Telehealth compliance considerations: looking ahead

Telehealth seems to be here to stay, even as the Coronavirus pandemic begins to recede in the United States. It’s a good time for healthcare institutions to make sure their telehealth practices hold up outside of emergency circumstances. 

From a compliance perspective, that means  patient privacy and technology, valid consent for treatment, visits with minors, and interstate care.    

 

Patient privacy in telehealth

Patient privacy is just as important in telehealth as it is for in-person visits. This includes ensuring the provider conducts visits in a private space and documenting the visit in a secure medical record.   

During the Coronavirus national public health emergency, the federal government has some enforcement discretion with telehealth. Regulators can choose not to impose penalties for Health Insurance Portability and Accountability Act (HIPAA) violations if they see that a provider took precautions to protect patient privacy provider. Good faith might mean using a platform like Microsoft Teams, Zoom, or WebEx and patient-specific passcodes – and still having a privacy breach. In a case like this, the regulator has the discretion not to impose fines under HIPAA. 

 

Consents and visits with minors 

Developing a process to obtain consent to treat before the first visit can help you comply with consent requirements. This may include mailing or securely emailing the consent to the patient (or parent or legal guardian) the week before the telehealth visit and having the patient send it back.  This gives the provider time to answer the patient’s questions about consent for treatment.   

For urgent telehealth visit, make sure there are policies in place to address telephone/verbal consent or to obtain two provider consents.  If your system allows, you may be able to electronically send the consent. The patient can sign it online so you can add it to the electronic health record.  

Whatever method to obtain consent your organization chooses, ensure there is a policy addressing the proper procedure and educate the team on the policy.   

For telehealth visits with minors, try to follow the same process as for in-person visits. That means you should obtain the consent to treat and have it signed by a parent or legal guardian.  Then have the parent or legal guardian attends the telehealth visit with the minor patient.  This way diagnosis, care, and treatment plan can be discussed with the patient and the parent or legal guardian at the same time.  

 

Crossing state lines for telehealth

Things to consider if the patient and provider are not conducting the telehealth visit in the same state: 

  • Licensing: Some state licensing boards have reciprocity. Some may not require an additional license in compact states while others may require a temporary or actual license to provide care in that state. This often applies to care provided via telehealth. 
  • Prescriptions: Can you prescribe across state lines? Avoid compliance issues by sending the prescription to a pharmacy in the provider’s “home” state. Then have the patient request a pharmacy-to-pharmacy transfer of the prescription. 
  • Your insurance: Does your medical professional liability (MPL) insurance provide coverage if you are out of state? How about if the patient is located outside your “home” state? Contact your MPL insurer to be certain you have coverage in the event of an out of state lawsuit. 
  • The patient’s insurance: What will the patient’s insurance cover for visits conducted out of the patient’s “home” state?  Be sure to verify this before the patient’s telehealth visit to ensure proper billing and reimbursement for the visit and to decrease billing denials.   

Considerations for adding telehealth as a service line 

There are resources available for organizations considering adding telehealth as a permanent service line. YouCompli can help you understand which regulations apply to you, stay on top of changes, and manage implementation.  

You can also find many free resources online:  

For many types of visits, patients love the option of telehealth. As providers work to be sure that they continue to deliver quality care, Compliance teams have an equally big job to be sure the systems and processes are in place to support that experience. 

Keep on top of regulations affecting telehealth and making sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more. 

Denise Atwood, RN, JD, CPHRM is the Chief Risk Officer at District Medical Group (DMG), Inc., vice president of DMG Insurance Company (DMGIC), and owner Denise Atwood, PLLC.   

Disclaimer: The opinions expressed in this blog are the author’s and do not represent the opinions of DMG. 


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  


Growth in Telemedicine Could Mean Trouble if You Are Not Careful

We can all agree that 2020 was a year filled with surprises. The emergence of COVID-19 brought restrictions, which made the business of healthcare even more challenging. But then came the saving grace: telemedicine!

Even though telemedicine has been around in some form since the 1900s, its popularity exploded during the midst of the pandemic. With millions of people stuck indoors due to government lockdowns, health care providers turned to telemedicine options to provide desperately needed health care.

According to Doximity, a social media networking service for medical professionals, only 14 percent of Americans utilized telemedicine before the pandemic. But since the outbreak, telemedicine usage skyrocketed by 57 percent. Among patients suffering from chronic conditions, the number of virtual care visits increased by a staggering 77 percent!

The increase in telemedicine accessibility also means healthcare providers can potentially face compliance issue pitfalls, which could land them in trouble with the United States government. Before COVID-19 became a household name, Medicare and Medicaid upheld strict rules regarding payment for telemedicine services. For instance, reimbursement for telemedicine services was limited to patients residing in areas of the country with limited healthcare.In an attempt to slow the spread of COVID-19, government payors loosened these restrictions.

Unfortunately, telehealth services’ widespread use brought an uptick in COVID-19 related scams that specifically target healthcare providers offering this service. Such illegal activity caught the attention of the Department of Justice (D.O.J.).

A primary focus of the D.O.J. is a government agency that mostly focuses on telehealth arrangements that implicate the Anti-Kickback Statute.  The statute forbids transactions designed to corrupt medical judgment by rewarding referrals for Medicaid and Medicare services. In the past year, more than $4.5 billion in false claims were connected to telemedicine. And over 100 healthcare professionals were charged with submitting fraudulent claims to Medicare, Medicaid, and private insurance companies.

New changes to the Stark and Anti-Kickback Statutes that were long in the works took effect on January 19, 2021. The regulation updates are designed to eliminate regulatory and administrative barriers that hindered movement towards a value-based health care system. The updated rules also offer healthcare providers more flexibility to coordinate and improve patient care while maintaining safeguards against overutilization and inappropriate incentives.

The Stark Exceptions finalized three new exceptions for value-based arrangements between healthcare providers and payor systems like Medicaid and Medicare. These exemptions are solely based on the quality of delivered patient care instead of the volume of services.  For example, healthcare providers face at least a 10 percent financial risk for failure to achieve value-based goals. In comparison, the Anti-Kickback Statute requires at least a 5 percent financial risk for value-based arrangements.

Physicians’ practices should express caution when offering telemedicine services to steer clear of trouble with the government. As with traditional in-person healthcare, it’s best to avoid doing business with third-party companies that give money in exchange for referrals.

Here are a few guidelines physicians should consider avoiding getting on the D.O.J.’s naughty list.

  1. Consult with counsel before entering into any outside business relationships.
  2. Establish guidelines for physical examinations and prescribing practices.
  3. Monitor the prescribing habits of their physicians and nurse practitioners.
  4. Adopt data analytic tools to identify any abnormal billing behavior.

Physicians considering telemedicine should also consider the following tips to stay compliant.

Practicing Telemedicine Across State Lines.

Usually, state governments require practicing physicians to conduct telemedicine sessions within the state they are licensed. But in some states, this stipulation is relaxed due to COVID-19 to make healthcare more accessible. But physicians must contact their state’s medical board for updated information concerning this topic.

Informed Consent.

Healthcare providers are still expected to obtain consent before providing telehealth services. Besides requesting written or verbal consent from patients, providers should make patients aware of the risks and benefits of receiving telehealth services.

Use Caution When Prescribing Medication.

Because of COVID-19, the Drug Enforcement Administration (D.E.A.) allows registered practitioners to use prescribed medication to patients via telemedcicine technology. Physicians must adhere to the following conditions:

  • Prescribed medication(s) must be for a legitimate medical purpose.
  • The telehealth session is conducted using a two-way, audio-visual, interactive communication system.
  • The practitioners must practice healthcare within Federal and State law.

Only time will tell whether or not telemedicine will continue to grow in the upcoming months. But doctors should continue to use caution when using this technology to serve the public.

See YouCompli in Action

Easier, faster, more effective compliance is possible

CAN MORAL REBELS ASSIST WITH ORGANIZATION COMPLIANCE?

I recently heard the term “moral rebel” while listening to an SCCE Compliance Perspectives podcast.  This piqued my curiosity because I wanted to know if a moral rebel was perceived as a positive.  In the podcast, Amherst College Professor Catherine Sanderson explained that a moral rebel feels comfortable standing up to a crowd and will call out bad behavior. Similarly, Scott A McGreal in Psychology Today wrote moral rebels have a strong sense of moral identity and are more likely to act morally under pressure.  Politics aside, I think we could use more moral rebels right now, especially in our compliance departments.  So, how can moral rebels assist our organizations with compliance? Let’s look at a hypothetical case scenario to find out…

Case Scenario – Chaperone policy

Your organization has chaperone policy which requires a chaperone to accompany the provider and patient for any sensitive examinations involving the genitalia, rectum, groin, buttocks or breasts.  The policy states the chaperone may be a nurse or medical assistant.

From a compliance and risk perspective, the policy has been implemented to protect the patient, the provider and the organization from potential allegations of inappropriate touching.  Education should be done with the providers to ensure the policy is followed regardless of patient and provider gender.  The policy is written this way because the anatomical gender may not reflect the gender a patient ascribes to, relates to, or identifies as.

If a sensitive examination needs to be performed, a chaperone must be present during the examination and their name should be documented in the visit note. If, however, after being educated about the need for a chaperone during the sensitive examination the patient declines a chaperone, this should be witnessed by the provider and another staff member and documented in the visit note by the provider including the name of the staff member who witness chaperon declination.

Potential non-compliance with the chaperone policy

Jesse is a medical assistant who works in a pediatric and adolescent clinic.  Jesse observes a provider who identifies as male take a patient who identifies as female into an examination room alone.  Since Jesse prepped the patient’s chart the night before, Jesse knows the patient is here for abdominal cramps and irregular menstrual bleeding.  Moreover, Jesse prepared the exam room to ensure the provider had a speculum and gel available for a vaginal exam.  During the patient’s visit, Jesse is never called into the room.  While accompanying another patient to the lab for a blood draw, Jesse sees the female patient checking out at the front desk. Jesse wonders who chaperoned the patient’s visit because the only other medical assistant is on lunch break.

Ability to stand up / come forward

In the case scenario above, Jesse would be deemed a moral rebel by speaking up and confirming whether the chaperone policy was followed by the provider.  If uncomfortable discussing with the provider directly, Jesse may report concerns to the nurse manager for follow up. In an organization where moral rebels are valued the nurse manager would support a culture where moral rebels are not afraid to come forward if organization policies are not being followed or there was potential harm to a patient or another staff member.  Moreover, the nurse manager and compliance would ensure there was no retaliation against Jesse.

PRACTICE TIP:

  1. Educate staff on policies, such as the chaperone policy, and then monitor compliance with that policy.
  2. Foster an environment for moral rebels – individuals who are driven by morals to do the right thing – to bring potential issues to the attention of leadership or compliance without fear of retaliation.
  3. Utilize youCompli to ensure you are up to date on laws, regulations, and reporting related to required compliance policies, such as a chaperone policy.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  


See YouCompli in Action

Easier, faster, more effective compliance is possible