Skip to content
Print This Post Print This Post

The Texas Medical Board and Telepsychiatry

There was an interesting article in the New York Times this weekend regarding telemedicine titled “The doctor will see you now. Please log on.

According to the article, the telemedicine business has been growing by almost 10% annually, and is now a half-billion dollar industry.

One of the issues brought up by the article is a question regarding high end video systems (which are typically proprietary and so expensive that the patient needs to leave home to get to them) and the lower end webcams represented by those that are typically used by people using Skype.

Apparently, members of the Texas Medical Board have raised concerns that “doctors might miss an opportunity to pick up subtle medical indicators when they cannot touch a patient.”

I looked on the Texas Medical Board’s website, but couldn’t find anything there to follow up on the Times article.

I can see plenty of places where the concerns raised by the Texas Medical Board might be valid.

One example would be dermatology. A lot of dermatology is visual pattern recognition, and every couple of months of so when I have a patient with a drug rash, I usually start by looking at the rash under sunlight, rather than under the muted lighting that I usually have on in my office. My eyes are not as good as they used to be, and I think it would be really hard for me to even describe a rash from a webcam image.

Another example would be more prosaic, for example, someone on venlafaxine who needs a BP check. These days, about half my patients have access to a BP machine at home or with a relative, and I have told people to go check their blood pressure and tell it to me. I’m very aware that these drugstore machines aren’t that accurate, but, so far as I’ve been able to see, they tend to be within 10 points or so of what I measure in the office.

The question I would like to ask of the Texas Medical Board would be how many of their concerns would relate to telepsychiatry versus telemedicine.

First, most of the outpatient psychiatrists I know don’t touch the patient often other than to take vital signs, put him or her on a scale, help him or her out of a chair, check for EPS or look at a rash or a wound (with a chaperone in the room if needed).

Second, I know at least three mental health workers with fairly profound visual problems and I’ve never thought for a second about whether their visual problems would affect their care of patients.

It would be hard for me to argue that these mental health workers shouldn’t be working with patients, but that would seem to be a logical extension of some of the Texas Medical Board’s concerns.

Tagged , , ,
Print This Post Print This Post

Telemedicine ‘Potentially Unsafe’?

There was a news article which came out over the weekend which described the results of a systematic review by members of the Royal College of Physicians and the Royal College of General Practitioners in the United Kingdom.

I tried looking on both the RCP and the RCGP’s web sites, but couldn’t find a link to whatever the news article was talking about, so I couldn’t look at the article itself to come to some sort of opinion about the study.

However, from reading the article, it appears that at least one of the findings was that dermatologists were “uncomfortable with the use of telemedicine and not confident in GP’s ability to use it safely,” even though it sounds like the patients liked it.

I hope the actual review has some real data, not just anecdotes.

For a long time, I’ve noticed that there is a great deal of FUD (fear, uncertainty and doubt) in some writing about telemedicine. I guess this is a response to some of the over the top optimism that I’ve seen in some quarters.

I’m looking forward to this review. As far as I can tell, there really isn’t much in the way of negative findings in telemedicine. It seems to work pretty much everywhere it’s been tried for patients, as far as I can see.

The main stream of negative criticism of telemedicine seems to be FUD, not science, as far as I can see, but I’m now starting to look for real documented failures.

Personally, I would find that one peer reviewed study of telemedicine that found it was not working for patients would be a lot more persuasive than oracular pronouncements from learned institutions.

I don’t find “dermatologists have doubts” very persuasive if the patients like it and the quality of care isn’t suffering. Last time I checked, doctors were supposed to be getting patients better, not making themselves happy….

Tagged , , ,
Print This Post Print This Post

Is Skype HIPAA-compliant?, Part III

So, in my post last week , I described why I don’t think that the protocol used by Skype (assuming that it is the one they claim to be using on their website) seems fairly secure to me–it’s the same protocol used by banks and is approved by the government for the transmission of top secret information.

I used an analogy in that post that I’m going to continue this week. Basically, I started with talking about how firewalls are like the guard at the desk by the door of a factory. For review, here,

  • the factory (and its grounds) are like your home network,
  • the goings on at the cafeteria are like the Skype program running on your computer,
  • the guard is like your firewall, and
  • “Should we tighten up security at the guard’s station?” is like “Can firewalls help make Skype more secure?”

I talked about firewalls last time and how concerns about firewalls are like concerns about the security procedures at the front desk. In general, front desk security is a good thing, but won’t do much to solve a problem in the cafeteria if some rascal there has a valid ID card.

I would like to go with this analogy again. There’s a lot of ways that security could fail in terms of nefarious goings-on at the cafeteria, and those ways are just like the potential security problems of Skype.

  • Skype’s program could have a bug in it which someone could exploit. I.e., if someone knows something like putting in a contact with a name that is 50,000 characters long lets that person access some internal aspects of Skype that they aren’t supposed to, then that could be a problem. This is like having someone who works for the factory responsible for the nefarious things in the cafeteria. Here, they are just stealing from the factory.
  • More worrisome is something like someone from the outside impersonating someone who has a valid ID. The bad guy gets in by pretending to be someone who works there, and then does his nefarious deeds. The analogous thing for Skype would be for someone to make a specially modified program, convince you to download it, and then have you install the modified program. As far as I know, there are no programs that do something bad while masquerading as Skype, but I have noted the same sort of malware on Skype IM’s that appear regularly in everyone’s email, basically a bogus message saying that you need to go to some URL and install fake antivirus software, or update some kind of program that you already have, such as Adobe Acrobat.

I tend to be very suspicious of these kind of messages anyway so I hope that I, at least, wouldn’t fall for this nonsense, but I can certain see a naive user getting one of these malware spam messages and installing something that would infect their computer with a virus.

A program that works like Skype but does something bad could probably be written, but since this would be a direct shot at Skype, I suspect that Skype would respond quickly and effectively (or else they would be out of business.)

One thing that is possible, but not particularly worrisome to me is that someone could hack my or my patient’s password and pretend to be someone they are not. There is a big reason why I don’t think this would be a problem in my practice. I always see the patient face to face first, before I do Skype sessions with him or her. As long as the impostor is showing me video, then this exploit would be easy to see through.

So far as I know, HIPAA doesn’t certify software as being HIPAA compliant or not. Instead, as best I can understand, various companies claim HIPAA compliance and I guess they could be sued if they were negligent someone.

As far as I know, no one has brought up substantive HIPAA issues regarding cell phones, but every argument I’ve given on this subject would appear to apply to cell phones as well as Skype.

I think the bottom line here is that having some informed consent from the patient is essential, but that some of the discussion regarding HIPAA and Skype may be more based on commercial interests (such as the people who give the seminars on HIPAA compliance) than on believable threats to the security of patient information.

If someone bugs your landline at your office, wouldn’t they be able to gather lots of information? Do you sweep your office for bugs daily? Maybe so, but I suspect that most people would say that trying to absolutely guarantee the privacy of anybody’s practice is impossible. If someone wanted to sue you after a bad guy tapped your phone, do you really think that the government would come after you? What if someone broke into your practice at night, broke open the file cabinets, and looked through someone’s information? (Didn’t this happen during Watergate?) What if the CIA kidnapped you and put a video camera in your nose?

This is beginning to sound a little weird to me…

Lots of things to worry about here for the nervous Nellie’s. The only one I find credible is malware which masquerades as Skype, but then, malware could masquerade as your EHR software, couldn’t it?

Tagged , , , ,
Print This Post Print This Post

Group therapy anyone?

I noticed an announcement last week saying that Skype was releasing a new beta version of its software for Windows which allows up to five people to participate in a video call simultaneously. Alas, it isn’t clear when they’ll have something for Linux and Mac users, but this will certainly be a feature that I’ll be using.  (Probably after the beta has had the first round of bug fixes.)

I don’t do any group therapy anyway, so the title to this post is only a teaser, but I can really think of some great uses for this technology. I’m pretty open to conference calls with family members while I’m face to face with my patient, so I can see this going better if I can see them as well as talk to them. Also, I’m thinking that video Skype would be a good way to handle some interactions with my professional peers and my patients. For example, sometimes I’m talking with a patient and on the phone to his or her internist at the same time. Wouldn’t a three way video conference be a lot better for everyone?

If I start to do this though, I have to figure out how to manage things with my patient. Right now, the video camera is on my computer facing out at me when I’m behind my desk and (intentionally, right now) doesn’t show anybody or anything in my consulting room, just a wall behind me.

I’ll have to think this out. I’m not crazy about having a camera in the area where I’m seeing patients right now. I’ll have to think about how I need to reconfigure the seating for me and my patient if we want to get on a Skype call together. I’ve tried this once, and it was a little awkward to have the patient standing over my shoulder while we were talking to someone.

Tagged , , ,
Print This Post Print This Post

Is Skype HIPAA-compliant?, Part II

I got a couple of comments a month ago regarding Skype security and in response to my previous post “Is Skype HIPAA-compliant?”  Marlene Maheu at the TeleMental Health Institute’s Center for Online Counseling and Psychotherapy  has a blog post on in which she voices some concerns about Skype security and in which she references an article by Jacqueline Herships titled “No More Hacking.”

Basically, Dr. Maheu points out that there is a lack of potential information about the security and reliability of Skype. Assuming that the security information on the Skype website is correct, then I think I can answer a couple of the good questions that Dr. Maneu asks.

Rather than thinking about things like firewalls (which are pretty nebulous to most people), a better way to understand what the relationship of firewalls to Skype security is to use an analogy. Suppose that you are the director of security for a factory and that you’ve been asked to investigate some nefarious things going on in the cafeteria and to straighten them out. Someone asks you if tightening up security at the guard’s station at the front door to the factory would help.


  • the factory (and its grounds) are like your home network,
  • the goings on at the cafeteria are like the Skype program running on your computer,
  • the guard is like your firewall, and
  • “Should we tighten up security at the guard’s station?” is like “Can firewalls help make Skype more secure?”

If you were the directory of security at the factory, I’m sure that you would answer something like: “It depends on how the nefarious things are happening. If some unauthorized people are getting into the factory, beefing up security at the door will help keep these kinds of people out, but if the person’s got a badge to get in, focusing on the guard at the door isn’t going to make any difference.”

Skype security is pretty similar. Having a good firewall is pretty much a must on any Internet-connected computer these days, but I don’t think changing the firewall is going to make that much difference in Skype security, any more than replacing one competent guard at the factory’s front door with another is necessarily going to solve the problems at the cafeteria. It probably it pays to investigate what’s happening at the cafeteria, rather than at the front desk.

Skype hasn’t made all the details of its security system known, but it does have a lot of information online, and, assuming that they are telling the truth, it sounds like Skype is at least a secure as a cellphone conversation, and, as far as I know, every psychiatrist I know talks to people on cell phones without worrying that much about HIPAA violations.

Skype and modern cellphones use the same basic protocol to communicate (packet switching), but basically what happens is that when you make a call, Skype or your cellphone operator sets up a connection between you and the person you are calling and then steps out of the way, leaving you and that person to talk as if you had your own circuit. Both Skype and cellphones encrypt the data they send. If anything, the AES encryption method used by Skype is probably more secure than the 30-year old A5/1 encryption method used in most cellphones. AES is approved by the government for top secret information while A5/1 has already been partially broken.

I think that the real security issues with Skype (or with cellphones) are probably more with things like whether the government can compel Skype or your cellphone operator to tap into your conversations than with details of encryption or firewalls.

Until then, I think that doctors should give up talking to patients on cellphones before they get worried about whether Skype is secure.

There’s a lot more to think about with Skype security other than whether just this protocol is sufficiently secure. There are other issues which are also important, related (back to the analogy with the guard at the factory with which I started this post) to things like corrupt guards, corrupt employees and the like, which also merit some consideration, and I’ll discuss them in a future post.

Tagged , ,
Print This Post Print This Post

Another podcast

It’s a busy week for me, so I haven’t had much time to blog, but the second of two podcasts that I did with my friends at the Shrink Rap blog is now online. We talked about technology in psychiatry and how it’s changing things.

Tagged ,
Print This Post Print This Post

Boundaries and Telepsychiatry

The term “boundary” is mental health jargon for the edge that separates professional from non-professional conduct in dealing with patients. A boundary is an imaginary line in the sand in the relationship between mental health professionals and their patients.

“Boundary violations” typically occur when a mental health practitioner does something in the context of treatment which would be more appropriate if he or she and the patient had a personal, as opposed to professional, relationship with one another. For example, dating patients is clearly verboten, but there are lots of gray areas such as how the practitioner should respond if there is some change in the relationship between him or her and the patient.

Example of gray areas include what to do if the practitioner and the patient encounter each other in public, or if the patient and the practitioner are parties to some business transaction, such as when a patient becomes the practioner’s landlord.

It seems to me that there are some potential gray areas with boundaries in telepsychiatry. Here are three examples:

First, I have had patients show me their home by moving their laptop around as they had their session. I haven’t seen anything that I feel would be unprofessional, but it does strike me that most mental health professionals don’t make house calls, and telepsychiatry is a little like a house call sometimes, as people knock on the patient’s door or their pet runs up to them during a session.

Second, both therapist and patient tend to dress more casually at home. Again, I haven’t seen anything that I thought was inappropriate, but I have wondered about whether I should change from whatever I’m wearing at home into something less casual out of respect for the patient, or whether it’s just silly of me to wonder about it.

Third, I’ve talked about using a shoji screen at home when I do telepsychiatry from there. My office at home is considerably more messy than the one at my practice, and I think that I would rather leave it like it is and hide the background with a shoji screen.

I don’t have any answers here, but, as time goes on, I’m sure some boundary issues are bound (sorry for the pun) to come up in telepsychiatry.

Tagged , ,
Print This Post Print This Post

Good series on telepsychiatry at Shrinkrapping blog

I’ve really liked the first two posts (in a planned series of six) on telepsychiatry at the Shrinkrapping blog . The first post talks about a new telepsychiatry project which started in 2007 in South Carolina . The program is already working in seventeen hospitals, with plans to expand to 45-60 hospitals by the time the study is fully ramped up. With that much data, there should be some really good solid answers to a lot of questions by the time the study is complete.

The second post talks about the hardware and software setup that the blog author uses. He’s using an expensive Polycom system. (I understand why, but with Skype going to high-def resolution, I think there will soon be much cheaper alternatives.) South Carolina sounds much more wired than Maryland:  He can get a lot of information out of statewide databases than I could.

I had to smile though at the end of the second post. With lots of access to databases, top of the line equipment, and what sounds like a fantastic organizational system, the output of the telepsychiatry consult is faxed to the doctor who requested it.

Faxed!? Why? When are we going to get rid of faxes in medicine? Except for certain rare cases, I would always rather get an electronic version of a document. Basically, my fax machine just turns everything to pdf anyway. Why send a consult note that isn’t computer readable (except maybe with a OCR)? Are they killing more trees than they need to in South Carolina?

Seriously though, I think that most of psychiatry is going to look a lot more like the telepsychiatry in South Carolina a lot sooner than people expect. As I’ve mentioned before–telepsychiatry, it’s not just for institutions anymore…

Tagged , , , ,
Print This Post Print This Post

Is online therapy not really therapy?

I read an interesting blog post in which the author, a training and supervising psychoanalyst shares his thoughts about “online therapy.”

The author was doing research on “techno-ethics” for a workshop he will be doing, and the premise of his blog post is that any online therapy is not “real” psychotherapy.

Of course, psychiatrists do more than therapy (regrettably, some do no therapy at all), so the author’s argument doesn’t necessarily apply to telepsychiatry, but I still find his argument lacking.

He begins by accusing anyone who does any kind of online therapy as “preying on vulnerable people in need of help.” I have no doubt that there are people who are doing a bad job of online therapy, just as there are people who are doing a bad job of face to face therapy, too. Even though the author admits that people have been helped by online psychotherapy,  he discounts any proof by success. Instead, he says that online therapy is a “technologically-mediated simulation of psychotherapy,” sort of like Disney World or a flight simulator.

He goes on to give a couple of reasons why he thinks online therapy is a simulation rather than “real” psychotherapy.

First, he states that “Skype or Email is just not risky enough provide the same context for the development of safety.” He states, without any support, that no therapeutic alliance can be built online. Such a statement can be refuted by one counterexample. Although I certainly believe that technology can change the therapeutic alliance, I think my own experience makes me think that the author doesn’t have any experience upon which to base his opinion. Certainly, I think that there is a therapeutic alliance that gets built when I do telepsychiatry. I wonder what the author’s experience would be if he actually tried it.

Second, he says that mirror neurons are not activated in online therapy, but are in face to face therapy. A brief search through the literature finds no evidence for this claim, and, in fact, other studies would suggest that it would be surprising if mirror neurons were not activated by online therapy, given that many studies show that mirror neurons are stimulated by things like films, videos and pictures.

The author closes by saying:

And for my colleagues out there pushing this new frontier, maybe you want to dial-back on the evangelical fervor, maybe even consider clearly stating that what you are offering is a simulation, not the actual journey that has been subject to decades of research and study.

I would say back to him two things. “Theory is not as important as people getting better,” and “Try it first, then write your article, rather than the other way around.”

Tagged , , ,
Print This Post Print This Post

Telemedicine credentialing

I saw an interesting article regarding changes in the rules for credentialing doctors to do telemedicine in other hospitals.

Basically, the rules up to now appear to have been that the doctor needs to be credentialed at the hospital he or she works at, but not necessarily at the hospital he or she providing telemedicine services.

‘Credentialing’ is a time consuming business in which every hospital conducts an investigation, typically yearly, of the doctors who work there to make sure they actually went to medical school, have a license to practice medicine, and so on.

As far as I can see, this results in an enormous amount of unnecessary paperwork for lots of people, especially given that doctors in most states have to provide all the necessary information to the licensing board anyway, so having a current license is usually equivalent to having all the credentials needed.

As someone on the other side of this silliness, I have to say there is something odd about having to repeatedly prove to the hospital that, yes, indeed I have graduated from medical school, particularly when I went to medical school there.

The rules appear to be changing so that credentialing now has to be done by the hospital where someone is sitting, and by the hospital where telemedicine services are provided. There’s some extra issues here because typically credentialing involves some review by someone who is an expert in the field in which the doctor is practicing. A lot of times, the whole idea behind telemedicine is to get an expert somewhere where there isn’t one, so one this seems to put an additional burden on a hospital that will needed to hire an expert to evaluate the expert.

I have a new idea. Let’s have experts evaluate the experts who evaluate the experts. Wait. I have another idea. Let’s have experts evaluate the experts who evaluate the experts who evaluate the experts….

Why not just have one nation-wide credential checker? Sure would save a lot of reduplication.