HHS Lifts Major Barriers to Telehealth to Help Reduce the Spread of COVID-19
Client Alert | 13 min read | 03.20.20
Hospitals and providers across the country now have greater ability to leverage digital communications technology to provide telehealth services during the COVID-19 public health emergency. The Department of Health and Human Services (HHS) exercised emergency authorities to waive certain restrictions applicable to Medicare and Medicaid under Section 1135 of the Social Security Act. The new waivers issued over the last several days both expand telehealth benefits and allow greater flexibility in the manner telehealth is used by physicians and practitioners to address patient care needs.
Over the past few years, providers have been calling for greater ability to provide remote care to Medicare and Medicaid patients as telehealth capabilities have expanded. The public health emergency seems to have provided the demand and opportunity for these changes to happen quickly. The hope is that swift adoption and implementation of telehealth by health care providers and hospitals across the country will allow Medicare and Medicaid patients to receive health care services through video communications technology, in the safety of their homes. In the wake of social distancing policies, this should allow Medicare and Medicaid patients to obtain health care services for a variety of conditions, including COVID-19, while helping to reduce the transmission of the virus to health care workers and other patients.
Government Authorities Leading to New Telehealth Waivers
Let’s review what the government had to do to make this possible:
- On January 31, 2020, Department of Health & Human Services (HHS) Secretary Alex Azar issued a public health emergency declaration specific to the coronavirus under section 319 of the Public Health Service Act.
- On March 6, 2020, the President signed the Coronavirus Preparedness and Response Supplemental Appropriations Act, a $8.3 billion emergency supplemental appropriations bill that we described in last week’s alert, that amended Section 1135 to allow the HHS Secretary to temporarily waive certain Medicare telehealth requirements during the coronavirus public health emergency.
- On March 13, 2020, President Trump declared a national emergency under the Stafford Act, which triggered much-needed action by the HHS agencies to relax telehealth reimbursement-related restrictions under the newly amended authorities in Section 1135.
This trifecta of actions provided the necessary authority to HHS to greatly expand the use of, and reimbursement for, telehealth services under federal health programs. Three components of HHS – Centers for Medicare & Medicaid Services (CMS), the Office of Civil Rights (OCR), and the Office of the Inspector General (OIG) – provided coordinated guidance on March 17th to the healthcare industry describing how to take advantage of the temporary telehealth benefit as well as the relaxation of regulatory restrictions that have limited the use of telehealth, which we describe more fully below. In addition, the Drug Enforcement Administration (DEA) has already issued a notice confirming that DEA-registered practitioners may issue prescriptions for controlled substances pursuant to a telemedicine visit to patients for whom they have not conducted an in-person medical evaluation for as long as the HHS Secretary’s designation of a public health emergency remains in effect, subject to compliance with practice standards and other applicable state and federal laws.
Centers for Medicare & Medicaid Services
Medicare Parts A & B
- For dates of service March 6, 2020 and onward, a range of providers, including doctors, nurse practitioners, clinical psychologists, and licensed clinical social workers may bill Medicare for certain evaluation and management visits (common office visits), mental health counseling, and preventive health screenings delivered to beneficiaries via telehealth.
- Payment for professional services furnished to beneficiaries under this waiver will not be restricted to those living in designated rural areas and at qualifying care sites. Rather, Medicare will make payment for Medicare telehealth services furnished to beneficiaries in any healthcare facility and in their home.
- Telehealth visits will be reimbursable at the same rate as regular, in-person visits.
- No telehealth-specific licensure or enrollment will be required to take advantage of this flexibility – CMS recently issued a fact sheet to establish a toll-free hotline for providers and suppliers to enroll and receive temporary Medicare billing privileges, waive the certain enrollment screening requirements, allow licensed providers to render services outside of their state of enrollment, and to otherwise expedite any pending or new applications from providers in order to address the COVID-19 public emergency.
- HHS waived telephone restrictions to allow smartphones to be used by eligible physicians and practitioners (e.g., medical doctors, osteopathic doctors, physician assistants, nurse practitioners, clinical psychologists, registered dietitians and nutritionists, and licensed clinical social workers, among others) to furnish and receive telehealth services. Telephones may be used if they have audio and video capabilities and are used for “two-way” real-time interactive communication.
- We note that CMS clarified, but did not change its policies for, “virtual check-ins” and “e-visits” under the HHS Secretary’s Section 1135 waiver authority. In certain circumstances, clinicians can be reimbursed for virtual check-ins, which are brief communications with an existing patient through technology or remote evaluation of pictures or video or for e-visits, which are patient-initiated online evaluation and management conducted via a patient portal.
Medicare Part C (Medicare Advantage or MA) and Medicare Part D (Prescription Drug Program or PDP)
- Beginning in contract year 2020, MA plans and PDPs have been permitted to provide enrollees with expanded access to Medicare Part B services via telehealth in any geographic area and from a variety of places, including beneficiaries’ homes. This flexibility means that many MA plans already cover an expanded range of telehealth services under plan benefit packages versus what has been available under the Medicare fee-for-service program. Thus, many beneficiaries enrolled in an MA plan might already have the opportunity to receive clinically appropriate services via telehealth to address health care needs while practicing social distancing during the COVID-19 public health emergency.
- On March 10, 2020, in response to declarations of emergencies in 8 states, CMS advised MA plans in those states of their obligations under 42 C.F.R. § 422.100(m)(1), such as covering out-of-network services as in-network benefits, and listed a number of steps that MA plans would be permitted to take without risk of CMS enforcement or OIG action under the Anti-Kickback Statute. These included providing enrollees access to Medicare Part B services via telehealth in any geographic area and from a variety of places, including beneficiaries’ homes. This guidance thus appears to allow plans to provide services via telehealth even if the plan had not included a telehealth option in its 2020 plan of benefits. Also included in this guidance was permission to waive plan prior authorization requirements that would otherwise apply to tests or services, including telehealth, related to COVID-19.
- The March 13, 2020 declaration of a national emergency under the Stafford Act appears to expand the March 10, 2020 guidance as applied to MA plans nationwide, and triggers the separate emergency response guidance CMS had previously provided to Part D plans in section 50.12 of Chapter 5 of the Medicare Prescription Drug Benefit Manual.
- The March 17, 2020 guidance expanding telehealth services covered under Medicare Parts A and B did not address expectations for health plans, specifically, whether Medicare Advantage plans must follow the fee-for-service program in providing expanded telehealth services, rather than viewing such access as permissive or optional as provided in the March 10, 2020 guidance. While expansion of telehealth services under the Medicare fee-for-service program might not present a significant change for many plans because of the prior expansion discussed above, plans should be aware that beneficiary expectations will likely be affected by the March 17, 2020 guidance. We will continue to follow specific guidance issued by CMS for MA plans.
Medicaid
- CMS encouraged states in this guidance document to use available flexibilities under the Medicaid program to consider telehealth modalities of care delivery to combat the COVID-19 pandemic and increasing access to care.
- CMS has also issued guidance in a few states (including Illinois, Michigan, Ohio, Rhode Island, and New York as of this writing), in coordination with agencies in those states, to permit flexibility in Medicare-Medicaid Plans (MMPs) to substitute telehealth services for face-to-face interactions where appropriate. This flexibility extends either through May 31, 2020 or until the particular state’s declaration of emergency has lifted. We anticipate that such flexibility will be extended in additional states and, if necessary, for a longer period of time.
Office of Civil Rights (OCR)
- As we describe more fully in this alert, OCR issued a notice that it will exercise its “enforcement discretion” and waive potential penalties for HIPAA violations against health care providers that furnish health care services to patients through telehealth using everyday communications technologies during the COVID-19 emergency.
- This exercise of discretion applies to widely available communications apps, such as Apple’s FaceTime on iPhones, Facebook Messenger video chat, Google Hangouts video, or Skype, when used in good faith for any telehealth treatment or diagnostic purpose, regardless of whether the telehealth service is directly related to COVID-19 diagnosis or treatment services (e.g., sprained ankles and psychological evaluations, as OCR stated).
- OCR counseled, however, that Facebook Live, Twitch, TikTok, and similar video communication applications are public-facing, and should not be used in the provision of telehealth by covered health care providers.
- Likewise, OCR will not impose penalties against covered health care providers for failure to enter into a Business Associate Agreement with video communication vendors, or any other noncompliance with the HIPAA rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.
Office of the Inspector General (OIG)
- On March 17, 2020, OIG issued a policy statement and a fact sheet explaining its decision to provide flexibility for healthcare providers to reduce or waive beneficiary cost-sharing for telehealth visits paid for by federal health care programs. The policy statement notifies providers that OIG will not enforce certain fraud and abuse laws if providers choose to reduce or waive beneficiary cost-sharing for telehealth visits furnished during the COVID-19 public health emergency period (beginning on January 27, 2020 and subject to renewal every 90 days).
- Ordinarily, the routine reduction or waiver of cost-sharing amounts owed by Medicare beneficiaries (such as coinsurance and deductibles) would potentially implicate the Anti-Kickback Statute, the civil monetary penalty law, and federal health care program exclusion laws related to the administrative anti-kickback prohibitions, and the civil monetary penalty law prohibition on inducements to federal health care program beneficiaries.
- Furthermore, for any free telehealth services furnished during the COVID-19 public health emergency period, the OIG stated that it “will not view the provision of free telehealth services alone to be an inducement or as likely to influence future referrals (i.e., OIG will not view the furnishing of subsequent services occurring as a result of the free telehealth services, without more, as evidence of an inducement).”
Main Takeaways
Pay Attention to Effective Dates:
Each of the above agencies has indicated different dates for when the flexibilities described in their issuances are applicable.
- OIG’s exercise of its enforcement discretion with respect to telehealth service cost-sharing will be applied retrospectively to January 27, 2020.
- The relaxation of Medicare coverage restrictions dates back to March 6, 2020.
- OCR’s enforcement discretion regarding privacy and security requirements for telehealth modalities dates back to March 17, 2020
- The effective date of any flexibility under Medicaid and the Medicare Advantage and Part D programs are state and payer-specific, respectively.
Thus, entities engaged in certain practices during the same retrospective periods may be protected under one agency’s policies but not another. Furthermore, these flexibilities are not permanent – they are tied to the duration of the HHS Secretary’s COVID-19 public health emergency declaration. Indeed, OIG reserved the right to terminate the telehealth service cost-sharing flexibilities.
Temporary Parity for Telehealth and In-Person Services, But Not For Cost-Sharing Waivers:
Although both the Medicare and Medicaid program updates essentially provide for reimbursement parity between telehealth and in-person services (which still depends on where you receive the services), the OIG’s cost-sharing waivers do not require providers to actually waive such cost-sharing amounts. In addition, the OIG does not provide the same level of flexibility to waive cost-sharing for in-person services delivered during the COVID-19 public health emergency. Therefore, providers would be wise to continue adhering to the OIG’s existing guidance and restrictions on routine co-pay and cost-sharing waivers for in-person services.
Privacy and Security Still Important:
As discussed further in this alert, OCR is only exercising enforcement discretion in limited circumstances in response to the COVID-19 emergency pursuant to the Section 1135 waiver. OCR previously issued a general bulletin describing continuing HIPAA Privacy and Security Rule obligations of covered entities and business associates who are determining how to appropriately share patient information with public health authorities, foreign governments, the media, and to family, friends, and caregivers of affected patients during the COVID-19 emergency.
Other Fraud and Abuse Laws and Regulations Still Apply:
There is increased flexibility to waive cost-sharing amounts and the increased participation of entities contracting with telehealth providers to supplement the American health care system’s capacity to see more patients while minimizing the risk of further spreading COVID-19. Yet, providers should not view OIG’s stated enforcement discretion as a free-for-all for telehealth; these new entrants into health care delivery will need to quickly get up to speed on proper billing, claims submission, cost reporting, and other specific rules related to furnishing telehealth services. Further, the parties to these arrangements, including health care institutions and telehealth technology service providers, will still need to generally comply with federal and state anti-kickback statutes, and potentially self-referral laws, if they create direct or indirect financial relationships with physicians restricted under federal or state self-referral laws.
Compliance with other State Laws and Regulations Required:
In addition to traditional fraud and abuse laws stated above, telehealth providers and entities seeking to contract for telehealth technology-related services must understand whether states have provided equal or less flexibilities with respect to who may provide telehealth services, how state licensure laws apply to the provision of telehealth services, what technologies may be used to furnish telehealth services, and how they may be paid by insurers or charged to individual patients. Often, in-state licensure is required for the practice of telehealth, but multiple jurisdictions have relied upon public health emergency declaration-related authorities to relax in-state licensure requirements to allow licensed physicians, nurses, and possibly other practitioners from other states to assist with COVID-19 treatment efforts. Furthermore, arrangements between corporate telehealth providers and traditional practitioners and institutions may potentially violate restrictions against fee-splitting and the corporate practice of medicine. Stakeholders must review the public emergency statutes and declarations of each individual state to assess whether these laws could dictate how the telehealth delivery arrangement must be structured, and ensure that any materials used to disseminate information about the availability of telehealth services comply with consumer protection, marketing laws, and licensure laws.
HHS Waivers Inapplicable to Commercial Insurance Telehealth Coverage and Reimbursement Conditions
Most commercial insurance covers telehealth services, however, coverage varies. We note that these changes apply to CMS programs and that health care providers should check with commercial insurers about any changes in coverage for telehealth services during the public health emergency.
* * *
Health care providers, institutions, and telehealth service providers seeking to counter the spread of COVID-19 through innovative telehealth arrangements should reach out to the below contacts in our Health Care Group to ensure that they are appropriately addressing any remaining federal and state enforcement risks not addressed by the flexibilities provided by CMS, OCR, and OIG.
Insights
Client Alert | 2 min read | 11.14.24
SEC ESG Enforcement Is Still Alive
On November 8, 2024 the SEC announced a settled enforcement action against Invesco Advisers, Inc. for making misleading statements about its integration of environmental, social, and governance (ESG) factors into the firm’s investment decisions. Invesco agreed to pay a $17.5 million civil penalty to settle the matter. This enforcement action makes it clear that, even though the SEC dissolved its ESG Task Force, the Commission continues to monitor firms’ statements and representations for misleading statements about ESG.
Client Alert | 8 min read | 11.12.24
Client Alert | 3 min read | 11.11.24
Allegations of a Litany of Lyin’: Penn State Settles Claims of Cybersecurity Noncompliance
Client Alert | 1 min read | 11.08.24
A Common-Sense Change to the Continuous SAM Registration Requirement at FAR 52.204 7