Health Law Advisor

Use of telehealth services has surged since the COVID-19 pandemic; however, this increase in use does not come without limitations. Telehealth providers are subject to regulations, which differ by state, that govern various aspects of providing services via telemedicine, including what types of health care providers can provide telehealth services, what services can be provided via telehealth, and where providers must be located in order to provide telehealth services to a patient. A requirement consistent across most states is that providers engaging in telehealth services ...

In this episode of the Diagnosing Health Care Podcast: What trends in state laws and regulations have emerged in the post-public health emergency (PHE) era, and how do these changes impact telehealth stakeholders?

At the federal level, many telehealth-related flexibilities have been extended through December 31, 2024, whereas, at the state level, there are wide variations in approach. Many states have continued to push the boundaries of existing telehealth policies, yet no two states are exactly alike in their approach to defining and regulating telehealth.

On this episode ...

Interest in and acceptance of telehealth services continues to grow. In 2023, a key focus by the states has been addressing questions about how to modify existing regulatory infrastructures sustaining the provision of telehealth services to support the continued use of these services in a post-public health emergency world.

However, modifications to telehealth services also increases the potential for fraudulent behavior and enforcement activity. Providers should continue to monitor developments in federal and state laws, regulations, and policies to capitalize on ...

On October 18, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), which is tasked with enforcing the Health Insurance Portability and Accountability Act (“HIPAA”), issued two new guidance documents pertaining to privacy and security risks associated with the use of telehealth services. One guidance document, entitled “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth,” is aimed at health care providers (the ...

On Friday, October 6, 2023, the Drug Enforcement Administration (“DEA”) and Department of Health and Human Services (“HHS”) filed a Second Temporary Extension of the COVID-19 Telemedicine Flexibilities for Prescription of Controlled Medications (“Second Temporary Rule”), extending the full set of telemedicine flexibilities adopted during the COVID-19 public health emergency (“PHE”) through December 31, 2024. The Second Temporary Rule is scheduled for publication in the Federal Register today (October 10, 2023) and scheduled to take effect on November ...

On August 4, 2023, the Drug Enforcement Administration (“DEA”) announced plans to host two public listening sessions, scheduled to take place on September 12 and 13, 2023 at DEA’s headquarters in Arlington, VA, to collect additional input regarding the practice of telemedicine and specifically the remote prescribing of controlled substances without conducting an in-person evaluation of patients before prescribing.

The listening sessions will be open to the public, and those who anticipate attending must register through DEA’s Diversion Control website. The registration process opens today (August 7, 2023). DEA also plans to make the listening sessions available via livestream and copies of transcripts from the sessions also will be made available at a later date on the DEA Diversion Control Program website.

In this episode of the Diagnosing Health Care Podcast:  A complex landscape of state laws overlays the direct access testing model, ranging from physician order requirements, such as telemedicine standards and the corporate practice of medicine doctrine, to specimen collection considerations, including how the varying options for collection could impact a model.

How do these factors combine to create a roadmap for companies navigating the direct access testing industry?

On April 11, 2023, U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced its plan for termination of the existing notifications of enforcement discretion related to the expiration of the COVID-19 public health emergency (PHE) on May 11, 2023. 

On February 24, 2023, the Drug Enforcement Agency (“DEA”) announced proposed permanent rules around prescribing controlled substances via telemedicine that expand the circumstances under which practitioners can prescribe controlled substances without first conducting an in-person medical evaluation of the patient outside of the COVID-19 public health emergency (“PHE”). The proposed rules are more restrictive than the DEA emergency waivers under which providers conducted telemedicine prescribing for the last three years, but are less restrictive in comparison to the pre-PHE regulations applicable to telemedicine prescribing of controlled substances under the federal Controlled Substances Act (“CSA”).

Both the proposed rules related to telemedicine prescribing of Schedule III-V non-narcotic controlled substances, and the separate proposed rules related to telemedicine prescribing of buprenorphine, were published in the Federal Register on March 1, 2023. The public has been given until March 31, 2023 to review and provide comments regarding the proposed rules, which the DEA will consider before promulgating final regulations.

Interest in and acceptance of telehealth services continues to grow. Recent events, like the COVID-19 pandemic and the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women's Health Organization, have put more pressure than ever on federal and state legislators to promote access to telehealth services.

However, the greater use of telehealth services also increases the potential for fraudulent behavior and enforcement activity. Providers should continue to monitor developments in federal and state laws, regulations, and policies to capitalize on telehealth opportunities while staying compliant with applicable laws.

Since 2016, Epstein Becker Green has researched, compiled, and analyzed state-specific content relating to the regulatory requirements for professional mental/behavioral health practitioners and stakeholders seeking to provide telehealth-focused services. We are pleased to release our latest compilation of state telehealth laws, regulations, and policies within the mental/behavioral health practice disciplines.

Interest in, and acceptance of, telehealth services continues to grow. Federal and state legislators are under pressure to codify the flexibilities granted in response to the COVID-19 pandemic that increased access to telehealth services. Meanwhile, increased use of telehealth has put a much greater focus on the potential for fraudulent behavior and increased enforcement activity as a result. Telehealth providers should continue to monitor developments in federal and state laws, regulations, and policies to capitalize on telehealth opportunities while at the same time ...

The New Jersey Department of Health (the “Department”) recently finalized regulations initially proposed in April 2020 that will now require all telehealth organizations providing telemedicine services to patients located in New Jersey to register their business with the Department before October 15, 2021, and annually thereafter.  In addition to annual registrations, telehealth companies will also be required to submit annual reports on activity and encounter data.

On June 21, 2021, Florida Governor Ron DeSantis signed into law a bill requiring genetic counselors to be licensed by the Florida Department of Health (“FLDOH”).  The new law, known as the Genetic Counseling Workforce Act (“GCWA”), became effective on July 1, 2021.  FLDOH has announced a 90 day enforcement moratorium to allow counselors time to become appropriately licensed in the State.  Florida now joins a growing number of states that regulate the work of genetic counselors.

On May 26, 2021, the Department of Justice (“DOJ”) announced a coordinated law enforcement action against 14 telehealth executives, physicians, marketers, and healthcare business owners for their alleged fraudulent COVID-19 related Medicare claims resulting in over $143 million in false billing.[1] This coordinated effort highlights the increased scrutiny telehealth providers are facing as rapid expansion efforts due to COVID-19 shape industry standards.

Since the outset of the COVID-19 pandemic, the DOJ has prioritized identifying and prosecuting COVID-19 ...

The Illinois Coalition to Protect Telehealth, a coalition of more than thirty Illinois healthcare providers and patient advocates, announced its support for a bill that would, among other things, establish payment parity for telehealth services and permanently eliminate geographic and facility restrictions beyond the COVID-19 pandemic. Like many states, Illinois issued an executive order at the outset of the pandemic temporarily lifting longstanding barriers to consumer access to telehealth via commercial health plans and Medicaid.[1]  The executive order expanded the definition of telehealth services, loosened geographical restrictions on physician licensing requirements, and barred private insurers from charging copays and deductibles for in-network telehealth visits.

Now, House Bill 3498 seeks to make permanent some of those temporary waivers by aligning coverage and reimbursement for telehealth services with in-person care. If enacted, it would also establish that patients could no longer be required to use an exclusive panel of providers or professionals to receive telehealth services, nor would they be required to prove a hardship or access barrier in order to receive those services.  The bill does not include a provision that would permanently allow out-of-state physicians or health care providers to provide services in the state beyond the pandemic.[2]

In the Coalition’s announcement of support for this bill, it states that the use of telehealth over the last year has shown an increased adherence to patient care plans and improved chronic disease management.  “In recent surveys, over 70% of Illinois hospital respondents and 78% of community-based behavioral healthcare respondents reported that telehealth has helped drive a reduction in the rates at which patients missed appointments. Surveys of Illinois physicians, community health centers, and specialized mental health and substance use disorder treatment providers have also revealed similar dramatic reductions in missed appointments.”

This Diagnosing Health Care episode examines the fraud and abuse enforcement landscape in the telehealth space and considers ways telehealth providers can mitigate their enforcement risks as they move into the new year. Hear how the uptick in enforcement warrants close consideration by telehealth providers, especially those that are new to the space and have not yet built their compliance infrastructures.

The episode features Epstein Becker Green attorneys Amy Lerman, Melissa Jampol, and Bonnie Scott.

The Diagnosing Health Care podcast series examines the business ...

On March 17, 2020, the Office for Civil Rights’ (“OCR”) announced that—for the duration of the COVID-19 emergency—it would exercise enforcement discretion and waive any potential penalties for HIPAA violations relating to health care providers’ use of “everyday communications technologies” in the provision of services via telehealth (the “HIPAA Waiver”). This move has resulted in a drastic increase in the number of telehealth encounters. The HIPAA Waiver has enabled many providers to immediately leverage these technologies to render services via telehealth for the first time, without the need to expend significant resources to quickly ramp up a HIPAA-compliant telehealth platform. A summary of the HIPAA Waiver can be found in a recent blog post. While the HIPAA Waiver applies only temporarily, it is likely that the increased reliance on telehealth evidenced over the past three months is here to stay.

The COVID-19 pandemic’s impact on the regulatory landscape of telehealth was the topic of a June 17, 2020 hearing before the Senate Health, Education, Labor & Pensions Committee.  As Chairman Lamar Alexander acknowledged during his opening statement, the health care sector and government “have been forced to cram 10 years’ worth of telehealth experience into just the past three months.” Indeed, this “cramming” has resulted in thirty-one temporary changes to telehealth policy at the federal level. Of these temporary changes, Chairman Alexander included the OCR enforcement discretion / HIPAA waiver as one of the three changes he considers most important. However, of the three changes the Chairman views as most important, he declined to include the enforcement discretion in the temporary changes he believes should be made permanent, and instead called upon his colleagues to consider whether to extend the HIPAA waiver.[1]

The FDA has issued the Temporary Policy on Prescription Drug Marketing Act Requirements for Distribution of Drug Samples During the COVID-19 Public Health Emergency.  The Prescription Drug Marketing Act of 1987 (PDMA) describes manufacturers’ drug sample storage, handling, and recordkeeping obligations as well as the written request and receipt requirements for prescribers.

Many manufacturers utilize their field sales representatives to deliver drug samples directly to, and collect written receipts from, prescribers at prescriber offices during sales calls. The COVID-19 crisis has disrupted field sales representatives’ ability to have face to face visits with prescribers, preventing them from delivering samples and collecting required receipts.  In addition, as a result of the crisis, many prescribers are providing telehealth services from their homes, impacting prescribers’ ability to receive, store and distribute samples at their offices.

On March 13, 2020, President Trump issued a proclamation that the novel coronavirus (“COVID-19”) outbreak in the United States constituted a national emergency. Following this proclamation, pursuant to section 1135(b) of the Social Security Act, the Secretary of the Department of Health and Human Services (“HHS”), Alex Azar, invoked his authority to waive or modify certain requirements of titles of the Act as a result of the consequences of the COVID-19 pandemic, to the extent necessary, as determined by the Centers for Medicare & Medicaid Services (“CMS”), to ensure that sufficient health care items and services are available to meet the needs of individuals enrolled in the Medicare, Medicaid, and Children’s Health Insurance Programs (“CHIP”). This authority took effect on March 15, 2020, with a retroactive effective date of March 1, 2020 and will terminate at the conclusion of the public health emergency period.[1] Pursuant to this authority, HHS announced a number of nationwide blanket waivers, including a waiver related to telehealth, in order for providers to respond to the COVID-19 public health emergency.[2]

Separate from and in addition to the blanket waivers, the Secretary’s authority under Section 1135 also allows CMS to grant Section 1135 waivers to states that request CMS to temporarily waive compliance with certain statutes and regulations for its Medicaid programs during the time of the public health emergency. So far, many states have requested these additional flexibilities in order to focus their resources on combatting the outbreak and providing the best possible care to Medicaid enrollees in their states. CMS has been rapidly approving these Section 1135 waiver requests, but it is important to recognize that not all state requests are created equal with respect to utilizing telehealth / telemedicine services during the public health emergency. Based on a review of the publicly available state request letters, it is clear that some states have prioritized use of telehealth in order to respond to COVID-19, while other states have not, or have not yet requested similar flexibilities related to provision of telehealth services. Examples of states that have prioritized greater use of telehealth include:

• California: The state requested flexibility for telehealth and virtual communications to make it easier for providers to care for people in their homes. Specifically, California requested flexibility to allow telehealth and virtual/telephonic communications for covered State plan benefits, such as behavioral health treatment services, and waiver of face-to-face encounter requirements for Federally Qualified Health Centers and Rural Health Clinics, among others. The state also sought reimbursement of virtual communication and e-consults for certain providers. CMS approved this waiver request on March 23, 2020.
• Illinois: The Illinois Department of Healthcare and Family Services waiver request, approved on March 23, 2020 by CMS, sought flexibility of documentation requirements, including the lack of documentation of consent for a telehealth consult. Like several other states, Illinois also requested CMS to allow providers to use non-HIPAA compliant telehealth modes from readily available platforms, such as Facetime, WhatsApp, Skype, etc., to facilitate a telehealth visit or check-in at the location of the patient, including the patient’s home.

On March 17, 2020 the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that it would “exercise its enforcement discretion and will waive any potential penalties for HIPAA violations” for health care providers who are serving patients using “everyday communications technologies.”  The OCR issued this guidance to ensure providers could make use of available technologies and communication apps in order to facilitate virtual visits with patients.

Specifically, the guidance provides (emphasis added):

A covered health care provider ...

While providers struggle to provide health care to their patients amid the coronavirus contagion concerns, recent regulatory and reimbursement changes will help ease the path to the provision of healthcare via telehealth.

On March 6, 2020, President Donald Trump signed into law an $8.3 billion emergency coronavirus disease 2019 (“COVID-19”) response funding package. In addition to providing funding for the development of treatments and public health funding for prevention, preparedness, and response, the bill authorizes the U.S. Secretary of Health and Human Services, Alex Azar (referred to herein as the “Secretary”), to waive Medicare restrictions on the provision of services via telehealth during this public health emergency.

Greater utilization of telehealth during the COVID-19 outbreak will reduce providers’ and patients’ exposure to the virus in health care facilities. Telehealth is especially useful for mild cases of illness that can be managed at the patient’s home, thereby decreasing the volume of individuals seeking care in facilities. To further facilitate the increased utilization of telehealth, the Centers for Disease Control’s interim guidance for healthcare facilities notes that healthcare providers can communicate with patients by telephone if formal telehealth systems are not available. This allows providers to have greater flexibility when telehealth technology providers lack the bandwidth to accommodate this increase in telehealth utilization or are otherwise unavailable.

We hope that everyone is staying safe during the COVID-19 crisis. State health departments are, of course, doing what they can to facilitate management of transmission of COVID-19 by healthcare providers. Some recent actions by the New York Department of Health (“DOH”) to allow or promote telephonic and telehealth services include:

Telephonic Evaluation - Beginning with dates of service of March 13, Medicaid will reimburse telephonic evaluation and management services for established patients where face-to-face visits may not be recommended and it is medically ...

While the world continues to respond to the growing COVID-19 pandemic, the United States Congress recently passed legislation that provides for more than $8 billion in emergency funding to combat COVID-19. Part of this supplemental funding package, signed into law on March 6, 2020, includes the Telehealth Services During Certain Emergency Periods Act of 2020 (the “Act”),[1] which authorizes the Administration to loosen restrictions on telehealth in order to expand access to COVID-19 related telehealth services for Medicare beneficiaries—many of whom are especially vulnerable to this virus and in the event of future emergencies. On March 17, 2020, the Administration announced the implementation of this waiver with a retroactive effective date of March 6, 2020.

Our colleagues Amy F. Lerman, Francesca R. Ozinal, and team have released the 2019 update to Epstein Becker Green’s Telemental Health Laws survey.

Available as a complimentary app for iPhone, iPad, and Android devices, the survey covers state telehealth laws, regulations, and policies within mental health.

For more about the survey findings, visit “Epstein Becker Green Finds Telehealth Services Are Increasingly Accessible to Mental Health Professionals Despite Legislative Barriers.”

Also see the "Telemental Health Laws: Overview" for more about the ...

On February 14, 2019, the Centers for Medicare & Medicaid Services (“CMS”) announced the Emergency Triage, Treatment and Transport reimbursement model (the “ET3 Model”), a demonstration project that aims to provide improved flexibility to ambulance crews addressing 911-initiated emergency calls for Medicare beneficiaries.

CMS plans to release its Request for Applications (“RFA”) to solicit participation in the ET3 Model from Medicare-enrolled ambulance providers and suppliers in the summer of 2019. The ET3 Model start date is anticipated for January 2020 for ...

The Office of Inspector General (“OIG”) for the Department of Health and Human Services recently issued an Advisory Opinion that provides insight into how the agency evaluates arrangements that deal with the integration of technology, medicine, and patient monitoring under the federal Anti-Kickback Statute (“AKS”). In Advisory Opinion No. 19-02, OIG evaluated whether a pharmaceutical manufacturer could temporarily loan a limited-functionality smartphone to financially needy patients enrolled in federal health care programs. OIG concluded that the proposed ...

The Ryan Haight Act Online Pharmacy Consumer Protection Act of 2008 (21 U.S.C. § 802(54)) (the “Ryan Haight Act” or “Act”) expanded the federal Controlled Substances Act to define appropriate internet usage in the dispensing and prescribing of schedule drugs, and in doing so effectively banned the issuance of prescriptions via telemedicine services for any controlled substances unless the ordering physician has conducted at least one in-person evaluation of the patient. The Act includes multiple exceptions that permit prescribing of controlled substances ...

At first blush, the passage of House Bill 5483, entitled the “Special Registration for Telemedicine Clarification Act of 2018” (the “Bill”), appears to address the issue concerning the lack of regulatory guidance regarding the “Special Registration” exception to the Ryan Haight Act of 2008; however, a deeper and more careful analysis reveals that the Bill may not be as effective as most health care practitioners may hope. The Bill, sponsored by Rep. Carter (R-Georgia), a pharmacist, Rep. Bustos (D-Illinois), and nine others, cleared the House on June 12, 2018 without ...

Effective June 11, 2018, all Department of Veterans Affairs (“VA”) health care providers will be able to offer the same level of care to all beneficiaries regardless of the beneficiary’s or the health care provider’s location. In its recently released final rule, the VA stated that in December 2016 Congress mandated that the agency provide veterans with a self-scheduling, online appointment system, and that the agency meet the demands for the provision of health care services to veterans, regardless of whether such care was provided in-person or using telehealth ...

The U.S. Department of Health and Human Services’ Office of Inspector General (OIG) recently released a report revealing that during OIG’s 2014 and 2015 audits of telehealth claims, more than half of the professional telehealth claims paid by the Medicare program did not have matching originating-site facility claims.

According to the report, Medicare telehealth spending increased from $61,302 in 2001 to $17,601,996 in 2015. Among the 191,118 Medicare paid distant-site telehealth claims (totaling $13,795,384), the OIG randomly sampled 100 of those claims and obtained ...

In March 2018, the Medicaid and CHIP Payment and Access Commission (MACPAC) made its 2018 report to Congress, which included the Commission’s evaluation of telehealth services provided through the Medicaid program. Chapter 2 of MACPAC’s report had a positive outlook on telehealth’s contribution toward better accessibility of health care services to underserved individuals as well as individuals with disabilities.

Unlike its larger counterpart, Medicare, federal policy has not placed many restrictions on state Medicaid programs in terms of adopting or designing ...

On February 9, 2018, President Trump signed into law the Bipartisan Budget Act of 2018 (“BBA”). Among the most notable changes that will occur with the enactment of the BBA is the inclusion of certain provisions taken from the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (“CHRONIC”) Care Act of 2017 bill (S.870) which the Senate passed in September 2017. Among other things, the CHRONIC Care provisions will have the effect of redefining new criteria for special-needs plans (“SNPs”), in particular the special-needs Medicare Advantage ...

The calls for utilizing telemedicine in battling the opioid crises in the U.S. are growing louder. On January 30, 2018, Senators Claire McCaskill (D-Mo.), Lisa Murkowski (R-Alaska), and Dan Sullivan (R-Alaska), sent a letter to Robert W. Patterson, the Acting Administrator of the U.S. Drug Enforcement Administration (DEA), urging the agency to promulgate regulations that would allow healthcare providers to prescribe medication-assisted treatments via telemedicine for persons with opioid dependence disorder.

The letter specifically addresses the Ryan Haight Online ...

In 2008, Congress passed the Ryan Haight Act (21 U.S.C. § 802(54)) (“Ryan Haight”) following the death of Ryan Haight, a young man who overdosed on prescription painkillers he purchased from an online pharmacy without a valid prescription. Ryan Haight amended the federal Controlled Substances Act (21 U.S.C. 802 et seq.) and specifically prohibits dispensing controlled substances via the internet without a “valid prescription” which, according to the law, must be issued for a legitimate medical purpose and may only be issued once a physician has conducted at least one ...

One of the challenges to increasing Medicare coverage of telehealth services is amending the statutory language in the Social Security Act (42 U.S.C. § 1395m) to remove geographic and other limitations. The Congressional Budget and Impoundment Control Act of 1974 requires the Congressional Budget Office (“CBO”) to provide cost estimates of proposed legislation. These CBO scoring reports provide estimates on the spending and revenues associated with legislation, generally over the window of 10 years beyond the effective date of the legislation. Therefore, budgetary ...

Steven R. Blackburn, Member of the Firm in the Employment, Labor & Workforce Management practice will co-present a Practising Law Institute in-person event and webcast on January 25, 2018 at 10:00 a.m. PST titled “Tech Sector Employment Law Hot Topics for the California Lawyer.”

This event will address current California employment law issues, with the added focus of how the latest, state-specific legal developments impact the tech sector, in particular.

Steven R. Blackburn’s program is titled, “Sexual Harassment in the Tech Sector – Employer Duties, Investigations ...

On October 26, 2017, President Trump directed the Secretary of the Department of Health and Human Services (“Secretary”) to declare a National Public Health Emergency on the opioid epidemic. While the President offered few details regarding how his administration will address the challenge of treating patients struggling with opioid addiction, a previous statement from the White House indicated that the Administration plans to expand access to treatment via telemedicine and more specifically, remote prescribing of the necessary controlled substances used to treat ...

Epstein Becker Green released an Appendix to its “50-State Survey of Telemental/Telebehavioral Health (2016)” with new and updated analysis on the laws, regulations and regulatory policies affecting the practice of telemental/telebehavioral health in all 50 states and the District of Columbia. Since the Survey was released in 2016, states have been incredibly active in their legislative efforts with respect to the provision of telehealth services. As a result, EBG again conducted extensive research to share relevant changes with providers and consumers who are ...

You need not spend much time reading the news to know that recent Hurricanes Harvey and Irma have disrupted the lives of tens of thousands of individuals, many of whom may already have behavioral health needs; however, the trauma caused by these recent natural disasters, and others, has created an immense need for additional behavioral and mental health services. For example, a 2012 study entitled “The Impact of Hurricane Katrina on the Mental and Physical Health of Low-Income Parents in New Orleans” reported elevated rates of incidence of Post-Traumatic Stress Disorder ...

Pursuant to the 21st Century Cures Act of 2016, Congress mandated the Medicare Payment Advisory Commission (“MedPAC”) to provide a report to Congress by March 15, 2018, in which MedPAC has been asked to answer the following questions:

1. Under the Medicare Fee-for-Service program (Parts A and B), what is the current coverage of telehealth services?
2. Currently, what coverage do commercial health plans offer for telehealth services?
3. In what ways can the Medicare Fee-for-Service program adopt some or all the telehealth service coverage presently found in commercial health plans?

Throughout the campaign season and the first months of Donald Trump’s presidency, the current Administration has voiced a commitment to furthering telehealth advancement. For example, during the campaign, then-candidate Trump emphasized the importance of telehealth tools in reforming the U.S. Department of Veterans Affairs ("VA"). More recently, both U.S. Department of Health and Human Services Secretary Tom Price and Centers for Medicare and Medicaid Services Administrator Seema Verma stated in their confirmation hearings that they were interested in promoting the ...

Updates to OIG FY 2017 Work Plan

The United States Department of Health and Human Services (“HHS”) Office of the Inspector General (“OIG”) recently updated its FY 2017 Work Plan. Traditionally, OIG’s annual Work Plan has given health care providers a preview of OIG’s enforcement priorities. With the OIG now making updates to its Work Plan on a monthly basis, providers stand to gain even more insight into how the focus of OIG is constantly shifting in order to assist in the identification of significant compliance risk areas.

In this most recent set of updates to the FY 2017 ...

Private payer parity laws generally require private insurers and health maintenance organizations to cover, and in some cases also reimburse, for the provision of telehealth services in the same manner and at the same level as comparable in-person services. These laws are enacted at the state level, creating a complicated framework within which insurers must operate. At this point, most states have implemented some form of private payer parity law, although the specifics of each state’s laws vary. One of the most common is a rule such as Montana's, which requires insurers to offer ...

Telehealth continues to be a hot topic of state and federal legislatures. Texas, for example, recently joined the rest of the states in no longer requiring initial in-person visits before being able to provide telehealth services.

The Texas legislature enacted the major telehealth bill SB 1107 on May 19, 2017, and the governor signed the bill into law shortly thereafter on May 27, 2017. As reported in our prior post, Texas had considered that, if passed, this telehealth bill would allow patient-physician relationships to be established via telemedicine without requiring an initial ...

At the American Telemedicine Association’s (“ATA”) recent conference in Orlando, a panel of strategic investors discussed the growth of the telehealth industry. The panel delved into topics such as the driving forces for telehealth and which telehealth programs they believe have the ability to gain traction across a broad universe of stakeholders. Based on firsthand experience with deals that have worked, and those that have not, the panel shared their insights and discussed lessons learned, which in turn provided listeners with interesting insight regarding the future ...

The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government. ISAOs are proliferating in many critical infrastructure fields, including health care, where cybersecurity and data privacy are particularly sensitive issues given HIPAA requirements and disproportionate industry human and systems vulnerabilities. Therefore, in advising their companies ...

In recent years, Texas has served as ground zero for a number of the most contentious legal battles surrounding telehealth. This week, State Senator Charles Schwertner, the chairman of the Committee on Health and Human Services, submitted a bill signifying progress for telemedicine and telehealth providers looking to practice in the Lone Star State. The bill, S.B. 1107, would remove one of the toughest hurdles for telemedicine and telehealth practitioners – the face-to-face meeting requirement. Providers would be able to provide services to, and establish physician-patient ...

Much of the recent media scrutiny may suggest that Texas has gotten a bad rap when it comes to telehealth. But have recent reports painted an incorrect or unfair picture of telehealth innovation in Texas? The TexLa Telehealth Resource Center (“TexLa TRC”) certainly thinks so.

Recent media attention focused on Texas telehealth innovation suggests Texas is behind the telehealth curve. In a recent report, the Texas Business Association said, “Texas lags behind other states in establishing a supportive regulatory environment for the expansion of these services,” while the ...

As requested by Congress as part of an appropriations bill signed into law late last year, this month, the Department of Health and Human Services (HHS) released a report highlighting its e-health and telemedicine efforts.  The report makes for interesting reading, and while there are no significant surprises in the report, it offers a clear snapshot of some of the agency’s thinking regarding virtual care.

The first thing I noted in the report is the agency’s view that “telehealth holds promise as a means of increasing access to care and improving health outcomes.”  This is ...

Epstein Becker Green has just released the 50-State Survey of Telemental/Telebehavioral Health (2016), a groundbreaking, comprehensive survey on the laws, regulations, and regulatory policies impacting telemental health in all 50 states and the District of Columbia.

While other telehealth studies exist, this survey focuses solely on the remote delivery of behavioral health care.

Compiled by attorneys in Epstein Becker Green's Telehealth practice, the survey details the rapid growth of telemental health—mental health care delivered via interactive audio or video ...

Telemedicine has made great recent strides in terms of greater acceptance and deployment.  That said, a lot of work still needs to be done. Two recent surveys, one of tech savvy consumers and another of health care stakeholders make that case.

The first survey was done on behalf of a consumer health engagement company.  It makes for sobering reading. The survey polled 500 insured consumers who are also users of mobile health applications.  Some interesting findings:

• Almost 40% have not heard of telemedicine.
• 42% who have not used telemedicine and prefer an in-person physician visit ...

As you all know, the subject of telehealth reimbursement continues to vex the community. For example, Medicare lags far behind.  According to the Center for Telehealth and eHealth Law, Medicare reimbursed approximately $14 million total under its telehealth benefit for 2014.  This represents less than .0025 percent of the total Medicare reimbursed for services that year.  Medicaid is something of a mixed bag with the vast majority of states providing some coverage for telehealth, but many lagging in coverage and reimbursement for store-and-forward services and remote patient ...

As 2015 winds down, I think it is safe to say that it has been a whirlwind year in telehealth.  According to the National Conference of State Legislatures (NCSL), over 200 telehealth-related bills were introduced in 42 states.  The Federation of State Medical Boards (FSMB) has launched an interstate physician licensure compact that creates a new pathway to expedite physician licensure in multiple states.  Twelve states (with Wisconsin being the latest) have so far enacted the licensure compact.  Many states such as Colorado, Iowa, and Louisiana released regulations or policies that in ...

One of the issues with which we often grapple in the telehealth space is the relative lack of availability of studies and data when compared to other areas of the health care sector.  Telehealth is relatively young and therefore has not had the time to build a voluminous body of data and evidence.  But things are changing.  Many stakeholders are doing exemplary work in telehealth research, and stakeholders like the Department of Veterans Affairs have longstanding evidence regarding the efficacy of telehealth.  However, it’s a more recent document that has caught my attention.

A ...

A recent survey conducted by the Robert Graham Center, the American Academy of Family Physicians, and Anthem caught my attention. The survey was conducted to gauge the attitudes of primary care physicians regarding telehealth.  And the results make for interesting reading— providing great insight into how certain providers view and use telehealth. What struck me most is that while great progress has been made in the rate of telehealth adoption among providers, we still have a way to go. According to the survey report, state legal and regulatory issues, reimbursement, and provider ...

Telemental health seems to be emerging, even booming.  Also referred to as telebehaviorial health, e-counseling, e-therapy, online therapy, cybercounseling, or online counseling, for purposes of this post, I will define telemental health as the provision of remote mental health care services (usually via an audio/video secure platform) by psychiatrists, psychologists, social workers, counselors, and marriage and family therapists.  Most services involve assessment, therapy, and/or diagnosis.   Over the last few years, I have seen a wider variety of care models—from ...

As many of you know, reimbursement for telehealth services is a mixed bag.  On the one hand, private payers generally seem ahead of the curve.  Many leading private insurers reimburse for telehealth.  Generally these coverage policies provide reimbursement for telehealth services when they involve the use of real-time interactive audio, video, or other electronic media for diagnosis and consultation.  Just as significantly, more than half the states and the District of Columbia have passed telehealth parity statutes which require health insurers to provide coverage for services ...

As stakeholders, legislators and policymakers wrestle with the myriad of issues related to the provision of remote health care, clinical and technological advancements continue apace. What was once an industry focused primarily on the provision of primary care through existing remote platforms is morphing into a highly sophisticated brew of clinical and technological innovation.  In that regard, several trends have caught my attention. While these trends may not squarely fall within the accepted definitions of “telehealth”, they are worth noting because they raise many ...

As telehealth legal and regulatory issues continue to evolve, stakeholders need to stay current on trending issues. With that in mind, we are offering a complimentary “crash course” webinar series in which we will discuss a number of significant legal and regulatory issues implicated by telehealth including reimbursement, state issues, and employers.

How Do I Get Paid?

During this first installment of EBG’s Telehealth Crash Course series, we will discuss the current reimbursement landscape, including distinctions between various payer models and the growing impact of ...

As discussed previously on this blog, employers are increasingly turning to telemedicine as a way to cut employee health care costs and improve bottom lines. The trend will be accelerated by the impending Cadillac Tax, a 40 percent excise tax on the excess of the cost of an employee’s applicable coverage over the employee’s applicable dollar limit. In February, the Treasury and IRS released Notice 2015-16 (the “Notice”), kicking off the process of developing regulatory guidance regarding the Cadillac Tax. Specifically, the Notice addresses the following issues:

I have examined on this blog the various legal and regulatory issues implicated by telemedicine.  Many of those issues involve the practice of medicine and how state medical boards interpret state laws and regulations impacting telemedicine, and how those boards enforce those laws.  Believe it or not, a recent Supreme Court case may have an impact on how state boards do their business.

On February 25, 2015, the Supreme Court of the United States held that the North Carolina Dental Board (“Board”) was not insulated from federal antitrust liability under the so-called “state ...

At the International Association of Privacy Professionals ("IAPP") Global Privacy Summit in Washington, D.C. on March 5^th and March 6^th, the Federal Trade Commission ("FTC") was clear in its message that privacy was a top priority for the agency.  The FTC had a strong presence at the conference.  Three of the five Commissioners and the Director of the Bureau of Consumer Protection (Jessica Rich) all spoke at the conference and relayed a message of the importance of consumer privacy and security.  In that regard, the FTC speakers stressed the importance of:

• informing consumers of the ...

As we have explored a number of times on this blog, telemedicine has gone mainstream.  The more recent development is that employers seem to be paying more attention now. The numbers speak for themselves. A recent Towers Watson study focusing on employers with at least 1,000 employees concluded that U.S. employers could save up to $6 billion per year if their employees routinely engaged in remote consults for appropriate medical problems instead of visiting emergency rooms, urgent care centers, and physicians’ offices.

Attitudes towards telemedicine more generally in the United ...

Reports in the last week stated that the computer manufacturer Lenovo had preloaded software onto various lines of computers which critically compromised cybersecurity. The software in question is a product called Superfish Visual Discovery, a program generally designed to replace advertisements seen while browsing the Internet with ads provided by Superfish. However, the method of implementation opens up a universe of potential problems.

What Does Superfish Do?

Superfish is designed to replace Internet advertisements with advertisements provided by their sponsors. In ...

Providers, take note: the Chronic Care Management (CCM) CPT Code 99490 is now payable by the Centers for Medicare & Medicaid Services (CMS). Effective January 1, 2015, the Medicare program began making payments under the Physician Fee Schedule (PFS) for certain non-face-to-face management and care coordination services provided to beneficiaries covered under the traditional Medicare fee-for-service program. CCM services include, but are not limited to, development and maintenance of a plan of care, communication with other treating health care professionals, and ...

As so many of you know, the barriers to the wider adoption of telemedicine are numerous.  In listening to various stakeholders in the telemedicine space over the years, I consistently hear the same barriers being discussed:

• Multistate licensure for physicians and other health professionals;

• Data privacy and security;

• Coverage and reimbursement;

• Credentialing and privileging; and

• Corporate practice of medicine

One issue, however, that gets short shrift in my view is the issue of online prescribing—an issue that presents as formidable a barrier to the wider adoption of ...

On January 9, 2015, New Jersey Governor Chris Christie signed new legislation that will require health insurance carriers authorized to issue health benefits plans in the state—including insurance companies, health service corporations, hospital service corporations, medical service corporations, and health maintenance organizations—to encrypt personal information. Triggered by a series of data breaches involving the health information of almost a million residents, Senate Bill No. 562 (“SB 562”) was passed unanimously by both houses of the state legislature ...

As a lawyer practicing in the telemedicine space, I am rarely surprised these days.  But every once in a while I will read or hear something that stops me in my tracks. That is exactly what happened when I read a blog post by an FTC Commissioner which, among other things, calls for government policies that help facilitate greater adoption of telemedicine.  The post was part of a broader piece about the FTC's role in promoting competition and innovation in health care.

By way of quick background, the Federal Trade Commission is the federal agency charged with protecting ...

By Evan J. Nagler

The State of the Union Address, scheduled for January 20, 2015, will contain new initiatives related to privacy, White House officials say. The known initiatives are the introduction of a data breach reporting bill, a bill restricting the sale of student information, and a Consumer Privacy Bill of Rights.

SETTING A NATIONAL DATA BREACH REPORTING STANDARD

President Obama is planning on introducing a data breach bill that would standardize the reporting period nationwide at 30 days. The proposed Personal Data Notification and Protection Act would require ...

Earlier this week, the American Telemedicine Association reported an important clarification regarding the Centers for Medicare & Medicaid Services’ (“CMS’s”) plans for expanding reimbursement for telehealth services provided to Medicare beneficiaries.  The October 31, 2014 final rule with comment period regarding payments to physicians generated much excitement in the telehealth community, particularly because it opens a door, albeit only slightly, to possible Medicare coverage for remote patient monitoring services.

However, the ATA has clarified with CMS ...

Who knew?!  Buried among more than 1,000 pages of a new final rule with comment period on payments to physicians, released on October 31, 2014, the Centers for Medicare & Medicaid Services (“CMS”) finally has given telehealth providers a glimpse of its plans to expand reimbursement for telehealth services provided to Medicare beneficiaries. 

The final rule includes a provision that would cover remote chronic care management using a new current procedural terminology (“CPT”) code, 99490 (with a monthly unadjusted, non-facility fee of $42.60).  This new CPT code can be ...

There can be no question that telehealth has gone mainstream.  The numbers speak volumes. Telehealth companies have been able to raise almost $500 million since 2007 according to a noted venture capital analyst.  A recent study indicated that U.S. employers could save up to $6 billion a year through telehealth.  Per the American Telemedicine Association, more than half of all U.S. hospitals now offer some form of telehealth service.  Some leading analysts estimate that global revenue for telehealth will reach $4.5 billion by 2018, and the number of patients using telehealth services ...

By Adam Solander, Ali Lakhani and Wenxi Li

The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities.  While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health care entities must also ensure that their policies and practices related to mobile technology do not foster non-compliance and create institutional risk.

On May 20, 2014, the Secretary of the Department of Health and Human Services (HHS) submitted the agency’s Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2011 and 2012 (“Breach Report”). This report provides valuable insight for healthcare entities regarding their data security and enforcement priorities.

Section 13402(i) of the Health Information Technology for Economic and Clinical Health Act (HITECH) requires the Secretary of Health and Human Services to prepare an annual report regarding the number and nature of ...

Earlier this week, a popular source of regulatory news published an article claiming FDA “finalized a new rule this week that prohibits manufacturers from using so-called “split-predicates”. However, it appears that the article may instead be referencing the Final Guidance for Industry and Food and Drug Administration Staff entitled “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)]” that FDA published earlier this week.  Unfortunately, as often occurs on the Internet, the post was disseminated by several other popular ...

One of the largest hurdles to the growth of telehealth—the lack of a streamlined process for obtaining physician licensure in multiple states—is one step closer to being scaled. The Federation of State Medical Boards (“FSMB”) recently released a revised draft of its Interstate Medical Licensure Compact (“Compact”). This revised draft is a continuation of efforts by FSMB and its member boards to study the feasibility of an interstate license portability. Additionally, the revised draft of the Compact reflects changes based upon comments received from FSMB member ...

By Brandon Ge and Alaap Shah

The Department of Health and Human Services (“HHS”) is taking laudable steps to improve notices of privacy practices (“NPPs”) and make them more clear, understandable, and user-friendly. Under the HIPAA Privacy Rule, individuals are entitled to a receive an NPP informing them of how their health information may be used and shared, as well as how to exercise their health privacy rights. Health plans and health care providers must develop and distribute NPPs that clearly explain these rights and practices. Unfortunately, to date NPPs have been ...

A significant barrier to the interstate practice of telehealth is closer to being broken down. The Federation of State Medical Boards (FSMB) has completed and distributed a draft Interstate Medical Licensure Compact, designed to facilitate physician licensure portability that should enhance the practice of interstate telehealth.  Essentially, the compact would create an additional licensing pathway, through which physicians would be able to obtain expedited licensure in participating states.  As the FSMB notes in its draft, the compact "complements the existing ...

By Marshall Jackson and Alaap Shah

If you have tuned into the news over the last few months, you are likely aware that several major corporations—including one of the nation’s largest retail chains—have suffered data breaches. These breaches have affected hundreds of millions of consumers, and in some cases exposed sensitive financial data such as credit card information, as well as personal information including names, mailing addresses, phone numbers, email addresses, usernames and passwords.

There is no doubt that a primary concern raised by these data breaches is risk ...

   By:  Alaap Shah and Ali Lakhani

Why is data breach such a rampant problem within the health care industry?

As health care rapidly digitizes through adoption of electronic health records, mobile applications and the like, the risk of data breach is rising exponentially.  To effectively manage this risk, health care companies and their business associates must be vigilant by implementing and evaluating security controls in the form of administrative, physical and technical safeguards.  Health care companies also have resources to assist them with managing this risk.  Specifically ...

One of the European Parliament’s 20 committees, the Civil Liberties Committee (“LIBE”), voted on October, 21, 2013 on a proposed EU General Data Protection Regulation. The regulation includes an increased level of fines and new regulatory requirements (in case of certain international data transfers and disclosure requests for personal data by foreign courts or authorities). Companies should monitor these issues closely in the next couple of months. Most likely, after the plenary vote on November 18-21, the Parliament will push for rapid negotiations with the Council ...

By: Alaap Shah and Marshall Jackson

Data is going digital, devices are going mobile, and technology is revolutionizing how care is delivered.  It seems to be business as usual, as your health care organization continues to digitize its operations.  You have even taken measures to help guard against the “typical” risks such as lost laptops, thumb drives and other electronic devices.  However, unbeknownst to you, hackers sit in front of their computers looking for ways into your network so that they may surreptitiously peruse through confidential financial records and sensitive ...

By:  Alaap Shah and Ali Lakhani

The Good: 

“Hey Doc, just shoot me a text . . .”

The business case supporting text messaging in a health care environment is compelling - it is mobile, fast, direct, and increases dialogue between physicians and patients as well as streamlines the often inefficient page/callback paradigm that stalls workflows and efficiency in the supply chain of healthcare delivery.  As a growing percentage of the 171 billion monthly text messages in the U.S. are sent by healthcare providers, often containing electronic protected health information (ePHI ...

Below is a re-print of an article that we recently wrote for the Advisory Board Company’s 2013 third quarter General Counsel Agenda. To view the original publication in the General Counsel Agenda, click here.

For hospitals, the promise of telehealth has spurred innovation across multiple service lines and led to the emergence of a number of new delivery models such as telestroke, teleradiology, telepsychiatry, telepathology, teleICU and remote patient monitoring.  While many of these programs are leading to significant improvements in access to health care services, quality ...

By:  Alaap Shah

Most health care companies are aware of their central repositories of electronic protected health information (“e-PHI”).  Unfortunately, e-PHI often leaks out of central repositories and exists in a variety of “hidden” places.  This data leakage can create real headaches for health care companies, and can lead to violations of privacy and security laws.

Recently, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) enforced against a health plan that failed to erase e-PHI from its photocopiers which were sold to a ...

Telehealth creates unique health information management challenges for various reasons, including: aggregating large data sets (i.e. remote monitoring); using and storing numerous file formats (video, audio, text, digital images, film); establishing safeguards for sharing data with virtual providers and distant sites; determining the appropriate location for data storage (if more than one provider or entity is involved); and more.  All of these challenges create issues relating to medical record management, maintenance, ownership, and storage.

In the past, it was easier ...

Christine Kearsley contributed to this article.

In Durham, North Carolina, the child psychiatrist comes to the classroom.  By telehealth. For the past eight years, Duke University Medical Center has teamed up with Durham Public Schools to export child psychiatry to where the kids are.  Duke fellows in child psychiatry travel to three elementary schools and one upper-school site to offer in-person mental health services to children with diagnosed mental health disorders.  To supervise the fellows, the attending physician conferences in.  As Dr. Richard D’Alli, the leader of the ...

About two weeks ago, the Governor of Nevada signed into law new legislation that removes a number of barriers to the practice of telehealth within the state of Nevada.  Among the most significant changes, the Nevada legislation allows physicians to establish a physician-patient relationship (which is a precondition for prescribing drugs, rendering diagnoses, and performing other medical services) through a telehealth encounter.  In doing so, Nevada joins only a small number of states that have taken this step.  However the Nevada law is significant not only because it allows a ...

Before initiating treatment, health care providers must generally obtain their patients’ informed consent. The purpose of the informed consent process is two-fold. First, it allows patients to gain an understanding of the risks and benefits of the proposed treatment, and alternative courses of action. Second, it helps shield providers from legal exposure.

A formal informed consent process is particularly critical for procedures that carry a high risk of patient injury. When considering such “high-risk” procedures, neurosurgery or radiation therapy may come to mind ...

We all know that telehealth is going mainstream.  The numbers speak for themselves.  A leading research firm predicts that 2.8 million patients worldwide used home-based remote monitoring devices in 2012—expected to increase to 9.4 million connections globally by 2017.  Another firm projects that the number of patients using telehealth services in the United States will grow to 1.3 million in 2017, up from 227,000 in 2012.  Even less rosy projections predict growth to 2 million patients worldwide by 2017.  The news is even better in subspecialties like telepsychiatry   that are ...

In the healthcare industry we often associate information privacy and security enforcement with HIPAA and state privacy laws.  However, a lesser known but in some cases just as significant regulator of information privacy is the Federal Trade Commission (“FTC”). This is especially true with regard to mobile health applications, which depending on how they function and collect personal information, may not be regulated by HIPAA.  Regardless of whether or not you have to comply with HIPAA, if you run applications or software that can access personal information, then the FTC’s ...

While telehealth technology advances, unresolved legal issues continue to deter wider adoption of telehealth as a means of delivering health care services. One issue that telehealth providers must consider is the standard of care that applies in telehealth encounters. Generally, a plaintiff in a medical malpractice suit must prove, among other things, that the provider breached the standard of care. Therefore, knowing what standard of care applies is critical for any telehealth provider that wishes to insulate itself from potential malpractice liability.

In traditional ...

Telehealth is going mainstream. Once limited to rural or remote communities, the use of telehealth is increasingly being used to address critical shortages within many medical specialties (such as dermatology, neurology, radiology, critical care and mental health), and as a more efficient means to provide health care services. Many leading nationally-recognized health care providers, health plans and others have significant telehealth initiatives underway often in partnership with telecommunications vendors and government entities.  And developments in this space tend ...

As the technologies used to deliver telehealth services become more complex, telehealth providers as well as other HIPAA “covered entities” have an increasingly demanding role to play in ensuring the security of protected health information (PHI).  To fulfill this role, both telehealth providers and their business associates (such as the information technology companies and data storage providers that support telehealth platforms) must implement not only technical safeguards, but also physical security measures.  From locks, to security guards, to alarm systems ...

During and after a recent presentation regarding telehealth before a health care executive group, we were inundated with the following question:  Why should a hospital provide telehealth services when often times it will not get paid for those services?  It is, on its face, a great question.  After all, few of us would want to provide services we know will not be reimbursed.  But, in many ways, the question misses the boat.  While a hospital may not be paid directly for providing telehealth services, it nevertheless could significantly benefit in a number of ways that prove just as valuable ...

Too often, companies try to re-invent the wheel.  This is especially true in the telehealth sector where new models of care are constantly being tried and tested.  Fortunately for U.S. hospitals, health systems, and companies, however, we have great examples of telehealth models from around the world that have built successful business models in telehealth.

Take the example of Calydial, a company based in Lyon, France, that specializes in remote dialysis. Launched in 2006, Calydial started with 25 patients with renal impairment who needed remote treatment and monitoring. Today ...

Telehealth is expanding rapidly outside of the U.S. in both developed and developing countries.  Not surprisingly, the expanded use of telehealth presents many of the same regulatory and reimbursement challenges abroad that it does here in the U.S.  One region in particular that has taken steps to expand telehealth across borders is Europe, where in an effort to confront the legal issues raised by telehealth, the E.U. has removed and revisited existing regulations.  The E.U. has also issued guidance through the European Commission (an institution that is responsible for ensuring ...