A. Before performing telehealth services, a telehealth practitioner shall develop and follow a procedure to:
(1) Verify the identification of the patient receiving telehealth services;
(2) Except for interpretive services, obtain oral or written acknowledgement from a patient or person in interest as defined by Health-General Article, §4-301(m), Annotated Code of Maryland, to perform telehealth services;
(3) Prevent access to data by unauthorized persons through encryption or other means;
(4) Notify patients in the event of a data breach;
(5) Ensure that the telehealth practitioner provides a secure and private telehealth connection that complies with federal and state privacy laws; and
(6) Establish safety protocols to be used in the case of an emergency.
B. Except when providing store and forward telehealth services, remote patient monitoring, or other asynchronous telehealth services, a telehealth practitioner shall:
(1) Obtain or confirm an alternative method of contacting the patient in case of a technological failure;
(2) Confirm whether the patient is in Maryland and identify the practice setting in which the patient is located;
(3) For an initial patient-telehealth practitioner interaction only, disclose the telehealth practitioner’s name, contact information, and medical specialty; and
(4) Identify all individuals present at each location and confirm they are allowed to hear personal health information.
C. The requirements set forth under §§A and B of this regulation may be delegated.