How the COVID-19 Crisis has Advanced the use of Telehealth

The coronavirus pandemic has dramatically changed the way health care providers care for their patients. Although telehealth has been available for many years, it has not been widely adopted for reasons related to the way telehealth services are reimbursed, federal and state privacy and security requirements, and financial or technical constraints. However, the emergency response to the current crisis has led clinicians to quickly operationalize their telehealth capabilities to care for their patients while adhering to shelter-in-place guidelines. With virtual health care rapidly becoming the new normal, health systems will need to make informed decisions about how to balance the use of telehealth with in-person encounters, while policy makers will need to consider policy and regulatory changes that may need to be made to support the long-term sustainability of telehealth.

Health systems across the country have been urged to rapidly transition to telehealth when possible to prevent the spread of coronavirus. NYU Langone Health, a New York City-based health system that rarely used telehealth prior to the pandemic, went from zero to 5,500 telehealth visits within two weeks.[1] Kaiser Permanente is averaging 65,000 telehealth encounters per day as a result of the expansion.[2]  Telehealth has proven useful during the pandemic in many ways: urgent care centers are conducting assessments remotely for people who are symptomatic and recovering at home; individuals with chronic diseases are managing their conditions with their primary care providers in real-time; and health technology firms are rapidly advancing the development and deployment of tools to support at-home care, such as remote heart and glucose monitors, home lab testing, and app-based health tracking software. This dramatic uptick has been propelled by changes at the federal level to reimburse providers for services, allow telehealth care between states, and relax Health Insurance Portability and Accountability Act (HIPAA) regulations around technology use.[3]

Prior to the pandemic, significant regulatory and legislative barriers made telehealth adoption difficult. In 1997 Congress made telehealth a reimbursable service under Medicare, Medicaid, and the Children’s Health Insurance Program but only in limited circumstances: a patient had to be geographically located in an underserved rural area and the encounter could not take place inside a person’s home. Additionally, interstate licensure has been a barrier because most states require physicians to be licensed in the state where they are practicing medicine. In March of this year the Centers for Medicare and Medicaid Services (CMS) issued temporary policy measures to make it easier for individuals to receive medical care through telehealth during the COVID-19 public health emergency. These changes allow providers to:

  • Conduct telehealth with patients located in their homes and outside of designated rural areas;
  • Practice remote care, even across state lines, through telehealth;
  • Deliver care to both established and new patients through telehealth; and
  • Bill for telehealth services (both video and audio-only) as if they were provided in person[4]

The types of telehealth services covered by Medicare have also been temporarily expanded to include evaluation and management visits provided in inpatient, emergency department, and nursing facility settings, as well as in the patient’s home; certain physical, occupational, and speech therapy services, and psychiatric evaluations and visits. The full list of reimbursable telehealth services is on the CMS website.

At the same time, the U.S. Department of Health and Human Services (HHS) issued a notification of enforcement discretion to allow HIPAA-covered health care providers to use remote communications technologies that may not fully comply with HIPAA privacy and security requirements. During the national and public health emergency, HHS’ Office for Civil Rights will not impose penalties for noncompliance with the regulatory requirements under HIPAA in connection with the “good faith provision of telehealth.” Popular applications that were previously not considered fully compliant with HIPAA that are now permitted include Apple FaceTime, Facebook Messenger, Google Hangouts, Zoom, and Skype; public facing applications such as Facebook Live, Twitch, and TikTok are still prohibited.[5] While the waiver has offered providers more flexibility, the temporary nature of this waiver, along with a lack of clear guidance on which applications and/or services are approved or not, can be extremely challenging for providers to navigate, particularly for smaller physician practices.

Although these changes are temporary, health care leaders are hopeful that the trend will continue in the current, positive direction. During a May 26th press conference, CMS and the Trump Administration signaled that some of the policy changes may become permanent, stating that the president “has made it clear that he wants to explore extending telehealth benefits more widely.”[6]  If some of the temporary measures are made permanent, it will go a long way to address the challenges noted above with the current waiver. In addition to looking to Congress to pass legislation to make certain changes permanent, policymakers will need to carefully balance the benefits with unresolved privacy and security risks and ensure that existing protections in HIPAA are not undermined. Long before the current crisis, privacy and security concerns plagued telehealth technology, particularly lack of controls or limits on the collection, use, and disclosure of personal information. Even as providers and consumers are becoming accustomed to video chatting, platforms such as Zoom have recently come under fire for their lax security controls.[7] More oversight of approved telehealth tools and a comprehensive regulatory framework will be needed to bolster trust and confidence among consumers, health care providers, and privacy advocates.

Another critical factor for consideration is populations of people for whom telehealth might not be appropriate. A recent poll suggests that there still are limitations for remote monitoring among people ages 65 and older. While the majority of them say they have a computer, smart phone or tablet with internet access at home, only 11% have used a device to talk by video to a doctor or health care provider within a two-week period.[8] Patients with mental health, addition or abuse problems may not have a safe and confidential place for virtual visits. Older people of color and those with low socioeconomic status, which recent data has shown are at higher risk of health complications due to COVID-19, experience barriers to telehealth including lack of technology, digital literacy and a reliable internet.[9] If the impact of telehealth on different populations is not carefully studied, there is a risk of negatively impacting quality of care and exacerbating health inequities in our society.

To understand the impact of telehealth with the interventions and short-term policy measures that are currently in place, a structured series of data will need to be established as well as training for clinicians on how to capture this data will be needed. Zeke Silva, M.D., Medical Director of Radiology at Methodist Texsan Hospital, says:

“We are living through one of the largest telehealth pilot studies in history. 6, 12, 18 months from now, we will look back on this time to objectively evaluate what worked and didn’t work. And why. The quality of our interactions, patient experience, outcomes and documentation will be an important part of that analysis.”[10]

The rapid adoption of telehealth is another example of how policymakers and health care and community systems in this country have responded to the pandemic in a remarkable way. COVID-19 will have a long-lasting impact on the role of telehealth in our health care system. With the current ability to capture, share and analyze data, we should leverage this unprecedented opportunity to determine what that will look like in the future while ensuring the appropriate data protections are in place to foster trust and support long-term sustainability.

 

 

[1] Becker’s Hospital Review. “NYU Langone rapidly expands virtual care amid ‘explosion’ of COVID-19 pandemic in New York.” 2020: https://www.beckershospitalreview.com/telehealth/nyu-langone-rapidly-expands-virtual-care-amid-explosion-of-covid-19-pandemic-in-new-york.html.

[2] Becker’s Hospital Review. “Troubleshooting the rapid growth of telehealth, data-sharing during COVID-19: Key insights from Kaiser Permanente & Keck Medicine of USC.” 2020: https://www.beckershospitalreview.com/telehealth/troubleshooting-the-rapid-growth-of-telehealth-data-sharing-during-covid-19-key-insights-from-kaiser-permanente-keck-medicine-of-usc.html

[3] Jercich, Kat. “Telehealth’s post-COVID challenges: Integrating in-person care.” 2020. https://www.healthcareitnews.com/news/telehealths-post-covid-challenge-integrating-person-care

[4] https://www.hhs.gov/coronavirus/telehealth/index.html#waivers

[5] https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html

[6] https://www.beckershospitalreview.com/telehealth/some-temporary-telehealth-provisions-will-become-permanent-cms-chief-says.html

[7] https://www.forbes.com/sites/kateoflahertyuk/2020/06/05/zooms-security-nightmare-just-got-worse-but-heres-the-reality/#586628dc2131

[8] Cubanski, Juliette. “During the COVID-19 Emergency.” 2020: https://www.kff.org/coronavirus-policy-watch/possibilities-and-limits-of-telehealth-for-older-adults-during-the-covid-19-emergency/

[9] Velasquez, D. Mehrotra, A. “Ensuring The Growth Of Telehealth During COVID-19 Does Not Exacerbate Disparities In Care.” 2020: https://www.healthaffairs.org/do/10.1377/hblog20200505.591306/full/

[10] Silva, Zeke. “Telemedicine amid COVID-19.” AMA Physician Innovation Network Discussion. 2020: https://innovationmatch.ama-assn.org/groups/ama-physician-innovation-network-public-area/discussions/Telemedicine-amid-COVID-19.

 

Privacy and the Pandemic: Part 1

 

For nearly 20 years, the Health Insurance Portability and Accountability Act (HIPAA) has carefully protected the privacy of individual’s health information, while still promoting appropriate data sharing and communications among health care providers. In previous posts we have talked about the importance of data in the response to the COVID-19 crisis – data must be made available when and where it is needed to support patient care and public health activities. While privacy remains a top concern in healthcare, this is an unprecedented time for our country and our health care system is being challenged in new ways. If entities subject to HIPAA are constrained in their ability to share critical data or they are worried about penalties for non-compliance, then the effectiveness of that data is diminished.

Although the HIPAA Privacy Rule is not suspended during the current public health and national emergencies, the HHS Office for Civil rights (OCR) is committed to “empowering medical providers to serve patients wherever they are during this national public health emergency.”[1] A critical part of the response is ensuring data is made available to support public health activities. The HIPAA Privacy Rule already allows certain information to be shared to assist in nationwide public health emergencies, as well as to assist patients in receiving the care they need. It also gives patient’s certain rights regarding how their information can be used and shared.

To ensure the flow of data is not impeded, the US Department of Health and Human Services has exercised its authority to waive sanctions and penalties for non-compliance with certain provisions of the HIPAA Privacy Rule by covered entities and their business associates. The enforcement discretion does not extend to any obligations under the HIPAA Security or Breach Notification Rules, but it does free providers from the added stress of navigating complex legal and operational requirements so they can focus on providing care to impacted individuals, communities, and slowing the spread of COVID-19. 

Limited Waiver of HIPAA Sanctions and Penalties During a Nationwide Public Health Emergency

Enforcement Discretion for Business Associates

Enforcement Discretion for Community-Based Testing Sites

To learn more about HIPAA and COVID-19, including updated guidance for HIPAA covered entities and business associates, visit the OCR website.

In future posts, we will explore in greater detail how the government and technology sectors are working together to flatten the curve while still protecting individual rights to privacy. We will also share how the current crisis is helping to remove roadblocks related to telehealth and sharing sensitive information such as substance use disorder treatment records. Often in times of crisis, opportunities emerge to create long-lasting positive change. Hopefully this crisis is no different and the health care community can rally together to focus less on when and how data can’t be shared and instead focus on “getting to yes”.

[1] https://www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf]