.04 Specific Telehealth Requirements.

A. Before performing telehealth services, a telehealth practitioner shall develop and follow a procedure to:

(1) Verify the identification of the patient receiving telehealth services within a reasonable degree of certainty through use of:

(a) Government issued photograph identification;

(b) Insurance, Medicaid, or Medicare card; or

(c) Documentation of the patient’s:

(i) Date of birth; and

(ii) Home address;

(2) For an initial patient encounter, disclose the telehealth practitioner’s name, contact information, license type, and medical specialty, if any;

(3) Except for interpretive services, obtain oral or written consent from a patient or the patient’s parent or guardian if State law requires the consent of a parent or guardian including informing patients of the risks, benefits, and side effects of prescribed treatments;

(4) Securely collect and transmit a patient’s medical information, clinical data, clinical images, laboratory results, and self–reported medical history, as necessary and prevent access to data by unauthorized persons through encryption or other means;

(5) Notify patients in the event of a data breach;

(6) Ensure that the telehealth practitioner provides a secure and private telehealth connection that complies with federal and state privacy laws; and

(7) Establish safety protocols to be used in the case of an emergency.

B. Except when providing asynchronous telehealth services, a telehealth practitioner shall:

(1) Obtain or confirm an alternative method of contacting the patient in case of a technological failure;

(2) Confirm whether the patient is in Maryland and identify the practice setting in which the patient is located; and

(3) Identify all individuals present at each location and confirm they are allowed to hear personal health information.

C. The requirements set forth under §§A and B of this regulation may be delegated.