What Has Changed Now for Telehealth?
First, the prior relationship requirement. As Andre Perrotta, of Chapman Law Group’s health care compliance practice group, explains in the above video:
“One of the important factors in reading some of the loosening of the strings, so to speak, is that the physician had to have had in the past three years a previous E&M [evaluation and management] service, effectively, with that same patient in order for this to qualify for reimbursement for the provider.”
That condition has been relaxed, as CMS has stated:
“To the extent the waiver (section 1135(g)(3)) requires that the patient have a prior established relationship with a particular practitioner, HHS will not conduct audits to ensure that such a prior relationship existed for claims submitted during this public health emergency.”
Second, instead of making patients in rural areas drive out to a health facility, they may receive telehealth services directly from their home, which now qualifies as an “eligible originating site” under the new 1135 waiver.
What Services May Health Care Providers Provide Via Telehealth?
According to HHS: “All services that a covered health care provider, in their professional judgement, believes can be provided through telehealth in the given circumstances of the current emergency are covered … [including] diagnosis or treatment of COVID-19 related conditions, such as taking a patient’s temperature or other vitals remotely, and diagnosis or treatment of non-COVID-19 related conditions, such as review of physical therapy practices, mental health counseling, or adjustment of prescriptions, among many others.”
But, as Ronald W. Chapman Sr., notes in the above video, health care providers should be aware that telehealth services can only go so far:
“[In] Florida and Michigan, for example, you still have to comply with the standard of care. So I’m wondering when a patient calls and says, ‘Hey I think I might have the Coronavirus I’m a little short of breath,’ what are you going to do? You can’t auscultate the person’s chest, you can’t take a blood pressure, so I don’t know what kind of service you can provide.”
Are Telehealth Services During This Time Solely Limited to Coronavirus-Related Matters?
No. CMS calls this “a critical point given the importance of social distancing and other strategies recommended to reduce the risk of COVID-19 transmission, since it will prevent vulnerable beneficiaries from unnecessarily entering a health care facility when their needs can be met remotely.”
As an example, a beneficiary would be able to use a telehealth visit with their doctor before receiving another prescription refill. “However,” CMS notes, “Medicare telehealth services, like all Medicare services, must be reasonable and necessary under section 1862(a) of the Act.”
What Platforms May Health Care Providers Use to Provide Telehealth?
Health care provider should use a “non-public facing” remote communication platform, which HHS states “allows only the intended parties to participate in the communication.” For video, these include Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, WhatsApp video chat, Zoom or Skype. For text messaging, Signal, Jabber, Facebook Messenger, Google Hangouts, WhatsApp and iMessage may be used.
What Platforms Are Forbidden for Telehealth Services?
“Public-facing” platforms like TikTok, Facebook Live, Twitch and the chat room Slack are not acceptable forms of remote communication for telehealth, as they “allow wide or indiscriminate access to the communication.”
How do HIPAA Rules Apply?
The OCR, which serves as the HIPAA-enforcement arm of the HHS, is exercising “enforcement discretion” for telehealth. It has stated that, during COVID-19, it will not impose penalties for noncompliance with regulatory requirements during the “good faith provision of telehealth” services.
OCR does, however, state that doctors and other clinicians should “notify patients that … third-party applications potentially introduce privacy risks” and should “enable all available encryption and privacy modes when using such applications.”
What Would Constitute Bad Faith in Telehealth?
Examples of what OCR may consider bad faith provisions are:
- Conduct or furtherance of a criminal act, such as fraud, identity theft, and intentional invasion of privacy.
- Further uses or disclosures of patient data transmitted during a telehealth communication that are prohibited by the HIPAA Privacy Rule (e.g., sale of the data, or use of the data for marketing without authorization).
- Violations of state licensing laws or professional ethical standards that result in disciplinary actions related to the treatment offered or provided via telehealth (i.e., based on documented findings of a health care licensing or professional ethics board).
- Use of public-facing remote communication products.
When Will the Telehealth Waiver Expire?
The telehealth waiver will be effective until the Public Health Emergency, which was declared by the Secretary of HHS on January 31, 2020, ends.
How Can I Be Sure My Health Care Practice is in Compliance with Telehealth?
Contact the compliance practice attorneys at Chapman Law Group. We are here to guide you through these new telehealth policies, and to answer any questions you may have about what COVID-19 means to your practice.