Differing state regulations make telehealth compliance more complex

The beauty of telehealth is that it connects patients and providers through technology that transcends boundaries. But when that connection crosses state lines, your healthcare organization could find itself responsible for complying with regulations from jurisdictions hundreds, maybe thousands, of miles away.  

Or from states just down the road. 

Many of those are stricter than the federal regulations, and many cover issues that the federal government doesn’t. Here are some of the key issues to look out for. 

Related: Growth in telemedicine could mean trouble if you are not careful   

Differing reimbursement structures and rates 

Reimbursement structure and rates vary by state and form of telehealth. For instance, all states pay Medicaid reimbursement for some form of live telehealth, but in different ways, and all states reimburse for interactive, real-time telehealth. However, only 14 reimburse for sessions where the patient records a call for later physician review (store-and-forward), and only 22 reimburse for remote patient monitoring of recently discharged hospital patients. There are eight states that reimburse for all three telehealth methods. 

There are two opposite views about reimbursement rates. One view is that a service is a service, so being virtual or in person shouldn’t affect reimbursement. 

The other penalizes telehealth for its efficiencies. In face-to-face visits, “there are built-in inefficiencies that isn’t time spending with the person,” says Dr. Katherine Dallow, vice president of Clinical Programs at Blue Shield Blue Cross of Massachusetts. “I probably spend somewhere between two to five minutes per patient moving from one room to another or pausing to document or checking something on their file or handing something off.” With less provider time and less pro rata overhead, some states reason, there should be less reimbursement. 

Forty states have their own private payer telehealth reimbursement policies, and six have private payer parity laws requiring the same reimbursement for in-person and telehealth care. 

Stricter privacy protections 

The Health Insurance Portability and Accountability Act (HIPAA) is the federal umbrella protecting privacy and confidentiality of patient records, but states are allowed to go beyond it. Many do. 

For example, if there’s a breach of privacy, HIPAA requires that the patient be notified within 60 days. Some states shorten that to 30 days, and California shortens it to ten. Some states also require hospitals to notify the state attorney general and the three major credit reporting companies: Equifax, Experian, and TransUnion. If there’s a breach of an out-of-state telehealth patient’s confidentiality, do you know what the originating state requires? 

Multi-state provider licensure 

Almost all states require physician licensure where the patient is (also known as the originating location). Same for nurses, nurse practitioners, physicians’ assistants, clinical psychologists, registered dieticians, and physical therapists. Different states have different licensing procedures, and there’s no federal umbrella. That’s something you’ll need to look out for, not only with faraway states, but also in New York, New York; Chicago/Hammond, Ind.; Texahoma, Texas/Okla.; or any of 84 other communities that straddle state lines. 

(Speaking of licensure, is your hospital licensed to provide telehealth services? In how many states?) 

Can doctors prescribe online? 

State regulations for phone-in prescriptions from the late 1990s adapt pretty well to online prescriptions today. The problem is, they differ from one state to the next. Different states have different regulations on just what a valid prescription is. About whether the doctor can prescribe without seeing the patient first, and whether seeing a patient on a computer screen is really “seeing.” About whether there has to be a previous doctor/patient relationship, and whether that relationship can be remote or has to be face-to-face. 

Related: Interstate regulations aren’t the only telehealth complexity. Check out this blog post for more: Telehealth compliance considerations: looking ahead

Two ways to keep up; one is practical. 

Complying with more than 50 sets of regulations takes a lot of attention to detail and a lot of reading. One way to keep up is with sheer effort: health organizations designate one or more people to read and track all the regulations that affect them.  

A better, more practical way is to rely on expert compliance professionals and nationally respected law firms to keep you up to date on interstate issues in telehealth regulation. YouCompli users select the agencies that matter to their organizations and receive updates and resources to help them know about new regulations, decide their applicability, manage policy changes, and verify compliance.  

Are you looking for ways to track telehealth regulations in all the states your patients receive treatment? Take a look at YouCompli, the only healthcare compliance software combining actionable, regulatory analysis with a simple SaaS workflow.  

Jerry Shafran is the founder of YouCompli. 

Take as directed: Medication compliance and the Compliance office

Working toward higher rates of patient medication compliance is a critical component of patient care. That includes communicating what the medications are, what they do, and how to take them. Providers are keen to ensure they provide clear directions and to be sure patients can pay.  

It’s no wonder they take such care: Each year, about 125,000 Americans die due to poor medication adherence, according to the American Heart Associationi. Improper compliance practices come with a hefty price tag of $528 billion in annual expenses, according to a 2019 OptimizeRx surveyii.  

What’s more, medication mismanagement is a strong predictor of hospital readmission rates. Individuals who failed to take prescribed medication as directed had a 20 percentiii chance of hospital readmission within 30 days, compared to 9 percentiv for patients who take meds as directed.  For the compliance officer, keeping hospital readmission rates low is crucial to avoid wasteful spending, per the Centers for Medicare and Medicaid guidelines.    

So many factors contribute to whether a patient properly follows through with medication instructions. Providers and administrators alike do their best to put systems and communications in place that make compliance easier. While not within a compliance officer’s direct control, there are policies and procedures that can help hospitals comply with CMS requirements to lower readmission rates. This helps facilitate better health outcomes and increased quality of life for patients.    

So how can you ultimately help patients improve medication management skills? Here are a few tips you can include in your medication compliance plan to help reduce readmission rates. 

Discuss side effects 

Patients who experience side effects may stop taking their medication altogether; without discussing this decision with their healthcare provider.   

That’s why it’s so important for doctors to discuss common and possible side effects with patients.  

Work with healthcare providers at your facility about how they can discuss any treatment plan changes to lessen the chances of side effects. Make it known that the treatment plan may include adjusting the dosage or changing the medication altogether.  Cut Out Distractions 

According to BMC Health Services Researchv, three out of five patients often forget to take their medication.   

Are distractions the main culprit? Encourage providers to discuss the importance of taking meds at the same time each day.  

Maybe patients can use a cell phone alarm to set up reminders. Taking multiple medications at different times? The workaround may be to set other alarm times for numerous times during the day.  

To make things even easier on patients, providers may consider prescribing once-daily medications.  

Providers may consider collaborating with the patient on the best time to take the medications when distractions are at their lowest.  

Money worries 

Sometimes the issue of medication compliance comes down to cost. About 70 percentvi of physicians link high prescription costs to a lack of medication adherence.  

To save money, they may ration meds or not take them at all.  

In a study published in Circulation, viione in eight patients with heart disease didn’t take prescribed medication because of the expense.  

Luckily, there are resources such as GoodRx, an app that allows anyone to shop at local pharmacies for the lowest prescription medication prices.   

Doctors can also prescribe generic versions of meds whenever possible to cut back on costs.   

Communicate more 

Poor communication is a deterrent to medication compliance, which is in turn linked to poor health outcomes.  

Fortunately, Motivational Interviewing can help. With Motivational Interviewing, health care providers are encouraged to ask open-ended questions beginning with What, Why, How, and When during discussions about medication usage. This technique is shown to improve behavioral change and adherence, as reported in Perspect Public Healthviii.   

This PDF by The Motivational Interviewing Network of Trainers provides more information on motivational interviewing.  

Medication compliance helps patients experience better health outcomes, reducing readmission rates and helping the hospital avoid tripping CMS’s indicators for fraud, waste and abuse. While much of the responsibility lies with the patient, hospital policies and procedures can help ensure the patient has the best possible chance to understand and comply with medical guidance.  

YouCompli helps healthcare facilities know about regulations, decide if they apply to them, manage policy and procedure rollout, and verify compliance efforts. Learn more 

i American Heart Association 
ii OptimzieRX survey 
iii 20 percent 
iv 9 percent 
v BMC Health Services Research 
vi 70 percent 
vii Circulation 
viii study 

The Pandemic Is No Excuse: Enforcement Actions Taken by the Office for Civil Rights

We’ve known that enforcement actions were going to pick up again, even though many regulations are still waived or modified during the public health emergency. In the past few months, several decisions have been rendered by the Office for Civil Rights (OCR) which prove the point. Hospitals and other healthcare organizations need remain cautious and cognizant of exactly which regulations are being enforced, and make sure that existing procedures and policies are being followed. 

Religious Rights 

For exampleOCR resolved a complaint against Prince George’s Hospital Center of the University of Maryland Medical System (UMMS). The complaint was raised by a woman who wanted to have a priest attend her critically injured husband during the pandemic. Despite the priest’s willingness to wear any necessary personal protective equipment (PPE), he was refused entry. UMMS implemented a new policy guaranteeing “adequate and lawful access to chaplains or clergy” in order to resolve the complaint. 

second religiously-based complaint was also resolved recently by OCR. In this complaint, filed by a civil rights group, a medical student at Staten Island University Hospital (SIUH) in New York City was ordered to shave his beard, which he kept for religious reasons. The hospital stated that this was in order to ensure his N95 respirator mask had a tight seal around his nose and mouth, even though he had passed a fit test. In resolving the complaint, SIUH provided the student with a Powered Air Purifying Respirator (PAPR) as a religious accommodation. 

Privacy 

OCR also recently resolved a HIPAA-based complaintLifespan Health System Affiliated Covered Entity (Lifespan ACE) in Rhode Island agreed to pay OCR $1,040,000 and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to the theft of an unencrypted laptopNot only did the laptop contain electronic protected health information (ePHI) for 20,431 individuals, OCR found systemic noncompliance with HIPAAincluding lack of encryption on laptops and a lack of device and media controls. 

A Warning for Compliance 

All these enforcement actions took place during the COVID-19 pandemic. The presence of the pandemic is not being taken as a reason for not proceeding with enforcement action. Compliance professionals need to be very aware of what regulations still apply, and how their organizations are continuing to stay within the scope of existing regulations. 

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

Emergency Preparedness Revisited

Emergency preparedness has always been one of the top concerns of hospital administrators and medical staff, but never has it been more critical. As the the coronavirus pandemic continues to impact the United States, and facilities are struggling to maintain levels of personal protective equipment (PPE) and ventilators, administrators and compliance professionals should also review the updated federal emergency preparedness requirements, published by the Centers for Medicare and Medicaid Services (CMS) in the Federal Register on September 30, 2019.

We previously blogged about these requirements in 2017, but the requirements have changed in the past few years. Here are the four core elements of a hospital’s emergency preparedness plan to handle natural and man-made disasters — and a look at how they are impacted by last year’s final rule revision by CMS:

Risk Assessment and Planning

Commonly referred to as the emergency plan, CMS requires such a strategy to be developed and then updated at least once a year. It is based on certain risk assessments and uses an “all-hazards” approach that focuses on hospital capacities and capabilities, care-related emergencies, equipment and power failures, communication interruptions (including cyberattacks), and interruptions to water, food, and medication supply chains.

A major change to this element involves hospital climate control and power. Facilities are no longer required to heat and cool the building evenly. However, safe temperatures are to be maintained in areas deemed necessary to protect patients, other people in the facility, and provisions stored in the facility during the course of an emergency, as determined by a risk assessment. If a hospital is unable to maintain safe temperatures, it should follow an established plan for a timely relocation/evacuation that avoids patient exposure to harmful conditions. Additionally, hospitals are required to have an essential electric system with a generator that complies with the NFPA 99 – Health Care Facilities Code.

Like before, the plan must include strategies for addressing emergency events and include a process to work in conjunction with local, tribal, regional, state, and federal emergency preparedness officials. But the key change to the all-hazards approach — and this is crucial in light of recent events — is that all participating hospitals must be prepared for emerging infectious disease (EID) threats, such as the coronavirus. EIDs may require modification to standard facility protocols to protect the health and safety of patients and personnel, such as isolation and PPE usage.

Communication Plan

This element received additional fine-tuning. Participating hospitals still must develop a communication plan that complies with local, state, and federal laws and the plan must be reviewed and updated annually. It should now also include the names and contact information of key hospital personnel for local, tribal, regional, state, and federal emergency preparedness officials. And, it should detail how patient care is coordinated within the facility, across healthcare providers, and with local and state public health departments and emergency management systems.

Policies and Procedures

Hospital policies and procedures still must be based on the emergency plan, risk assessment, and the communication plan, and must be reviewed and updated at least once a year. They should address a broad range of topics and situations, including subsistence needs (water, food, medical supplies) of patients and staff, emergency staffing strategies, tracking the location of on-duty staff and patients during emergencies, sheltering-in-place plans, and patient relocation/evacuation plans.

Training and Testing Program

This revised element the result of an additive process. Program development is based on the emergency plan, the risk assessment, the communication plan, and the policies and procedures. As before, the final rule states the program must detail who needs to be trained, describe the frequency of training, how knowledge is assessed, and document how the training was conducted.

During the course of normal events, hospitals are required to annually conduct a mock disaster drill that is either a full-scale, community-based or individual facility-based exercise. In addition, hospitals must also hold a discussion-based tabletop exercise with its senior staff to discuss hypothetical emergency scenarios and reassess policies and procedures. But recent years have not been normal.

Along with the coronavirus outbreak, many parts of the country have suffered from an increase in natural disasters or mass shootings. The final rule revision acknowledges this wide spectrum of emergencies. If there is an event that activates a hospital’s emergency plan, that facility is exempt from holding its annual mock disaster drill for one year following the incident, provided it has written documentation. If a hospital activates its emergency plan twice in one year, it is exempt from both the mock disaster drill and tabletop exercise for one year following the actual events. Again, written documentation of these events and procedures is required.

Maintain Compliance with CMS

Being compliant with the September 30, 2019 final rule is a requirement for your facility’s Condition of Participation (CoP) / Condition for Certification (CfC) with CMS. Failure to comply, even during a pandemic, could thus have significant impact on your organization. The youCompli compliance management software is a powerful tool to help mitigate risk and enable your hospital to effectively implement these, and many other, regulatory requirements. The software is easy to use and quick to deploy, and can be a powerful means to drive efficiencies through your compliance department.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

For Hospitals, Climate Change Compliance Pays. Literally.

Hospitals nationwide are trying to recover from what AHA president Rick Pollack calls a “triple whammy.” Between “increased expenses incurred in…caring for the COVID patients,” “the decreased revenues” from “having shut down regular operations in terms of scheduled procedures,” and “the increased number of uninsured,” it’s probably no surprise that, according to AHA estimates, US hospitals are losing as much as $50 billion a month.

What is surprising, though, is how hospitals are offsetting some of those losses — to the tune of tens or hundreds of thousands of dollars a year — with significant savings from climate change sustainability. In principle, this boils down to cutting waste — wasted food, wasted paper, red bag waste, wasted electricity — and associated disposal costs.

Climate change regulations are complex, and are likely to change over time, as climate change becomes a more serious issue for regulators. Establishing a program now that fits within existing regulations, has potential to grow, and will support the hospital’s budget needs — all without violating other compliance requirements — is a significant win for compliance professionals.

As these examples show, there are opportunities now to reduce your climate risk, save money, and stay compliant:

Reduced Consumption

ORs and Medical Waste

  • ORs account for 20-30% of a hospital’s total waste, up to 60% of its medical waste, and about a third of its expenses. By lowering the number of air exchanges per hour (ACH) from 25 to 20 (the federal and state required minimum) between surgical procedures, the Cleveland Clinic saves $250,000 a year.
  • Health Partners’ waste reduction and recycling program has diverted 793,000 pounds from the ORs of all its hospitals.
  • By removing 91,753 pounds of instruments from the reprocessing cycle, Dartmouth Hitchcock Medical Center saved almost $1.5 million.
  • Seattle’s Virginia Mason Medical Center cut supply costs by over $3 million in three years by switching to reprocessed medical devices.

Implications for Compliance

Selling these savings to the executive board is easy. Savings like these don’t just go once to your bottom line. They stay there, year after year. What’s more, they can increase your property value by as much as eight times your investment. Reducing energy use can also earn you federal tax reductions and refunds, state matching grants, and electric utility rebates.

From a compliance standpoint, the obvious concern is whether implementing these changes to green your organization will have negative impacts on your exposure to compliance risk. And that’s a big challenge to overcome. What you need is a way get clear insight into what regulations require, and what environmentally-focused options are available.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

COVID-19 Testing: New Federal Clarifications for Employers

You’ve probably heard of recent federal legislation affecting insurance coverage for COVID-19 testing and related services, such as the Families First Coronavirus Response (Families First) Act and the Coronavirus Aid, Relief, and Economic Security (CARES) Act.

The federal government has taken steps to require certain kinds of insurance plans to provide coverage for testing (and related services) without cost-sharing, prior authorizations, or other medical management requirements.

New Guidance Issued

On June 23, three federal departments — the Department of Health and Human Services (HHS), the Department of the Treasury, and the Department of Labor — issued a second round of guidance on implementing these provisions.

The Centers for Medicare & Medicaid Services (CMS) has published an FAQ specifically related to the Families First Act which contains some useful information related to this guidance. (Click here to read the full document.)

CMS has confirmed that the Families First Act does not require employers and insurers to pay for COVID-19 testing that is not used for diagnostic purposes. This includes back to work purposes or general screening. And there are no exceptions for the uninsured or those receiving Medicaid coverage.

In the case of diagnostic testing, the law allows for quite a broad range of coverage. Tests must be approved by HHS (which includes tests approved by the Food and Drug Administration (FDA) on an emergency or temporary basis). But as long as one of these approved tests is ordered by an attending health care provider, “where medically appropriate for the individual,” then insurers must pay for it. And that’s even if there are multiple tests ordered.

COVID-19 Tests Not Covered

However, for tests that are not for diagnostic purposes, things get more complicated. If employers require their employees to have clean COVID-19 tests before returning to work, there are basically two options, neither of which insurance is required to help with under this legislation:

  1. Pick up the tab for testing themselves, or
  2. Ask employees to either cover it (which can be very expensive) or line up at one of the free public testing sites.

Implications for Compliance

As with most of the regulatory changes related to the pandemic, the devil is in the details here. Staying up to date on the latest guidance and clarification is the only way to be sure that you are providing the correct information to the rest of your organization.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

AHA and CMS to Keep Regulatory Flexibilities in Place

COVID-19 continues to create obstacles and challenges for healthcare compliance professionals. Thriving in this environment means being agile and adaptive.

The AHA’s Requests

Last week, the American Hospital Association (AHA) asked the Centers for Medicare & Medicaid Services (CMS) to keep relaxed regulations in place. Specifically, the AHA is interested in keeping flexibility around telehealth, quality and compliance measures, and bed capacity.

The telehealth changes are ones that have been on the horizon for some time. Essentially, the AHA is asking CMS to continue to allow hospitals to provide a wide range of telehealth services, without limitations as to profession or geographic location. The AHA is also asking for flexibility on billing and payments related to telehealth to be made permanent.
More interestingly, the AHA has also asked that CMS extend regulatory relief related to some quality and patient safety regulations. These include expanding the use of verbal orders, and extending the reuse of PPE.

The AHA has also asked that CMS provide hospitals with a transition period, to allow them to more easily move from pandemic response to ordinary practice. This includes a request for temporary waivers for sanctions and penalties related to HIPAA , and flexibility on audit requirements. And, it includes a request that certain rules and requirements be delayed or suspended.

The Response From CMS

Three days after the AHA released this letter, Michael Caputo, Assistant Secretary for Public Affairs at the Department of Health and Human Services (HHS), tweeted this :


The public health emergency is currently set to expire on July 25. However, as of this writing, HHS hasn’t officially announced how long the extension will be

This means that we don’t yet know what will happen when the emergency finally does end. Will HHS give a transition period, as the AHA has requested? Will HHS continue to allow flexibility about telehealth, which they have previously indicated they would?

Staying up to date on this fluid situation is going to be a key task for compliance in the coming weeks.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More