Many physicians and medical practices are shifting to telehealth as a way of providing services for their patients due to the spread of COVID-19 combined with federal and state requirements regulating which businesses can stay open -. The use of telemedicine is attractive to both patients and physicians because telehealth means that the patient and the doctor can practice physical distancing by working in their home environments.
There are a variety of issues that should be reviewed with an experienced telemedicine attorney before beginning to consult through telemedicine with patients. There are issues of:
- Whether the doctor can see new patients if the physician hasn’t had a face-to-face meeting with the new patient. Many states normally require that the physician conduct a face-to-face oral and physical examination with the patient before being allowed to give medical advice online.
- Whether the doctor can prescribe medications through telemedicine. The Drug Enforcement Agency (DEA) has updated its policy regarding prescriptions for a variety of purposes such as helping people obtain a longer supply of medications.
- Whether private insurance and government insurance programs such as Medicaid and Medicare will pay for telehealth medical services. Insurance requirements generally depend on state law, federal law, and the terms of the insurance policy.
- How the issue of informed consent will work through telemedicine. Patients must understand how informed consent works in a telehealth environment. Doctors need to ensure their standard informed consent documents are updated to comply with state laws, the doctor’s practice, and viable treatments.
OCR Guidelines during the COVID-19 public health emergency
The Office of Civil Rights for the Department of Health and Human Services (DHHS) now provides that entities covered by the Health Information Portability and Accountability Act of 1996 (HIPAA – and subsequent amendments by the Health Information Technology for Economic and Clinical Health Act) – are allowed to communicate with patients and to provide telehealth services “through remote communications technologies.”
During this public health emergency, OCR has announced a “Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency.”
Even though some covered entities may be in violation of the rules, OCR:
“will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered healthcare providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency. This notification is effective immediately”
Covered entities will be able to use audio or video technology to provide telehealth services to patients during the emergency period using any “non-public facing remote communication product that is available to communicate with patients.”
The discretionary exercise applies not just to diagnosing or treating COVID-19 health concerns. The discretion applies to telemedicine for any reason.
A few years ago, telemedicine and telehealth burst on the scene, immediately challenging established legal frameworks built around brick-and-mortar practices. The novelty forced healthcare […]
Some examples of permissible telehealth services
A health provider may use a video chat app to review a patient who is showing COVID-19 symptoms by using phones and computers so that more patients can be assessed while eliminating the danger of the health provider or others contracting the novel coronavirus through an in-person consultation. Physicians can also use telemedicine for other health issues during the emergency, such as a sprained ankle, psychological consults, or even a dental consultation.
The OCR notice states that the following apps can be used:
- Apple FaceTime, Facebook Messenger, Google Hangouts, Zoom, and Skype
Health providers should explain to patients that third-party applications may create privacy risks. Health providers should “enable all available encryption and privacy modes when using such applications.”
The OCR notice does say, however, that the following apps and similar video apps are considered “public facing” and should not be used to provide telehealth services:
- Facebook Live, Twitch, TikTok
Health providers covered by HIPAA should “seek additional privacy protections” when using video communication technology by using vendors “that are HIPAA compliant and will enter into HIPAA business associate agreements (BAAs) in connection with the provision of their video communication products.”
The notice states that the following video communication vendors assert that the vendor is HIPAA-compliant and that the vendor will agree to a HIPAA BAA.
- “Skype for Business / Microsoft Teams
- Zoom for Healthcare
- Google G Suite Hangouts Meet
- Cisco Webex Meetings / Webex Teams
- Amazon Chime
- Spruce Healthcare Messenger”
OCR includes the caveat that it hasn’t reviewed the BAAs for the vendors. Health providers who wish to use one of the vendors should review the proffered BAA with an experienced telemedicine attorney. OCR does state, though, that it:
”will not impose penalties against covered healthcare providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.”
OCR offers the following guidance materials as well:
- “A bulletin advising covered entities of further flexibilities available to them as well as obligations that remain in effect under HIPAA as they respond to crises or emergencies.”
- BAA guidance – including sample provisions.
- More information on HIPAA security safeguards
Medicare, telehealth, and the novel coronavirus
According to Modern Healthcare, starting March 6, 2020, Medicare will pay physicians and hospitals, temporarily, for a broad array of telehealth services in response to the novel coronavirus pandemic.
Medicare will reimburse telehealth providers at the same rates as for in-person visits. The ability to use telehealth services will also include “nurse practitioners, clinical psychologists and social workers.”
Telehealth services will be available to nursing homes, outpatient hospital departments, and other settings including the more typical physician or clinic setting.
The Medicare Originating Site Fee is a perk for provision of telemedicine services. State law also may provide its own rules. Let’s look below at federal law and then California law.
The current administration is requesting that Medicaid also offer telemedicine services. Medicaid doesn’t generally require federal approval though Medicare normally requires state approval.
The aim of the expanded use of telehealth services is to reduce the risk of exposure to Medicare beneficiaries – many of whom are among the most vulnerable – to serious or fatal consequences if the beneficiary contracts the virus.
Before the announcement by Medicare encouraging telehealth, telemedicine was generally only available to rural Medicare beneficiaries – if the patients went to a clinic, a hospital, or another medical facility.
There are three types of Medicare telehealth services:
- Medicare telehealth visits. The visits use audio and video to provide “real-time communication between providers and patients.” Medicare telehealth visits are treated, under the emergency, like in-person visits.
- Virtual check-ins. The virtual check-ins are short communications between physicians and patients – such as sending a patient a text message. Virtual check-ins don’t require audio or video and can use a variety of communication methods. A common example is when a patient initiates a virtual check-in by sending an email question to their primary-care physician.
- E-visits. The Centers for Medicare & Medicaid Services (CMS) considers e-visits as medical care that is delivered through a patient portal. This requires that the Medicare beneficiary and the health provider have a prior existing relationship.
Prior to the outbreak of COVID-19, Medicare did give physicians the right to bill for virtual check-ins through video or phone, provided that the service:
- Didn’t relate to a medical visit that took place in the preceding seven days
- Was with a health provider with whom the patient had an established relationship, or with certain other practitioners
- “Does not lead to a medical visit within the next 24 hours (or soonest appointment available”
- Meets certain other conditions
The Coronavirus Preparedness and Response Supplemental Appropriation Act (HB 6074), signed on March 6, 2020 gave DHHS the authority to waive some telehealth limitations for Medicare beneficiaries.
The DHHS may expand the types of reimbursable Medicare services, the types of providers that can offer the services, and the technologies which can provide the telemedicine services.
FTC guidelines during the COVID-19 public health emergency
On March 26, 2020, the Federal Trade Commission issued its own statement on how the FTC will be protecting consumers during the COVID-19 public health emergency. The chairman, Joe Simmons, stated that the FTC is working with law enforcement and others to “stop scammers and other unfair and deceptive business practices during the pandemic.”
Chairman Simmons did state that the FTC will be reasonable when it comes to enforcing FTC compliance requirements “on companies that may hinder the provision of important goods and services to consumers, and will consider good faith efforts to provide needed goods and services in making enforcement decisions.”
FTC will help businesses (such as healthcare providers) obtain guidance on their compliance requirements during this emergency.
On March 20, 2020, The US Department of Justice issued its own guidelines regarding the novel coronavirus pandemic.
The Attorney General directed that US Attorneys should prioritize the investigation and enforcement of laws such as the False Claims Act regarding fraud and the coronavirus. Examples of illegal schemes include:
- Promoting fake cures
- Schemes that look like someone is sharing COVID-19 information but are actually trying to gain access to your computers until payment is received
- “Medical providers obtaining patient information for COVID-19 testing and then using that information to fraudulently bill for other tests and procedures.”
Additional compliance considerations for healthcare providers during the COVID-19 public health emergency
Healthcare providers and other health companies need to understand that COVID-19 doesn’t suspend their duty to comply with all existing federal and state laws and regulations. In their efforts to treat patients for COVID-19, treat patients for all other medical conditions, and provide products and services for the healthcare industry, health entities need to keep the following in mind:
- Compliance with the Anti-Kickback Statute and Stark Law. All referral arrangements for products and services should be reviewed with an experienced healthcare compliance lawyer
- Bills should be submitted that are reasonably necessary to provide the correct diagnosis, prognosis and treatment
- Business decisions should be based on good faith reasons
- Health providers must comply with FTC, FDA, and other federal regulations as well as with state laws and regulations
- Health professionals should comply with laws regulating the corporate practice of medicine.
- A range of other health issues
The Department of Health and Human Services, the FTC, the DOJ, and Medicare have all announced changes to compliance requirements for the use of telehealth services during the COVID-19 public health emergency. Health providers should review the changes and all their health compliance issues with an experienced healthcare lawyer. While there may be some more latitude in some areas, health providers should proceed with caution and make sure the health provider understands the changes beforehand.
Contact the Cohen Healthcare Law Group for legal advice on how the COVID-19 virus is affecting telehealth practices. Our experienced healthcare attorneys are working to keep current with the new compliance and regulatory laws as the changes are enacted.