As we noted in our previous Health Law Scan blog CMS Issues Program Instructions for Medicare Telehealth Waiver, CMS issued program instructions on March 17 to implement the Medicare telehealth waiver in response to the coronavirus (COVID-19) crisis. We noted that the Office of Inspector General (OIG) and the Office for Civil Rights (OCR) at HHS simultaneously issued policy statements with respect to their exercise of enforcement discretion regarding, respectively, telehealth-related copay waivers and HIPAA violations. These coordinated policy announcements represent a concerted effort by federal government agencies to broaden telehealth flexibility to immediately promote and expand the use of technology to help Medicare beneficiaries follow guidance from the CDC, including practicing social distancing, thereby enabling vulnerable beneficiaries and beneficiaries with mild symptoms to access the care they need from their homes. Not only will this help protect Medicare beneficiaries who are particularly vulnerable to COVID-19 infection, it presumably will help deter the spread of the virus and ease the burden on already over-stressed emergency departments, doctor’s offices, and other healthcare facilities.
CMS observed when it issued its program instructions that, absent action by OIG, traditional Medicare coinsurance and deductible payments still would apply to the expanded services furnished pursuant to the telehealth waiver. OIG, however, took coordinated action through the release of its own policy statement to address this issue. Pursuant to the determination of a public health emergency made by the secretary of HHS on January 31, 2020 (retroactively effective to January 27, 2020), OIG on March 17 granted healthcare providers the flexibility to reduce or waive cost-sharing for telehealth visits reimbursed by federal healthcare programs.
As OIG noted, reductions or waivers of costs owed by federal healthcare program beneficiaries, including cost-sharing amounts such as coinsurance and deductibles, potentially implicate the federal Anti-Kickback Statute, the civil monetary penalty and exclusion laws, and the beneficiary inducements civil monetary penalty statute. OIG’s policy statement, however, notifies providers that OIG will not enforce these statutes and will not impose administrative sanctions on physicians and other practitioners if they choose to reduce or waive cost-sharing for federal healthcare program beneficiaries related to telehealth visits during the unique circumstances presented by the COVID-19 public health emergency.
Specifically, OIG stated that it will not view the provision of free telehealth services alone to be an inducement to influence future referrals, “i.e., OIG will not view the furnishing of subsequent services occurring as a result of the free telehealth services, without more, as evidence of an inducement.” Telehealth services pursuant to any such arrangement must, however, be furnished consistent with applicable CMS coverage and payment rules in order to warrant the exercise of OIG’s enforcement discretion.
OIG is careful to note that the policy statement does not mandate that physicians or other practitioners reduce or waive cost-sharing obligations related to telehealth services for federal healthcare program beneficiaries. It also disclaims that anything in the OIG policy statement affects (a) the operation of CMS’s programmatic rules and regulations or (b) a provider’s responsibility to bill only for services performed and comply with legal authorities related to proper billing, claims submission, cost reporting and related conduct.
Similarly, OCR on March 17 announced a policy of enforcement discretion and penalty waivers for HIPAA violations when healthcare providers make a good faith effort to use audio or video technology to provide telehealth to patients during the nationwide COVID-19 public health emergency through everyday nonpublic facing remote communications technologies, such as FaceTime or Skype. OCR noted, however, that Facebook Live, Twitch, TikTok and similar video communication applications that are public-facing should not be used.
OCR encouraged providers to enable all available encryption and privacy modes when using such nonpublic facing applications, and to nevertheless notify patients that communicating using the applications potentially introduces privacy risks. Finally, OCR stated that it intends to provide further guidance on how providers can use remote video communication tools to responsibly offer telehealth to patients.
In sum, federal agencies are quickly waiving – on a temporary basis – many of their existing authorities. So long as providers are working in good faith to treat patients, those laws that affect beneficiary access to services should not be viewed as a barrier for providers to furnish necessary services.