Please listen to our podcast on COVID-19, telehealth, and our response.
This article offers an overview of getting started with telemedicine, some of the billing and reimbursement considerations, and some general thoughts on telemedicine for those new to the discipline:
Our introductory course on telemedicine is free for policyholders and staff. Click here to take it:
Please download our summary of coding and reimbursement during the COVID-19 pandemic:
For a comprehensive summary of the changes to telemedicine, including billing changes, applicable during the COVID-19 public health emergency, please download the following bulletin:
The Center for Connected Health Policy* includes all state's telehealth policies related to COVID-19 (scroll to see the individual states), along with links to many state Medicaid programs and the Federation of State Medical Boards.
( *Connected referring to telehealth and other electronic communication)
A: With the increased use of teleconferencing, there has been a rash of “Zoom Bombing” and other teleconferencing platform hijacking where perpetrators will access the meeting and take over. It is best to use a platform that is encrypted and is HIPAA compliant, however, the OCR understands that with the current COVID-19 situation the possible need to use non-compliant platforms exists. Regardless of what you use, when choosing and setting up your platform, be sure to review the privacy and security settings. Additionally, the FBI recommends doing due diligence and following these hijacker threat mitigation measures:
A: The new waiver in Section 1135(b) of the Social Security Act explicitly allows the Secretary to authorize use of telephones that have audio and video capabilities for the furnishing of Medicare telehealth services during the COVID-19 PHE. In addition, effective immediately, the HHS Office for Civil Rights (OCR) will exercise enforcement discretion and waive penalties for HIPAA violations against health care providers that serve patients in good faith through everyday communications technologies, such as FaceTime or Skype, during the COVID-19 nationwide public health emergency. The OCR has also indicated platforms such as Facebook Live, Twitch, TikTok, and similar video services are considered public facing and should NOT be used for telehealth services.
A: Most states require the physician to be licensed in the state where the patient is located at the time of service. If you are near a border state, you should check that states guidelines if you are treating patients via telemedicine.
March 31, 2020 Medicare Ruling. Reacting to the many questions and concerns from providers about telemedicine payments, the Centers for Medicare & Medicaid Services (CMS) released Medicare IFC: Revisions in Response to the COVID-19 Public Health Emergency (CMS-1744-IFC) (PDF) (retroactively dated to March 1). The new ruling addresses many issues; however, we will spotlight several that are relevant to the ambulatory environment, noting the page numbers of the ruling for quick reference. This ruling indicates a significant change in coding and reimbursement of digital health services. This ruling appears to address a multitude of outstanding issues:
This is not meant to be a replacement for your internal HIM/coding/billing/compliance experts, but rather to allow you to read the ruling first hand to help interpret the guidance for your organization.
A: No. Patients do not need to consent to the risk of COVID-19 for routine medical care. However, we recommend a patient-centered approach to informing the patient about the risk of transmission of COVID-19. This may include a variety of methods: notices on the practice website, appointment reminders, on office entrance doors, in the reception area, etc. advising the patient about the risk of infection, the importance of limiting persons in the medical office and any changes in office procedures/protocols the patient should expect during the visit. If possible, provide information in advance. This may include changes to patient flow, triage, treatment and design. Clear signage with pictures recommending patients call before entering if they have symptoms of any respiratory infection (e.g., cough, fever, sore throat, shortness of breath, etc).
Signage in appropriate languages instructing patients to alert staff about respiratory symptoms and correct hygiene and cough etiquette. Additionally, provide educational material about risks, CDC guidance and when to seek medical attention for COVID-19 symptoms should they occur after the visit.
For a specific procedure or treatment that would require informed consent before proceeding, it is recommended that risk of COVID-19 be covered during the informed consent process. It is important that the patient understand and acknowledge the risk of COVID-19 infection, and make an informed decision to proceed with the treatment or refuse/defer treatment. Some specialty organizations may offer specific COVID-19 related consent forms. We encourage you to thoroughly review any recommended form and avoid inclusion of “assumption of liability” or “waiver of liability” statements if the patient contracts COVID-19. See waiver FAQ below.
A: No. Waivers of liability or statements by patients acknowledging assumption of risk are largely ineffective and often unenforceable. You may be familiar with liability waivers, such as those signed in contractual situations (recreational activities, opening a gym membership, cooking classes, etc). A waiver is simply a voluntary relinquishment or abandonment of a legal right. A liability waiver in the COVID-19 context is a written contract where the patient acknowledges the risks of accepting the services of a physician or other provider and agrees to waive liability for any adverse results. Most courts consider this type of waiver to be against public policy as it involves a matter of interest to the public. Healthcare providers are required to meet the standard of care and the courts frown upon efforts by them to contractually avoid liability.
Your best defense may be a detailed informed consent discussion of risks, an opportunity for the patient to ask questions, decide to proceed with the treatment and signature of the patient. This can effectively act as a limited waiver if one of the disclosed risks of the care or procedure results in injury or harm.
Likewise, statements assuring patients that your office is following protocols or guidelines are unnecessary.
Avoid statements such as:
A: Yes, a patient will not be prevented from filing a lawsuit as long as the legal procedural requirements are met in the jurisdiction. However, a claim alleging COVID-19 infection from a physician or other provider’s negligence, like all claims, would have to be viewed in the context of the care that was provided. If reasonable precautions to prevent contamination were taken, the claim would be difficult to support.
A: Follow CDC and local health department guidelines that may require you to screen for COVID-19 symptoms, other high risk conditions for COVID-19, or contact with a person infected with COVID-19. Inform patients why additional questions are necessary by using phrasing similar to the following:
“Health authorities suspect the COVID-19 virus is contagious and can cause severe respiratory infections that spread mainly from person-to-person through close contact. For example, in a household, workplace or healthcare center. The virus is spread through coughing and sneezing, similar to how influenza and other respiratory pathogens are spread. For your safety as well as the safety of our own team members and other patients, we will be gathering additional information to better assess your risk of becoming infected by COVID-19 during your visit.”
A: Previously, Business Associates (BAs) could only release patient information under the direction of the Covered Entity. On April, 2, 2020, the OCR provided notice, they are relaxing those requirements on BAs so they can release pertinent COVID-19 related information in the interest of public health. The notice specifically states:
OCR will exercise its enforcement discretion and will not impose penalties against a business associate or covered entity under the Privacy Rule provisions 45 CFR 164.502(a)(3), 45 CFR 164.502(e)(2), 45 CFR 164.504(e)(1) and (5) if, and only if:
A: The HIPAA Privacy Rule permits a covered entity to disclose the protected health information (PHI) of an individual who has been infected with, or exposed to, COVID-19, with law enforcement, paramedics, other first responders, and public health authorities without the individual’s HIPAA authorization under certain circumstances. This link provides the document that specifies when it is acceptable to disclose PHI to first responders.
A: HIPAA Privacy and Security rules are still in effect, and for the most part have not been waived or relaxed.
In regards to telehealth (telemedicine), the Office for Civil Rights (OCR) has recently provided notice stating they will waive penalties for any potential HIPAA violations by healthcare providers who use everyday communications technologies such as FaceTime, Skype, Facebook Messenger video chat, Google Hangouts video chat, and similar private-facing platforms during the Coronavirus crisis for telehealth services. The OCR has also indicated platforms such as Facebook Live, Twitch, TikTok, and similar video services are considered public-facing and should NOT be used for telehealth services.
These relaxations for telehealth (telemedicine) are only for the remote treatment of patients through one-on-one communication technologies. Staff should continue following all Privacy and Security policies and procedures for protecting the privacy, security, and integrity of patient information, whether from the office or from home. Please see the FAQ on employees working from home for additional information on protecting patient information for those working from home.
HHS has a decision tool to walk you through the process of determining when, what, and how PHI may be disclosed in a Public Health Emergency. These appropriate disclosures would be:
In light of the COVID-19 pandemic, the Substance Abuse and Mental Health Services Administration (SAMHSA) has provided guidance stating, as determined by the provider, a medical emergency exists, healthcare providers may use their own judgement when disclosing substance use disorder records to other providers for treatment purposes when a medical emergency exists. This is typically a disclosure that is not permitted without written patient consent, but SAMHSA has relaxed this requirement during the current crisis. SAMHSA emphasizes that, under the medical emergency exception, providers make their own determinations whether a bona fide medical emergency exists for purposes of providing needed treatment to patients.
These current relaxations, while they do not have an expiration date, are not permanent and will more than likely revert to previous guidance once the current State of Emergency passes.
A: Patients should be aware that there is mandatory reporting of COVID-19 to the Department of Health, but that is still confidential. The health department takes over once reported, but the physician offices still have to maintain confidentiality.
A: From a HIPAA standpoint, employees should treat patient information with the same privacy and security as they would in the office. The current relaxation of Security guidelines only relates to Telehealth. Practices must include employees working remotely to their Security Risk Analysis in order to remain compliant. Additionally: