Now, more than ever, telemedicine services will play a vital role in the health care industry’s response to population health as the threat of COVID-19 spread continues to force communities to practice social distancing and “shelter-in-place”. In an effort to help those health care workers like physicians, social workers and psychologists, certain federal privacy regulations have been relaxed and payment policies expanded as a result of actions taken by the Health and Human Services (HHS) Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS).
The AMA has published a comprehensive quick guide to telemedicine in practice, designed to help physicians implement telemedicine services in a timely manner to address the real-time need of patients across the country.
In addition, a CMS Fact Sheet has been released explaining that Medicare coverage for telehealth has been expanded to enable beneficiaries to receive a wider range of health care services from their physicians from the safety and comfort of their own home. This expansion is being done under a “temporary and emergency basis” and under the president’s 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act.
Up until this point, Medicare telehealth coverage was limited. However, in an effort to support patient access to care, Medicare will now cover office visits via telehealth where services are provided by physicians and a range of other providers including nurse practitioners and clinical social workers.
The HHS Inspector General is also waiving Medicare’s cost-sharing requirements for COVID-19 treatment delivered via telehealth from a doctor’s office or hospital emergency department.
Summarizing the new policies, the CMS Fact Sheet lists these key takeaways:
Cross-state care flexibility
Typically, in order to practice telehealth a physician must be medically licensed in the state where the patient is located at the time of treatment. However, the AMA telehealth guide notes that CMS has waived this requirement for Medicare patients and states may request a waiver for Medicaid patients.
“As part of emergency declarations, many governors have relaxed licensure requirements related to physicians licensed in another state and retired or clinically inactive physicians,” the guide states, adding that it’s recommended physicians check with the state board of medicine or local department of health for the latest information on their state’s status.
The Federation of State Medical Boards has also published this bulletin, monitoring which states have adjusted their telemedicine license policies in response to the COVID-19 emergency. You can find links to state documents directly in the bulletin, confirming their status on this issue.
“Discretion” on HIPAA rules
The OCR, the HIPAA-enforced arm of the HSS, also announced that it will use “enforcement discretion” and would not impose penalties for noncompliance with regulatory requirements during the “good faith provision of telehealth” services during the COVID-19 national public health emergency.
More specifically, the OCR notice points to the privacy, security and breach notification rules of the Health Insurance Portability and Accountability ACt (HIPAA), and health care providers hoping to connect with patients using remote “non-public facing” communication technologies.
“We are empowering medical providers to serve patients wherever they are during this national public health emergency,” said OCR Director Roger Severino. “We are especially concerned about reaching those most at risk, including older persons and persons with disabilities.”
The overarching goal of the OCR is to reduce the risk of COVID-19 infection for patients and other persons that may occur from an in-person visit. Therefore, the OCR announcement clarifies that, even if the purpose of the communication is not COVID-19 related, they will not impose penalties for HIPAA noncompliance while using telehealth.
While the announcement lists several popular applications and products, the OCR does not endorse these companies services or approve of a company’s HIPAA business associate agreement regarding the provision of their video or audio communication services. OCR encourages physicians and other clinicians to “notify patients that these third-party applications potentially introduce privacy risks,” and “enable all available encryption and privacy modes when using such applications.”
The announcement also specifically states that public-facing platforms such as “Facebook Live”, “Twitch”, and “TikTok” should NOT be used to provide telehealth services.
This blog post is a summary including excerpts from an article written by Andis Robeznieks, Senior News Writer of AMA originally published on March 26, 2020. The article has since been updated and can be found here.