Tips for Providers to Avoid Telehealth Compliance Risk
One of the more unanticipated consequences of the CoVID-19 pandemic is the rapid shift to telehealth by health care providers. Before the surge of CoVID-19, the Centers for Medicare and Medicaid Services (CMS) limited Medicare reimbursements for virtual services to a narrow set of circumstances, which typically still required the patient to leave his or her home to receive the services.
The rapid onset of CoVID-19, the resulting public health emergency, and the passage of the Coronavirus Assistance, Relief, and Economic Security Act has led the Secretary of HHS to utilize the waiver authority granted under Section 1135 of the Social Security Act to permit CMS to expand the permissible range of virtual services that qualify for federal reimbursement. Now, Medicare beneficiaries can generally utilize (and providers can bill for) telehealth services regardless of zip code and, perhaps more importantly, can receive these services in their homes.
The change is a net positive for physicians and patients—patients can continue to receive treatment without being exposed to other potentially infected individuals, while physicians can maintain continuity of care and preserve the financial health of their practice. However, while the guidelines have been relaxed, CMS and the Office of Inspector General of the Department of Health and Human Services (“OIG”) have issued specific guidance regarding the provision of, and submission of claims for, these services by health care providers. Given the potential for abuse in this area, the likelihood of enhanced scrutiny by CMS and OIG is great. Accordingly, providers must be cautious and ensure that the CMS and OIG guidance is carefully followed in submitting claims for services rendered and should maintain detailed records to substantiate any telemedicine claims submitted under these relaxed standards
Changes to the Telehealth Landscape
Before the CoVID-19 pandemic, CMS authorized telehealth claims in very limited circumstances. Medicare patients living in a designated rural area with limited access to care providers could see participating professionals, but Medicare required the patient to travel to a local health care facility for the virtual appointment. (The requirements for telehealth services are set forth in 42 U.S.C. Section 35m, “Special payment rules for particular items and services,” specifically at subsection (m), “Payment for Telehealth Services.”) CMS also authorized Medicare reimbursement for certain patient-initiated communications, including virtual Check-Ins, where patients initiate communication with an existing provider. Finally, Medicare Part B also allowed reimbursement for “e-visits,” where patients initiated a virtual, non-face-to-face visit with an established provider through an online patient portal.
On March 6, CMS invoked its waiver authority under Section 1135 of the Social Security Act (Section 135), and authorized participating providers to offer a more comprehensive suite of services to Medicare patients. CMS recognized that there was an “urgency to expand the use of technology” to provide routine medical care, and to “keep vulnerable beneficiaries … in their homes while maintaining access to the care they need.” To address these concerns, CMS has temporarily authorized participating providers to bill Medicare for telehealth visits, virtual check-ins, and e-visits.
Under the temporary rules, CMS will reimburse participating providers for any virtual services rendered to a patient, if the services replicate those normally performed in a hospital or office setting. The initial guidance indicated that Medicare coinsurance and deductibles would generally apply to these visits, but on March 17, the Office of Inspector General (OIG) for the Department of Health and Human Services authorized providers that reducing or waiving cost-sharing arrangements during the pandemic will not result in administrative sanctions. Importantly, though, the policy does not require providers to waive co-payments and deductibles, and providers remain free to apply and collect these charges from beneficiaries. The OIG also indicated that the waiver of co-payments will not be considered, absent other evidence, as an inducement in violation of the federal Anti-Kickback statute, 42 U.S.C. § 1320a-7b(b).
For reimbursement of a telehealth visit, the patient must use an interactive audio and video telecommunications system that allows for real-time communication with the provider, but CMS now allows the service to occur in the patient’s home. If the patient does not have audio and visual equipment, the provider must instead submit the visit as a virtual check-in or an e-visit, as described below. Importantly, CMS has not taken a position on whether a patient must have a pre-existing relationship with the provider to request a telehealth visit. Instead, CMS has indicated that, to the extent “the 1135 waiver requires an established relationship,” it will not conduct audits “to ensure that such a prior relationship existed for claims submitted during [the CoVID-19] public health emergency.”
CMS defines a virtual check-in as a brief conversation, lasting between five and ten minutes, between an established patient and a participating Medicare provider. The primary purpose is to determine if the patient requires an office visit or other additional services. But unlike a telehealth visit, CMS has determined that a virtual check-in requires a pre-existing relationship between the provider and the patient. Notably, while physicians may initiate a virtual check-in with an existing patient, the physician must receive the verbal consent from the patient for the service, before submitting a reimbursement claim. The check-in may be conducted by phone, and if a patient submits a question, the practitioner may request consent to submit a claim for reimbursement by e-mail, audio, video, secure text messaging, or the use of a patient portal. However, reimbursement is not permitted if the check-in relates to an in-person visit within the previous seven days, or results in an appointment in person within twenty-four hours.
CMS defines an e-visit as a non face-to-face communication between a provider and a patient, initiated at the patient’s request. Reimbursement requires (1) that the provider and the patient have an established relationship, (2) that the patient, rather than the provider, request the service, and (3) that the communication take place using an online portal. But CMS does allow the provider to “educate” the patient on the availability of the service, prior to patient initiation. Unlike telehealth visits and virtual check-ins, e-visits are billed in cumulative time units over a rolling seven-day period, and can also include services by physical therapists, occupational therapists, speech pathologists, and clinical psychologists.
The CoVID-related changes to the virtual healthcare landscape offer tantalizing opportunity for physicians facing financial shortfalls due to state-issued stay-at-home orders and offer Medicare patients the opportunity to address health care concerns without risking infection. But practitioners must be cautious in implementing the relaxed standards for telehealth visits, virtual check-ins, and e-visits, and ensure that all relevant guidance is followed, specifically:
For providers seeking to on-board new patients during the CoVID-19 pandemic, the requirements for virtual check-ins and e-visits suggest that the first virtual appointment with a new patient should always be a telehealth visit, scheduled by the patient. If practitioners deviate from this guidance, it will be a simple exercise for investigators to review claims data to determine if the first service provided to a new patient was billed as a virtual check-in or e-visit.
When utilizing billing codes that include a face-to-face time component (including CPT range 99201-99215, which is cited in the CMS guidance as common telehealth service codes), providers should be especially wary of which code is used and should not generally utilize a code that provides a time period that exceeds the time actually spent. As most devices (on both the provider and patient side) have the ability to track the duration of a call or video session, this is another area where investigators would be able to determine with relatively minimal effort if the billing code utilized included a typical face-to-face time that exceeded the actual time spent.
Although the OIG policy statement indicates that the waiver of co-insurance and deductibles will not “result in OIG administrative sanctions,” it does not change the OIG’s (and the Department of Justice’s) established view that such waivers are, as a general rule, inducements that violate the Anti-Kickback Statute. Accordingly, practitioners should not advertise that they are waiving these costs as a mechanism to attract new patients, or to attract existing patients to utilize these services, as these actions likely fall outside of the policy statement and could result in government scrutiny.
Practitioners must ensure that the medium of communication used with the patient corresponds to the requirements set forth by CMS. For example, if an existing patient does not have audio/video capability, submitting a reimbursement claim for a telehealth visit would be impermissible. Similarly, if a provider does not have access to a “patient portal” —a phrase that CMS has yet to clearly define—the provider should not seek reimbursement for an e-visit. Rigid adherence to these guidelines will help ensure that providers capitalize on new opportunities to serve patients, without risking civil or criminal liability. Again, this is an area where an investigator could very easily determine if the requirements are met, such as reviewing a provider’s patient portal setup, or interviewing a beneficiary to determine if he or she has a device that has both audio and video capability (and service to support that capability), and that the visit actually utilized that capability.
If practicable, providers should document in detail the specifics of the services provided, including information such as how the service was initiated, what audio/video mechanisms were utilized, and (if applicable) the duration of the face-to-face portion of the service. While such documentation may not be required, maintenance of such records – as long as they are accurate – will go a long way in demonstrating knowledge of, and good faith efforts to comply with, the applicable requirements in the event there is ever an audit or other government scrutiny.
And, as a final note, remember that the government often initiates investigations or audits by running data and looking for outliers (known as data mining). If a provider, or his or her practice, is billing these services on an order of magnitude several times higher than other similarly situation practices, scrutiny is likely. Accordingly, in those situations where a practice group may have an especially robust practice that has significantly expanded its capabilities to offer, provide, and bill for these telehealth services, it is even more critical that such a practice take steps to ensure that is not running afoul of the guidance and can substantiate its efforts to comply.