Telehealth COVID-19 Follow-up Briefing
Date: March 23, 2020
Welcome and thank you for joining us today for this telemedicine briefing update. My name is Lisa Mazur. I’m a partner in the McDermott Will & Emery health group. And I’m joined today by three other members of our telemedicine team, Marshall Jackson, Dale Van Demark, and Scott Weinstein. So, this briefing is intended to provide you with an update to the information that we shared with you last Monday. As you know, things are changing incredibly rapidly, and we hope this update provides you with the latest and greatest information. As we know, you’re working at the very front lines of this outbreak and you’re making very important decisions for your organizations, and you’re doing so with very, very little time to spare. Before we dive in, we’d like to express our very deep gratitude and appreciation for all the amazing and important work that our telehealth clients are doing to combat this outbreak. We are just blown away by your efforts, especially those of our hospital and health system clients. So, the McDermott Will & Emery family thanks you for everything that you’re doing. So, with that said, we will move on to the agenda. Next slide. Thank you.
So, first, Marshall’s going to provide you with an update to the important CMS developments that we started to discuss last week. And then, Dale is going to give us an update on the various state licensure and other telemedicine considerations. And then moving on, I’ll give you a brief update on the various OIG and DEA guidance. And then we’ll close with an overview from Scott on the privacy and security developments. So, with that, we’ll dive right in and turn it over to Marshall.
Good afternoon. This is Marshall here, I want to, as an update last week, just for a second, as we all know, legislation was passed that expanded telehealth services for Medicare beneficiaries. As a part of that legislation, CMS has waived the originating site and geographic telehealth restrictions, at least for the time being, which means that as of March 6th, Medicare beneficiaries who are outside of the rural area may, are eligible for telehealth services, which includes receiving telehealth services in their home. Now, as part of the legislation, identified but did not necessarily expand the qualified providers that could provide or furnish Medicare telehealth services during this public emergency. And here, on this slide, we’ve listed the providers who may provide Medicare covered telehealth services, including physicians, MPs, PAs, certified midwives, anesthetists, social workers, psychologists and dieticians and nutritionists. One, a couple key takeaways from, from the legislation. And, you know, things that have been, I won’t say updated, but clarified by CMS throughout the past week, and first is modality. Medicare, traditional Medicare, prior to the pandemic required that telehealth services rendered to Medicare beneficiaries be rendered through an audio-video telecommunication, and previously excluded the telephone. With the legislative update, telehealth services still must be provided via an audio-video capability, but may also be provided via telephone, which has audio-video capabilities. CMS, as part of the additional guidance this past week has also provided an update with respect to the relationship requirement, such that it will not enforce an established relationship. And here’s the quote from the guidance, it says, “to the extent the 1135 waiver requires that a patient have a prior established relationship with a particular practitioner, HHS will not conduct audits to ensure that such a prior relationship existed for claims submitted during this public health emergency”. So, what that means is that the relationship with the Medicare beneficiary can be established via telemedicine or telehealth services, an audio-visual communication. And that, a prior existing relationship need not be established prior to the delivery of the service.
Now we’ve gotten, there’s been a lot of confusion, a little bit of a confusion, about what services are now covered. And is it limited to only services for patients who have been, either are expected to have, or have actually been diagnosed or determined to have COVID? And, CMS has provided additional guidance that telehealth services are not limited to patients with COVID. There is a statutory provision that broadens the telehealth flexibility without regard to the diagnosis of a patient. So that means that telehealth services can be provided to Medicare beneficiaries for any covered reason. So, it’s not just a COVID patient. And as part of the billing guidance, to date, the actual CPT and HCPCS codes that were already in place have not been expanded in any way, at least not as of yet. And more to come on whether there will be any type of expansion at all. But telehealth services should continue to be billed under the current CPT and HCPCS codes. And CMS is not requiring additional or different modifiers associated with the telehealth services that are furnished under, under the waivers. Now, as part of billing and reimbursement, telehealth CPT codes should be accompanied by the appropriate POS, POS codes, 02 code. There’s been a lot of questions also on reimbursement for telehealth services for Medicare beneficiaries. Now again, reimbursement has not changed for purposes of Medicare. There has been a little bit of confusion with what’s kind of going on with the state, with state plans, Medicare Advantage, commercial payers and coverage and payment parity. But for purposes of original Medicare, covered telehealth services continue to be reimbursed as if they were in person, which, for purposes of Medicare, means it’s reimbursed at the facility rate and not the non-facility rate where there’s a differential. So, as most of you likely know, and those who may not, for Medicare covered services, the facility rate takes into account, or actually discounts the fact that in person services, there may be, you know, certain costs and overhead for services provided in person as opposed to telehealth. And so, the facility rate accounts for those services. For certain of the CPT codes and for certain services, there is a differential between the non-facility and facility rate, and telehealth services are reimbursed at the facility rates. Which, which you should understand, may be lower than the actual in-person rates. In terms of the end date, the telehealth waivers, you know, will continue to be effective until the public health emergency declared to have ceased or ended by the secretary of HHS. Obviously no, no definitive date yet in sight, so providers should continue to see the CMS for its guidance, as well as continue to, you know, advise their almost daily updates into reimbursement, modalities and other, and other updates. Now we wanted to address some areas of confusion, that, to be quite honest there’s been a bit of patchwork, if you will. Throughout the week, as everyone has, you know, responded in time to COVID to try to maximize the benefits that, that in services that are being able to be deployed to Medicare beneficiaries and others. Some of that has left gaps, in you know, our understanding. And CMS is continuing to provide updates on its guidance and interpretation of the, you know, of those continuous updates. First and foremost, providers should understand telehealth waivers do not waive Medicare enrollment requirements. One of the things throughout this week, it’s been great that telehealth providers have been able to continue to mobilize very quickly to provide services. And a question has continued to come up is that hey, can we now, bill and, and assist with Medicare beneficiaries? And the first question asked is, what are you? Are you an enrolled Medicare provider? And if the answer is no, then, you know the short answer is no, you cannot until you get enrolled. So, the waivers do not waive the fact that you, the providers, need to be enrolled. The location of a practitioner of the time of the service must be in an enrolled location, which now includes the practitioner’s home address if they’re working from home. And MACs have established hotlines for emergency enrollment, and there has been guidance that has come, come down recently that there are, there is emergency enrollment and expedited enrollment for purposes of Medicare. The telehealth waivers also don’t permit RHCs and FQHCs to serve as a telehealth distant site. I highlight distant site. There’s been, with what seems to be a gap, that if a practitioner is furnishing services in an RHC or FQHC, that they cannot bill Medicare. We expect or hope, hope that there will be additional guidance coming down from CMS to clarify, or even update this, this discrepancy or gap. But even though RHCs and FQHCs can serve as originating sites, they cannot serve as distant sites and bill Medicare. Lastly, the requirement to provide notice of the use of waivers to CMS or Mac is still unclear. You know, providers should continue to maintain documentation to support the use of the 113 5waiver as they deploy telehealth services. Still waiting on guidance from both CMS and the various MACs to really hone in on whether an actual notice needs to be provided to avail themselves of the waiver. Now, I’ll turn it over to Dale. There’s been a lot of movement in terms of from the state perspective, including licensure and Dale will walk us through some of those developments.
Thanks, Marshall, and thank you, everyone for joining us or joining us again. And, boy, what a difference a week makes. A lot has happened since our last briefing, and more, no doubt, is yet to come. Before we get going on this initial slide and the groupings here, I just wanted to, I wanted to note a few things quickly. So, so, first, the groupings that you see here are, you know, our groupings, and they’re generalizations, at best. You know, each state is different. There’s a fair amount of overlap conceptually amongst the states, but each state is different. And so, these groupings, or mind, they’re generalizations, your analysis could, you know, result in you moving a state from one group to another. I’m sure that’s perfectly relevant, but at least, hopefully, this will give you a good sense of directionally, where the states are. Second, kind of similar or related to the first point, the devil is in the details here. State laws regarding licensure in telemedicine, as all of you, I’m sure, know, are complicated. And the changes that we’ve been seeing in many instances, simply make them more complicated. And so, really need to focus in on the specifics of each to really understand exactly how they work. And, and, finally, you know, what we’re talking about here in this slide relates to the things that are new, right. The things that are applicable in this emergency situation. So, this chart doesn’t take into account things like the licensure compact or existing exemptions for licensure, unless it’s very specific to an emergency circumstance. So, let’s take a look and, and see kind of where we are again, more directionally than specific. So, today, by my count, we have nine states that have pretty broad waivers in place, meaning no license is required. These are the state’s listed in the first row. This is contrasted, I think, with the third group, the expedited special licensing group, which largely create, through an expedited licensing process, create a broad application of being able to practice cross state lines with hopefully, a fairly limited set of steps to take in order to be able to do so. It is important to note that while some of the jurisdictions noted in the broad waivers in place group require little or no action on the part of a practitioner, that is generally not the case. And certainly, with respect to those states where we have a licensing process in place, there is that licensing process that has to take place. And even though it may happen quickly, it needs to, it needs to, it needs to happen. So I think if you take a look at the first grouping and the third grouping, what you see is 25 states, roughly half the, I’ll say roughly because again, you can kind of move some of these, some of these states around. So roughly half the states have now adopted either waivers or licensing processes that will allow practitioners to fairly quickly get authorization to operate in states in which they do not currently have a license. And, I’ve noted here as well that some states are active in the process of considering some expedited licensing process or, or other waiver process. Other states have, have taken a more focused or limited approach. And you can kind of group the second group and the fourth group together if you, if you’d like. The fourth group really is just a subset, really, of a particular type of limitation in the, that would otherwise appear in the second group and these are, you know, they’re varying degrees of limitations. And again, you can go into well, maybe X state should be in a different category. But, you know, taking, as an example a jurisdiction close to home from a, the District of Columbia or even Maryland, these approaches, one being a license approach and one being a waiver approach, require some degree of connectivity with the jurisdiction with D.C or Maryland. And so, they’re not as easy to take advantage of from a national sort of practice or focus and require that additional level of connectivity, and in that regard, in some ways, kind of share some of what you see in the states identified in the fourth grouping, which are really more focused on protecting or allowing for people entering the jurisdiction to provide assistance during the during the period of, of a crisis or an emergency. And this, I think, you can you can easily read as a reflection of why you would want to have licensure waivers or expedited licenses and processes in place at the time of an emergency. If we think, you know, 20 years ago wherein a lot of legislation was written that maybe fall into this category, we weren’t really thinking about telemedicine, we weren’t really thinking about virtual care, and so it was really a matter of well, gee, if we have some disaster, an earthquake, a massive fire, flooding whatever it is, and we need people to come literally, physically come into the state to assist, those are emergency responders, we need to provide some degree of, of latitude for them. It doesn’t really translate into the circumstance that we have now of this pandemic. So again, the second and fourth groupings, kind of think of those together as well. And again, the devil is in the details. The final category, states where we just have not seen, really, what, what I would describe as meaningful action specifically to accommodate what’s going on. It includes jurisdictions where there has been some action. So, for example, in Wyoming, there is a procedure in place to allow for consulting on cases that, that happens pretty quickly. And this was adopted in light of what was going on. It doesn’t really help tremendously from the perspective again of an operating plan that would want us to be able to move quickly into a state and provide services via, for some virtual care modality. So, those, those final states, nine or so, excuse me, 13 or so, really have not, not taken up meaningful action yet. So, more than half, then, if you’re looking at it in that regard, have put in place, or have in place some degree of openness to cross border practice, either through specific legislation, specific acts of medical boards or departments of health, and are moving, and moving in that direction. We can move on to the next slide.
If we think about then, when we turn our attention to the more particular requirements associated with telemedicine, we’re seeing an awful lot of movement as well. And I think this is, this is maybe a little bit slower to develop, a little bit more focused, and state-by-state focused, you know, the expansion of licensure, as I mentioned before, the concept of bringing in practitioners during a time of emergency is not anything that’s particularly new. But telemedicine itself is particularly new, and I’m sure everybody on the phone knows, the requirements associated with telemedicine reimbursement and the requirements associated with how care is delivered in a virtual setting, these can be fairly complicated. And there has been some movement behind loosening some of those restrictions. So, on the reimbursement side, for example, you’re beginning to see in some jurisdictions, these are not broad, these are not happening quite yet, what I would describe as broadly throughout the country, like we’re seeing it on the licensing side, but we are seeing increasing numbers of jurisdictions adopting changes to their Medicaid regimes to allow for reimbursement of telemedicine and also, quite frankly, expanding the types of modalities for which reimbursement may be made available. We’re seeing some mandates for coverage and payment for telehealth services under, under private insurance products that are, are governed by, by the state. And similarly, we’re seeing expansions of what constitutes telemedicine, in what one is able to do via telemedicine. We’re seeing expansion of provider types, sometimes specifically that certain types of practitioners for which, perhaps the existing lull is not as clear, are opening, the states are opening up or making clear that those professionals can provide their services via telemedicine or via a virtual care modality. So, these are, these are things, again, happening in the state a little bit more slowly, sometimes a little bit more focused and narrowly crafted, but they are happening, and again, I expect we’ll, we’ll continue to see them happening. And I think also we all need to just be mindful of malpractice coverage. I know people are moving very quickly, but it’s important to make sure to review and make sure that we’re, that we’re aware of what our malpractice coverage is, and whether practicing with respect to, or under some of these regimes really works and that coverage is, is expanded. So, things to focus on and pay attention to for sure. So next slide, please.
Let’s think about what’s next, and what we can expect. Well, well, first, as I’ve been saying, we should expect more guidance. The states are still reacting to events. They are still adopting rules and requirements, and I think we should expect to see that continue, perhaps not quite at the pace that we’re in last week and this week, but I do expect to see that continue as some of the events sort of overtake the rules and requirements that, that are in place. In addition, as I noted before, specifically, when it comes to telemedicine itself, not a lot, or excuse me I shouldn’t say that, there’s a lot of activity, but we haven’t seen activity, I think, in all circumstances in all states, and, and I think that we’ll continue to see states continue to review those rules and requirements to make sure that practitioners are able to perform their functions in a safe way. And also, to take, quite frankly, to take advantage of what telemedicine might have to offer. And in that regard, I would note that, in some of these instances, the expansion of use cases for telemedicine are very specific to what people may see is necessary to address the issues that are, that are, that are facing the healthcare provider community in this crisis. There’s one other item I want to cover here. So, last Thursday, the vice president made this statement which, well, I’ll read quickly in case not everybody has access to the slides. So, the vice president said that HHS is issuing a regulation today, last Thursday, that will allow all doctors and medical professionals to practice across state lines to meet the needs of hospitals that may arise in adjoining areas. We haven’t seen any such regulation promulgated, and, I think, probably like a lot of people, when we heard this, we kind of scratched our heads to say, well, what does this actually mean? As I’m sure all of you know, physician and other professional licensure regimes are state regimes. The federal government plays a very minor role with respect to those regimes we’ve seen. We talked about earlier, expansions of Medicare rules that may ignore those regimes, but that does not mean that those state regimes simply go away. The states still have an enforcement right with respect to, with respect to those regimes. Now, having said that, it is possible that what the administration would like to do is to call it, nationalize the licensing regime, perhaps on a temporary basis, to expedite the free flow of resources across state lines. But again, we haven’t, we haven’t seen that. There has been no clarification, as far as I know, issued as to what, exactly, the vice president meant with this statement. And because of that, I think it would be unwise to simply assume that he was referring to reimbursement requirements. And so, I think we should all pay attention, keep our eyes open, see what happens. I’m sure if the federal government were to issue any sort of regulation or attempt to, it would be pretty significant news within the industry, so probably, we won’t, we won’t miss it if it happens. Certainly, we’ll be keeping our eyes out on it, and make sure that we understand exactly what’s going on. So, lots of, lots of activity at the state level. We will continue to see that, that activity, I think, and we’re seeing some pretty significant loosening of those licensure requirements and also some changes in the requirements around telemedicine that should make operating as a telemedicine organization or, or program within a lot of states a lot easier, and also more financially stable. So, with that, I will turn it over to Lisa.
Thank you, Dale. So, we have some good news. We’re going to take things back up to the federal level for a little bit. The first is that the OIG issued a policy statement that provides that the OIG will not subject physicians and other practitioners to OIG administrative sanctions, if those practitioners decide to reduce or waive cost-sharing obligations like coinsurance or deductibles or beneficiaries who received telehealth services, if two specific requirements, which seems pretty reasonable, are met. The first is that the telehealth services must be furnished, consistent with the then-applicable coverage and payment rules. So that takes into account the existing telehealth rules, but then all of the updates and, you know, changed rules that Marshall has just walked us through. And then, second, the telehealth services must be delivered during the time period subject to the COVID 19 declaration. So these are two pretty reasonable requirements to be met, and it eliminates the concern that we’ve heard expressed from clients, particularly our non-profit taxes on costs and health system clients who are trying to figure out, you know, how they go about collecting copays and deductibles and whether they have an application to, to charge their patients such, such amounts. One thing we will note is that telehealth not defined in the guidance, and this has led to a lot of clients asking the question, well what is covered? What is included within, within telehealth? Does it include things like e-visits or virtual check ins? And we’re expecting the guidance will come out that will clarify that the waiver is, in fact, applicable to all telehealth services, and not only Medicare covered telehealth codes, and we think it’s going also, so it’ll also capture things like, you know, those, you know, e-visits and virtual check ins which Medicare has been touting quite a bit if you take a look at the CMS website, as, as potential ways in which Medicare beneficiaries can be reached and communicate with their providers. So, moving on to the next positive update that we’ve received. So, during our briefing last week, you know, we explained that, or we cautioned that providers need to continue to comply with the Ryan Haight Act controlled substance prescribing requirements, which demand that the provider perform at least one in-person exam of the patient prior to prescribing them with controlled substances. And we noted that, you know, of the telemedicine exceptions that exist to the Ryan Haight Act, there is a public health emergency exception, and we acknowledge, obviously, hat one has been declared. But we had cautioned the group that we still hadn’t received guidance on which controlled substances could be prescribed per the requirement for utilization of this exception. But the good news is, is that late last week, we received guidance from the DEA that allows for remote prescribing during the public health emergency if a few requirements are met. The first is that the controlled substance must be prescribed via telemedicine using an audio-visual, real-time technology. So, this is a requirement that we’re using audio-visual communication technology in real-time to do the telehealth consultation of the patient. The second requirement is that the prescription must be issued for a legitimate medical purpose, and it must be prescribed by a provider who’s acting within the scope, his or her scope of practice. And then the third is that the prescriber must be acting in accordance with applicable state and federal laws. So, while this is a great development because it clarifies for us that telehealth can be used to prescribe controlled substances to patient where an in-person exam of that patient has not occurred, if we meet these requirements, which seem pretty reasonable, but one thing that we have to keep in mind here is that while the Ryan Haight Act, that barrier may be down, there are other state remote prescribing laws and regulations that are as strict as, or stricter than Ryan Haight, and we need to continue to comply with those. So, for example, there are certain states that require that an in-person exam occur, or that certain additional compliance steps be taken prior to issuing their controlled substance prescription. So, this is good news, but it just reminds us we need to continue looking at things like the scope of practice of providers and then any other telehealth specific practice standards that apply to the prescription of controlled substances. So, these are just two positive updates on the federal level that we wanted to flag for you. And with that, I believe we’re going to turn it over to Scott to walk us through some of the privacy and security considerations.
Thanks, Lisa. So, in the next few slides, we’re going to go over some of the considerations with respect to HIPPA and some of the guidance that the Office for Civil Rights, which regulates HIPPA, has issued that impacts the delivery of telehealth services. The first piece I wanted to address was the requirement under HIPPA for healthcare providers to deliver a notice of privacy practices upon the first service delivery. Now, some may be looking at this and wondering, well, didn’t CMS and the Office for Civil Rights issue this waiver under section 1135 that allows for, at least hospitals, to not issue notice of privacy practices? Well, that waiver is actually very limited with respect to HIPPA requirements, and only applies for 72 hours following the hospital’s activation of its disaster plan. So, as a result, the requirement to provide a notice of privacy practices remains in effect during this public health emergency. So, what does that mean for telehealth services, where you don’t have the opportunity to provide a physical notice to the patient? Well under HIPAA electronic delivery by e-mail is permissible if you meet the following requirements. First, the individual must agree to the electric notice, and there’s no requirement that this agreement be in writing. Obviously, it’s, it’s better to have the agreement and writing, or acknowledged in some way, in order to show that you’ve obtained that agreement. But we have seen entities do this by, verbally and document the verbal agreement. If the email transmission fails, then you still have to provide a paper or notice to the patient. And if the first service delivery is an electronic delivery of services, like a telehealth visit, the electronic notices has to be provided automatically and contemporaneously with the provisions of services. And this can be difficult if there’s not a registration process before the provision of the telehealth service for the patient to provide their information and email address, but that is a good way of doing it, if, if you can collect that information prior to the patient requesting a telehealth visit, then it becomes a little easier to send that e-mail when that … for service is delivered. And another important note, if this patient is an existing patient and you have already provided the notice of privacy practices, then you don’t have to e-mail that it was a privacy practices as well, when delivering telehealth services. And then the other important requirement is that individuals who you do provide the notice electronically must still have the right to request a paper notice. And this could be done by, including in the email that you send, the instructions for how the individual will go about requesting a paper notice. We can go to the next slide.
Perhaps the most significant action that has been taken by the Office for Civil Rights since the declaration of this public health emergency, was the declaration of enforcement discretion that OCR would follow with respect to healthcare providers use of audio or video communication technologies, even if those technologies are not compliant with HIPPA. And so, this enforcement discretion applies as long as the, the audio or video communication technology is being used in good faith by the health care provider for the provision of telehealth, and is non-public facing. And what that means, it doesn’t mean, when we say non-public facing, that the application itself has to be not available to the public. No, in fact, in the guidance, the Office for Civil Rights names several applications that are available on the app, on any person’s app store on their cell phone, like Apple FaceTime or Facebook Messenger, or WhatsApp messages. So, that’s not the limitation. The limitation is that you can’t use a service where the video would be broadcast publicly on social media, like TikTok or Facebook live. So that’s, you know, not necessarily, non-public facing isn’t necessarily a high bar that you have to meet in order to meet this enforcement discretion. And then, importantly, the guidance applies to telehealth visits with all patients, not just patients with COVID 19, and so, you don’t have to limit this use of audio-video communication technologies just with your COVID 19 patients. You can use this broadly during the COVID 19 public health emergency crisis. Next slide, please.
So then, three days after issuing this enforcement discretion, the Office for Civil Rights also issued clarifying frequently asked questions. And what these FAQs revealed was that, at least with respect to HIPPA enforcement, the audio or video communication technologies also includes text messaging technologies, where, in jurisdictions were text messaging is reimbursable under telehealth laws, this now becomes an option. You can use text messaging capabilities to communicate with patients. And then the FAQs also provided clarification on the types of HIPAA violations that healthcare providers are shielded from as a result of the enforcement discretion. And this includes violations for things like not having a business associate agreement in place with the audio or video communication technology vendor. Because with respect to many of these solutions, the vendors don’t necessarily enter into business associate agreements because they’re not aiming the technology at health care providers. It’s something that’s available to anyone through an Apple or Android app store and therefore, entering into business associate agreements is not part of the business case for that technology vendor. And what the enforcement discretion is saying is, that’s okay. You can still use that technology even though you’re not going to be able to enter into a business associate agreement with the vendor. Then, also, non-compliance with HIPPA Security Rule Requirements. And this is important, because when you implement a technology for telehealth, typically, you need to conduct a security risk analysis that covers technologies like your telehealth technology, and evaluate potential security risks and vulnerabilities to the transmission of protected health information, using that telehealth modality and implement safeguards to prevent the potential exposure of protected health information. Under the enforcement discretion, you don’t have to go through that entire process before implementing one of these technologies to engage in telehealth. So that’s you know, that’s a fairly large enforcement discretion, given the myriad HIPPA Security Rule implications that would normally have to be considered when implementing telehealth. And in terms of expiration, the clarifying FAQs noted that the discretion will last until HHS announces an expiration. So, there’s no expiration date currently, presumably, when this public health crisis ends, HHS will roll it, release an announcement stating that the enforcement discretion no longer applies. Importantly, though, the discretion is not limitless, meaning there, HHS does anticipate ending it. And then really an important note here is that while this enforcement guidance is broad in terms of the technologies that are permitted, at least with respect to HIPPA, that doesn’t necessarily mean that these technologies are sufficient in all states and under federal law to get reimbursement for telehealth visits. So, Office for Civil Rights, it’s not within their purview to determine what’s required for a telehealth visit, and so the scope of this enforcement guide discretion is limited just to HIPPA compliance. So, then let’s move to the next slide.
And so, even though you have this enforcement discretion, it’s important for healthcare providers to still take into account some basic security considerations in order to protect patient data when engaging in telehealth, particularly when leveraging the enforcement discretion to deploy audio and visual communications solutions that are not necessarily designed for the provision of telehealth. So, the first piece that’s important is access controls and password complexity. So, in terms of accessing the accounts that are that healthcare providers developed to deliver these services, it’s important to have good, good passwords, good usernames that could be used either uniquely by providers, so you can track those visits on a per provider basis, or, if, if, out of necessity, a global user name, if there’s no way to have separate accounts. And then password complexity to avoid malicious actors from getting access to the accounts used to deliver telehealth services. Another important consideration is the storage of telehealth visit information. The video, both the logging of information of the visit itself, the video and audio, if saved on, on the device, or, or in a server somewhere, protecting that, that storage so that it can’t be readily accessed internally by other employees, other work force members that aren’t on a need to know, or potentially externally, particularly if the, a provider is going to use their own personal device to deliver these telehealth services, you might not necessarily know whether that provider has put some good controls or protections on access to the device, and if they haven’t, do you want to help your providers understand how to protect data that’s stored within the application itself? Security of connection and transmission, so a lot of solutions, even ones that are subject to the enforcement discretion, meaning they are maybe not designed for telehealth, and they’re offered publicly, still offer security in the form of end-to-end encryption, which is, provides, at least, you know, some, some form of protection or assurance for the health care provider when offering the solution that you won’t have malicious actors that are able to access the transmission and look into the medical visit. Important as well is the security of the connections, so, using trusted WiFi connections. Because even if you have end-to-end encryption, if the WiFi connection itself is not secure, you could still have someone access your device potentially as you’re engaging in these telehealth visits. And then the security of the surrounding physical area, so conducting these telehealth visits in an area where you’re not going to have other people that are able to listen in or be in the background or see these visits occurring just out of respect for your patients, professionalism, and also compliance with the Security Rule, even, despite the enforcement discretion. So, with that, I’m going to hand it back to Lisa.
Thank you, Scott. Before we move into Q&A, we just want to highlight for everyone that we, at McDermott, have been maintaining a Coronavirus Resource Center that is available at the website on the screen. For those of you who don’t have the slides, it’s mwe.com/coronavirus. And there you’ll be able to get all kinds of updates that have been prepared by our multidisciplinary team, both in health care, employment, and other practice groups within McDermott. So, with that, we’d like to open it up to a few questions, and they’ve been rolling in. We’ve been trying to respond to some of them during the presentation, but we saved a few for the live Q &A. One theme that we’re seeing in the questions is there’s a lot of focus lately on modality, and telehealth stakeholders for years now, have been trying to encourage payers and state professional boards, especially, to move away from focusing on the type of modality that’s used to deliver telehealth services, and instead allow clinicians to select the modality that they feel allows them to perform a council that meets the applicable standard of care. So, you heard Marshall discuss the Medicare modality requirements, you heard me discuss the modality requirements for purposes of DEA remote prescribing rules. You heard us talk a little bit about the state remote prescribing requirements and that specific modalities be used. And the general theme is that audio-visual, this remains the gold standard, the modality that is most likely to be reimbursed and to most likely comply with state and federal laws and regulations. However, telehealth platforms today facilitate the use of various other types of really exciting and innovative and forward-looking technologies like chat-based exchanges, text-based exchanges and even dynamic and smart questionnaires that enable a telehealth user to answer questions, and then have a provider review those responses remotely. We’ve also heard a lot of demand for use of the telephone, particularly for senior citizens who don’t have a lot of technology capabilities or have access to a smartphone, for example. And one of the attendees asked us whether or not there’s any discussion around relaxing the video requirements for telehealth visits, particularly for the senior population that’s particularly vulnerable to COVID 19. So, I’d like to ask my colleague Marshall. Marshall, have you heard anything? Any movement from the states as well as from payers to loosen up the video requirement and allow for phone-based consult or use of some of these more innovative technologies?
Yeah, so from, we’ll started the federal level. So, in terms of Medicare, I haven’t heard or seen any further guidance on movement away from the audio-video requirement for purposes of telehealth services. I do want to highlight, however, that there are instances in which, I won’t call them telehealth services, are, can be provided outside of the audio video contact, but e- visits and telehealth check-ins are certain types of telecommunication services that can be provided to Medicare beneficiaries that are not audio-video. So, telehealth check-ins are really just a check in, a 15-minute consultation, or really check-in with a, between a provider and an existing patient Medicare beneficiary, and can be done telephonically. So, it does not necessarily to be done via audio-video. An e-visit, again, is with an existing patient and is done so through a secure web portal, and, kind of, just like you mentioned Lisa, is a bit of a synchronous, excuse me, asynchronous, check-in where the patient and the provider are providing, you know, text-based conversation back and forth via the, via the portal. And those are reimbursable under Medicare, but have specific requirements around, which haven’t changed as a part of the legislation or any other updates. So, the reimbursement and requirements for those two still remain in place. On the state level, hearing the same rumblings in terms of going away from the audio-video. Still, it really is a state-by-state basis. I haven’t seen a lot of movement away from audio-video as the gold standard, but there has, from a payer-to-payer basis, I know payers are expanding their telehealth coverage, as well as their payment reimbursement for services, and some have even gone so far as to, in certain circumstances, provide reimbursement for telephonic communications. Now again, that’s all on a payer-to-payer basis, and there’s still payer requirements around, you know, those telehealth services, or even telephonic services and what’s required for purposes of reimbursement. So, it is not a blanket, you know a whole state, or even Medicaid or Medicare is going away from audio-visual requirements altogether.
Thank you, Marshall.
Lisa, this is, this is Dale. If I could just jump in, just add just a little bit to what Marshall was saying, which is all spot on. I think there are, here and there, some instances of states and, either broadly or through the Medicaid program, expanding what constitutes a reimbursable telemedicine visit to include audio-only modalities from time to time. But it’s not, it’s by no means, you know, a universal trend we’re seeing throughout, but we’re definitely seeing that pop up from here and there in state-to-state. And, this is one of those areas that I think we might, might keep our eye on as a general matter, because the, the stress that the healthcare infrastructure is facing is still very much at the early stages, based on just about every prediction, even best case scenarios, and so, as circumstances worsen, in terms of what the healthcare infrastructure is contending with, we may see states recognize that there needs to be a further liberalization of what those services require so that the broadest number of patients can receive, you know, some kind of care during, during the crisis. So, again, an area to keep our, keep our eyes on. Handful of states, it’s beginning to happen here and there, and something that I think, probably, we’ll see more expansion of.
And, Dale, while we have you, one question that’s come up, and I think it’s really interesting one, have you seen in the state licensure waiver language or in any of the orders, the state orders, whether the use of residents who were not matched, whether residents could be used to provide, you know, COVID response type services via telehealth?
I think more than anything else we are seeing, this kind of gets us away from, I’ll say telemedicine specifically, but it certainly could get us there. We’re beginning to see some states loosen the scope, I’ll call it scope of practice, for different types of professionals to allow for more licensed professionals to practice at higher and higher levels in order to help create support for the care that’s being delivered across care settings. I haven’t focused in on that question as to whether those expanded, call it, scope of practices pick up in all instances the ability to do so by a telemedicine. And again, I think you need to look very carefully at how those different changes come up in in terms of how they are worded, where they are placed, in order to understand exactly how they may fit in with an existing telemedicine, whether it’s reimbursement requirement regime.
I think we have time for a couple more questions. Here’s one that we’ve gotten from a couple different people. The question is whether audio or video visits have to be recorded, as one of the attendees very wisely noted, office business are not recorded but need to be noted and documented, and Scott, I’ll ask you to provide, you know, an answer from the privacy and security perspective, and I’ll just very quickly note that we’re unaware of any state telehealth specific laws and regulations that mandate the recording of audio or video visits from a state, you know, telehealth compliance perspective, nothing like that in the professional regulations of in telehealth acts. But turning over you. Scott, if you could provide us a perspective from a privacy and security angle, that’d be great.
Yeah, thanks, Lisa. So, under HIPPA, there’s this concept of a designated record set, which includes a medical record as well as any information that’s used by provider to make decisions in providing their care. So, the question of whether the telehealth visits has to be recorded and stored, depends, really, on the workflow that the healthcare provider is using to document their visits. So, noting a typical office visit, where the office is, it’s not recorded, the provider is going to document the care provided in their electronic medical record, or perhaps a paper chart if they haven’t advanced to an electronic medical record, and that’s going to be the source of truth, or the medical record that has to be documented and protected in accordance with HIPPAs confidentiality, availability, and integrity requirements. And so, the question then, with respect to telehealth visits, is in terms of the workflow, is the provider documenting that visit in another way, aside from relying on the recording of the visit itself? If they are, and that would likely be desk practice to document notes from the visit in electronic medical record, then, from a HIPPA perspective, the recording isn’t, isn’t essential or would not be part of the designated record set. If, however, the provider does intend to use the recording of the visit to reference, rather than notes from the visit or what’s entered into the medical record, now suddenly that video or audio file looks like it’s part of the designated record set. And then it does, it is subject to the requirements of retention and availability of the record for that provider and other providers from a security perspective.
Thank you, Scott. That was incredibly helpful. I think with that, we are out of time, but we’re incredibly grateful to all of you for joining us today. A copy of this recording and the slides will be available to you, and we’ve also gotten a couple requests for individuals who wanted to listen to last week’s recording, a recording is also available and we’ll make sure that a link is sent out to that recording along with this one. So, thank you all for joining us today, and we hope you have a wonderful rest of the day. Take care.
0 Comments