Changes in Federal Policies – Temporary Flexibility in Use of Telehealth

March 18, 2020

By: Hermes Fernandez, Raul A. Tabora, Jr., and Craig W. Anderson

In light of the significant concerns regarding COVID-19, federal agencies have authorized emergency waivers and relaxed standards pertaining to data privacy/security and reimbursement for telehealth services. 

Flexibility is authorized under Section 1135 of the Social Security Act when the President declares a disaster or emergency under the Stafford Act or National Emergencies Act and the Health and Human Services (HHS) Secretary declares a public health emergency under Section 319 of the Public Health Service Act. These provisions allow HHS to take certain actions in addition to regular authorities. For example, under section 1135 of the Social Security Act, HHS may temporarily waive or modify certain Medicare, Medicaid and Children’s Health Insurance Program (CHIP) requirements to ensure that health care items and services are available to meet the needs of individuals enrolled in Social Security Act programs in the emergency area and for applicable time periods. This also ensures that those who provide such services in good faith can be reimbursed and exempted from sanctions (absent any determination of fraud or abuse).

Some of the more significant announcements have come from the Centers for Medicare & Medicaid Services (CMS), the Office of Inspector General (OIG), and the Office for Civil Rights (OCR). These changes are in place to lower obstacles to both patients and providers in identifying and mitigating the impact of COVID-19. 

CMS: Expansion of Medicare Coverage/Reimbursement 

CMS continues to issue guidance on service and payment issues under Medicare for providing telehealth services in response to COVID-19. In recent guidance, CMS has promulgated a “Fact Sheet” explaining the expanded coverage, for “Medicare telehealth visits,” “virtual check-ins,” and “e-visits.” According to CMS, under the new waiver, “Medicare can pay for office, hospital, and other visits furnished via telehealth across the country and including in patient’s places of residence starting March 6, 2020.” The geographic restrictions – those requiring the patient to be in a designated rural area – will no longer apply during the COVID-19 emergency, and, under certain circumstances, location requirements have also been waived (which would otherwise mandate that the patient be in a health care facility during the tele-visit). HHS will also not be conducting audits to confirm the existence of prior relationships between the patient and the provider, which is often a requirement for reimbursement. 

OIG: Permissible Waivers and Reductions of Costs

CMS has also stated that, while a coinsurance and deductible would usually apply to telehealth services, the Office of Inspector General is “providing flexibility for healthcare providers to reduce or waive cost-sharing.” This was further clarified by the OIG in its March 17, 2020 publication. Although ordinarily the OIG might consider certain reductions or waivers of costs as a potential violation of the Federal anti-kickback statute and prohibitions on inducements to beneficiaries, the OIG will temporarily pull back enforcement under certain circumstances. Specifically, the OIG will not subject physicians/practitioners to OIG administrative sanctions for arrangements that satisfy both of the following conditions: 

  1. The physician or other practitioner reduces or waives cost-sharing obligations (i.e., coinsurance and deductibles) that a beneficiary may owe for telehealth services furnished consistent with the then-applicable coverage and payment rules; and 
  2. The telehealth services are furnished during the COVID-19 public health emergency.

HIPAA: Relaxation of OCR Enforcement for Good Faith Provision of Telehealth

In OCR’s February guidance, OCR firmly reminded the public that “the protections of the Privacy Rule are not set aside during an emergency.” Nevertheless, OCR has since allowed for certain exceptions. 

First, in its recent “March 2020” publication, OCR explained that it was making room for a potential waiving of penalties and sanctions for certain violations committed by covered entities in emergency areas who were in the process of implementing disaster protocols. Then, on March 17, 2020, OCR further softened its approach with a notice that “OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” 

Specifically referenced as permissible video chat applications for good faith provision of telehealth are “Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype.” However, not all video communication is permitted; Facebook Live, Twitch, TikTok, and similar video communication applications appear to be prohibited.

The standards for enforcement will also be relaxed with regard to Business Associate Agreements (BAAs). “OCR will not impose penalties against covered health care providers for the lack of a BAA with video communication vendors or any other noncompliance with the HIPAA Rules that relates to the good faith provision of telehealth services during the COVID-19 nationwide public health emergency.”

With these changes in policy, providers in all settings should have greater confidence in providing needed telehealth services to combat COVID-19. Further Health Law Wires will drill down on each of the new waivers.

Should you have any questions on this or any related guidance, please feel free to contact any of the attorneys in our Health and Long Term Care Practices for additional information.