COVID-19 has profoundly changed the U.S. health care system. Virtually overnight, sweeping rollbacks, program expansions, and an easing of burdensome barriers have transformed the way many providers practice medicine. For those in the health care space, the pandemic has been a learning lesson in adaptability and the importance of focusing on long-term goals.
Of course, many changes arising from the pandemic are temporary. This includes relaxed enforcement efforts, a suspension of Health Insurance Portability and Accountability Act (HIPAA) requirements, and CMS’ removal of restrictions that have historically hindered reimbursement for telemedicine services and its use by beneficiaries.
Although these amendments were adopted with the intent that they be lifted when the country has weathered its public health emergency, many in the health care industry are optimistic that recent regulatory changes and the opportunities they have created will remain in place.
Nowhere is that more true than in the practice of telemedicine.
The Future of Telehealth
Without a crystal ball, it’s impossible to predict precisely what health care will look like in the future. What’s more certain, however, is that it will not be the same.
A new normal, at least for the foreseeable future, will likely involve fewer in-person patient visits in order to comply with social distancing and increased sanitation guidelines. It may involve greater access to care for an array of health care services across a variety of specialties and by way of various telecommunication and audio-visual platforms.
Most importantly, it could very well be hinged on a sustained and strong demand for telemedicine.
As health care officials ponder large shifts in the regulatory landscape, forward-thinking providers and companies with stakes in telehealth must work now to develop the policies that will foster flexibility, and allow them to prepare for a post-pandemic world.
Key Considerations for Telemedicine Providers Post-COVID-19
While the pandemic creates new opportunities and accelerates the adoption of telehealth, it also poses many challenges and potential pitfalls. Compounded by a simultaneous spike in cyber-crime, these challenges are likely to include evolving regulations, a need for robust privacy protections, and an increased focus on fraud.
For providers, practice groups, and companies with an eye toward the future of health care, avoiding pitfalls will become critical to ensuring compliance and creating the flexibility needed to adapt.
Here are a few key areas telehealth providers should be addressing as they look to build a successful and sustainable telemedicine practice.
For years, regulators have heavily scrutinized health care services furnished via telecommunication and remote technologies, and only recently relaxed restrictions and enforcement efforts in response to COVID-19. Moving forward, regulators will certainly increase their focus on rooting out fraud and abuse involving telehealth, which enables unscrupulous providers to expand their reach and scope of fraud.
While regulators have many tools to root out fraud and abusive practices, they are also likely to expand use of analytics technology to facilitate fraud detection. For example, analytics can help regulators:
Review large amounts of data on billing practices by frequency, locations, and time of day using codes, and virtual visit data to spot billing anomalies, including overbilling for telehealth services, or billing for services that were never rendered.
Identify fraudulent marketing schemes that target Medicare patients, often for genetic testing, or unnecessary services, treatments, or medical equipment – and now for COVID-19 schemes such as those which offer “coronavirus emergency kits” of little actual value or use.
For providers who want no part of health care fraud investigations or audits, or the tremendous penalties they carry, prioritizing regulatory compliance in a shifting world of rules and requirements will be critical. To avoid enforcement actions over alleged fraud, providers should:
- Evaluate physician employment contracts, billing agreements, and physician licensure regulations applicable to their state and practice;
- Assess the security of telehealth technologies and vendors’ HIPAA compliance, both now and beyond the pandemic;
- Consider how telehealth platforms function across connected devices with electronic health record systems;
- Create or amend agreements with vendors who may have, or may be able to gain, access to protected health information, and ensure protections for any security breaches – including indemnification, internal processes for reporting, and cyber liability;
- Train employees on compliant billing practices and fraud assessment and reporting strategies;
- Perform comprehensive security assessments of IT systems and technologies in use or under consideration for adoption.
Providers should also evaluate their internal fraud protections, safeguard IP with a remote workforce, avoid fraudulent schemes that target telehealth physicians, and be mindful of potential pitfalls that can create exposure to FCA liability – such as upcoding and diagnostic code errors, billing for unapproved COVID-19 treatments, and more.
CMS’ expansion of telehealth, driven by temporary suspensions of reimbursement barriers (i.e. requirements pertaining to originating sites, geographic location, eligible practitioners and types of services, and qualifying technology) is significant for beneficiaries (roughly 15% of the U.S. population) and all American health care patients.
With Medicare viewed as the “pace car” for health care policy, state programs and private payers are likely to model their telehealth approaches after Medicare. However, because health and regulatory agencies don’t typically have sufficient authority to make changes they enact under emergency rules permanent, the future of telemedicine will be weighted heavily on Congressional action and lawmakers at both the state and federal levels. Rules applicable to prescribing controlled substances via telehealth for behavioral health patients during the pandemic, for example, will require amendments to federal law for changes to stick.
Although there is reassurance in data that proves telehealth’s value in terms of patient adoption and increased access to care, providers, companies, and stakeholders should not assume policy changes will become permanent, or that they will be able to remain in compliance with temporary rules indefinitely, or without significant preparation.
The key, therefore, is to take a decisive and proactive role in structuring a foundation of flexibility and sound internal policies, arrangements, and technologies.
Licensure & Care Delivery
During the pandemic, numerous states (Texas included) temporarily waived requirements for providers to be licensed in the same state as the patient receiving services, while others created emergency pathways to limited licensure.
Experts believe some states will continue this practice, and that adoption of the FSMB physician licensure compact, which allows physicians to obtain licenses across multiple states, will increase.
Providers implicated by licensure regulatory changes should stay apprised of temporary waivers and their dates of expiration, ensure they are creating compliant doctor-patient relationships, and explore licensure options as they implement or continue to provide telehealth services to their patients.
Data Privacy & HIPAA
In an effort to increase rapid adoption, regulators created temporary flexibility for telehealth to be furnished via technology platforms such as Skype or FaceTime (which were not traditionally HIPAA compliant) and opted not to penalize providers who provide telemedicine services via these platforms during the pandemic if they do so in good faith.
Though HIPAA compliance changes have worked well for their intended purpose (with some health care systems conducting thousands more virtual visits per day than performed in an entire month pre-pandemic), they also create concerns about whether restrictions will resume post-COVID-19, and if so, to what extent.
Though some changes are more likely to stick than others (including payment parity, using patients’ homes as eligible originating sites, and allowing new types of providers and services to deliver telehealth services), others will likely tighten up or be subject to dramatic changes. This is true of temporary privacy and security flexibilities, HIPAA’s technology rule, and the potential for unified data protection guidelines across the U.S. when it comes to telemedicine mobile apps.
Telehealth providers, and telehealth companies, should anticipate these changes and begin exploring compliant platforms and their particular path to compliance.
Your Health Care Team For Life
At Hendershot Cowart P.C., our health and medical law team counsels providers, medical groups, and health care businesses who want to ensure compliance while capitalizing on opportunities created by an accelerated adoption of telehealth.
Amid these unprecedented times, there are many future uncertainties. However, federal regulators will continue to aggressively target waste, fraud, and abuse in health care, and take decisive action against those who fail to adapt and comply accordingly.
To speak with an attorney, call or contact us online. Our firm proudly serves clients across Texas and the nation, and is committed to being part of your health care team for life.