Jan Elezian (jan.elezian@sunhawkconsulting.com) is Director, SunHawk Consulting LLC, in Denver, Colorado. Kimulet Winzer (kimulet.winzer@sunhawkconsulting.com) is Director, SunHawk Consulting LLC, in Phoenix, Arizona.
The onset of the COVID-19 pandemic sent physicians and patients into a frenzy of needed direction, evaluation, and care. The risk of crowded emergency departments and waiting rooms with an inadequately understood, highly contagious virus provided an urgency for expanded telehealth services—and at a whirlwind pace. Virtual patient services, including telehealth, have been adopted with a speed and scale unprecedented in modern medicine. In the shadow of the prolific changes that have occurred, we want to take a closer look at the current telehealth arena. What should we keep? What’s working? What’s not working? Will past practices predict the future of telehealth? Will new technologies and innovations change the field? What is the compliance professionals’ role in expanding this seemingly popular method of healthcare delivery? Leaders in this space have shared that the genie will not go back in the bottle: The emergency protocols are being examined to determine what regulations and policies should be developed to move forward, and audits are close at hand to shape this mode of healthcare delivery.
Background
The “Medicare Telemedicine Health Care Provider Fact Sheet” of March 17, 2020,[1] through the use of the 1135 waiver authority and Coronavirus Preparedness and Response Supplemental Appropriations Act, provided a wider range of telehealth services to beneficiaries provided by their doctors without having to travel to a healthcare facility. An expanded use of technology was put in place to provide routine care and keep vulnerable patients with mild symptoms in their homes while providing access to the care they need. Prior to the waiver, Medicare could only pay for telehealth when the person receiving the service was in a designated rural area and traveled to a clinic, hospital, or certain other types of medical facilities to receive telehealth services from a distant healthcare facility. The waiver not only added home as a location of telehealth, but also added a range of providers to include doctors, nurse practitioners, clinical psychologists, and licensed clinical social workers as telehealth providers. In April of 2020, the Centers for Medicare & Medicaid Services announced that physical, occupational, and speech therapy practitioners could provide Medicare-covered telehealth services during the period of the federal coronavirus emergency declaration.[2]
Inherent risks of telehealth services
Despite the obvious advantages and necessity of remote care, telehealth has inherent risks. In its March 2020 news release,[3] the Office for Civil Rights announced its decision to exercise its enforcement discretion and not impose penalties for potential Health Insurance Portability and Accountability Act violations against healthcare providers that, in good faith, provide telehealth using non-public-facing audio or video communication products, such as FaceTime or Skype, during the declared nationwide public health emergency.
Once the public emergency ends, covered entities will no longer be protected by the Office for Civil Rights’ good faith provision. However, the timing of the end of the public health emergency does not fully equate with the resolution of the pandemic. Rather, the public health emergency ends when we are able to manage or operate in our respective arenas without the sense of urgency presented with the onset of the pandemic. We are seeing the end of the pandemic emerging as municipalities relax COVID-19 requirements and individuals return to work. As the emergency comes to an end, we will enter into our “new normal.” Now is the time to proactively review the actions taken thus far in order to ensure consistency with regulations and intended outcomes. It is also the time to be part of the conversations that will dictate how and when telehealth will be used in the future as well as how to account for reimbursement of these services in the future. If in fact there is less overhead, then it would seem logical that the reimbursement would be less; however, the skill expertise and risk involved for a practitioner arguably remains the same. Compliance professionals with an understanding of administrative, operational, and regulatory landscapes in their fields can help maneuver these uncertain paths.
Assessments should be done in all areas affected by the rapid rollout of telehealth services to ensure policies and procedures are reviewed to include the changes that were made and assess what additional risks present themselves that should be addressed. Consider what impact telehealth protocols have on your translation providers, or how accessibility standards are addressed. What additional training should be done within your organization to understand how interfaces between departments are affected by providing services through telehealth?
Privacy and security mismatches may be discovered by compliance professionals. One suggested review task is to revisit any new technology implemented for telehealth services. Providers should develop an inventory to assess whether any form of virtual public-facing platform communication that the U.S. Department of Health & Human Services expressly prohibited, such as Facebook Live, was chosen to accommodate patient demand during the pandemic.[4] And if so, the organization should assume that breach has occurred, and a breach risk assessment should be conducted. Other questions to ask include whether privacy and security policies have been developed to include telehealth visits. These policies should include consent management and limits on collections and include use and disclosure of health information to include only documentation minimally necessary to the specific transaction in question. Are security safeguards such as authentication and data encryption included in your telehealth platforms?[5]
Patients are seeking a permanent change
In a recent interview, Ann Mond Johnson, CEO of the American Telehealth Association, offered the vision that telehealth provides safe, effective, and appropriate care, allowing physicians to do more for more people, thus lowering limitations to care during the COVID-19 pandemic.[6] This association focuses on accelerating the adoption of telehealth, which it seems patients, now introduced to this mode of communication and healthcare delivery model, are seeking as a permanent change even after the national emergency period has passed.
Even as practices have resumed in-person appointments at Stanford Health Care in Palo Alto, California, 30%–40% of all visits are still being scheduled as virtual.[7] About one-third of new patient visits are virtual, and close to “75% of patients who completed a video visit report that they are very likely or extremely likely to choose” virtual over in-person visits in the future.
Further, researchers in Los Angeles have reported that some traditionally underserved groups have had more cardiology visits during the pandemic. Asian, Black, and Hispanic patients accounted for 28.6% and 26.5% of in-person visits before the pandemic.[8] That number jumped to 30.4% of video-based cardiovascular and 35% telephone-based cardiology telehealth during the pandemic.
An analysis by JAMA Surgery published in March found that nearly 40% of new surgical patient consultations in Michigan were conducted via telehealth at the height of the first wave of the COVID-19 pandemic.[9]
Compliance professionals prepare for expanded use of telemedicine
If a post-pandemic increase in services is allowed, some are estimating that telehealth services may make up 20%–25% of all care in the future. Compliance professionals, through policies, should prepare for the considerations of expanded use of telehealth. The implementation of telehealth service will lead to: (1) revisions in a covered entities’ notice of privacy practices; (2) assurances that the patient has a documented informed consent within the electronic health record that aligns with their state’s requirements; (3) a review of all policies with updated telehealth practices that will continue to be effective after pandemic, including video/audio recordings; (4) dictated notes obtained during telehealth services need documented retention and storage controls and to be accessible to those involved in the treatment and payment of operations of that visit. Organizations need to consult with their legal counsel about record retention, discoverability, record releases, and disclosure ability. A Health Insurance Portability and Accountability Act security risk assessment is necessary to evaluate any telehealth applications, systems, or processes for vulnerabilities and weaknesses.[10] For an extended discussion of securing your telehealth environment, see a previous Compliance Today article titled “Is your telehealth environment ready for 2021?”[11]
Federal and state laws must update
Pre-pandemic laws that regulate telehealth are now considered archaic and have caused limitations with the technology now available for use. The American Healthcare Association has proposed the policymakers consider:[12]
-
Promoting patient and provider choice. “Policy must encourage all technologies and/or modes of telehealth, provided the technology is safe, effective, appropriate, secure, interoperable, and can be integrated into a provider’s clinical workflow.”
-
Ensuring parity between telehealth services and in-person services.
-
Investing in telehealth infrastructure.
-
Prioritizing privacy and security.
-
Facilitating the delivery of healthcare across state lines.
-
Addressing disparities in the use and willingness to use telehealth and remote patient monitoring technologies; and
-
Promoting program integrity.
Recently on the federal level, the U.S. House Committee on Energy and Commerce has held hearings regarding the future of telehealth. Evidence concerning the impact of telehealth on access, quality, and costs will be studied during a one- to two-year extension of existing telehealth expansion called for by the Congressional Medicare Advisory Panel.
One resource of study includes findings from the National Committee for Quality Assurance (NCQA) Taskforce on Telehealth Policy, which were published in mid-September 2020.[13] The task force assessed telehealth and remote patient monitoring policy changes at the state and federal levels. Data collected for the NCQA report can help policy makers in making decisions about the benefits and addresses previous concerns regarding safety, program integrity, quality, and costs.
Finally, the taskforce concluded that “consensus is emerging that telehealth is the natural evolution of healthcare into the digital age, not another type of care or new benefit.”[14] Previous assumptions about increased costs were challenged in that “data collected to date indicate that…telehealth has not resulted in excess cost or utilization increases, even as supply and demand for in-person care has rebounded.”[15]
Innovations telehealth has brought to the digital age
-
People stranded during the southeastern Texas storm were unable to get to healthcare facilities.[16] Providers at Chambers Health clinics were onboarded and trained on telehealth, ready to see patients from their homes when the freeze hit.
-
The team at NYC Health + Hospitals/Bellevue’s telehealth program came in handy during a New York snowstorm. With the patient’s consent, in-person visits were converted to televisits when a storm was coming.
-
One of the large mobile phone service providers is rolling out a video conferencing platform version designed from the ground up for healthcare organizations.[17] This innovation will allow organizations to customize their landing page, thus giving patients access to pre-visit medical condition surveys, onboarding materials, and educational information. Via third-party partners, this company is offering interpreter services, including sign language, in more than 200 languages. Security and privacy features include access controls, encryption, privacy checks, locked meetings, fraud detection, and moderator controls.
Such expanded delivery models have the advantage of considering new technology now available in the form of artificial intelligence translation software products hitting the markets. Translation services are traditionally in high demand but experience a shortage of resources. Innovative solutions are getting developed at an accelerated pace, helping to expand services to more patient encounters and promoting better health and wellness outcomes.
Compliance professionals are in a prime position to research innovative solutions such as secure virtual messaging, remote patient monitoring, artificial intelligence solutions, etc. that can contribute to easing workloads and saving patients and their organization time and money while enhancing health outcomes.
Federal and state requirements still apply
Although the use of telehealth is entering into an exciting and imaginative vision, the basics are still applicable, and federal and state telemedicine requirements must be followed. The U.S. Department of Health & Human Services Office of Inspector General has expressed concern that increased access and decreased burden of telehealth services may be compromised by fraud, abuse, or misuse.[18] Therefore, the Office of Inspector General is currently conducting audits to uncover any improper activity. One of its first audits found that “only three percent of the sampled telemedicine payments met federal and state requirements....In 95 percent of the cases reviewed, the providers failed to document the start and stop times and the consulting site location of the medical service.” The Office of Inspector General determined that providers were not formally trained on telemedicine documentation requirements, nor did they adequately monitor compliance.
Compliance professionals can learn from these audits. If your organization offers telehealth services, consider monitoring patient consent to telehealth services, patient consent to electronic communications (e.g., email), documentation and claim information related to duration of service, and documentation related to coding in order to meet federal and state requirements for payment. Virtual health strategies require attention to workforce engagement and developing an infrastructure to support long-term success.
Takeaways
-
The onset of the COVID-19 pandemic sent physicians into a frenzy of needed direction, evaluation, and care. Virtual patient services, including telehealth, have been adopted with a speed and scale unprecedented in modern medicine.
-
The 1135 waiver authority provided a wider range of telehealth services to beneficiaries provided by their doctors without having to travel to a healthcare facility.
-
If an increase in services is allowed, post-pandemic telehealth services may make up 20%–25% of all care in the future. Compliance professionals, through policies, should prepare for expanded use of telehealth.
-
National Committee for Quality Assurance Taskforce on Telehealth Policy concluded that “consensus is emerging that telehealth is the natural evolution of healthcare into the digital age, not another type of care or new benefit.”
-
Telehealth services compel compliance professionals to monitor patient consent to telehealth services and electronic communications (e.g., email), documentation and claim information related to duration of service, and documentation related to coding in order to meet federal and state requirements for payment.