Nearly three years have passed since the federal government initially declared a public health emergency (PHE) in response to COVID-19. Since then, telehealth utilization has soared largely due to new regulatory flexibility. Polls suggest that approximately one-third of Americans have tried telehealth, with 15% having used telehealth for the first time during the pandemic.[1] In 2021—a peak period in telehealth utilization—more than 2 in 5 Medicare beneficiaries used telehealth, representing an 88-fold increase in utilization of services from the prior year.[2] Nationwide claims data shows telehealth utilization rose to 4.9% of all medical claim lines in December 2021.[3] Patients report satisfaction with the health services provided, indicating they will continue to use telehealth services post-pandemic.[4]
Healthcare providers, including U.S. hospitals, medical practices, imaging centers/office-based labs, and urgent care facilities are investing in telehealth infrastructure to meet patient demand and expectations. Similarly, health plans and employer groups are expanding offerings and contracting with telehealth-enabled provider groups and telehealth vendors.
Though telehealth has emerged as a more accepted and often expected mode of healthcare delivery, the COVID-related regulatory flexibility that spurred the adoption of telehealth may disappear without legislation (or Executive) intervention at the expiration of the current federal PHE. At the same time, the U.S. Congress, U.S. Department of Justice (DOJ), and U.S. Department of Health & Human Services (HHS) have signaled that increased scrutiny of telehealth policies and related enforcement actions is forthcoming.[5] This article analyzes the status of telehealth waivers and policies that have contributed to the expansion of telehealth and identifies practical approaches to regulatory compliance for healthcare practitioners.
When will the federal PHE end?
The federal government and states each adopted a multitude of temporary policies designed to increase access to telehealth services in response to the COVID-19 pandemic. These policies ranged from broadening the patient population eligible to receive telehealth services[6] to increasing reimbursement for telehealth services.[7] In addition, healthcare practitioners have benefitted from relaxed enforcement of certain licensing and regulatory requirements, such as federal HIPAA requirements.[8]
As of the writing of this article, many state-based PHEs have ended, eliminating various state-specific telehealth waivers or relaxed policies. This includes policies that permitted out-of-state physicians who did not have a medical license for a particular state to nevertheless provide telehealth services to in-state residents. For example, the expiration of Hawaii’s, Idaho’s, and Iowa’s respective PHEs also terminated the states’ waivers or temporary permits which allowed out-of-state providers to practice telemedicine or telehealth in the state without a state medical license.[9]
The end date of the federal PHE remains unknown, however. On October 13, 2022, HHS Secretary Xavier Becerra once again extended the PHE for another 90 days through January 11, 2023.[10] Whether the federal government will continue to extend the PHE beyond January is yet to be determined. HHS has repeatedly committed to providing a 60-day notice prior to the termination or expiration of the PHE. [11] If the Administration does not provide such notice by mid-November, we can expect that the PHE will be extended again through early April 2023.
Status of waivers and relaxed enforcement post-PHE
Barring federal regulatory or legislative intervention, the end of the PHE will terminate some—though not all—of the federal telehealth waivers and policy changes designed to increase telehealth utilization during the public health crisis.
For example, on March 15, 2022, President Joe Biden signed the Consolidated Appropriations Act, 2022, an omnibus bill that included—among other spending measures—a 151-day extension following the conclusion of the PHE of certain regulatory flexibilities that have allowed for expanded coverage of telehealth services.[12] Additional legislative or executive action may still be forthcoming.[13]
Accordingly, telehealth policies need to be assessed on a case-by-case basis. We’ve compiled a list of key developments known to date.
-
Federal policies that may terminate at the end of PHE:
-
Per HHS, “many of the telehealth flexibilities are temporary and will lapse at the end of the COVID-19 public health emergency.”[14] These policies may include, for example, the HHS Office for Civil Rights (OCR) Notification of Enforcement Discretion, in which OCR announced that it would not impose penalties for noncompliance with the HIPAA rules against covered healthcare providers in connection with the good faith provision of telehealth during the PHE.[15]
-
The removal of frequency limitations for furnishing Medicare telehealth services, such as the three-day limitation for a subsequent inpatient visit or the 14-day limitation for a skilled nursing facility visit.[16]
-
Federal policies temporarily extended for 151 days after the conclusion of PHE:
-
A waiver permitting healthcare professionals, such as physical therapists, speech language pathologists, and others, to receive payment from Medicare for furnishing telehealth services.[17]
-
Waivers expanding flexibility of patient geographic location and site location requirements, allowing Medicare patients outside of designated rural areas to receive telehealth services, including from their homes.
-
A waiver allowing the use of audio-only equipment for physical health services for which Medicare otherwise generally requires use of audio and video equipment.
-
-
Federal telehealth policies made permanent:
-
During the PHE, HHS used its waiver authority to permit providers to bill for behavioral health services furnished through audio-only technology. Under its rulemaking authority, HHS has proposed to make this waiver permanent.[18]
-
-
Telehealth enforcement
The delivery of care via telehealth and the claims arising from them implicates a wide range of federal laws, including but not limited to the Anti-Kickback Statute, the False Claims Act, and HIPAA. While many federal telehealth waivers and flexibilities are likely to wind down, recent DOJ and HHS guidance and enforcement activities related to telehealth practices are already ramping up, with a particular focus on fraud and abuse.
For example, on July 20, 2022, HHS Office of Inspector General (OIG) issued a Special Fraud Alert identifying characteristics of “suspect” arrangements between health practitioners and telemedicine companies.[19] OIG identified seven characteristics potentially indicative of a heightened risk of fraud:
-
The practitioner orders or prescribes services for patients who were identified or recruited by the telemedicine company for free or low out-of-pocket services.
-
The practitioner lacks contact with or lacks sufficient information from the patient to assess the medical necessity of services ordered.
-
The practitioner is compensated based on volume of services ordered by the telemedicine company.
-
The telemedicine company only furnishes services to federal healthcare program beneficiaries.
-
The telemedicine company bills federal healthcare programs when it claims to only furnish nonfederal healthcare program beneficiaries.
-
The telemedicine company potentially restricts a practitioner’s treating options to a predetermined course of treatment by only furnishing one product (e.g., durable medical equipment).
-
The telemedicine company does not expect practitioners to follow up with purported patients.
OIG also explained that the civil, criminal, and administrative telemedicine fraud cases it has investigated frequently involve situations in which:
(1) the practitioner had no meaningful interaction with the patient to determine whether a prescribed item or service was medically necessary; and (2) the practitioner’s compensation was correlated to volume of federally reimbursable services ordered or prescribed.
The same day that OIG issued its Special Fraud Alert, DOJ announced a nationwide criminal enforcement action against telemedicine schemes, including schemes in which the charged providers allegedly received kickbacks ordering unnecessary medical tests or equipment—often after limited-or-no interaction with a patient.[20] The enforcement action identified telemedicine company executives as defendants and also spawned Centers for Medicare & Medicaid Services (CMS) administrative actions against more than 50 healthcare providers.
More recently, in September 2022, OIG published a data brief identifying “program integrity measures” potentially reflective of inappropriate billing for Medicare telehealth services, including:
-
“Billing both a telehealth service and a facility fee for most visits;
-
“Billing telehealth services at the highest, most expensive level every time;
-
“Billing telehealth services for a high number of days in a year;
-
“Billing both Medicare fee-for-service and a Medicare Advantage plan for the same service for a “high proportion of services;
-
“Billing a high average number of hours of telehealth services per visit;
-
“Billing telehealth services for an increased number of beneficiaries; and
-
“Billing for a telehealth service and ordering medical equipment for a high proportion of beneficiaries.”[21]
In its report, OIG classified each provider whose billing practices satisfied at least one of the above criteria as “high risk.” Interestingly, while OIG identified only 1,714 of the 742,000 providers analyzed as “high risk,” more than half of those high-risk providers were members of a medical practice where at least one other practitioner was also identified as high risk.[22] OIG noted its concern that this overlap may suggest that certain physician practices encourage suspect billing by their providers.
Telehealth compliance best practices
Mindful that certain regulatory flexibilities may end with the PHE and that enforcement action is already increasing, providers can take steps to ensure telehealth compliance and mitigate the likelihood of government audits and investigations.
First, recognizing that OIG and other enforcement agencies are likely to rely on data to mine for potential fraud and abuse,[23] providers should review their own data to identify and remediate key risk areas, including:
-
Improper coding (including up-coding time and services). Per OIG, improper coding may include such activities as:
-
Billing for services not rendered
-
For example, OIG identified billing telehealth services for a high number of days per month or year warranted further scrutiny because such a practice “may indicate that the provider may not be providing the services for which they are billing.”[26]
-
-
Orders for unnecessary durable medical equipment, diagnostic testing, or medicines
-
Ordering durable medical equipment (DME) in conjunction with telehealth services was identified as a suspect characteristic in the OIG Special Fraud Report and as a measure of inappropriate billing.
-
While not every such order is inappropriate, providers who order DME in connection with all or most telehealth encounters will be heavily scrutinized.
-
Per OIG in its September 2022 Data report, “There is added concern when providers order medical equipment and supplies primarily for beneficiaries with whom they do not have an established relationship. During the pandemic, the requirement for an in-person visit with the beneficiary before ordering medical equipment and supplies was waived in most instances.”[27]
-
Second, providers should constantly evaluate and implement “best practices” to ensure compliance. In many instances, these best practices have the added benefit of enhancing the patient experience.
Administrative best practices
-
Review state-based licensing requirements and track provider license status.
-
Train healthcare workers to use standardized telehealth tools or systems.
-
Create or update written telehealth policies and procedures.
-
Maintain or enhance documentation and record keeping.
-
Enhance oversight of any delegated vendor telehealth services.
-
Know your data. Periodically and routinely, review your claims data for outliers and trends.
-
Confirm encounter documentation and coding is complete and accurate.
-
Telehealth encounters best practices
-
Confirm that the expected encounter is appropriate for telehealth.
-
Review provider licensing relative to location of the member.
-
Consider gathering written or digital consent from patients for telehealth services, even if not required.
-
Be prepared to provide language and American Sign Language support (via a vendor, as necessary).
-
Always assess privacy, including assessing the patient’s location.
-
Have IT support available.
-
Takeaways
-
Providers should monitor when the federal public health emergency and any applicable state-based emergency periods will end. One key resource is the “Declarations of a Public Health Emergency” website:https://aspr.hhs.gov/legal/PHE/Pages/default.aspx.
-
Providers should identify and track the status of regulatory policies applicable to their practice and patients. One essential resource is HHS’s telehealth information website: https://telehealth.hhs.gov/.
-
Providers should periodically review enforcement guidance to identify key trends and areas of focus. One important resource is Office of Inspector General’s “Featured Topic: Telehealth” website: https://oig.hhs.gov/reports-and-publications/featured-topics/telehealth/.
-
Providers should review their own telehealth data to preemptively find and remediate areas of concern.
-
Providers should evaluate and implement best practices for telehealth compliance and improved patient experiences.