THE TRUMP ADMINISTRATION’S EXPANSION OF MEDICARE TELEHEALTH COVERAGE allows beneficiaries to receive more health care services from providers without traveling to a facility.1,2

Beginning in March 2020, Medicare, administered by the Centers for Medicare & Medicaid Services (CMS), started temporarily paying clinicians to provide telehealth services nationwide.1,2 This is intended to enhance access to care throughout the coronavirus disease 2019 (COVID-19) crisis, allowing patients to communicate with providers from home and limiting the risk of exposure and spread of the virus.

In March, President Donald J. Trump announced an emergency declaration under the Robert T. Stafford Disaster Relief and Emergency Assistance Act. Consistent with that declaration, CMS expanded Medicare’s telehealth benefits under the 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act.1,2 This guidance and other recent actions by CMS provide regulatory flexibility to ensure that all Americans are aware of easy-to-use, accessible benefits to promote good health and help contain the spread of COVID-19.

Previously, Medicare paid clinicians for telehealth services such as routine visits only in certain circumstances; for example, if a beneficiary living in a rural area needed to travel to a local medical facility to get telehealth services from a doctor in a remote location. In addition, the beneficiary would generally not be allowed to receive telehealth services at home.

Also in March, the Office for Civil Rights (OCR) at the US Department of Health & Human Services issued new guidance regarding enforcement of Health Insurance Portability and Accountability Act (HIPAA) privacy protections against covered health care providers. OCR now will use increased discretion and waive potential penalties when enforcing HIPAA violations, specifically in the context of treating patients through telecommunications and videoconferencing platforms during the pandemic.1,2

This increased discretion and penalty waiver policy applies to common, everyday communications platforms or particular uses that may not otherwise be HIPAA compliant. The only requirement a HIPAAcovered provider must satisfy under the policy is that the technology be used in good faith for any telehealth diagnostic or treatment purpose, regardless of whether it is directly related to COVID-19.

A covered health care provider may now use any available non–public-facing communication technology to communicate with patients for the diagnosis or treatment of any medical condition, such as dental and psychological conditions, diabetes, or sprains. Covered providers may use any non–public-facing technology to conduct a good faith examination of symptoms via computer or phone. An essential goal of this approach to HIPAA enforcement is to mitigate the spread of COVID-19 by limiting exposure caused by in-person medical assessments.

The following communication applications may be used to do medical assessments or deliver medical treatment: Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Skype, WhatsApp, and similar non–public-facing platforms. Covered providers should, however, avoid interacting with patients via public-facing communications technologies, such as Facebook Live, TikTok, Twitch, and other live streaming services or publicly accessible platforms, which are not covered by the OCR’s new policy of discretionary HIPAA enforcement and penalty waiver policy.

A provider may also use a communications service that offers HIPAA business associate agreements (BAAs) to safeguard protected patient information. A BAA involves a HIPAA-covered entity and an entity or person who performs functions or services on the covered entity’s behalf, laying out the contours of compliance with HIPAA privacy guidelines. Although it does not endorse any of these, the OCR offers a noncomprehensive list of telecom vendors that offer communications services with a BAA to ensure HIPAA compliance, including Doxy.me, Google Meet, Skype for Business, Updox, VSee, and Zoom for Healthcare. Additionally, under the new guidance, the OCR will not impose penalties against covered entities for good faith use of these or other non–public-facing services for lack of a BAA.

Pharmacies should be prepared to receive prescriptions derived from telehealth encounters. When helping treat patients with COVID-19, pharmacists should familiarize themselves with the federal mandate and be sure that it aligns with the laws in their states.
 
Ned Milenkovich, PharmD, JD, is chairman of the health care law practice at Much Shelist, PC, in Chicago, Illinois, and former vice chairman of the Illinois State Board of Pharmacy.


REFERENCES
  1. OCR announces notification of enforcement discretion for telehealth remote communications during the COVID-19 nationwide public health emergency. News release. US Department of Health & Human Services. March 17, 2020. Accessed April 22, 2020. https://www.hhs.gov/about/news/2020/03/17/ocr-announces-notification-of-enforcement-discretion-for-telehealth-remote-communications-during-the-covid-19.html
  2. Notification of enforcement discretion for telehealth remote communications during the COVID-19 nationwide public health emergency. US Department of Health & Human Services. Updated March 30, 2020. Accessed April 2020. https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html