COVID-19 Telehealth Guidance: What You Need to Know

On March 17, 2020, the Centers for Medicare and Medicaid Services (CMS) and other agencies released further guidance on the use of telehealth during the coronavirus (COVID-19) national emergency. The guidance implements provisions of the Coronavirus Preparedness and Response Supplemental Appropriations Act, as signed into law on March 6, 2020 (the first COVID-19 supplemental). The act authorized the US Department of Health and Human Services (HHS) to waive certain traditional Medicare telehealth requirements during this national emergency.

Key Takeaways:

• Certain telehealth services are now considered the same as face-to-face visits for payment purposes. These services do not have to be COVID-19-related.
• CMS waived the “originating site” requirement. Patients are not required to be located in a medical facility or rural area (originating site) for a Medicare-reimbursable telehealth visit. This means that providers can use virtual visits for a much broader population during the pandemic.
• Furloughed providers and those at distant sites, including their homes, can provide telehealth services to Medicare patients.
• CMS waived reimbursement restrictions on practicing across state lines, but state licensure requirements still apply. Many states are taking action to ease these requirements.
• Providers can use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video and Skype, to provide telehealth services during the emergency period.
• Providers may reduce or waive cost-sharing obligations for telehealth services furnished during the emergency.
• The US Drug Enforcement Administration (DEA) relaxed restrictions on the types of controlled substances providers can prescribe though telehealth.
• Agencies expect that providers will act in good faith in carrying out this flexibility during the national emergency.

Many stakeholders have long advocated that telehealth restrictions be eased in this manner. During these unprecedented times, these changes will benefit both the patient and provider community. Patient travel and exposure to COVID-19 will be limited, which adheres to other federal guidelines and may reduce the spread of the virus. At the same time, providers will have an opportunity to provide some healthcare services to their patients without a face-to-face encounter, preserving revenue during the crisis.

Medicare Guidance on Telehealth Visits

Current telehealth law and regulations allow Medicare to pay providers for services furnished through telehealth under certain circumstances. One requirement relates to the “originating site”: a beneficiary receiving the telehealth services must generally be located in a rural area and receive the treatment in a medical facility. The CMS waiver expands payment for telehealth visits by lifting the originating site requirement, allowing patients to receive telehealth services in all locations, including their homes.

The original statutory language included in the Coronavirus Preparedness and Response Supplemental Appropriations Act created the flexibility for this telehealth waiver and required an established relationship with the patient. In announcing its March 17 guidance, CMS said that it would not conduct audits to verify such relationships, thus reducing compliance burden and potentially increasing opportunities for providers to provide telehealth services to patients.

CMS also reminded providers of two other telehealth options: virtual check-ins and e-visits. These services are currently reimbursed by CMS and did not change with the new guidance.

Summary of Medicare Telehealth Services

Medicaid Guidance on Telehealth Visits

States currently have flexibility to determine whether and how to cover telehealth, including what types to cover, where in the state it can be covered, how it is provided/covered, and what types of telehealth providers may be covered/reimbursed. As a result, access to and reimbursement of telehealth varies by state. CMS encouraged states to use this flexibility to increase use of telehealth, and provided further guidance and clarification in relation to state coverage:

• No federal approval is necessary for state Medicaid programs to reimburse providers for telehealth services in the same manner or at the same rate that states pay for face-to-face services.
• A state plan amendment would be necessary to accommodate any revisions to payment methodologies to account for telehealth costs.

HIPAA Enforcement

The HHS Office for Civil Rights (OCR) is responsible for enforcing certain regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to protect the privacy and security of protected health information. Covered healthcare providers subject to the HIPAA rules may seek to communicate with patients and provide telehealth services through remote communications technologies. During this national emergency, some of these technologies, and the manner in which HIPAA covered healthcare providers use them, may not fully comply with the normal HIPAA requirements. Under OCR guidance issued on March 17, 2020, these restrictions are substantially loosened, reducing risk for providers:

• OCR will waive potential HIPAA penalties for good faith use of telehealth during the nationwide public health emergency due to COVID-19.
• A covered healthcare provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 emergency can use any non-public-facing remote communication product that is available to communicate with patients.
• This exercise of discretion applies to telehealth provided for any reason, not only the diagnosis and treatment of COVID-19-related health conditions.
• Covered healthcare providers may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video and Skype, to provide telehealth in good faith without risk that OCR might impose penalties for noncompliance with the HIPAA rules. OCR encourages providers to notify patients that these third-party applications potentially introduce privacy risks. Providers should enable all available encryption and privacy modes when using such applications.
• Covered healthcare providers should not use public-facing video communication applications (such as Facebook Live, Twitch and TikTok) to provide telehealth.

OIG Enforcement