Yunge Li
Associate Editor
Loyola University Chicago School of Law, JD 2021
With COVID-19 rapidly spreading, telehealth services have been seeing an explosion of demand. On March 17, 2020, President Trump announced during a White House press briefing an unprecedented expansion of telehealth services for the 62 million Medicare beneficiaries who are amongst the most vulnerable to the disease. The Department of Health and Human Services (“HHS”) and Centers for Medicare and Medicaid Services (“CMS”) have since vowed to work with the administration by temporarily relaxing certain HIPAA, altering licensure, cost-sharing, and auditing requirements. As the number of patients increases, compliance and privacy risks associated with telehealth also surge.
Telehealth prior to COVID-19
The Health Resource and Services Administration (“HRSA”) of the HHS defines telehealth as “the use of electronic information and telecommunication technologies to support and promote long-distance clinical health care, patient and professional health-related education, and public health and health administration”. These technologies often include videoconferencing, store-and-forward imaging, streaming media, and both landline and wireless communications.
Prior to COVID-19, Medicare restricted reimbursements for telehealth services, such as routine visits, as a substitute for an in-personal evaluation. Such services were only to be provided in designated rural areas, and only if the patient is present at an approved medical facility at the time the service is furnished (“originating site” requirement).
Some of these restrictions were eased in 2019 when Medicare coverage was expanded by the 2020 Medicare Physician Fee Schedule (“PFS”) Final Rule. The PFS final rule provides for reimbursement in some new areas such as virtual check-ins, store and forward imaging, remote patient monitoring, and inter-professional consults. In addition, the Bipartisan Budget Act of 2018 allows Medicare Advantage plans to reimburse enhanced telehealth as part of the standard coverage offering in 2020.
Telehealth expansion during a global pandemic
The increase of telehealth patients is driven mainly by the health care system’s effort to reserve hospitals and other health care facilities for people who are seriously ill and need medical attention the most. With the Trump administration lifting restrictions on telehealth services for Medicare beneficiaries, the number hit a record high. “Medicare patients can now visit any doctor by phone or video conference at no additional cost,” President Trump said during a White House press briefing, changing the landscape of telehealth reimbursement in response to COVID-19.
On March 13, President Trump announced an emergency declaration under the Stafford Act and the National Emergencies Act. In response, Medicare’s telehealth benefits were rapidly expanded in an effort to leverage technology to protect beneficiaries from exposure to COVID-19. Under the expansion rule, Medicare beneficiaries will be able to receive various services through telehealth including regular office visits, mental health counseling, and preventive health screenings. These visits can be conducted by a range of providers (such as doctors, nurse practitioners, clinical psychologist, and licensed clinical social workers) in any health care facility including a physician’s office, hospitals, nursing homes, rural health clinics, as well as from a patient’s home. The originating site requirement has been temporally waived and the service may also be conducted using a range of audio and visual communication tools.
Additionally, CMS has waived the licensing requirement and is allowing physicians to practice telemedicine across state lines for Medicare beneficiaries. The Office of Inspector General of HHS also lifted certain enforcement on fraud and abuse laws for temporarily reducing or waiving telehealth cost-sharing obligations. The Office for Civil Rights of HHS assured health care provides that it will not pursue otherwise applicable penalties for HIPAA violations that result from the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.
States are also moving quickly to remove barriers to telehealth services. Eighteen states and the District of Columbia have amended their existing laws or issued new declarations to expand the use of telehealth services during the pandemic. The Center for Connected Health Policy is monitoring Covid-19 related state actions and the updates could be found here.
Compliance and privacy issues
As enforcement agencies ease regulatory and compliance burdens for practitioners and encourage better Telehealth access, it comes with heightened government scrutiny and oversight for compliance and privacy risks.
The Department of Justice (“DOJ”) is currently diligently working to avert any detrimental impacts on any COVID-19 related fraudulent schemes. On March 22, 2020, the DOJ took its first legal action against some Texas website owners who were selling fake COVID-19 vaccines for $4.95.
Amid COVID-19 telehealth use, Senator Richard Blumenthal has addressed concerns over video conferencing apps’ encryption and privacy practices. He sent a letter to Zoom CEO Eric Yuan, asking for assurances on the video conferencing platform’s privacy and security practices. “Zoom is increasingly being used by schools and healthcare providers that have shut down or limited their operations to stop the spread of Coronavirus, raising questions about how its services comply with federal and state privacy laws protecting students, patients, and consumers,” he added. Using personal phones to speak to a healthcare provider outside a private setting also adds to the privacy risk in safeguarding patient information. CMS advised providers to exercise reasonable precautions by using lowered voices, not using a speakerphone, and recommending that the patient move a reasonable distance away from others when discussing patient health information.