What Are Telehealth and Telemedicine?
The terms “telehealth” and “telemedicine” are commonly used interchangeably, and their definitions may vary depending on the location or jurisdiction where defined. Generally, “telemedicine” refers to the delivery of healthcare whereby the healthcare provider is able to care for the patient from a remote location through the use of electronic telecommunication. The term “telehealth” commonly has a broader connotation that includes both provider-patient encounters as well as the use of electronic telecommunication for other health-related interactions, including provider education, public health, and health administration.”[2] For purposes of this article, the terms will be used interchangeably but with a narrower focus in the context of provider-patient care.
For years, advocates of telehealth have emphasized its ability to expand access to healthcare services not readily available, improve patient convenience and experience, and lower provider costs. Moreover, they have continually predicted that telehealth will feature prominently in the future delivery of healthcare. Meanwhile, consistent with those predictions, the use of telehealth has grown considerably in just a few years with more insurance plans covering telehealth services, more providers offering them, and more states regulating the services in their respective jurisdictions.[3] The predicted growth in telehealth was further intensified by the COVID-19 pandemic. Despite its increasing availability and practice prior to COVID-19, Medicare reimbursement was primarily limited to services for patients located in qualifying rural areas. However, in response to the COVID-19 pandemic, the Centers for Medicare & Medicaid Services (CMS) expanded the types of telehealth services for which Medicare reimbursement is available.[4] As of November 2020, CMS has delineated in a proposed rule the services that will remain reimbursable once the COVID-19 public health emergency ends and which services will expire.[5] Despite consistent growth in the telehealth industry prior to the COVID-19 public health emergency, there is consensus that the pandemic has still further accelerated the practice of telehealth in a manner that is irreversible. As stated by CMS Administrator Seema Verma, the COVID-19 pandemic has taken telehealth to a new frontier, and “there’s absolutely no going back.”[6]
Correspondingly, the growth in telehealth over the years has resulted in increasing government scrutiny. In April 2018, the Office of Inspector General (OIG) published audit findings that estimated that the Medicare program could have saved $3.7 million if the practitioners had provided services in accordance with Medicare requirements.[7] In addition, there have been a number of large-scale prosecutions by the Department of Justice (DOJ) alleging more than $1 billion in fraudulent activity involving telemedicine companies and fraudulent relationships with physicians.[8][9] All in all, there is considerable evidence that telehealth-related noncompliance is a growing government enforcement priority. Given the continued growth of telehealth happening even before, and especially during, the COVID-19 public health emergency, it is reasonable to expect government enforcement efforts to further intensify.
Risk Area Governance
Medicare and Medicaid Program Integrity Provisions, Social Security Act § 1128J(d)
This law requires that any self-identified Medicare overpayments resulting from incorrect coding, insufficient documentation, and medical necessity errors be returned within 60 days of identification.[10]
Anti-Kickback Statute, 42 U.S.C. § 1320a-7b
The statute prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals to generate federal healthcare program business.[11]
Stark Law, 42 U.S.C. § 1395nn
The Stark Law prohibits a physician from referring Medicare patients for designated health services to an entity with which the physician (or physician’s immediate family member) has a financial relationship, unless an exception applies.[12]
False Claims Act, 31 U.S.C. §§ 3729–3733
The False Claims Act prohibits, among other things, (1) the submission of false or fraudulent claims and (2) knowingly making, using, or causing to be made false statements or information to obtain fraudulent claims payment. False Claims Act violations occur when providers knowingly bill for services improperly. In addition, violations of both the Anti-Kickback Statute and the Stark Law as well as the failure to refund overpayments can each result in False Claims Act liability.[13]
Health Insurance Portability and Accountability Act, Pub. L. No. 104-191, 110 Stat. 1936
The Health Insurance Portability and Accountability Act (HIPAA) imposes requirements upon “covered entities,” including healthcare providers, healthcare plans, and clearinghouses, regarding their transmission of protected health information (PHI). PHI is information created or received by the covered entity that identifies an individual and relates to the individual’s health or healthcare provision, or payment thereof. Under HIPAA, covered entities must handle PHI as required by the Privacy Rule, Security Rule, and Breach Notification Rule.[14][15][16] Under the Privacy Rule, covered entities can only use and share PHI after obtaining patient authorization unless a specific HIPAA exception applies. The Security Rule requires covered entities to maintain administrative, physical, and technical safeguards to assure the confidentiality, integrity, and availability of the PHI. The Breach Notification Rule requires covered entities to notify the Department of Health & Human Services (HHS) secretary in the event of a breach of unsecured PHI.[17]
Ryan Haight Act, 21 U.S.C. § 829(e)
This act amended the Controlled Substances Act to prohibit the delivering, distribution, or dispensing of a controlled substance by means of the internet without a valid prescription.[18] This requires that the prescription be issued for a legitimate medical purpose either by a practitioner having conducted at least one in-person medical evaluation or by a covering practitioner. The regulations provide seven telemedicine exceptions to the in-person examination requirement.[19] They include:
-
The practice of telemedicine while the patient is being treated by and physically located in a qualifying hospital or clinic.
-
The practice of telemedicine while the patient is in the physical presence of a practitioner.
-
The practice of telemedicine by a practitioner who is an employee or contractor of the Indian Health Service.
-
The practice of telemedicine during a public health emergency as declared by the secretary of HHS.
-
The practice of telemedicine when conducted by a practitioner who has received a special registration from the Drug Enforcement Administration (DEA) administrator.
-
The practice of telemedicine occurs in a Department of Veterans Affairs medical emergency.
-
The practice of telemedicine in circumstances specified by DEA regulation.[20]
State Law Equivalents of Anti-Kickback Statute, Stark Law, and False Claims Act
Some states have enacted versions of the federal Anti-Kickback Statute, Stark Law, and False Claims Act. State laws may be broader in scope and apply both to state programs such as Medicaid as well as to claims submitted to commercial payers.[21]
State Licensing, Modality, and Prescribing Laws
States have varying licensing requirements for out-of-state physicians to practice telemedicine.[22] Some states require out-of-state physicians to be licensed where the patient will receive the services, while other states issue special telemedicine licenses.[23] Other states allow out-of-state physicians to perform telehealth follow-up without a state license if the onset of medical services first occurred in a state where the physician is licensed, while yet others do not require licensure when the telehealth physician is in consult with a physician who is licensed in-state.[24] States also differ as to the type of technology that must be used to establish a valid doctor-patient relationship (real-time audio-video, interactive audio, or store-and-forward technologies), as well as the treatment standards necessary to prescribe medications.[25]