthorization work by providers and patients.
Devices used to provide remote monitoring should incorporate software acknowledged as appropriate for clinical use by the U.S. Food and Drug Administration (FDA). Mobile medical applications were already subject to FDA guidance. During the pandemic, as elective procedures were suspended and offices closed temporarily or restricted services, management of chronic conditions moved into homes, and the FDA issued emergency guidance and use authorizations for remote patient monitoring. Providers who have been relying on remote patient monitoring devices to facilitate care are advised to remain alert to state and federal guidance updates.
Because remote patient monitoring devices produce information that the provider relies on for decision making, it is incumbent upon the provider to have some knowledge of the credibility of the device. The validity and reliability of the data can be improved by working with a reputable medical device company and ensuring that the patient knows how to properly use the monitor.
Each provider must decide how much autonomy the patient will have in device selection. For example, will patients be asked to go through a medical equipment supplier that provides guidance regarding device manufacturers and models, or will the patient make the decision? With the ready availability of medical devices from online sellers, device source can be an important safety consideration.
Remote monitoring devices should be subject to a quality-control process. This may be managed by a medical equipment provider if the device is rented or a home health agency if the patient qualifies. Otherwise, consider having the patient bring the device to an office visit to evaluate how the patient uses it, and compare device results with office-based findings. For example, compare the office-based point-of-care glucose result with the device glucose reading or the office-based ECG with the device rhythm check.
Privacy and Security
Remote patient monitoring entails cyber liability risks. Because remote monitoring devices transmit patient data, the risk of a data breach exists if the information is not properly encrypted. The Health Insurance Portability and Accountability Act (HIPAA) requires that all personal health information (PHI) be encrypted when transmitted. Providers who fail to properly safeguard PHI can face significant penalties.
Medical devices may be vulnerable to viruses and malware that can compromise patient privacy and the effectiveness of the device. The FDA provides guidance for managing cyber risk in medical devices connected to the internet. Increasingly, manufacturers are required to address cybersecurity during the manufacturing process. Thus, integrated security measures between the device and the practice should be considered during the device selection process.
Include information on the remote monitoring technology in your notice of privacy practices to patients and obtain a business associate agreement from the device vendor.
Providers should outline the process for receiving, reviewing, and integrating the data into the medical record. Each practice should have written guidelines for:
- Advising patients regarding equipment choices.
- Verifying device quality control.
- Developing patient monitoring schedules.
- Training staff on devices, monitoring protocols, and response.
- Assigning staff responsibility for receiving data from patients.
- Communicating and documenting results.
- Alerting the appropriate clinician to a potential problem.
- Documenting result follow-up.
Patient Selection and Education
Patient selection is also an important issue, as successful remote patient monitoring is dependent on each patient’s motivation to actively manage his or her health, as well as the patient’s ability to understand and use the technology. Patients who are uncomfortable with technology and/or who do not have access to stable high-speed internet service may not be appropriate for remote patient monitoring.
To help ensure that patients effectively use remote devices:
- Complete and document a thorough informed consent process.
- Help patients evaluate their communication infrastructure based on device requirements.
- Educate patients on:
- How to use the device. Explain the treatment plan—including how and when to enter data, at what times the device will be monitored, and how alerts will be handled by the healthcare team.
- What device failure or malfunction looks like, and what the patient should do if that happens.
- How to properly maintain the device.
For assistance with remote patient monitoring questions, contact the Department of Patient Safety and Risk Management at (800) 421-2368 or by email.