By KIMBERLY RUPPEL
In this new normal we are experiencing as a result of the COVID-19 pandemic, social distancing and telehealth go hand in hand. Telehealth includes a range of technology, for example, the use of real-time video interaction, “store and forward” technology, remote patient monitoring or online chat groups.
Telehealth is particularly well suited for initial screening of patients and providing quicker and safer access to providers now, and also once we are safely beyond the current health crisis. As a result, this is a critical time for healthcare providers to encourage their patients to make use of this valuable tool and to implement or improve processes and systems already in place. More often, older patients are reluctant to give up the familiar in-person encounter.
Yet, that is exactly the population that may benefit the most from the efficiency and convenience of avoiding travel time or sitting in a waiting room possibly subjecting themselves to exposure to unknown health risks from other patients.
Both federal and state guidelines on this topic are rapidly evolving, many of which are intended to be temporary and only apply while the current state of public health emergency remains in effect. The CARES Act provides a number of important temporary waivers of limitations on telehealth coverage for Medicare beneficiaries. Private payors are generally following suit.
For example, telehealth visits will be reimbursed temporarily by Medicare under the Physician Fee Schedule at the same amount as in-person services. Medicare coinsurance and deductibles still apply for these services. In ordinary times, reductions or waivers of such costs implicate the federal anti-kickback statute and other regulatory schemes. However, healthcare providers are temporarily allowed to reduce or waive cost-sharing for telehealth visits paid by federal healthcare programs without fear of penalty.
Further, Medicare will issue payment for professional services furnished in all settings, including a beneficiaries’ home. This removes the requirement for a beneficiary to travel to a physician’s office, skilled nursing facility or hospital for a telemedicine visit.
Providers who prescribe controlled substances may temporarily use telehealth visits with patients. Prior to the outbreak of COVID-19, controlled substances generally could not be prescribed via telehealth without a provider conducting an in-person examination.
However, the public health emergency exception to that rule is now in effect. Accordingly, controlled substance prescriptions may be issued by an appropriately licensed provider for legitimate medical purposes (1) electronically for schedule II – V medications; (2) by calling in an emergency schedule II medication to a pharmacy; or (3) by calling in a schedule III – V medication to a pharmacy without an in-person exam, so long as a telehealth evaluation is conducted using an audio-visual, real-time, two-way interactive communication system.
Federal funding designed to improve and expand access to telehealth is at an all-time high. As part of the CARES Act, the FCC is administering a $200 million program to support nonprofit and public eligible healthcare providers responding to the COVID-19 pandemic by upgrading or purchasing telecommunications infrastructure and devices. Funding applications are processed on a rolling basis.
Separately, the FCC is administering the Connected Care Pilot Program, which will provide up to $100 million from the Universal Service Fund to help defray healthcare providers’ costs of providing telehealth services unrelated to treatment of COVID-19. The primary focus is on pilot programs that benefit low-income or veteran patients.
Increased use of telehealth necessarily brings about privacy and security concerns. Strict HIPAA compliance is temporarily relaxed during the public health emergency so long as a provider acts in good faith in its use of telehealth technology. However, patients expect their information to remain secure and use of telehealth is certain to continue to increase after the current crisis is over. As a result, providers are cautioned to practice as if strict compliance is currently necessary in order to provide maximum security to patient information.
Providers who haven’t used telehealth before should choose a platform that allows multi-factor authentication and uses non-public facing audio or video communication products. Passwords and PINs are relatively easy to hack and should be combined with additional measures such as a fingerprint, facial recognition or a security question chosen by the patient. Use a system that delivers an alert upon discovery of an intrusion to minimize the adverse impact. Encryption is crucial at every level of the system, including the data, server, database and any applications or mobile devices. Implement a method to monitor the device being used to log in so your system recognizes the user as your patient. Require additional security measures for higher-risk tasks such as downloading records or making changes to a patient’s account information. Be sure to enter into a Business Associate Agreement with the technology vendor.
Finally, training employees and staff is critical. One of the easiest ways to penetrate otherwise strong security measures is the use of phishing scams and malware. Ensure staff know how to identify a suspicious email that contain misspellings, grammatical mistakes or when an email address doesn’t match the sender. Staff also should never to click a link unless they trust the sender’s identity.
Temporary relaxation of telehealth rules and restrictions allows patients to receive easier access to healthcare, which is likely to result in increased emphasis on the use of telehealth in the ordinary course. Providers who adapt their practice to this valuable tool will be ahead of the curve in patient care.