COVID-19 and Telehealth: Understanding the New Medicare and HIPAA Waivers

In response to the COVID-19 national emergency, the federal government has put forth temporary waivers to certain HIPAA and Medicare requirements to promote the use of telehealth.  These waivers provide an opportunity for health care providers to start or expand their telehealth service offerings to patients.  Here are a few key takeaways from these waivers that are described in detail below:

  • Medicare: During the COVID-19 national emergency, Medicare will pay for telehealth services without regard to where the patient is located. The patient could even be located inside his or her home during a telehealth session.
  • HIPAA: During the COVID-19 national emergency, providers can provide, without the threat of penalties from the Office of Civil Rights, telehealth services through common video conferencing vendors (e.g. FaceTime, Skype, etc.) who may not comply with HIPAA requirements.
  • Next Steps: If a provider wants to start or expand telehealth service offerings to patients, it is important to be mindful of the various legal issues described below, including appropriate licensure, informed consent, and payor reimbursement.

Expansion of Telehealth Reimbursement under Medicare

Starting on March 6, 2020 and continuing for the duration of the COVID-19 national emergency, Medicare will pay for professional telehealth services furnished to Medicare patients without regard to where the patient is located. A patient can receive telehealth services in any part of the country and from any location, including the patient’s home.  This is a significant change from prior Medicare telehealth billing requirements, which required patients to be located within a designated rural area and to receive telehealth services only in certain types of medical facilities.

Medicare will pay for telehealth services under the Physician Fee Schedule at the same amount as in-person services.  Patients are still subject to Medicare deductibles and coinsurance, but the waiver allows providers to reduce or waive cost-sharing requirements for telehealth services paid by Medicare.

To ensure that telehealth services qualify for Medicare reimbursement, the patient and provider must communicate with each other using an interactive audio and video telecommunications system that permits real-time communication between the “distant site” (where the provider is located) and the “originating site” (where the patient is located). Services such as Zoom, FaceTime, and Skype satisfy this requirement.

Medicare continues to restrict the types of “distant site” providers that may engage in telehealth services to: licensed physicians, nurse practitioners, physician assistants, nurse midwives, certified nurse anesthetists, clinical psychologists, clinical social workers, registered dietitians, and nutrition professionals.  Unfortunately, the list of professionals has not been broadened to include other licensees, such as mental health counselors and marriage and family therapists. As discussed below, Medicaid and some private commercial payors do not have these same licensure restrictions.

Changes to HIPAA Telehealth Requirements

To encourage the use of telehealth technology, the Office of Civil Rights (OCR) will, during the COVID-19 national emergency, waive HIPAA penalties against health care providers related to the good faith provision of telehealth services to patients through common video communication technology such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, and Skype. As described above, Medicare will pay for telehealth services provided via such systems if they permit real-time audio and video communication. However, OCR emphasizes that “public facing” video communication applications such as Facebook Live, Twitch, and TikTok may not be used by providers to render telehealth services to patients. 

Prior to the OCR’s waiver, providers faced HIPAA compliance issues in using popular video conferencing technology to provide telehealth services to patients.  Many video conferencing technology vendors will not represent that they comply with HIPAA security safeguards and refuse to sign a HIPAA business associate agreement (BAA).

Under the waiver, OCR states that it will not impose penalties against providers for the lack of a BAA with a video conferencing vendor or for noncompliance with HIPAA privacy or security requirements related to the good faith provision of telehealth during the COVID-19 national emergency. OCR does, however, encourage providers to notify patients that the use of video conferencing applications could cause risks to the privacy of patient information.  OCR also emphasizes that providers should also use any encryption technology if it is available with the video conferencing application.

Although OCR will not penalize providers who lack a BAA with telehealth technology vendors during the COVID-19 national emergency, OCR acknowledges that providers may want to enter into BAAs with vendors to ensure that the vendors take HIPAA requirements seriously. Despite the OCR’s waiver of penalties, patients could still file a lawsuit against a provider related to a security or privacy breach, so entering into a BAA with a telehealth vendor can be an important risk management strategy. To assist providers, OCR included a list of telehealth technology vendors who represent that they will enter into a BAA with providers:

  • Skype for Business
  • Updox
  • VSee
  • Zoom for Healthcare
  • me
  • Google G Suite Hangouts Meet

It is important to note that substance abuse providers who are subject to the confidentiality requirements of 42 CFR Part 2 need to continue entering into “Qualified Service Organization (QSO)” contracts with telehealth vendors.  SAMHSA, the agency that oversees 42 CFR Part 2, has not issued waivers to 42 CFR Part 2 QSO requirements.

Next Steps

The waivers to the Medicare and HIPAA requirements related to telehealth should be welcomed by health care providers. The waivers provide an opportunity for providers to continue treating their patients while limiting potential exposure to the novel coronavirus.

If you, as a Washington State healthcare provider, want to start providing telehealth services to patients, or if you are already providing telehealth services to patients, here are few concepts to consider:

  • Free Telehealth Technology: To encourage the use of telehealth, the Washington State Health Care Authority is providing a certain number of licenses to the Zoom video conferencing service at no charge. Information on applying for one of these licenses is located here: https://www.hca.wa.gov/billers-providers-partners/prior-authorization-claims-and-billing/request-zoom-license-connect. It appears that HCA is intending that these licenses be used by small providers.
  • Licensure: Under Washington State Medical Commission guidelines, a provider using telehealth to practice medicine on Washington State patients must be licensed to practice medicine in Washington. For example, a provider licensed in Oregon cannot provide telehealth services to a patient located in Washington.  Similarly, a provider licensed in Washington cannot provide telehealth services to a patient located in Oregon. However, a Washington provider may render telehealth services to a patient located outside of Washington if the patient has already met in-person with the provider, and the telehealth services are limited to clarification, advice, or follow-up related to the in-person visit.

Exception: During the COVID-19 emergency, the Washington State Department of Health (“DOH”) has stated that a health care entity in Washington State (e.g. hospital) may offer telehealth services to Washington patients that are provided by out-of-state providers employed by the entity if: (1) the providers do not have a pre-existing employment relationship with the entity, and (2) complete the application to register as an Emergency Volunteer Health Practitioner with the DOH.  More information about this process is here:

https://www.doh.wa.gov/Emergencies/NovelCoronavirusOutbreak2020/HealthcareProviders/EmergencyVolunteerHealthPractitioners.

  • HIPAA Requirements: As stated above, OCR is encouraging the use of telehealth services even if a BAA may not be in place between the provider and telehealth vendor. However, providers should still consider asking vendors to sign BAAs for risk management purposes because they contain important protections for patient information.  Providers should also try to provide a HIPAA Notice of Privacy Practices (“NPP”) to new telehealth patients that the provider has not seen in-person. But, as described above, OCR will not penalize providers for failing to comply with HIPAA requirements such as providing an NPP to a telehealth patient during the COVID-19 national emergency.
  • Informed Consent: Prior to rendering telehealth services to a patient, a provider should obtain the patient’s written informed consent to the telehealth services. An informed consent form should describe the services to be rendered, the anticipated results and benefits of the services, the risks related to the services, and any alternatives to the telehealth services. For the sake of efficiency, providers can ask patients to send a signed copy of the form via email (e.g. patient takes a picture of the form and then emails it with a smartphone) or via fax. Providers can also have patients sign the form via an electronic signature platform, such as Docusign.
  • New Patients: If a provider is seeing a new patient via telehealth, the provider should ensure that, in addition to an informed consent form, the patient completes the intake paperwork that new in-person patients must complete. The paperwork should include a demographic form where the patient provides contact information and a description of his or her medical problem, a financial agreement that describes the provider’s payment policies, and, as described above, an NPP.  Similar to the informed consent form, patients can submit the completed paperwork to providers electronically.
  • Health Insurance Other Than Medicare: The Medicare waiver does not apply to telehealth services provided to beneficiaries of Medicaid or commercial health insurance. However, the Washington State Medicaid program will cover telehealth services delivered by any provider licensed in Washington State that are: (1) within the provider’s scope of practice, and (2) provided via HIPAA-compliant, interactive, real-time audio and video telecommunications (including web- based applications). Based on the OCR’s HIPAA enforcement waiver, these systems appear to include common videoconferencing systems like Apple FaceTime, Zoom, and Skype.

Similar to the Medicare waiver, Washington State law requires Medicaid and all commercial insurers to reimburse any licensed Washington health care provider for medically necessary telehealth services without regard to where the patient is located (e.g. patient’s home).  However, commercial insurers have different coverage policies related to telehealth, so it is important for providers to verify coverage requirements with each of their contracted insurers.

The Medicare and HIPAA waivers provide important opportunities for providers to utilize telehealth services during the COVID-19 national emergency. Please reach out to Casey Moriarty at 206-447-7000 if you have any questions.

Three Members Join Ogden Murphy Wallace

(Teresa R. Byers, Partner)

Seattle, Wash. (March 2, 2020) Effective March 2, 2020, three new members will be joining Ogden Murphy Wallace P.L.L.C. in its Seattle office: Teresa R. Byers, Bruce A. McDermott, and Daniel J. Vecchio.  All three attorneys were formerly with Foster Garvey P.C./Garvey Schubert Barer. With the addition of these three new members, Ogden Murphy Wallace’s total headcount (Seattle and Wenatchee) will come to about 60 attorneys. The addition of these new attorneys expands Ogden Murphy Wallace’s existing Trusts & Estates planning practice area and adds a highly regarded Trust and Estates litigation team as well. With over 110 years of firm history, Ogden Murphy Wallace has been a leading regional law firm with origins deeply rooted in the Pacific Northwest. By growing its team, Ogden Murphy Wallace maintains its standing as one of the top regional law firms (headquartered and offices in the Pacific Northwest only) in the market.

(Bruce A. McDermott, Partner)

Teresa R. Byers – Teresa’s practice includes trust & estates litigation, estate planning, federal tax, and charitable & tax-exempt organizations.

Bruce A. McDermott – Bruce’s practice focuses on trust & estates litigation, commercial litigation, banking litigation, antitrust, and intellectual property. His intellectual property experience involves litigation in patent, trademark, copyright, and trade dress infringement.

Daniel J. Vecchio – Dan’s practice emphasizes trusts & estates litigation, bankruptcy & creditor’s rights, and complex commercial litigation. He has represented clients in a variety of matters in Washington and California, including both beneficiaries and trustees in trust disputes and both creditors and debtors in Chapter 11 bankruptcy proceedings.

(Daniel J. Vecchio, Partner)

“Ogden Murphy Wallace is a firm that has always focused on a strong, common culture that promotes collaboration, between and among both attorneys and staff, excellent client service, and provides the highest quality legal services using a team approach,” said Don Black, Chair at Ogden Murphy Wallace. “The addition of Bruce, Teresa and Dan, who share in these values, will only strengthen our culture while also providing new perspectives in our practices. We are thrilled to have them joining the OMW team.”

“We are excited to become an integrated part of the Ogden Murphy Wallace team,” said Bruce McDermott, former Principal at Foster Garvey. “Teresa, Dan, our staff, and I believe that we are a great for each other, culturally and professionally.”

The new hires will all work out of OMW’s Downtown Seattle office.

 

Ogden Murphy Wallace PLLC announces Drew Pearsall and Daniel Shickich as new members

Ogden Murphy Wallace is pleased to announce the appointment of Drew Pearsall and Daniel Shickich as Members of the firm.

“We are pleased that Drew and Danny have become members.  They are both exceptional lawyers and represent the future of our firm,” said Geoff Bridgman, the firm’s Managing Member.

Drew Pearsall represents his clients in various facets of litigation, including matters related to personal injury, professional liability, and project liability. His practice also encompasses the subjects of tort, contract dispute, insurance coverage, and environmental law cases. Due to his expansive past experiences in representing and defending entities and individuals in the fields of construction, manufacturing, and civil engineering, Drew possesses widespread and multifaceted knowledge in the field of litigation. Drew earned his J.D. from the University of Washington School of Law and his B.A. from Whitman College.

 

Daniel Shickich’s litigation practice focuses on insurance coverage, contracts, and torts in addition to representing municipalities in matters of more complex litigation. With his previous experience with litigation in municipal law, his knowledge in the field is expansive and valuable to OMW—prior to joining OMW, Daniel gained a significant amount of trial and appellate litigation experience as a Deputy Prosecuting Attorney for the King County Prosecuting Attorney’s Office. Daniel received his J.D. also from the University of Washington School of Law, and he earned his B.A. from Pomona College.

 

About Ogden Murphy Wallace

Ogden Murphy Wallace is recognized as a leading multispecialty law firm committed to providing practical, cost-effective legal services to businesses serving Pacific Northwest clients for over 100 years. To learn more about our firm and the services we offer, please visit www.omwlaw.com.