It’s a boom time for telehealth. State and federal policies governing this new way to deliver medical care have helped expand access to it, while increasingly favorable regulatory changes are remaking the landscape for digital health companies hoping to revolutionize the field of medicine.
Yet this greater opportunity is accompanied by greater regulatory risk, especially with the significant state-to-state variation in laws governing telehealth and the nuanced interplay between state regulations and federal policies.
Policies around delivery, credentialing of providers, and informed consent offer insights into the complex and evolving telehealth landscape.
Challenges paying for telehealth
Telehealth has evolved dramatically from the first modality used for it — the telephone. The proliferation of new delivery methods enables providers to better tailor their care to patients’ unique needs and to increase patient autonomy and control. Unfortunately, state and federal policies about reimbursing clinicians for providing care via telehealth continue to vary widely, which is inhibiting its full potential.
Let’s start with traditional Medicare, because it often serves as a guide for how care is reimbursed. Traditional Medicare limits telehealth to services provided using real-time, interactive audio and video telecommunications systems. That means no store and forward technologies, such as prerecorded audio or video, email, or text messaging. Traditional Medicare also restricts the use of telehealth to rural settings, and may originate only from providers’ offices and other facilities like rural health clinics or hospitals. Importantly, a patient’s home does not qualify, even though this a key “facility” for most patients.
The Centers for Medicare and Medicaid Services finalized a rule this spring allowing Medicare Advantage plans to offer additional telehealth services as basic benefits. This so-called MA rule represents a clear move towards greater flexibility in how providers can offer telehealth benefits to beneficiaries. It permits the use of an “electronic exchange,” essentially a catch-all term. Instead of providing a comprehensive list of modalities, the MA rule instead opted to provide a non-exhaustive list of examples of electronic information and telecommunications technology such as secure messaging, store and forward technologies, videoconferencing, and other Internet-enabled technologies in order to achieve flexibility in accommodating future technological advances.
State laws have uniformly moved away from restricting telehealth use to rural or underserved areas with respect to state Medicaid programs, but still limit the types of facilities that may act as originating sites, and often exclude patients’ homes. In addition to defeating one of the advantages of telehealth — convenience — this restriction means that clinicians are not reimbursed for remote patient management, an increasingly important method of health care delivery that enables a provider to remotely monitor vital signs and other biomarkers such as blood sugar or weight. That’s unfortunate, since many patients with chronic conditions could benefit from being monitored at home, and this particular use of telehealth is recognized as one of the most effective and cost-efficient methods of advancing patient outcomes and safety.
Interestingly, Medicare does not consider remote patient management to be a type of telehealth, and so isn’t subject to originating site restrictions. Recognizing that, CMS this year finalized new reimbursement codes for remote patient monitoring.
The divergence between Medicare and state laws, which govern Medicaid, reflects how nuanced differences in defining telehealth or the ways lawmakers have accounted for various technological approaches have led to significant differences in reimbursement and access across states and payers.
Regulatory policies at the state level offer other challenges for telehealth companies. For example, 11 states specifically reimburse providers for engaging in store and forward communications. Other states either do not directly address this type of communication or specifically define telehealth and/or telemedicine as services that must be delivered in “real time.”
Some states have required real-time communication to protect the integrity of the patient-doctor relationship or to help prevent misunderstandings between physicians and patients. In other states, laws affecting reimbursement by both Medicaid and private payers conceive of telehealth narrowly, making modalities like store and forward technologies and mobile health apps not reimbursable. It’s likely that in some of these states the legislature did not intend to prohibit certain forms of telehealth, but instead defined it too specifically, precluding new modalities that do not technically fit the original definition.
Credentialing can be problematic
The intersections of federal and state policies on telehealth amplify the complexity of this field in the context of credentialing.
Physicians and other health care practitioners must provide state medical boards, insurers, and others documentation of their education and training. This process was relatively straightforward in the pre-telehealth era, with the vast majority of clinicians seeking credentials in the state in which they live and practice. With the advent of telehealth, a physician in California can provide care for a patient in Maine.
Because provider credentialing is a state-by-state concern, it presents unique challenges in telehealth, which seeks to reduce geographic barriers to health care. At present, 29 states, the District of Columbia, and the territory of Guam have adopted the Interstate Medical Licensure Compact. It streamlines the ability of physicians with a valid license in one of the compact states to perform services remotely in another compact state. Interstate licensing compacts for other provider groups, such as nurses, are also expanding among the states.
Separately, nine state medical boards permit out-of-state providers to deliver care via telemedicine in a state where he or she is not located, or allow a clinician to do that if certain conditions are met, such as agreeing not to open an office or physically practice medicine in the state. Proposed rules in other states seek to lower barriers to telehealth, but vary in their approaches. While there is a clear trend toward reducing the role of credentialing as a barrier to access, the landscape remains complex.
Under the MA Rule, a provider who treats a patient via telehealth must also allow the patient to receive the same treatment in person. But that telehealth provider might not be permitted to see the patient in his or her state of residence because the care is being provided across state lines, meaning the patient would have to see a different provider, which could be less than optimal. Outcomes such as this require careful planning to ensure that effective care can still be delivered without incurring liability for regulatory violations.
Streamlining consent procedures
Informed consent is one of the bedrocks of modern medicine. It explains the services a provider offers as well as the benefits and risks associated with treatment. In traditional face-to-face health care, patients typically sign consent agreements. Telehealth informed consent builds on the same premise, but focuses on ensuring that the patient understands not just the benefits and risks of treatment but also understands the medium through which care is provided.
State laws typically drive the requirement to obtain adequate informed consent. It is also influenced by professional guidelines and, when patients use commercial digital health platforms to access telehealth providers, the Federal Trade Commission’s expectations about informed consent may also come into play.
State legislatures around the country have passed telehealth-related informed consent laws in order to balance the advantages of telehealth with concerns that its proliferation may erode the doctor-patient relationship and threaten patient privacy and quality of care. To date, nearly 40 states have informed consent requirements specifically related to telehealth in their statutes, administrative codes, or Medicaid policies. These requirements vary significantly between states: Some apply specifically to the state’s Medicaid program while others apply to all telehealth services provided in the state regardless of who is paying for it. Like the MA Rule, consent requirements in a number of states also require the provider to inform patients that they may opt to receive services in person.
A number of states rely on guidelines promulgated by the American Medical Association to govern the adequacy of informed consents. The AMA’s telehealth policy states that physicians have a duty to disclose any financial interests they may have in the telemedicine application they are using. The AMA’s policy, which most state medical boards rely on, is likely to become of increasing importance as digital health platforms are used in more and more physician practices and settings.
Given the role that commercial digital health platforms play in telehealth, consent and transparency are key areas in which there has been significant enforcement activity by the FTC and some state attorneys general. With its authority to enforce federal law prohibiting unfair and deceptive business practices, the FTC has been highly active in ensuring that health care technology companies obtain adequate consent and provide meaningful disclosure of their business and privacy practices, especially when there is exchange of sensitive data.
Telehealth is experiencing a level of growth and penetration that will greatly transform the delivery of health care. The breadth of applications and modalities already in use, not to mention those under development, combined with a complex and sometimes confusing regulatory climate, present challenges for providers, payers, and digital health companies.
Consensus around the benefits and risks of telehealth may help unify new regulation and standards, but the path to that future isn’t clear. Until then, those interested in the continued expansion of telehealth must continue balancing the numerous and overlapping approaches in state and federal laws and regulations.
Linda A. Malek is chair of the health care and privacy and cybersecurity practices at Moses & Singer LLP in New York. Khaled Mowad is an associate in the firm’s health care practice.
Editor’s note: The article was updated to include CMS’s new reimbursement codes for remote patient monitoring.