The Centers for Medicare & Medicaid *&@?
Guest Blog:
Monahan Law Group, LLC
Chicago, Illinois
As the nation grapples with a public health response to the Covid-19 pandemic, Telehealth has emerged as one of the most prominent “tools in the toolbox” to ensure access to care for individuals who are isolated at home and to alleviate stress on the broader healthcare system. The urgency of the moment is resulting in a rapid shift in Telehealth policy and law on both the state and federal levels.
The past few weeks and even days have brought a slew of changes affecting how Telehealth is regulated, reimbursed and clinically provided in Illinois and nationally. Broadly speaking, these changes (1) allow reimbursement for in-home services provided via Telehealth, (2) relax restrictions on the technology used to provide Telehealth services, (3) eliminate patient cost-sharing requirements and (4) reduce the risk of liability for breaches of confidentiality. However, it is important to keep in mind these developments do not affect the scope of practice or the standard of care for the provision of Telehealth services.
Medicare
The Centers for Medicare & Medicaid Services (CMS) has broadened access to Medicare telehealth services so that beneficiaries can receive a wider range of services from their health care providers without having to travel to a healthcare facility. Prior to the recent passage of the Coronavirus Preparedness and Response Supplemental Appropriations Act and activation of 1135 Waiver authority, Medicare was only allowed to pay clinicians for telehealth services in certain circumstances, such as for patients in remote locations, and generally did not cover home-based virtual consults. As a result of this action, Medicare will now pay for office, hospital, and other visits furnished via telehealth including in patient’s places of residence starting March 6, 2020. A range of providers, such as doctors, nurse practitioners, clinical psychologists, and licensed clinical social workers, may offer telehealth to their patients.
Additionally, the HHS Office of Inspector General (OIG) is providing flexibility for healthcare providers to reduce or waive cost-sharing for telehealth visits paid by federal healthcare programs. Healthcare providers will not be subject to administrative sanctions for reducing or waiving any cost-sharing obligations federal health care program beneficiaries may owe for telehealth services during the Covid-19 emergency. Ordinarily, routine reductions or waivers of costs owed by federal health care program beneficiaries, including cost-sharing amounts such as coinsurance and deductibles, potentially implicate the Federal anti-kickback statute, the civil monetary penalty and exclusion laws related to kickbacks, and the civil monetary penalty law prohibition on inducements to beneficiaries. Healthcare providers, however, are not required to reduce or waive any cost-sharing obligations.
HIPAA
The Office for Civil Rights (OCR) at HHS is responsible for enforcing regulations issued under HIPAA. OCR has recognized that during the Covid-19 emergency, health care providers subject to the HIPAA Privacy and Security Rules may seek to communicate with patients and provide telehealth services through remote communications technologies, yet some of these technologies, and the manner in which they are used by health care providers, may not fully comply with the requirements of HIPAA. Accordingly, OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under HIPAA against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 public health emergency. A covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients. Health care providers may utilize popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype, to provide telehealth without risk that OCR might seek to impose a penalty for noncompliance with HIPAA.
According to OCR guidance, providers are encouraged to notify patients that these third-party applications potentially introduce privacy risks, and providers should enable all available encryption and privacy modes when using such applications. However, Facebook Live, Twitch, TikTok, and similar video communication applications which are public-facing should not be used in the provision of telehealth. Notwithstanding the above, the list below includes some vendors that represent that they provide HIPAA compliant video communication products and that they will enter into a HIPAA BAA:
Skype for Business
Updox
VSee
Zoom for Healthcare
Doxy.me
Google G Suite Hangouts Meet
Takeaway
While these changes largely loosen restrictions surrounding the provision of telehealth, it is still crucial to follow all ethical guidelines and best practices when providing services via telehealth, especially the implementation of a client-emergency protocol. Importantly, health care providers must still practice within the scope of their professional license, according to the standard of care.