Compliance

• Originating Site: The location of the patient at the time of a telemedicine consultation.
• Distant or Remote Site: The location of the provider specialist at the time of a telehealth consultation.
• Provider: A physician (MD or DO) or allied healthcare professional that is licensed in one or more states to provide approved medical services to patients.
• Telemedicine Consultation: GoTelecare facilitates real-time, two-way interactive video/audio consultations between patients and providers.
• mHealth: The practice of medical health supported by mobile devices, including patient sensors and transmitter devices, as well as mobile phones, PDAs, and cellular data transfer devices.

• GoTelecare operates subject to state regulation and services may not be available in certain states.
• Patients must have a U.S. address and a U.S.-based phone number for the telemedicine provider to be able to contact you at the time of consultation.
• GoTelecare’s mobile app for smart phones and tablets relies on public access GPS location technology maintained by the U.S. government to determine patient’s location during consultations to ensure alignment with the provider’s state licensure.
• GoTelecare allows provider-to-provider consultations for the benefit of patient care.
• GoTelecare’s Electronic Medical Records (EMR) system is Complete EHR is 2011/2012 compliant and has been certified by an ONC-ATCB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. The EMR is connected with more than 55,000 pharmacies and more than 100 national and regional medical labs.
•  

• Providers are required to be licensed in the states where they will regularly consult with patients located in the same state
• GoTelecare requires telemedicine providers to be board certified/board eligible
• Providers are not required to be physically present with the patient at the time of a telemedicine consultation.
• “Infrequent” or “Occasional” Consultations are permitted in at least 28 states so that patients may receive consultations from providers who may not be licensed in the patient’s state.
• The state of Texas allows an out-of-state provider to obtain a special telemedicine license in order to practice across state lines.
• In a few limited instances, there is an exception for the rendering of services in one state by a physician lawfully practicing medicine in a state bordering or adjoining that state if the physician has any established or regularly used hospital connections in the state or maintains or is provided with, for his or her regular use, an office or other place for rendering the services.
• GoTelecare’s mobile app for smart phones and tablets relies on public access GPS location technology maintained by the U.S. government to determine patient’s location during consultations to ensure alignment with the provider’s state licensure.

GoTelecare provides 100% HIPAA-HITECH compliant operations.

Here are the various measures adopted to ensure the highest level of compliance with the stringent demands of these critical data privacy and security standards.

1. 1. PHYSICAL ACCESS
      1. Controlled access restricted by bio-metric and proximity card systems
      2. All employees are issued photo ID cards which they are required to wear at all times when they are within the facility premises
      3. Regular review and periodic audits of access logs to check for unauthorized entry attempts
      4. Access is granted on a least privilege principle and configured on a per employee basis

1. 1. SECURITY
      1. Security personnel on 24-hour duty, posted at all entry and exit points of the facility
      2. Logging of visitor details such as name, entry/exit time, contact person’s name, proof of ID, signature and reason for visit in a register kept for the purpose
      3. The physical register is retained for minimum 10 years

1. 1. MONITORING
      1. CCTV monitoring, with recording, of all entry/exit points and inside the production floor
      2. Random daily monitoring of stored recordings by security team
      3. Recordings are retained in central DVR’s internal hard disk for 6 months and subsequently backed up to an external storage device

1. 1. VENDOR ACCESS
      1. Vendors are required to sign a confidentiality agreement before accessing sensitive areas such as data/network center and power supply control room
      2. Vendors are always escorted by security personnel, and supervised at all times, either by an employee or security personnel

1. 1. MOBILE PHONE USAGE
      1. Only managers who are authorized are allowed to use mobile phones within the premises
      2. All other employees are required to deposit their phones in the locker box before entering the facility

1. 1. PERSONAL BAGGAGE
      1. No backpacks or bags of any sort are allowed inside the facility
      2. All bags are required to be kept in the locker boxes placed outside the production floor

1. 1. NETWORK AND APPLICATION USAGE
      1. A leading Directory Service is used to create unique user IDs for individual users
      2. Access to storage devices is controlled using Domain Group Policy configured in a Windows-based directory system
      3. Password parameters built around strict frequency, complexity, account lockout, length and history compliances
      4. User access to shared drives is controlled using group policies
      5. Access to USB or other mass storage devices are blocked on workstations
      6. Access to printers is allowed to authorized employees only
      7. No wireless access points are installed within the facility premises

1. 1. FIREWALL
      1. High-end ‘Unified Threat Management’ system (UTM) deployed to filter network traffic
      2. Internet traffic regulated using content filter, URL filter and application filter systems
      3. Port-mapping for traffic between Virtual LANs and from external networks
      4. The firewall is set by default to deny all traffic passing between the networks unless specified otherwise by specific ports and service based rules
      5. Network Address Translation (NAT) services are enabled to hide internal servers
      6. Firewall logs are maintained for all traffic for 3 months and subsequently archived for 1 year
      7. Intrusion Prevention Systems (IPS) are provided by the UTM system (using a high-end Firewall system)
      8. IPS services are updated in real-time and licenses renewed annually

1. 1. VPN (VIRTUAL PRIVATE NETWORK)
      1. Site-to-site IPSec VPN tunnels are used to securely establish connection to client network.
      2. Access to internal network is restricted to authorized employees only via client-to-site VPN connections.
      3. Authorized employees are authenticated using Active Directory’s authentication service.
      4. VPN connections (site-to-site) are locked down by gateway IP addresses configured at both the facility and the client’s firewalls

1. 1. REDUNDANCY MANAGEMENT
      1. Fully redundant network stack is maintained
      2. Two ISP links are configured in an active-active mode
      3. Power backup supplied by 130 KVA UPS and 750 KVA diesel powered generator system
      4. All server and network systems are backed up by 22 KVA rack mounted UPS system

1. 1. VIRUS & MALWARE PROTECTION
      1. A centralized anti-malware system is deployed to provide protection against virus and other malware.
      2. Automatic updating of virus definitions and security patches
      3. Extra protection from external malware attacks is provided by the gateway firewall
      4. Centralized Operating System patch management system deployed using an integrated server update system to ensure critical updates and security patches are applied to all the systems

1. OTHER SAFETY MEASURES
   1. Fire extinguishers are placed at all key areas within the premises
   2. Half-yearly fire drills are conducted to test the effectiveness of fire safety protocols

GoTelecare provides claims processing and billing services for contracted providers who require these services. The payors may be Medicare, Medicaid & any applicable private healthcare plan payors with which the provider is enrolled or accepted.

• GoTelecare does not guarantee that a prescription will be provided.
• Prescriptions may be written only when clinically appropriate and may be restricted by law.
  • Certain states may require a physical examination and/or an established physician-patient relationship before a prescription is written.
  • Certain states, such as CA, TX, VA, MD, allow for physical examinations to take place electronically.
• Live, interactive patient consultations through GoTelecare addresses the prohibiting by at least 30 states of prescriptions being written solely based on a medical questionnaire and/or patient supplied medical history.
• GoTelecare’s service facilitates a provider establishing follow-up consultations with patients after each consultation to ensure continuity of care.
• Consulting physicians contracted with GoTelecare are specifically instructed not to prescribe DEA 1 & 2 controlled substances or certain other drugs which may be harmful because of their potential for abuse.

• GoTelecare does not furnish any telemedicine services nor any other health care services, including any Designated Health Services (as that term is defined under the federal self-referral statute, 42 U.S.C. § 1395nn and related regulations (the “Stark Law”) but provides certain services to health care providers such as Provider so that such health care providers may furnish Telemedicine Services to their patients.
• GoTelecare does not refer patients to providers and conducts itself in full compliance with the federal anti-kickback law, 42 U.S.C. § 1320a-7b, and applicable regulations and applicable state referral and anti-kickback laws and regulations.

(Source: ATA – American Telemedicine Association)

• California : CA legislation information, Medicaid/MediCal & private payor coverage mandate
• Texas : TX legislation information, Medicaid & private payor coverage mandate
• Virginia : VA legislation information, Medicaid & private payor coverage mandate