Member Article

As the COVID-19 pandemic surges and the social distancing imperative continues, regulators have responded with various guidelines and policies that impact and expand the opportunities for telehealth services.Telehealth, telemedicine, and related terms generally refer to the exchange of medical information from one site to another through electronic communication to improve a patient’s health.With COVID-19, there is an urgency to expand the use of technology for routine care and to keep vulnerable patients and patients with mild symptoms in their homes while maintaining access to the care they need.

1. 1135 Waiver for Existing Limitations on Medicare Coverage for Telehealth Services.

   On March 13, 2020, the Secretary (“Secretary”) of the U.S. Department of Health & Human Services (“HHS”) authorized waivers and modifications under Section 1135 of the Social Security Act, retroactive to March 1, 2020.This authorization followed the Secretary’s declaration of a public health emergency in the entire United States on January 31, 2020.Pursuant to this authorization, the Centers for Medicare & Medicaid Services (CMS) waived certain limitations on Medicare coverage for telehealth visits so that beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility.

   Under the waiver, starting March 6, 2020 and continuing during the COVID-19 public health emergency, Medicare can pay for office, hospital, and other visits furnished via telehealth across the country and including in a patient’s residence.Before the waiver, Medicare could only pay for telehealth on a limited basis: when the person receiving the service is in a designated rural area and when they leave their home and go to a clinic, hospital, or certain other types of medical facilities to receive the service.The waiver temporarily eliminates the requirement that the originating site must be a physician’s office or other authorized healthcare facility and allows Medicare to pay for telehealth services when beneficiaries are in their homes or any setting of care.

   Medicare patients may use telecommunication technology for office, hospital visits and other services that generally occur in-person.The services must be furnished consistent with applicable coverage and payment rules, but the telehealth services are not limited to services related to patients with COVID-19.The provider must use an interactive audio and video telecommunications system that permits real-time communication between the distant site and the patient at home.For example, to the extent that many mobile computing devices have audio and video capabilities that may be used for two-way, real-time interactive communication, they qualify as acceptable technology.The 1135 waiver also allows the Secretary to authorize use of telephones that have audio and video capabilities for the furnishing of Medicare telehealth services during the public health emergency.Distant site practitioners who can furnish and get payment for covered telehealth services (subject to state law) can include physicians, nurse practitioners, physician assistants, nurse midwives, certified nurse anesthetists, clinical psychologists, clinical social workers, registered dietitians, and nutrition professionals.

   Further, to the extent the 1135 waiver requires an established relationship between the provider and the patient, HHS has announced a policy of enforcement discretion for Medicare telehealth services furnished pursuant to the 1135 waiver.For claims submitted during the public health emergency, HHS will not conduct audits as to the existence of a prior relationship between the provider and the patient.

   Medicare telehealth services are generally billed by professionals as if the service had been furnished in-person.For Medicare telehealth services, the claim should reflect the designated Place of Service (POS) code 02-Telehealth, to indicate the billed service was furnished as a professional telehealth service from a distant site.

   The following CMS chart shows the three main types of virtual services physicians and other professionals can provide to Medicare beneficiaries.

    

   Type of Service	What is the Service?	HCPCS/CPT Code	Patient Relationship with Provider
   Medicare Telehealth Visit	A visit with a provider that uses telecommunication systems between a provider and a patient.	Common telehealth services include:   99201-99215 (Office or other outpatient visits) G0425-G0427 (Telehealth consultations, emergency department or initial inpatient) G0406-G0408 (Follow-up inpatient telehealth consultations furnished to beneficiaries in hospitals or SNFs).   For a complete list:https://www.cms.gov/Medicare/Medicare-general-information/telehealth/telehealth-codes	For new* or established patients.   *To the extent the 1135 waiver requires an established relationship, HHS will not conduct audits to ensure that such a prior relationship existed for claims submitted during this public health emergency.
   Virtual Check-In	A brief (5-10 minutes) check-in with a practitioner via telephone or other telecommunications device to decide whether an office visit or other service is needed. A remote evaluation of recorded video and/or images submitted by an established patient.	HCPCS code G2012 HCPCS code G2010	For established patients
   E-Visit	A communication between a patient and their provider through an online patient portal	99421 99422 99423 G2061 G2062 G2063	For established patients

    

   In a separate 1135 waiver, HHS waived the requirement that physicians or other health care professionals hold licenses in the state in which they provide services if they have an equivalent license from another state.While these waivers only apply to Medicare, and do not address Medicaid or other state licensing law requirements, states may similarly broaden Medicaid reimbursement for telehealth services and remove certain licensing requirements for providers during this public health emergency.For more information, see theFact SheetandFAQ.

    

2. OIG Permits Waiver of Copays for Telehealth Services

   On March 17, 2020, the HHS Office of Inspector General (“OIG”) issued a policy statement permitting healthcare providers to reduce or waive beneficiary cost-sharing for telehealth visits paid for by federal healthcare programs during the COVID-19 public health emergency.Ordinarily, if healthcare providers routinely reduce or waive costs owed by federal healthcare program beneficiaries, including cost-sharing amounts such as coinsurance and deductibles, they would potentially implicate the federal anti-kickback statute, the civil monetary penalty and exclusion laws related to kickbacks, and the civil monetary penalty law prohibition on inducements to beneficiaries.However, the OIG is committed to ensuring that healthcare providers have the regulatory flexibility necessary to adequately respond to COVID-19, and will therefore not enforce these statutes if providers reduce or waive cost-sharing for telehealth visits during the public health emergency.For more information, seePolicy StatementandFact Sheet.

3. OCR Issues Notice of Enforcement Discretion for HIPAA Non-Compliance for Telehealth Services

   Effective March 17, 2020, the HHS Office for Civil Rights (“OCR”) issued a Notification of Enforcement Discretion (“Notice”) stating that it will not impose penalties for noncompliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) against health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency. This Notice applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment COVID-19.

   The OCR specified in its Notice that a covered health care provider may provide telehealth services to patients through any non-public facing remote communication product, including popular applications that allow for chats (e.g., Facebook Messenger video chat or Skype). A “non-public facing” remote communication product is one that, as a default, allows only the intended parties to participate in the communication.However, health care providers should not use certain video communication that are public facing (e.g., Facebook Live, Twitch, and TikTok).The OCR further specified that telehealth services may be provided through audio, text messaging, or video communications technology, including videoconferencing software.

    

   • OCR would consider all facts and circumstances when determining whether a health care provider’s use of telehealth services is provided in good faith and thereby covered by the Notice.Some examples of what OCR may consider a bad faith provision of telehealth services include:
   • Conduct or furtherance of a criminal act, such as fraud, identity theft, and intentional invasion of privacy;
   • Further uses or disclosures of patient data transmitted during a telehealth communication that are prohibited by the HIPAA Privacy Rule (e.g., sale of the data, or use of the data for marketing without authorization);
   • Violations of state licensing laws or professional ethical standards that result in disciplinary actions related to the treatment offered or provided via telehealth (i.e., based on documented findings of a health care licensing or professional ethics board); or
   • Use of public-facing remote communication products, such as TikTok, Facebook Live, Twitch, or a chat room like Slack, which OCR has identified in the Notification as unacceptable forms of remote communication for telehealth because they are designed to be open to the public or allow wide or indiscriminate access to the communication.
     
     

   The OCR also noted that it will not impose penalties against healthcare providers for the lack of a business associate agreement (“BAA”) with video communication vendors or any other noncompliance with the HIPAA regulations that relates to the good faith provision of telehealth services during the nationwide public health emergency. For healthcare providers seeking additional privacy protection, the Notice includes a list of vendors that represent that they provide HIPAA-compliant video communication products and will enter into a HIPAA-compliant BAA, including, among others, Skype for Business, Updox, VSee, Zoom for Healthcare, and Doxy.me. However, OCR does not endorse or recommend these vendors.

   The Notice addresses the enforcement only of the HIPAA rules. It does not address violations of 42 CFR Part 2, the HHS regulation that protects the confidentiality of substance use disorder patient records, however, the Substance Abuse and Mental Health Services Administration has issued some guidance on COFID-19 and 42 CFR Part 2. For more information, seeNoticeandFAQ.

    

4. DEA Permits Prescribing Controlled Substances Via Telemedicine Without Prior In-Person Exam

According to guidance issued by the U.S. Drug Enforcement Administration (“DEA”), effective March 16, 2020 and continuing for as long as the Secretary’s designation of a public health emergency remains in effect, DEA-registered practitioners in all areas of the United States may issue prescriptions for all schedule II-V controlled substances to patients for whom they have not conducted an in-person medical evaluation, provided all of the following conditions are met:

• The prescription is issued for a legitimate medical purpose by a practitioner acting in the usual course of his/her professional practice
• The telemedicine communication is conducted using an audio-visual, real-time, two-way interactive communication system
• The practitioner is acting in accordance with applicable Federal and State laws
  
  

Provided the practitioner satisfies the above requirements, the practitioner may issue the prescription using any of the methods of prescribing currently available and in the manner set forth in the DEA regulations. Thus, the practitioner may issue a prescription either electronically (for schedules II-V) or by calling in an emergency schedule II prescription to the pharmacy, or by calling in a schedule III-V prescription to the pharmacy.

The term “practitioner” includes a physician, dentist, veterinarian, or other person licensed, registered, or otherwise permitted, by the United States or the jurisdiction in which s/he practices to prescribe controlled substances in the course of his/her professional practice.

Typically, a prescription for a controlled substance issued using the Internet (including telemedicine) must generally be predicated on an in-person medical evaluation.Importantly, despite the DEA’s modification for COVID-19, the practitioner must still comply with any applicable state laws, which may prohibit or limit prescribing controlled substances via telemedicine.For more information, see DEA COVID-19 Information Page.

With this additional regulatory flexibility for telehealth services, healthcare providers will hopefully experience greater ability to provide patient care remotely, although there is still some disconnect between state and federal laws and requirements.For more information regarding telehealth or COVID-19, please contact Phil Kim, Kayla Cristales, or Jennifer Kreick.