In response to calls for flexibility and broadening access to telemedicine services during the COVID-19 public health emergency, certain federal privacy regulations have been relaxed and payment policies expanded as a result of actions taken by the Health and Human Services (HHS) Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS).
The AMA quick guide to telemedicine in practice has been developed to help physicians swiftly ramp up their telemedicine capabilities. In addition to informing physicians on the recent actions taken by the OCR and CMS, the guide gives instruction on getting started; policy, coding and payment; practice implementation; and links to other helpful resources.
A CMS Fact Sheet explains how expanded Medicare coverage for telehealth enables beneficiaries to receive a wider range of health care services from their physicians without having to visit a health care facility.
The Fact Sheet notes that this expansion is being done under a “temporary and emergency basis” and under the president’s 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act.
Previously, Medicare telehealth coverage was limited. Now, however, it will cover office visits via telehealth where services are provided by physicians and a range of other providers including nurse practitioners, clinical psychologists and licensed clinical social workers.
The HHS Inspector General is also waiving Medicare’s cost-sharing requirements for COVID-19 treatment delivered via telehealth from a doctor’s office or hospital emergency department.
Summarizing the new policies, the CMS Fact Sheet listed these key takeaways:
- For the duration of the emergency, Medicare will pay for telehealth services furnished to beneficiaries “in all areas of the country in all settings” at the same rate of as regular, in-person visits.
- HHS will not conduct audits to track whether there was a prior patient-physician relationship for claims submitted during the public health emergency.
- Patients must initiate services, but physicians may inform their patients on the availability of telehealth services.
States allowing license flexibility
The general policy regarding medical licensure and telehealth is that the physician must be licensed in the state where the patient is located at the time of treatment.
The AMA telehealth guide notes that CMS has waived this requirement for Medicare patients and that states may request a waiver for Medicaid patients.
“As part of emergency declarations, many governors have relaxed licensure requirements related to physicians licensed in another state and retired or clinically inactive physicians,” the guide states, adding that it’s recommended physicians check with the state board of medicine or local department of health for the latest information on their state’s status.
The Federation of State Medical Boards has also posted a chart tracking which states have altered their telemedicine license policies in light of the COVID-19 emergency. The chart includes links to state documents confirming their status on this issue.
“Discretion” on HIPAA rules
The OCR, the HIPAA-enforcement arm of the HHS, announced that it will exercise “enforcement discretion” and would not impose penalties for noncompliance with regulatory requirements during the “good faith provision of telehealth” services during the COVID-19 national public health emergency.
Specifically, the OCR notice refers to the privacy, security and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA), and physicians and other health care providers seeking to connect with patients via remote “non-public facing” communication technologies.
“We are empowering medical providers to serve patients wherever they are during this national public health emergency,” said OCR Director Roger Severino. “We are especially concerned about reaching those most at risk, including older persons and persons with disabilities.”
OCR’s intent is to limit risk of COVID-19 infection for patients and other persons who could be exposed from an in-person visit, so the announcement clarifies that—even if the purpose of the communication is not related to COVID-19—OCR will not impose penalties for noncompliance with HIPAA rules while using telehealth.
The announcement lists several popular apps and products that can be used though it notes that their mention does not constitute an endorsement of the service or approval of a company’s HIPAA business associate agreement regarding the provision of their video or audio communication services. OCR encourages physicians and other clinicians to “notify patients that these third-party applications potentially introduce privacy risks,” and “enable all available encryption and privacy modes when using such applications.”
It also specifically notes that public-facing communication vehicles such as Facebook Live, Twitch and TikTok should not be used in the provision of telehealth.