Healthcare Law Blog

Pandemic Pivot to Telemedicine Creates New Compliance Issues for Healthcare Providers

The shift to telemedicine in the United States predates the pandemic, but COVID-19 has accelerated its widespread use. In April of 2019, the Centers of Medicare and Medicaid Service (CMS) finalized rules to increase telehealth benefits for Medicare Advantage enrollees, effectively incentivizing health systems with high numbers of private Medicare plan recipients to invest in telehealth services.

Then, per CMS, telehealth visits increased from roughly 10,000 visits per week before the pandemic, to 300,000 per week in late March of 2020.[i] This shift in how patients receive care has also prompted a regulatory enforcement reaction. While fraudulent and abusive telehealth practices were identified by the Department of Justice (DOJ) as an enforcement priority prior to the COVID-19 pandemic, telehealth services have become specific elements of the Office of the Inspector General's (OIG) Work Plans and targets of Special Fraud Units and Investigations based upon its tremendous growth in use.  

Prior to COVID-19, restrictive and complicated Medicare rules limited when and where telehealth could be used primarily limiting access to patients living in rural areas. COVID-19 has proven the value and practicality of providing medical services via telehealth as an important tool for ensuring access to necessary health care services not just during this health crisis. It can alleviate provider shortages, increase access to care for vulnerable patients, including those living in rural areas, and ensure continuity of care, which are goals the healthcare industry has identified as priorities for many years.  Because of the shift towards telemedicine during the pandemic, the OIG, CMS, and Office for Civil Rights (OCR) issued rules and guidance waiving regulatory requirements to encourage the use of telehealth during the health crisis. The success of telemedicine as a primary health care tool has established its permanent place in medicine. But as its use has skyrocketed, telehealth services have also earned the targeted focus and review of government enforcement agencies to assure that it is not a tool of abuse, waste, and fraud.

Changes to Telehealth Enforcement and Compliance

During the ongoing COVID-19 crisis, both federal and state government agencies have relaxed enforcement efforts due to the public health crisis and the difficulties that have accompanied the crisis in the health care industry. For example, Health and Human Services (HHS) and CMS announced waivers of requirements for telehealth services as well as relaxed enforcement. On March 17, 2020, the OIG announced that it would not subject providers to administrative sanctions for waiving patient cost-sharing obligations for telehealth services subject to certain conditions (thereby reducing AKS enforcement risk for providers).[ii] Additionally, on January 20, 2021, the OCR announced it would “exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth” during the pandemic.[iii]

CMS has also relaxed the restrictions on the types of services that could be provided via telehealth and the types of providers that may furnish such services through the duration of the COVID-19 crisis. CMS granted flexibility to providers to conduct evaluation and management services via telephone, but has otherwise has maintained the requirement for real-time audio-visual communication for office visit evaluation and management codes.[iv] Further, Section 3704 of the Federal Coronavirus Aid, Relief, and Economic Security Act (the CARES Act) temporarily allows certain types of providers, including Federally Qualified Health Centers (FQHC) and Rural Health Clinics (RHC), to serve as distant telehealth sites during the pandemic, meaning these providers can use these locations to provide telehealth services to patients in different locations, who are in many cases distant from the FQHC or RHC or have issues traveling.

CMS has previously enacted rules and guidance for these types of visits, specifically relating to proper billing and coding of these visits. Providers utilizing telehealth in the manner described above must be sure that they use the appropriate codes which reflect the service(s) provided (including based on visit length and level of medical decision making). These issues are becoming more prevalent as CMS’ waiver allowing evaluation and management services via telehealth and have resulted in more providers using such codes. Enforcement activities will focus on whether utilization of these services and their corresponding codes were appropriate for the services rendered. 

HHS additionally announced that it would not conduct audits exploring the presence of a physician-patient relationship for the duration of the pandemic. However, such considerations remain prevalent in government investigations of fraudulent billing or other instances of fraud. The question the government asks in these cases is whether providers met the telehealth practice standards required to create the requisite provider-patient relationship to bill for services actually rendered. CMS guidance allows providers to conduct brief, virtual check-ins with patients in their homes but limits these services to patients with an established, pre-existing relationship with the provider.[v]

State Enforcement Activities and Telehealth

Enforcement activities exist on the state level, too. Many states have mirrored the federal approach in examining whether the providers’ use of telehealth technology met the applicable standard of care or complied with the required telehealth practice standards to support billing for such telehealth services. Some states have only allowed for real-time audio-visual communication, as opposed to audio communication only.[vi] Like changes at the federal level, those imposed by state regulatory authorities are constantly evolving. It Is crucial that healthcare providers monitor the changing situations at the state level to avoid penalties and violations of law.

For example, in Kentucky, SB 150 waived requirements of in-person examination for establishing a provider-patient relationship for the purposes of providing telehealth (to the extent this complies with federal law). It also gave the Kentucky Board of Medical Licensure, the Kentucky Board of Emergency Medical Services, and the Board of Nursing the ability to waive or modify state statutes and regulations: "... (f) For standards that are not necessary for the applicable standards of care to establish a patient-provider relationship, diagnose, and deliver treatment recommendations utilizing telehealth technologies." Other temporary changes DMS has made to the 1915(c) HCBS (Medicaid) waivers include: "...Expanding the provider base by waiving requirements that out of state providers be licensed and located in Kentucky as long as they are licensed by another state’s Medicaid agency." This means that many of the familiar rules are in flux when it comes to telehealth on a state level as well as federal.  

Telehealth and Fraud

The relaxation of many enforcement efforts during the pandemic, especially regarding telehealth, does not come without a cost. The HHS has reported several “large-scale national takedown actions involving telefraud schemes with sham or fake telehealth companies," To address provider abuses enabled by expansions of telemedicine, in September 2020, the Department of Justice announced the creation of the National Rapid Response Strike Force (the Strike Force), whose mission is to “investigate and prosecute fraud cases involving major health care providers that operate in multiple jurisdictions, including major regional health care providers . . . .”[vii] The OIG’s Work Plan also contains seven different types of planned telehealth audits, including an audit on home health services provided via telehealth and Medicare Part B telehealth services provided during the pandemic as well.[viii] HHS Principal Deputy Inspector General Christi A. Grimm summed up the OIG's attitude towards telehealth expansions and compliance issues: “It is important that new policies and technologies with potential to improve care and enhance convenience achieve these goals and are not compromised by guard, abuse, or misuse.”

Because of the relative ease of abuse, telemedicine is squarely in the aim of the OIG, and the DOJ’s Strike Force. Further, as state licensure requirements were temporarily waived for physicians and other providers during the COVID-19 pandemic, telehealth services were more easily allowed to provide care across state lines without medical licensure board review of physicians. These enforcement mechanisms referenced above are all in addition to the audits, penalties, lawsuits, and charges, we are already familiar with.

Takeaways for Healthcare Providers

At the end of the pandemic, regulatory authorities who enacted waivers for telehealth related services will either retract them or allow them to expire. If providers are not able to bring their operations into compliance, they may face liability. Providers who fail to meet the requirements after the expiration of such waivers will be presented as easy targets to regulatory authorities. At that time, providers should be especially vigilant about staying up to date with compliance guidelines and regulations.

To prevent any liability, and stay on the forefront of such regulatory schemes, providers should (1) ensure continued compliance, (2) adopt and implement a robust compliance plan, (3) and stay up to date on enforcement actions from regulatory authorities.

To discuss these issues or any other concerns you may have with ensuring your compliance with all binding laws and regulations in your community, contact your McBrayer attorney today.

Lisa English Hinkle is a Member of McBrayer law. Ms. Hinkle chairs the healthcare law practice and is located in the firm’s Lexington office. Contact Ms. Hinkle at lhinkle@mcbrayerfirm.com or (859) 231-8780, ext. 1256.

[i] The Doctor Will Zoom You Now, Wall St. J., Apr. 27, 2020, https://www.wsj.com/articles/the-doctor-will-zoom-you-now-11587935588

[ii] See U.S. Department of Health & Human Services, Office of Inspector General, OIG Policy Statement Regarding Physicians and Other Practitioners That Reduce or Waive Amounts Owed by Federal Health Care Program Beneficiaries for Telehealth Services During the 2019 Novel Coronavirus (COVID-19) Outbreak (Sept. 20, 2021), https://oig.hhs.gov/fraud/docs/alertsandbulletins/2020/policy-telehealth-2020.pdf.

[iii] U.S. Department of Health & Human Services, Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (last reviewed Sept. 20, 2021) https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html.  

[iv] See Centers for Medicare & Medicaid Services, Medicare Telemedicine Health Care Provider Fact Sheet (Sept. 20, 2021), https://www.cms.gov/newsroom/fact-sheets/medicare-telemedicine-health-care-provider-fact-sheet.  

[v] See Centers for Medicare & Medicaid Services, Medicare Telemedicine Health Care Provider Fact Sheet (Sept. 20, 2021), https://www.cms.gov/newsroom/fact-sheets/medicare-telemedicine-health-care-provider-fact-sheet.  

[vi] See e.g., Federation of State Medical Boards, U.S. States and Territories Modifying Requirements for Telehealth in Response to COVID-19 (last updated Sept. 15, 2021), https://www.fsmb.org/siteassets/advocacy/pdf/states-waiving-licensure-requirements-for-telehealth-in-response-to-covid-19.pdf.  

U.S. Department of Health & Human Services, Telehealth: Delivering Care Safely During COVID-19 (Sept. 20, 2021), https://www.hhs.gov/coronavirus/telehealth/index.html.

[vii] U.S. Department of Justice, National Health Care Fraud and Opioid Takedown Results in Charges Against 345 Defendants Responsible for More than $6 Billion in Alleged Fraud Losses (Sept. 20, 2021), https://www.justice.gov/criminal-fraud/hcf-2020-takedown/press-release.  

[viii] See U.S. Department of Health & Human Services, Audit of Home Health Services Provided as Telehealth During the COVID-19 Public Health Emergency, https://oig.hhs.gov/reports-and-publications/workplan/summary/wp-summary-0000553.asp (last visited Sept. 20, 2021); see also U.S. Department of Health & Human Services, Audits of Medicare Part B Telehealth Services During the COVID-19 Public Health Emergency, https://oig.hhs.gov/reports-and-publications/workplan/summary/wp-summary-0000556.asp (last visited Sept. 20, 2021).