Chris Eades

Reimbursement for Remote Patient Monitoring in Virtual Care

Reimbursement for Remote Patient Monitoring

Hall Render Shareholders Chris Eades and Regan Tankersley discuss Medicare reimbursement considerations for remote patient monitoring as a part of virtual care.

Podcast Participants

Chris Eades

Attorney, Hall Render

Regan Tankersley

Attorney, Hall Render

Chris Eades: Hello, and welcome to Hall Render’s Virtual Care Podcast Series. Today’s focus will be Medicare reimbursement or remote patient monitoring services. My name is Chris Eades. I’m a shareholder here at Hall Render and a member of our firm’s virtual care team. I’m joined today by my fellow shareholder, Regan Tankersley, who focuses her practice on Medicare reimbursement, both in the context of traditional in-person services, but also virtual care services or telehealth services.

Chris Eades: Regan, thanks for joining us. Before we dive in, maybe tell us a little more about your individual practice.

Regan Tankersley: Yes, thank you. I am in my 19th year of practice as a healthcare regulatory attorney focusing on Medicare and Medicaid payment issues and regulatory compliance.

Chris Eades: Great. Well, Regan, so a hot topic in the realm of virtual care has been remote patient monitoring or remote physiologic monitoring, whichever term we want to use, for a number of reasons. It’s one of those areas where we have seen some permanent change already in the way of expanded reimbursement. It’s certainly an area that seems to mesh nicely with the concept of clinical integration and value-based care. Of course with technology and the advancements we see there, there’s simply a lot out there that we can do to potentially manage patients in a more efficient manner and in a more complete manner.

Chris Eades: So, it is a big topic and really the reason we wanted to kind of level set in terms of where we’ve been in the recent past and where we are today with reimbursement, specifically Medicare reimbursement. It’s also one of those many areas that you and I have discussed where we see competing definitions and concepts, right?

Regan Tankersley: Right.

Chris Eades: So, you and I often talk about the need for healthcare providers to understand there’s kind of the reimbursement side of the coin, all of the rules that apply to telehealth and other technology-based services that are specific to whether and how you can be compensated, and then of course there’s the professional side of the coin in terms of whether you can use these technologies to begin with to render care. If so, what do you need to do?

Chris Eades: So I mention that, right, because of course there are state to state different definitions and rules in terms of remote patient monitoring. We don’t want to lose sight of the fact that those concepts are out there and that we have to pay attention to them, but of course reimbursement is huge. It’s traditionally been the largest obstacle to providing these types of services, and so we did want to drill down more specifically on, again, where we are and where we may be headed with reimbursement in this area. So, I’m going to stop there and maybe, Regan, ask you to comment on whether or not Medicare has a definition that is specific to RPM.

Regan Tankersley: So from a Medicare reimbursement standpoint, RPM services are going to be described by those certain CPT codes that Medicare developed a payment rate for a few years back. I want to say 2018, but I know it’s within the last few years, prior to COVID, prior to the public health emergency. So from my perspective, I like to make the distinction, because we’ve seen a lot with the terminology between telemedicine, telehealth, virtual care, RPM services are paid for by Medicare under Part B.

Regan Tankersley: They are not true telehealth services as defined by the statute, by the Social Security Act that has a very narrow and discreet definition. An 1834(m) of the Social Security Act as to telehealth services, which are professional services rendered by physicians, mid-levels, eligible practitioners to provide those professional telehealth visits, consults, et cetera. RPM are not telehealth in that definition, you will not see those CPT codes listed on the Medicare list of covered telehealth services, they are just fee schedule-based services.

Regan Tankersley: I have to look into it on the hospital side, but on the physician fee schedule side, they’re paid for under the fee schedule. There are certain CPT code descriptors to describe different components of RPM, whether it’s the initial setup, whether it’s the data collection, whether it’s the interaction between the healthcare provider and the patient. So, I want to make sure people kind of understand that there may be some flexibilities during the public health emergency as to how RPM services can be provided and billed, but these services have been covered and paid by Medicare prior to the public health emergency.

Chris Eades: Got it. That’s an interesting point and an important point, right, because many of the state definitions that I alluded to would capture RPM as a defined telehealth service or a defined telemedicine service, depending upon what terminology the state uses. But as you point out, even though we think of RPM in a lot of ways as telehealth or telemedicine, technically it does not fall within the definition of telehealth for purposes of Medicare.

Regan Tankersley: Correct.

Chris Eades: So, why don’t we kind of touch base briefly about where we were with RPM just prior to the pandemic, because it was one of those areas in kind of the larger area of virtual care where we had seen some expansion. Let’s just kind of touch base in terms of where we were initially pre-pandemic.

Regan Tankersley: Right. So because of the nature of those services, they’re not an in-person visit with a Medicare beneficiary. So when Medicare developed payment rates to recognize that there’s a benefit to being able to remotely monitor patients and certain physiologic parameters, weight, blood pressure, all of those things that can be monitored remotely. Because of that non-face-to-face aspect to it, there was a requirement that the patient had to be an established patient of the billing practitioner who was going to be providing and billing for the RPM services, and there had to be consent obtained prior to initiation of those services.

Regan Tankersley: Those are all beneficiary protection measures, because they’re not there face-to-face with their practitioner, so it did require established patient and consent to be in place prior to the public health emergency. There’s been some flexibility because of COVID that Medicare is allowing during the public health emergency that the patient does not have to be an established patient prior to providing RPM services, and that the consent for the RPM services can be given at the time of that initial contact with the patient.

Regan Tankersley: So, those are the flexibilities that we’ve seen during COVID. There was also a flexibility related to one of the CPT codes that required a certain number of data to be collected and reported prior to being able to bill for that code once every 30 days. There’s been then some flexibility there during the public health emergency as it relates to patients’ beneficiaries with COVID or suspected COVID.

Chris Eades: So Regan, pre-COVID, pre-pandemic, was there flexibility to use RPM for both chronic care management and acute patient care, or was it only the former?

Regan Tankersley: I believe initially it was focused on chronic conditions, but there has been some policy clarification since COVID and part of the interim final rule flexibility recognizing that RPM services can be provided for acute care. Which is how you got that flexibility related to patients with COVID. That’s an acute condition, not a chronic condition. Then there’s been some policy clarification I believe moving forward that recognizes the utility and the value in those services, not just for chronic, but also acute.

Chris Eades: Then even pretty recently during the pandemic, this is one of the areas where we’ve actually seen some permanent change, right? We had kind of the rules pre-pandemic, we had some of the flexibilities that you mentioned in response to COVID, and then we actually saw some permanent change at the very end of 2020. What did that permanent change involve in terms of RPM flexibilities?

Regan Tankersley: Yeah. So part of the interim final rule flexibility, as we noted the consent and the established patient. So moving forward, Medicare has clarified through the traditional fee schedule notice and comment rulemaking, that moving forward the permanent changes after COVID will be that that consent that had talked about before that had to be obtained prior to these services being initiated can be obtained at the time of the services being initiated.

Regan Tankersley: That is a new permanent policy change, but CMS also clarified that post-COVID-19, post-pandemic, it is going to have to be an established patient relationship to provide those RPM services. So there’s been some clarification made, but the one really permanent change that they recognized on the consent issue. I think it’s important to realize too with remote patient monitoring, patient services, there’s lots of different devices that can collect data.

Regan Tankersley: I mean, my Fitbit collects all kinds of data, heart rate and your oxygen saturation, but for purposes of these defined terms and CPT codes for Medicare coverage purposes, it has to be a type of device providing the data that meets the FDA definition of a medical device. The data has to be sent automatically, collected and sent automatically to whoever the practitioner is providing the RPM services, it can’t be self-reported.

Regan Tankersley: So, it’s not a free for all. I mean, there’s still some coverage restrictions there related to the type of devices and the interaction that has to occur between the beneficiary and the billing provider for the codes that allow for the communication part to be built.

Chris Eades: Gotcha. How many days per month does the device need to monitor and report data?

Regan Tankersley: It’s at least 16 out of 30 under normal conditions. Again, there’s that limited exception during the public health emergency for patients with or suspected COVID that you can collect data less than 16 days and still report that CPT code that represents the data collection part of the service.

Chris Eades: Okay, so it sounds like then post-date of emergency, even with the permanent changes we’ve seen, that the two areas that will revert back, so to speak, would be, one, that RPM must involve an established patient. Then two, the exception that you just mentioned related to COVID treatment obviously would not apply at that point.

Regan Tankersley: Correct.

Chris Eades: So do we have any indication, Regan, in terms of where we’re headed next with RPM? Do we expect that we will see more permanent change or maybe additional flexibility? Is there any intel on that piece?

Regan Tankersley: I think as CMS continues to provide coverage and pay for these services, they’ll continue to monitor and collect data as to the utility. I mean, obviously I think the benefit of this type of data is that to be able to track patients for chronic and some acute conditions to hopefully provide for better health outcomes and to be able to treat patients sooner based on collecting that data that can be transmitted remotely, it’ll be interesting to see if there are permanent statutory changes made under the telehealth statute.

Regan Tankersley: For example, if going back to the original coverage for RPM services after the public health emergency, there has to be an established patient relationship. Well, can we establish that patient relationship through an initial telehealth visit? Part of that will go to are we going to have some flexibility following the public health emergency [inaudible 00:12:16] to the geographic limitation. That would really expand the ability to have that initial visit and establish a patient prior to establishing an RPM service for the program for those patients. Again, that’ll depend on whether we see a statutory change to the telehealth provisions.

Regan Tankersley: We’re already seeing sort of these RPM companies pop up, because part of the policy clarification with remote patient monitoring is that you can have auxiliary staff performing these services, but under the Medicare Incident-to regulation of services of auxiliary staff have to be directly supervised. RPM is a general supervision standard and CMS has clarified that you can contract with auxiliary personnel to provide the services.

Regan Tankersley: So, we’re already seeing RPM companies coming to physician practices with an RPM program to provide all of the technological support, all of the monitoring, and then providing the support then for the practitioner or their staff to be able to do the interactive communication parts of those services described by that codes. So you might start seeing more of [inaudible 00:13:24] industry pop-up to be able to support it to think about, one, for a data center entity.

Regan Tankersley: If we have some of these contract provision for auxiliary personnel and if we’re not limited by a supervision standard, considering what we do in different locations, different states. I mean, there’s still some of those things to consider, but I can see that happening more as kind of coming to a physician practice with here contract with us, we can provide the services for you so you can provide them to your patient population.

Chris Eades: Interesting. Yeah, we’ve obviously seen a lot of activity legislatively and we continue to see a high number of bills being introduced, most of them focused on reimbursement in the realm of virtual care. We’ve also seen some legislation that’s more specific to increased funding, and worth noting, I think, that we’ve seen some of that legislation be specific to remote patient monitoring.

Chris Eades: I know very recently there was some legislation introduced called the rural remote monitoring patient app, which intended to or is intended to establish a pilot grant program to support RPM in rural areas. So I think in addition to some of the rules themselves potentially changing, there’s certainly the possibility for some increased funding in this area as well that healthcare providers should be mindful of. You had mentioned, but just to emphasize. In terms of the actual technology, Regan, that can be used, what’s the threshold requirement there?

Regan Tankersley: So there has to be, one, depending on the CPT code we’re talking about, but for the data collection devices, there has to meet that definition of a medical device and it has to be able to capture and collect data and send it automatically. But as far as the codes that capture the interaction between the patient and the billing practitioner, that’s described. Then interactive communication, it has to be conversation in real-time. It’s synchronous, it’s a two-way communication.

Regan Tankersley: I believe a lot of that can be done … I mean, there aren’t the restrictions you see under telehealth regarding video, but you can use video enhancements. I think there’s another CPT code that can reflect some other type of services, but the data collection CPT codes have certain requirements, and then the communication-based codes with that interactive, that’ll have a set of requirements, and that’s going to be defined by those CPT code descriptors.

Chris Eades: Right.

Regan Tankersley: I would comment too as we’re talking about payment, my sense, and we know this from some of the committee hearings that have been going on in D.C., that if we do see some increased flexibility under telehealth, I mean, it could be a domino effect, like I just mentioned, that they end up changing the statute and moving the geographic restriction. Well, now you can provide more of these initial patient contacts via telehealth that open up the door to some of these other services like chronic care management and RPM. Will the fee-for-service system continue on or will there be some other methodology or mechanism to pay for some of these services?

Regan Tankersley: I feel like the Medicare fee-for-service system was meant to be reactionary. You’re paying for medically necessary treatment for diagnosis or treatment for people who are already sick, and I think part of these initiatives with virtual care is trying to capture this patient population and data to help provide for healthier outcomes before they get to the point that they’re really sick. Does the fee-for-service mechanism payment methodology really support that type of care? So, I think that still remains to be seen.

Chris Eades: Yeah, and going back to the earlier point that you made regarding the technology actually constituting a medical device. As simple as that sounds, we’ve certainly encountered concerns or issues in the employment setting or hospital setting where individual providers are seeking to use technology that kind of looks and feels like it’s a medical device, but in reality is not a medical device. So even though fundamental, I think it’s important to be mindful of that, that there are millions of applications out there and technology as well and wearable devices, et cetera, that do not rise to the level of medical device.

Regan Tankersley: That’s right.

Chris Eades: I also wanted to mention, you had pointed out one of the permanent changes involving the ability to obtain patient consent at the time of service, which provides some helpful flexibility. You and I field a lot of questions more generally about consent in the realm of virtual care, and so I think it’s also important with consent to keep two additional pieces in mind. One is, again, any state law specific requirements, right? So we’re talking about consent, again, for purposes of Medicare reimbursement, but RPM may be captured by a state telemedicine act, which itself has particular requirements for documented consent. So, need to remain mindful of those state law specific provisions.

Chris Eades: Then two, in a more healthcare provider specific context, quite often RPM is not the only service that you are providing electronically, right? You may be, as you pointed out earlier, providing RPM in conjunction with other types of virtual care services. So, approaching the consent process more strategically and proactively in a way to check all boxes, and also in a way for the healthcare provider to obtain a meaningful and helpful consent ahead of the time is probably a good idea and something that our providers should be mindful of.

Regan Tankersley: Well, and you raise a really good point between consent as required by state law, whether it’s in regard to telehealth telemedicine or just consent to treat, versus some of the specific Medicare coverage requirements for consent related to your ability to have coverage in both of those services, such as the RPM. So those are two those questions, but which one trumps, the federal or the state? We’ve got to comply with both.

Regan Tankersley: I mean, I think that’s just the important thing to remember is that if these certain services from a Medicare payment standpoint require a certain type of consent, we still have to comply with everything related to your state law. But I think too moving forward, I just read this article kind of on security and cyber-attacks attacking medical devices. Something kind of out there as far as whether or not what data devices you’re using to collect data, but how are we ensuring from a cyber standpoint the security of the data, making sure there isn’t any way to hack into patient accounts. So all of that, the more we do virtually, it’s going to just raise that compliance and risk level of how we’re making sure all this type of data and patient contact and information that’s being done virtually is going to be protected.

Chris Eades: Absolutely. Well, Regan, hey, thank you very much for your insight. To our audience, thanks for joining us. If you or your organization have any questions or topics that you would like to share with us, please contact us via our website at Certainly feel free to reach out to me at, or Regan, particularly if you have questions specific to reimbursement in this arena. Regan can be reached at

Chris Eades: As always, please remember that the views expressed in this podcast are those of the participants only and do not constitute legal advice. Thanks so much for joining us.

Share on linkedin
Share on twitter
Share on facebook

Virtual Care Considerations for Fraud and Abuse

Virtual Care Considerations for Fraud and Abuse 

Hall Render Shareholders Chris Eades and Ritu Cooper discuss what health care organizations should consider in regards to Fraud and Abuse issues with virtual care.

Podcast Participants

Chris Eades

Attorney, Hall Render

Ritu Kaur Cooper

Attorney, Hall Render

Chris Eades: Hello, and welcome to Hall Render’s Practical Solutions in Healthcare Podcast. This episode is part of our ongoing series called Critical Considerations for Virtual Care and we’ll be focusing on considerations for fraud and abuse.

My name is Chris Eades. I’m a shareholder here at Hall Render and a member of our firm’s virtual care team. I am joined today by one of my fellow shareholders, Ritu Cooper. Ritu is a service line leader in our healthcare compliance group, and she has particular experience with healthcare compliance related investigations, disclosures, and related matters. So really the perfect person to have available today to speak to these issues. Ritu, before we dive in, could you maybe tell us a little more about your individual practice?

Ritu Cooper: Oh sure, Chris, thanks. And thanks so much for inviting me to join you today. I’m thrilled to be able to talk to you about this topic. So yeah, as you said, I co-lead the compliance service line. I work primarily with large hospitals and health systems, large physician practice groups. I have some clients that are kind of other, that fit in that med device type space or med device adjacent. But with all of the clients, the work I do is compliance related and related to compliance with fraud and abuse laws, like Stark and Kickback and Civil Monetary Penalties laws, anything that really talks about referral sources and physicians.

As of late, probably in the last four or five years, I’ve done quite a bit of work with clients that are under CIA’s, corporate integrity agreements, and help manage all of the requirements that they need to comply with. So with that, I end up splitting my time working with compliance officers and with legal counsel. I sometimes look at myself as kind of that liaison between the two, there’s oftentimes, with a client, I might be engaged by both offices for very different projects.

Chris Eades: Perfect. So let me set the stage here a bit for our conversation today. We’ve seen a lot of headlines regarding the potential for fraud and abuse in relation to the provision of virtual care. And it’s a bit of an interesting dynamic because we saw these headlines and we saw some of these concerns well before COVID-19. The potential for fraud and abuse through virtual care was often cited, I think along with the concern for unnecessary spend as a reason maybe not to expand virtual care services, or at least facilitate expansion through just some more relaxed regulation and payment rules. And then of course, when that pandemic hit, there was just the need for virtual care, and we had to put aside some of those concerns, increase the flexibilities, and allow for the provision of care through virtual care as we’ve seen.

And so, at this point, as we ease out of the pandemic, it’s an interesting dynamic because the genie is out of the bottle, so to speak, in terms of the benefits of virtual care. It’s been used, there are lots of studies that demonstrate that it’s in demand and will continue to be in demand, that many providers want to be able to use virtual care. But we’re now starting to see and hear the same sorts of concerns that we saw pre-pandemic, and those include the concern for fraud and abuse.

And so even just a few weeks ago, the US government’s Accountability Office issued a report and highlighted, as part of that report, concern regarding fraud and abuse. One of the quotes from that report was, “Both the Medicare and Medicaid programs are on the GAOs high risk list in part due to concerns about fraud, waste, and abuse, the increased program spending, the lack of complete data, and suspensions of some program safeguards increase these risks.”

So it seems to, once again, be front and center, we’ve seen also the US Department of Justice make it very clear that the DOJ will be looking for fraud and abuse in this arena, and those individuals that do try to take advantage of some of those flexibilities, we’ve even seen headlines, again, just a few days ago, where the DOJ announced criminal charges against 14 telehealth execs who were alleged to defraud Medicare. So has been, it continues to be kind of front and center here as we talk about virtual care. So, with that in mind, Ritu, what’s your initial take on fraud and abuse in this arena, do you see this as an area that is ripe for abuse, and if so, why?

Ritu Cooper: Oh, absolutely, Chris. I mean, for all of the reasons that you’ve said. In fact, I was doing a presentation with someone from the DOJ and OIG for AHLA back in the fall, and on the day that our presentation aired, they announced one of the biggest investigations that was alleging fraud and abuse in the telemedicine space. There was also opioid as well, but I mean, there were 86 different providers, physicians, nurses, et cetera, that were even indicted, I mean, for anti-kickback type violations. And they alleged that there was, I think, $4.5 billion in claims related to telemedicine. And it was that there were unnecessary services that were provided, they were providing testing like genetic testing and various things via telemedicine, they were providing pain medication to patients they had not even seen ever in person, barely even talked to them via a platform, some of it could have been even very, very brief telephonic conversations.

So, in preparation for that, they didn’t tell me that it was going to drop the day that our presentation aired. But when we were preparing, they were talking about how, just like you said, pre-pandemic, this was an issue, and definitely a heightened area of focus because all of a sudden we needed to be able to provide telehealth services. Very, very quickly. Whereas we had clients before and, Chris, you and I have worked with a number of clients where they’re contemplating and thinking about it, and then once we kind of tell them all the things they need to think about, they kind of shied away from putting a program together. But all of a sudden last March, all of our clients said, “Oh, I know I said it was hard, but now I have to, so let’s figure it out.”

And so I think that this area in particular, because from my vantage point, even though hopefully this pandemic will end soon, I don’t think telemedicine is ever going to end. I mean, it was an area that you saw years ago that was starting to come into focus. Now that it’s here, I think that we’re only going to be looking at ways to enhance the services that are provided while still trying to figure out how to fit within this fraud and abuse landscape.

Chris Eades: So Ritu, for the benefit of the audience here who may have different levels of familiarity with these rules and regs, let’s step back, and can you maybe highlight for us the primary laws or regulations that we’re even talking about here really in the context of fraud and abuse?

Ritu Cooper: Sure. I think the first one that I think is important to understand, and then the other two fall into place, is the False Claims Act. So all of these cases, or most of these cases come forth to the government based on their belief that there was a claim that was submitted to the government that was false in some way. And that’s the False Claims Act.

The vehicle that they use to claim that something was false was that you violated the Anti-Kickback Statute or the Stark law. And the Anti-Kickback Statute says that you cannot knowingly solicit or receive a kickback for referral of Medicare business or Medicaid business, any kind of federal health care program business. And so, that law is very, very broad, it doesn’t apply just to providers, to physicians, it applies to anyone who could be a referral source. So you may see pharma and device companies, anyone else, pharmacists, anyone else could fit into that mold for anti-kickback as someone who can be a referral source.

The Stark law, however, is a little bit more narrow. It’s strict liability, there’s no knowledge or intent that is required, it’s either you meet an exception or you don’t meet an exception. And the Stark law says that if you are a physician who has a financial relationship with a DHS entity, so it designated health services entity, like a hospital, which is probably primarily what we’re talking about today, you then can not refer patients to that entity unless you meet an exception. And then each of the exceptions have seven or eight different elements, and you must meet all of those elements in order to be able to be protected from any kind of Stark liability.

Chris Eades: So Ritu, what are the potential consequences here for a health system or a hospital provider that fails to comply with these provisions that you’ve talked about?

Ritu Cooper: So under each of the laws, both the Anti-Kickback Statute and the Stark law, they have their own civil monetary penalties per claim, and they range from 15 to 20,000 or something like that. But that’s not where the big dollars are. The big dollars really come from a potential of a False Claims Act case where those claims are anywhere from 11 to $22,000 per claim. And on top of that, a potential for treble damages. And what the government says is that every claim with that physician during the time period where you did not meet an exception is what is at stake. So you’re looking at millions and millions of dollars of potential liability.

In addition to that, you also are liable for returning any money that you charged the government potentially. And then under the Anti-Kickback Statute, there is a potential for criminal penalties. So you could get up to 10 years in prison. Added to that, in 2015 through the Yates Memo that came out, the government has had a heightened focus on individual liability. And if you read what has come out of the government since 2015, which is so hard to believe that that was six years ago, they said, “Well, we’ve always cared about individuals, and we’ve always cared about those bad actors within an organization who might have been putting forth the scheme or the arrangement that doesn’t comply with the law.” But what came out in 2015 was that these individuals could no longer be indemnified by their organization and that individuals would have to pay and be held accountable on their own.

And so I think, don’t want to quote the number because I haven’t looked at it in a couple of months, or maybe even since last year, but I think there were over 50 or 60 individual liability cases since 2015. The first one came out in 2016, one year later after the memo came out. So you’re looking at even individuals facing issues where their company, their organization can not protect them as well.

Chris Eades: So significant consequences obviously, and the need to avoid those scenarios. Let’s maybe talk more generally about actions that should be taken by providers to avoid those scenarios. I mean the False Claims Act, Stark, Anti-Kickback, broader concepts, of course, than just virtual care. So let’s start more generally, Ritu. What does a healthcare organization or provider need to have in place to assist, to avoid a fraud and abuse scenario?

Ritu Cooper: So the biggest thing that the government looks at is whether an organization has a compliance program in place. So what the government feels is that if you have a compliance program in place and you’ve instructed the entire organization that compliance is important to you and educated on that, then you will be able to protect the organization.

So the OIG came out with guidance starting in 1998, and now I think there’s 13 different documents out there, but all of them center around the seven elements of an effective compliance program. So you need to have compliance administration. So someone in charge of the compliance program, maybe a committee that helps them, that represents a cross section of the organization, as well as the board that understands that they have compliance oversight over the organization.

Number two is to have policies and procedures in place specific to compliance in general, and then also specific to the various areas within the organization that might be impacted that have requirements from the government. The third is to have a hotline so that if any issues come forward, then the employees within the organization can bring them forward in the compliance department can follow through.

Number four is education and training, and is making sure that people are educated and understand the policies that they need to follow, as well as the laws externally. Number five is there is a robust auditing and monitoring program in place, and what that means is conducting a risk assessment, putting together a work plan where you’re focusing on the areas that you need to. We know that there is no organization that can look at 100 things in a year. So you really need to focus and narrow in on, “What are we doing that could be high risk?” And then paying attention to that throughout the year.

Number six is having appropriate disciplinary policies that state that, “We take compliance seriously and if you do not comply, or you do not help with internal investigations or bring things forward that we know that you’re aware of, then there will be consequences.” And those consequences are equal no matter what your level is, whether you’re the CEO of the organization or you’re working in the filing room. And last but not least is once you’ve conducted investigation and you’ve conducted it promptly, you’ve put corrective actions in place to make sure that your corrective actions are working as well.

Chris Eades: Ritu, thanks for that. I think that’s helpful information and probably a good segue into then discussing legal compliance more specifically in the virtual care arena. And I’ll just speak just for a moment here in terms of what I’ve seen. And what I’ve seen, I think was much of the obvious, which is the majority of providers out there needed to ramp up very quickly with respect to virtual care. When the pandemic hit we needed a different way to provide services, virtual care was available. And so the focus necessarily was converting to that modality in terms of the provision of services.

We’re at a point now as we ease out of the pandemic where the focus is more on, “Where do we go next? Do we want to continue to provide all of the same services through virtual care that we have been? Can we do that? And then how do we do that?” Because the regulatory landscape is quite complex and always changing. And so that seems to be most of the focus, at least in terms of what I see.

What I have not seen a lot of is what is our structure for legal compliance specific to virtual care? You had mentioned the core elements of a compliance plan, and one of those elements involves an audit function, a work plan for, “How do we ensure that we are avoiding these fraud and abuse scenarios, and we are vetting for ongoing legal compliance?” And so, I do see this as an area that has been lacking. And understandably so, again, the focus needed to be on, “Let’s get through this pandemic and provide the necessary services.” But we are at a point where I think it’s very important, as we look the next steps, to ensure legal compliance with respect to virtual care services. And I am seeing that there’s a delta there, that we need to play some catch up, and wrap our arms around this. What have you seen, Ritu? Are you seeing the same? Have you seen different?

Ritu Cooper: No, I think you’re exactly right. I mean, I think anyone who had telehealth before the pandemic, they were thinking about it, but it was very, very few. Now we’ve seen… I can’t think of a client or a provider that isn’t providing some kind of telehealth services, but I will tell you, I rarely see that coming through the compliance department or being something that’s evaluated.

Chris Eades: So let’s focus on that piece then, Ritu. So recognizing kind of the general concepts that you outlined for a viable compliance plan, what more specifically should be considered as part of a plan to avoid fraud and abuse in the virtual care arena?

Ritu Cooper: No, that’s a really good question. So I think the first thing is that compliance can not help with anything if compliance is not aware of what is going on. And that’s why number one, in that element number one where you have someone who’s in charge of the program but there’s also a committee, you want to make sure that that committee really does represent the cross-functional departments of the organization. And you need to have high level folks that are on that committee.

Compliance may not be aware of that all of a sudden we’re providing telehealth services, or we’re providing telehealth services at an exponential level before the pandemic. So those ideas or that information would come through compliance through that committee. And then let’s say that the person who is in charge of the telehealth program is not there on the committee, well, you always can add people to the committee. So that would be number one, is to make sure that we have the right people who are thinking about it.

The second thing would be, is let’s put together some kind of policy, or procedure, or something that describes the program that’s being put into place and describes all of the little areas where we might need to audit, or monitor, or check. The third thing would be the work plan and the risk assessment. So, one thing if you’re not familiar with risk assessments is what a lots of organizations do is they throw out surveys to a cross section of the organization, asking them questions about different areas to see if they are compliant.

So, for example, you might send a survey out to your real estate group asking them questions that track the real estate exception under Stark and Kickback. So do you enter into arrangements with physicians? Are they in writing? Do you have a fair market value assessment, et cetera. Telehealth is not one of those risk assessments that we normally see because it’s something that was rare pre pandemic.

So I would suggest working with the operational individuals who have put together the telehealth program to understand all the elements of the program, put a risk assessment together, and then put a risk assessment questionnaire together, and then send that out to the folks that are actually implementing the telehealth program to get their take on, “Are we meeting all of those requirements that we need to be meeting?” You might even need to have legal involved in putting that together as well because there could be other requirements that maybe even the operations folks might not be aware of.

And then once you get the answers back from that, and then you see how much telehealth you’re providing, more likely than not you’re going to identify that as a potential risk, not that we’re saying that you do anything wrong, but in an area that you might need to have more auditing and monitoring, you put that on the work plan, and then in the next year, you audit and monitor that.

And then all of the other elements kind of fall into line. So if you have a policy, you educate on the policy, you may see questions come in through the hotline, then you want to know how to answer those questions. If you conduct an investigation, you may want to put corrective actions to place if you realize that you’re not doing something accurately, and put those in place fairly quickly. So all seven of the elements can be touched on, but those three would probably be my main ones to focus on.

Chris Eades: Thanks Ritu. That’s really helpful. And it dovetails with my own observations with respect to virtual care. And I’m glad you mentioned the structure and the way that you did because one of the challenges here seems to be being in a position to vet the different angles here. And to be in a position to hear from providers maybe that want to offer new services through virtual care. As I view it, you need your kind of legal piece to this, your compliance piece. There’s certainly the business element to this in terms of what we want to do with virtual care. And then there’s the clinical piece to this. We can’t use virtual care for everything, we’ve got to be able to meet the standard of care that would be applicable to an in-person service.

And so to your point, I think your structure that needs to be in place does need to include a composition that hits on all of those elements and communication among those individuals will be key. And then I think that structure then is in place not only to vet for what’s happening today, but where do we want to go tomorrow? Where can we go tomorrow? And then going back to the elements you mentioned, really incorporating education as a component here. We’re providing the same clinical services maybe, but we’re doing it in a very different way, or at least virtually, so we’re delivering care in a different way. And there are different rules in play than would otherwise be applicable to an in-person service. And so, education of providers is really going to be important here.

As to your point on the compliance plan, I agree. We need to have a work plan that’s specific to virtual care. That work plan itself may not capture everything, but minimally, depending upon the size scope of the care you’re providing, but minimally should establish guardrails in terms of the core components, where are we providing these services? In what states? Where’s everyone located? What do the medical record requirements look like in each of those jurisdictions? What are the consent requirements? What are we comfortable prescribing or not prescribing through virtual care? The compliance work plan, we should be able to nail down some of those essential guard rails even if maybe we’re going to develop this through our structure more specifically in service lines or within departments, et cetera.

And then lastly, to your point on the audit functions, I think there too we’ve got to think about this a little bit differently. We may want to do the same type of oversight and audit that we may need to, but it may look a little different and there may be some different considerations. If we’re going to observe providers for example, or retrospectively review or audit records for billing compliance, there will be different rules in play. And we may need to go about doing this a little differently. I mean, in terms of proctoring a physician, for example, maybe a new physician for ongoing quality review, that’s going to have to happen differently because it’s a virtual encounter.

And so I think some of the same concepts, but being deliberate in terms of how are we going to get that done? And then are there any other related consequences? If we’re going to use a video recording of a patient interaction, for example, and we’re going to audit that video recording, what does that mean from a medical record standpoint? Do we need to maintain that recording go forward? Does it become part of the designated record set somehow? Do we need a particular patient consent to use the recording?

So I think there are a lot of same concepts in play in terms of what we need to do, but we need to think about those a little differently in terms of, A, there are different rules that may be applicable, and B, there may be some consequences there in terms of what we need to accomplish. So Ritu, I think great thoughts and certainly what I’m seeing, like I said, dovetails, I think, very much with what you mentioned.

Let me kick it back to you, Ritu, do you have final thoughts maybe, or any additional thoughts for those providers out there or entities in terms of what they need to be thinking or doing from a fraud and abuse standpoint with respect to virtual care?

Ritu Cooper: I think, Chris, the biggest thing is making sure that you have the right players involved as you are starting the program and then developing the program. I think that if you have compliance and legal at the table as you’re putting it together, you can probably catch some of those issues that you’ve just discussed before they might be problematic. And I think also then if those two departments are involved at the outset, they will be able to better help with the development of policies and procedures and those risk areas and auditing plans because they’ll understand the structure at the beginning as opposed to being tossed at the end.

So I think for those who may not have done that, all is not lost. But as you said now we’re talking about, “Okay, this is what we’ve done in the pandemic.” Kind of fast and dirty, but now we’re going forward and trying to set up this long-term plan, and if we could make sure that we’re thinking about the different issues that might come up from a Stark and Kickback perspective, and make sure that there’s also other issues, there’s licensure issues. I mean, there’s so many things beyond just Stark and Kickback that we need to think about, and our e-prescribing, our medical record, just like you mentioned, if we’re thinking about those at the beginning, we might even be pulling other people in place, we might need to be talking to our it vendor as well, or a medical records vendor, or whoever we’re working with also to make sure that we’re protecting the entire program.

Chris Eades: Ritu, thank you for your time and insight today. To our audience, thanks for joining us today. If you or your organization have any questions or topics you would like to share with us, please certainly contact us. You can do so via our website at Certainly reach out to me at Or Ritu, particularly if you have questions regarding legal compliance or fraud or abuse issues, please reach out to Ritu at Either Ritu or one of the other attorneys in that practice group will be happy to assist. Please remember, as always the views expressed in this podcast are those of the participants only and do not constitute legal advice. Thanks so much for joining us today.

Share on linkedin
Share on twitter
Share on facebook

Considerations for “Start-Ups” and New Service Lines in Virtual Care

Considerations for “Start-Ups” and New Service Lines in Virtual Care

Health care providers of all types are increasingly interested in exploring the idea of expanding or adding virtual care services. Hall Render Shareholders Chris Eades and Colleen Powers discuss what considerations should be made before adding virtual care to your business.

Podcast Participants

Chris Eades

Attorney, Hall Render

Colleen Powers

Attorney, Hall Render

Chris Eades: Hello. Welcome to Hall Render’s virtual care podcast series. Today’s focus will be on virtual care startups, whether a new virtual care enterprise or perhaps an expansion of virtual care services. My name is Chris Eades. I’m a shareholder here at Hall Render and a member of our firm’s virtual care team. I’m joined today by one of my fellow shareholders, Colleen Powers, who’s a member of our health transactions group and who has particular experience with startup entities, applicable business structures, and healthcare-related transactions.

Welcome, Colleen. Maybe before we dive in, could you tell us a little more about your individual practice?

Colleen Powers: Sure. Thanks, Chris. I’m glad to join you today. My practice is, as Chris mentioned, primarily focused on healthcare business transactions and also working with startup entities, whether that’s kind of figuring out the developmental stages of what do you want the business to ultimately achieve and then how do you determine the appropriate corporate structure and form that that should take to achieve those aims? I work with hospitals, health systems, physician, physician groups, and other entities that are kind of ancillary service providers in the healthcare space.

Chris Eades: Great. Well, Colleen, on the point of startups, we are increasingly contacted by healthcare providers and other types of business entities that are interested in providing virtual care services or perhaps expanding virtual care services. These entities often want to roll out these ventures in multiple states, if not all states, right? It’s, at this point in time, typically a more expansive business plan.

There are always a host of virtual care-specific professional practice rules and payer rules that we need to assist to navigate. But more fundamentally, there are a number of business-specific requirements and considerations that come into play. I appreciate you taking some time today maybe to highlight those considerations. Let’s start with the type of entity. When a healthcare provider or other individual wants to start down this road to providing virtual care service or services, what are the primary options available in terms of the type of entity?

Colleen Powers: Sure. There are, I would say, two that are really commonly in play here. One is an LLC, or a limited liability company. Then, the other is a corporation. The corporation can really take two different forms. You can either be treated as an S corporation or a C corporation. With respect to the S corporation, there are some more restrictions around that. There’s some limitations around the number of shareholders. There are certain parameters around who can be a shareholder. There’s restrictions on the types of classes of shares that may be had. That being that there can only be one class. There’s also some restrictions around profit allocation. However, if you look then at the other side of the corporation structure, you have your C corps. Those are ultimately going to be subject to double taxation. In those cases, the profits of the corporation are taxed at the entity level. Then also there’s taxation that occurs when dividends are distributed to shareholders.

The other form, and the one that we see put in play most often, is the limited liability company. With that, there’s a lot more flexibility from a tax standpoint. There’s also a lot more flexibility with respect to what states tend to require of a limited liability company, kind of everything from filings to what needs to be in place from a governance standpoint. For example, an LLC or a limited liability company will allow the owner, owners to say whether it’s going to be member-managed or managed by a board of directors. LLCs tend to be certainly the most favored form of corporate entity, just because of all the flexibilities that come with that corporate structure.

Chris Eades: Let’s maybe then focus on LLCs a bit more. Can you speak to what’s involved generally in creating an LLC? You just mentioned some of the documents that may come into play, but maybe highlight what’s involved to establish an LLC and some of the most relevant documents that will come into play and the basic timeline for accomplishing all of this.

Colleen Powers: Sure. With an LLC, and this holds true for corporations as well, your first step is going to be filing your articles with the applicable state that you’re going to essentially set up that operation in. For LLCs, they are referred to as articles of organization. Generally, corporations are articles of incorporation. Every state is going to have these days, fortunately, a pretty simple form that many of them will allow you to do it online. You have to plug in some basic information such as the name of the entity, address where it’s going to conduct business. You need to have a registered agent and address where any mailings can be sent to. Some states will require you to have a physical location beyond a PO box in that state where you’re conducting business. Ultimately, once you file those articles, it can really take anywhere from, we’ve seen less than 24 hours for it to be approved by the secretary of state, to really up to a few weeks. It’s very state-dependent.

Chris Eades: Maybe before we move on to the next question here, you had mentioned that with respect to certain states, and it does sound like this is state-specific, that there may be requirements to have an actual brick and mortar presence in a particular state as opposed to just a PO box. Is that correct?

Colleen Powers: Yes, some states will require that. There are not many these days that do require that, but some do. The other thing to keep in mind is that there’s a lot of services, or business entities, I should say, that serve as a registered agent or registered address in that area. You can pay a third-party to kind of stand in the shoes in that way and serve in that capacity.

Chris Eades: Gotcha. Yeah, and I thank you for that. I just want to highlight that point, I guess, for the audience. We talk a lot in the context of virtual care about the barriers to virtual care. One of the barriers is the regulatory complexity in terms of trying to offer these services in multiple different states. But one thing it certainly sounds like that startups and other entities need to be mindful of as they move into these different states, is it’s not just the virtual care-specific rules that may come into play, but also some of these just business-specific rules in terms of establishing these entities.

For example, in terms of what you mentioned, and I’m aware of the same, that there are some states out there that actually require on their books per their regs, a brick and mortar presence to establish a legal entity in that state. That certainly could be a factor when your business model is to not be there physically, but instead be there virtually.

Colleen Powers: Yeah, that’s right, Chris. Some of them kind of go beyond the needing to have the registered agent there to have an actual brick and mortar in a particular state. That’s generally to establish the entity. As you’re thinking about your virtual startup, you might think about where one or more of the owners actually has a home. That can be your registered office. But then, if you think about all the other states in which you want to conduct operations, that’s where you then need to consider the need to file with each of those additional states where you’re conducting business as an entity that is doing business in their state. That’s an additional filing that you need to be mindful of any time you’re conducting business in another state that you’re then registering that entity with those respective secretary of states as well.

Chris Eades: Colleen, what are some of the other more basic business issues that a newly-created entity should consider? Once we’ve established here what type of entity and we’ve gone through those initial steps to create the entity, what are some of the other more essential considerations that immediately come into play?

Colleen Powers: Sure. I think then you want to start thinking about the activities that you’re conducting and what additional filings need to occur with respect to the various federal and state agencies. One that’s going to be applicable across the board is you’re going to need to obtain a tax identification number, a TIN, also referred to as a employer identification number, or EIN. Those terms tend to be used interchangeably. That needs to be obtained from the IRS. That process is really pretty straight forward. That’s kind of step two once you’ve actually formed the entity.

Other considerations are if you’re going to have employees, then you’ll want to file with the State Department of Workforce Development, or whatever that equivalent is, to indicate that you do have employees on your books. Any states where you’re conducting operations you’ll also want to consider do you need to register with those local or state department of revenues as well? I think it’s kind of sitting down and mapping out any of those other agencies that might be in play and that you might have some reporting obligation to.

Another thing to think about that’s kind of just outside of the legal realm, but you’ll want to sit down with a broker and sort through what is the scope of your services and what sort of insurance coverages do you need to appropriately protect your business. At a minimum, I think about directors and officers, insurance and coverage that’s going to provide any of the owners and officers with some protection.

Then finally, I would say ensuring that you along the way are following appropriate corporate formalities to ensure that you preserve the integrity of the business. By that, I mean that there’s a clear distinction between what you were doing as an individual and what you were doing as a business. That means ensuring that you have meetings. Those are documented by minutes and you show those actions that are being taken as the corporate entity separate from yourself. That allows you to ensure that if there’s a third-party claim, that third-party claimant would come to and look at the business entity as the party to pursue some recourse against and not you as an individual personally.

Chris Eades: That’s a really important point. I’m glad that you mentioned it. We tend to talk about insurance in this realm more in the context of professional liability insurance, which is also, of course, important. But I think these other types of insurance that you mentioned, certainly business entities want to be familiar with. To your point, want to not only have the coverage, but establish their entity in a way that will end up affording them the protections that they intended to have. We will no doubt see, as we get further into virtual care, more litigation involving these providers. It’s just so very important I think as a provider to recognize that even though you may be physically located in one state, if you are offering the service in another state, maybe across the country, that you can very easily then be sued in that other state, right? It’s not just a matter of will you prevail in that litigation? It’s a matter of needing to actually be there in that state to deal with that litigation, which in and of itself is a huge concern. I think that’s a good point.

Let’s segue maybe into corporate practice of medicine. This is an issue that is increasingly coming up in the virtual care arena, particularly when an entity wants to provide services in different states. Corporate practice of medicine, or CPOM, not a new concept, obviously. CPOM exists in general, of course, to prevent corporations or other business entities from actually practicing medicine or other healthcare specialties. Or put differently, the concern here is that we want to make sure that only licensed individual providers who are trained to do so are practicing medicine, or these other specialties, and that these individuals are not being unduly influenced by corporations or other business structures.

Again, not a new concept. Most states have a CPOM rule, probably about two thirds of the states, I would say. But CPOM state to state is highly variable, much like all the rest of this stuff that we ended up talking about in the context of virtual care. Very few states actually have just a very simple, straightforward CPOM statute. Quite often it’s a collection of maybe some cases, sometimes really old case law statutes and rules that kind of collectively you have to piece together to establish what the CPOM structure is for a state.

Then even then, you have this really significant variability. Some states are highly restrictive, for example. California is probably the best example. New York has some fairly restrictive CPOM rules. Other states are restrictive, but has some pretty expansive exceptions. Many states, for example, have exceptions that allow hospitals to employ providers, things along those lines. Some states have these rules, but haven’t enforced them in years. Then you have variability in terms of application. Do these rules apply only to physicians? Or do they apply to other types of healthcare practitioners, maybe behavioral health or pick your other specialty?

Highly variable, many would say CPOM is an outdated concept just given what we’ve seen with the employment of practitioners across the board and contracting, et cetera, but it’s still something that exists and that we have to pay attention to. And as I mentioned at the outset, is increasingly a concern here, right, because it’s so easier now for us to be in different states to practice through virtual care. It means that as an entity, if that’s who we are to provide these services or that’s who we want to be, we’ve got to consider whether we’re going to violate the CPOM rules state to state.

With all of that said, Colleen, in those states where CPOM is a pretty significant issue and there’s no viable exception that would exist, what type of business structure do you see commonly employed to navigate or be in compliance, I should say, with the CPOM rules?

Colleen Powers: Sure. Yeah, that’s a good point and something that tends to come up a fair amount. What we tend to see is the deployment of what we commonly refer to as a friendly PC or a friendly physician model. With that, we’ll look to establish an entity that is ultimately owned by a licensed professional, tends to be a physician or a dentist or whatever field you’re operating in at the moment and whatever that state requires. Then, we’ll just kind of categorize them all as a licensed professional.

That licensed professional will then ultimately own a corporate entity. That corporate entity then holds any of the assets or decision points, I should say, that are required to be held by a licensed professional pursuant to that state’s regulations. It tends to involve and require that entity to then hold the medical records or ensure that it indicates that that entity is responsible for anything related to a clinical decision or patient care policies and procedures. As you mentioned, Chris, I mean, every state is completely unique and so is the subspecialty of the services that are ultimately contemplated to be provided. There needs to be a careful analysis of what the state laws say.

Then, so once you kind of craft that friendly PC and give that friendly PC the requisite control and assets that needs to be managed by a licensed professional. Then we look to put some other related documents in place, which ultimately then tend to move the financial proceeds of that entity over to another. It tends to be an MSO or management services organization-like entity. Then that MSO entity essentially is the sister to the friendly PC. That entity is then going to manage and hold everything else that is not required to be managed by the licensed provider under applicable law.

Chris Eades: Probably, Colleen, a good segue into mentioning state-specific fee-splitting provisions. Again like CPOM, some states have them, some states do not. Some states may have one, but not the other. But the point being that the state may have specific fee-splitting prohibitions that disallow a provider from apportioning some percentage of fees to a business entity and really for the same essential reason that we see the CPOM rule. We don’t want undue, or the state does not want undue influence or control over what the practitioner is ultimately doing.

I think the takeaway here on that point, from my perspective anyway, would be A, recognize that those fee-splitting rules may be out there, B, recognize that if you do create a friendly PC structure where there is this management concept in play, be sure that whatever the payment structure is from friendly PC to back the sister entity for those management services does not run afoul of those fee-splitting provisions. In other words, you may not be able to structure that relationship based upon a percentage of fees or some sort of an apportionment directly from those fees. It may need to be another payment structure that is consistent with those fee-splitting provisions.

Colleen, are there any other, you mentioned I think a lot, but in recognizing that it is state-specific, but are there other considerations for establishing a friendly PC?

Colleen Powers: Just as you dig into that sister structure that I mentioned, there tends to be some additional agreements that are in place between those two entities. For example, the licensed professional that ultimately owns the friendly PC will generally sign some form of an agreement which outlines the scope of the arrangement. That does have some restrictions tied to their ownership. It tends to include some provisions about the succession plan. If that licensed professional is no longer practicing there, then they agree and commit to transition that to another licensed healthcare professional that is someone that the MSO entity might support, for example. There’s kind of a mix of other documents that are in play to ultimately dot the I’s and cross the T’s and pull the arrangement together.

Chris Eades: Colleen, beyond the creation of new entities, you’re heavily involved in healthcare-related acquisitions and mergers. Do you see the potential for these types of transactions in the context of virtual care?

Colleen Powers: Yeah, I mean, absolutely. We’re seeing a lot of consolidation right now that’s built around the notion that scale really allows for increased efficiencies and results in healthier companies, both from a care delivery and a profitability standpoint. I think about in the virtual care environment, if you can do one of the few things, whether it’s building a comprehensive network of providers that’s attractive to a potential buyer, you have the best practices in place for that platform or you’ve developed some unique software that really causes that virtual care environment to run really well, I think each of those are very interesting pieces that a virtual care provider can bring to the table and ultimately be the basis for an even larger platform. I think if you do that, that makes you a very attractive target too. For example, we’re seeing private equity in the healthcare space increasingly. This just seems like an area that is right for that.

Chris Eades: When an entity is considering a potential transaction along these lines, what initial steps or considerations do you usually recommend?

Colleen Powers: Yeah, I would think about, as an owner of the organization or officer, what do you want for that entity one day? What do you want it to evolve into? Then, how long do the key stakeholders in the arrangement want to ultimately be in this game? Because once you move into a sale, I think one of the key questions is what role do the individuals want to play? Do you want to preserve some level of control? Do you want to be in a president or officer’s seat and involved intimately in the growth and development of the organization? Or are you looking for something where you’ve kind of built something and you want to sell it off and move on to something completely different?

I think answering that question is really the first step to figuring out who is going to be an attractive potential partner for you. Then the other thing I’d say is, it’s important to keep a close eye on the market. A lot of times being one of the first ones to the table with a very solid platform is going to yield the biggest return on your investment. I think watching market forces is another key factor. Then ultimately figuring out who’s out there as a potential buyer and starting to feel out what opportunities might be available.

Chris Eades: Well, great, Colleen. Thanks for your insight. To our audience, thanks for joining us today. If you or your organization have any questions or topics that you would like to share with us, certainly feel free to contact us via our website at Feel free to reach out to me at or certainly Colleen at Thanks again.

Share on linkedin
Share on twitter
Share on facebook

Implementing Virtual Care as part of a Value Based Enterprise

Implementing Virtual Care as part of a Value Based Enterprise

Virtual care offers many benefits, such as better and increased care coordination, better means of patient follow-up, remote patient monitoring and other general efficiencies, that align with value-based purpose. Hall Render Shareholders Chris Eades and Alyssa James discuss the intersection between value based enterprises and virtual care.

Podcast Participants

Chris Eades

Attorney, Hall Render

Alyssa James

Attorney, Hall Render

Chris Eades: Hello, and welcome to Hall Render’s Virtual Care podcast series. Today’s focus will be value-based enterprise more specifically, how and where value-based enterprise or VBE intersects with the concept of virtual care. My name is Chris Eades. I’m a shareholder here at Hall Render and a member of our firm’s virtual care team. I’m joined today by my fellow shareholder, Alyssa James, who has particular knowledge and experience with value-based enterprise. So Alyssa, before we dive in, why don’t you tell us a little more about you and your practice?

Alyssa James: Thanks, Chris. As Chris mentioned, my name is Alyssa James. I’m a shareholder in Hall Render’s Indianapolis office. My practice focuses primarily on fraud and abuse and regulatory compliance type matters. I work primarily with hospitals and health systems, as well as other types of healthcare organizations on various provider contracting matters, transactions amongst various healthcare organizations, and more complex Stark Law, Anti-Kickback Statute and civil monetary penalty, beneficiary inducement related analysis. In the current value-based landscape, I also work with clients to help them navigate these regulatory frameworks when implementing value-based, risk sharing, and other related arrangements.

Chris Eades: Great. Thanks, Alyssa. So when I look at and think about value-based enterprise at a very high level, 10,000 foot view, to me, there seems to be some clear overlap with the potential advantages of virtual care. We’ve certainly seen those advantages unfold over the pandemic. I think it started with the most obvious, which is the fact that virtual care allows distance in between provider and patient, which has had some obvious advantages during the state of emergency, but we’re also starting to realize, I think some of the other advantages of virtual care such as a better and increased care coordination, better means of patient follow-up, even following up with a patient in the patient’s home, remote patient monitoring, general efficiencies to be gained, and really all of these benefits strike me as very much in line with the operative definition for value-based purpose.

And so I do think it makes sense to really talk about VBE in the context of virtual care. And with that in mind, maybe we could start with you providing just a, kind of a general understanding or giving us a general understanding of what we even mean when we’re talking about value-based enterprise.

Alyssa James: Of course. So when we’re looking at a potential value-based opportunity, I like to frame the various definitions in terms of a who, what, when, where, why, how. Under this type of analysis, the VBE or value-based enterprise itself is the who. VBEs must consist of at least two participants. Those participants can be either an individual or an entity that engages in at least one value-based purpose and collaborate with each other to achieve those value-based purposes. When we’re talking about value-based purposes, those can be one of four things: coordinating and managing care for a target patient population, improving the quality of care for a target patient population, appropriately reducing costs and payer expenditures without reducing the quality of care to the target patient population, and/or transitioning from a volume-based care delivery system and payment mechanism to value-based.

You all may also be wondering what a target patient population is, and I know I jumped sort of from value-based enterprise to value-based participant. When we begin to scratch the surface of the relevant value-based frameworks, the definitions get a bit cyclical because each definition refers to other terms that are defined by the regulation. So bear with me here a little bit as we kind of get into this. But as I was saying, the value-based enterprise has to be engaged in trying to achieve at least one of those value-based purposes that I just mentioned. So in essence the VBE is a consortium of individuals (such as physicians or others) and/or entities (for example, hospitals, physician practices, or other healthcare organizations).

A VBE does not have to be a separate legal entity, but it does need to have an accountable body that’s in control of the VBE. So you don’t have to go out and form a new legal entity or a true joint venture, so to speak. But you do have to kind of come together through a contractual arrangement and allocate who is going to be responsible kind of for governing matters of that value-based enterprise as it works to achieve its goals.

Chris Eades: So, Alyssa, if we distill that down a bit, how would you summarize the general steps required to establish a VBE?

Alyssa James: So at a high level, when we’re looking at this in order to form a VBE, you need to identify the following and who the players are going to be…who your value-based participants are in that VBE. You need to identify the target patient population for which the VBE wants to focus its efforts. So a target patient population can be very broad. It could be all the patients in your health system or all the patients that are discharged from a particular hospital, or it can be very narrowly tailored to a certain diagnosis, a certain zip code, that sort of thing. And when we’re looking at that in that “who, what, when, where” framework the target patient population is the where. So, where are we focusing our efforts?

The “why” would be those value-based purposes that the VBE is going to strive to achieve. The “how” is what activities will the VBE engage in in order to try to move that ball forward, to have that impact on the care coordination or other value-based activities for that patient population. Once you identify all those things, the “who, what, when, where, why” then the parties need to enter into one or more value-based arrangements that spell out those goals of the VBE, any compensation that’s going to flow between the parties and other details of the arrangement to show how it’s structured and how it’s going to be implemented.

Chris Eades: So VBE is obviously a relatively new concept. At this point have you seen health systems, hospitals, or other healthcare providers actively pursuing VBEs or otherwise engaging this process?

Alyssa James: Yes. We’ve been fielding numerous inquiries from clients who are looking to what I’ll call exploring the art of the possible with respect to the VBE framework. I think folks are very excited about it. They’re wanting to kind of see what this framework allows them to do as far as a care coordination collaboration standpoint and how they can really focus in on some of these target patient populations that are applicable to their organization and improve care coordination and patient outcomes. In addition to the creation of VBEs more specifically, I think that these applicable Stark Law exceptions and AKS Safe Harbors that have been implemented under this construct are leading providers and other health care organizations to just generally evaluate other types of risk sharing arrangements or patient incentives that may or may not require the formal formation of a VBE, but fit within that same spirit and framework as care continues to shift from a more volume-based to a value-based model.

Chris Eades: So if we take really that piece of the conversation in terms of what you’ve seen and we talk maybe a little more about where this intersects with virtual care, I know that I’ve seen as part of my practice, the concept of VBE come into play potentially in relation to, or at least a precursor to the provision of telemedicine equipment and platforms by maybe a distant site telemedicine provider to an originating site, location that’s going to be receiving those services. Can you maybe speak to kind of how you might see that come into play in the context of a VBE or maybe some of the potential benefits there?

Alyssa James: Sure. So in addition to the compensation arrangements that may be directly associated of with that VBE’s value-based arrangements, there are certain AKS safe harbors outside of that VBE framework that do lend themselves, I think, to various virtual health activities. For example, there’s a new AKS Safe Harbor for care coordination arrangements that improve quality, health outcomes, and efficiencies. This safe harbor allows for the provision of in kind remuneration. So not monetary compensation, but in kind remuneration amongst VBE participants. So you do still have to form a VBE in order to utilize this AKS Safe Harbor, but under this safe harbor, the recipient of this in kind remuneration can receive something from another VBE participant in the VBE.

The recipient is required to pay at least 15% of the offerors costs for that remuneration, but even so, I think this safe harbor may provide significant flexibility for the provision of virtual health or telemedicine equipment or software, or even staff, maybe for that originating site. If they need a technician or a nurse or something to that effect to help the virtual health platform operate, I think those are all options here under this safe harbor for this VBE to lend some of those things to other participants.

Chris Eades: Alyssa, do you see other potential intersections between VBE and virtual care?

Alyssa James: I do. So I think the intersection here is ripe for opportunity. I think as we’re beginning to scratch the VBE surface, we’re also sort of beginning to just unravel what opportunities are available. But in addition to opportunities amongst VBE participants, which Chris, I know you and I have touched on a little bit already, I think there are other increased opportunities for providing items and services to increase patient engagement. This of course is a very important component of care coordination. We can coordinate as much as we want, but if the patients aren’t buying in or aren’t able to access care, it doesn’t get us very far. And so, for example, there’s another new AKS Safe Harbor for arrangements for patient engagement specifically, this safe harbor is also only available to VBE participants, but it allows the VBE participants to provide in kind items, goods, and services to patients that are valued up to $500 per patient per year, for various patient engagement activities.

So typically when we’re talking about items or services that you can provide to patients, specifically Medicare or Medicaid beneficiaries, the Civil Monetary Penalties Law is much more limiting than that from a dollar value standpoint. But this AKS Safe Harbor allows VBE participants to provide items or services up to $500 per patient, which is huge, I think. And I think that these items and services, although they’re required to have a direct connection to the coordination and management of care of that target patient population that we talked about a little bit earlier, I think it can be a great way to provide maybe necessary technology to patients in order to facilitate their ability to access these virtual care platforms, whether that’s a tablet or increase Wi-Fi in their home, or something to that effect too. I think there’s a lot of opportunities here to make sure that not just that the providers have what they need for this virtual healthcare platform, but that the patients that we’re trying to reach do too.

These safe harbors give a lot of flexibility to VBEs beyond just what’s within the four corners of their value-based arrangements amongst each other.

Chris Eades: That’s a great thought and that will no doubt increasingly come into play. So I appreciate that information. So really at this point, Alyssa, if a health system or a hospital or other type of healthcare provider is interested in pursuing a value-based enterprise, what initial steps would you recommend?

Alyssa James: So I think the first steps are really to think critically about who you want to include, both as fellow participants in your value-based enterprise, as well as what patient populations do you really want to target? Do you want to have some sort of broadly defined target patient population? Do you want to at the outset at least, just focus on a couple of more specific subgroups of patients, whether that’s by disease state or comorbidity or something to that effect? The other thing to keep in mind is an organization or individual can enter into multiple VBEs and value-based arrangements. And so maybe it makes sense to partner with a few folks on one patient population, but then for a different patient population, maybe it makes sense to strategically partner with others. So something to keep in mind there, just kind of really brainstorming who you want to be involved and what patient population you want to target.

And from there, I think developing a plan for the actual arrangement construct and corresponding incentives that will follow, more of your contract terms and things like that. Depending upon the nature of the arrangement, there are different Stark Law exceptions and or AKS Safe Harbors that will be applicable, and each have their own specific set of, as you may imagine, criteria that must be met in order to meet the exception or safe harbor. So once you kind of get that general idea of what the goals are and what you’re trying to achieve, really then putting pen to paper and cross checking that with the applicable exceptions or safe harbors, to make sure that this arrangement is going to be in compliance with this new framework.

Generally speaking, the more significant the downside financial risk that each participant has, the fewer restrictions or burdens there are on the VBE and its participants. Value-based arrangements that don’t have a lot of downside financial risk are going to have a lot more obligations put on the participants, such as monitoring, documenting what is required to be in writing, and annual re-evaluations of whether you’re meeting those metrics. And that sort of goes without saying, right? That the less the downside risks, the more the government is going to make you have to do to prove that you’re not abusing any sort of relationship there. So, just something to keep in mind to make sure that you’re hitting all of those elements that are required for compliance purposes.

Chris Eades: Thank you, Alyssa. That’s helpful information. To our audience, I think we’ll conclude there for today. Thanks for joining us. If you or your organization have questions or topics you would like to share with us, please contact us on our website at or certainly feel free to reach out to me at or Alyssa at As always, please remember that the views expressed in this podcast are those of the participants only and do not constitute legal advice. Thanks so much.

Alyssa James: Thank you everyone.

Share on linkedin
Share on twitter
Share on facebook

Navigating the Use of Telemedicine During this Emergency Period

Navigating the Use of Telemedicine During this Emergency Period

As part of the emergency measures to address COVID-19, all levels of government are facilitating, and even encouraging, the use of telemedicine technology. The primary goal, of course, is to reduce the risk of transmission of COVID-19 to and from patients who would otherwise present for in-person services. The use of telemedicine is also providing an opportunity to reduce in-person patient volumes and also to provide health care providers with the potential means of rendering patient care from home.

In response to the current state of emergency, CMS has expanded the potential for Medicare reimbursement. Many state Medicaid programs and commercial payors have followed suit. HIPAA enforcement with respect to certain non-compliant technology has been relaxed. The DEA has made an emergency exception related to telemedicine prescriptions. State governors have issued emergency orders with respect to licensure and telemedicine requirements, and certain professional licensing boards have issued similar guidance.

While the measures taken to date represent unprecedented steps forward, these measures are also understandably creating confusion for providers. The expanded billing requirements for eligible telemedicine services differ from one payor to the next. These billing requirements often do not accurately reflect the applicable professional practice standards. There additionally remains variability among the states in relation to licensure exceptions, prescription requirements and applicable telemedicine exceptions, which, in certain instances, are also more restrictive than exceptions made at the federal level.

Podcast Participants

Chris Eades

Attorney with Hall Render

Regan Tankersley

Attorney with Hall Render

Mike Batt

Attorney with Hall Render

Chris Eades: 

Hello everyone. Good afternoon to our attendees on the East Coast. Good morning to our attendees on the West Coast. Thank you for participating in our webinar, Navigating the Use of Telemedicine During the COVID-19 State of Emergency. Again, my name is Chris Eades. I’m one of the members of our telemedicine team here at Hall Render.

I’m joined today by two of my colleagues, who are also part of our telemedicine team, Regan Tankersley and Michael Batt. We only have an hour to work with here, and so we’re going to spare you the traditional reading of the biographies.

If you’re interested, if you’d like to contact any of us following the webinar, our contact information is both in the slides and can also be found at We have other teammates as part of our telemedicine team. Their information is also on our website,

To put our presentation in context though, I’ll mention quickly, my virtual care practice is focused more on the professional practice elements of telemedicine. Things like licensure, consent, prescriptive authority, workflow, et cetera. Regan is more focused on the reimbursement elements, and Mike is more focused on the technology and privacy side.

We’ve organized our presentation accordingly. Prior to jumping into the content rather, we do want to take the opportunity to extend a quick thank you to those healthcare providers on the line, as well as the administrators and other individuals working on the front line during the healthcare crisis we’re facing.

We do sincerely appreciate what you’re doing. It’s our hope that our webinar today may shed some additional light on some of the telemedicine alternatives, that are available to you during this period and perhaps after as well.

We have received an incredible number of calls over the past few weeks on these topics, which is of course why we decided a webinar might be important. Really across the spectrum, those providers that have never used telemedicine and are needing to ramp up quickly. Those providers that are doing a lot of telemedicine, but desire to use it in different ways now.

Irrespective of where you are on that spectrum, it’s a challenge. It’s been difficult to keep pace with all of the changes. Even three weeks ago, before this particular healthcare crisis, the regulatory framework was very difficult to navigate. Mainly due to the variability among the states and really lack of direction at the federal level.

Now of course, we’re seeing near daily waivers and exceptions that are coming into play, at both the federal level and state level. It’s been difficult to keep pace. In fact frankly, just after we had completed our slides last evening, as you may have seen this morning, CMS issued an Interim Final Rule, well over 200 pages.

Which makes significant and wide sweeping changes to CMS’s telehealth program. We spent the better part of last night evaluating those changes. They are quite significant. They include a dramatic expansion of eligible telehealth services, among other significant changes.

We’ve gone back to supplement this slide deck with those particular highlights, and we will work that in as well. In this context, here’s our goal really today in terms of agenda. We’re going to work through some of… just quickly, the telemedicine essentials, things you really need to understand. Concepts you need to understand, to understand the rest.

We’ll highlight the basic rules of the game for telemedicine at the federal and state levels. We’ll talk through the significant changes we’ve seen over the past few weeks. With this overview of the laws and regs, we’ll then kind of focus on some particular items.

Professional practice considerations, some reimbursement considerations, and technology and privacy considerations. We’ll then kind of bring it full circle and talk very quickly, and sum up with what we think would be a good game plan in terms of strategizing where you go at this point in time with telemedicine.

With that, I’m going to dive right into essential terminology. Originating sites, you need to understand we’re talking about where the patient is physically located when receiving telemedicine services. Distance site, is where the telemedicine provider is located when providing those services.

Telehealth and telemedicine, you’ll note I have not provided a definition for these terms. Quite frankly, I’ve not done so, because there’s not one definition. There are a lot of different definitions in terms of how those terms are used in those definitions. Payers use those terms differently.

States, licensing boards all use those terms differently. That’s takeaway number one, is that variability, but that terminology is important. The way it is typically used, tells us what constitutes… either for reimbursement or from a professional practice standpoint, what constitutes telehealth or telemedicine.

That’s where it’s going to tell us, do we need to do this by way of a synchronous audio-video connection? Can it be phone only? Can we use a synchronous store and forward? Meaning, can we send images or information, not in real time to a provider? Then of course, remote patient monitoring.

These are the basic terms, but you are going to see why the variability in terms of how those terms are used. We’ll even get to some of the significant changes, that involved Medicare’s view of a qualifying originating site.

Also, very, very important… and this is creating a lot of confusion with all of these changes. I believe it’s important to think very basically about telemedicine in terms of two big buckets, a professional practice bucket and a reimbursement bucket. Within each of these buckets, there are state laws that bear on professional practice and federal laws.

Same with reimbursement, state law and federal law. You have to pay attention to what bucket you are dealing with, when you’re trying to figure one of these telemedicine concepts out. Let me give you a quick example. I’ve fielded a number of calls over the last two weeks. Providers that have seen that Medicare has made a licensure exception.

What these providers want to know is, “Does that mean I can go into another state and practice?” The answer to that is, no, not necessarily. Medicare has created a licensure exception that allows you for purposes of Medicare reimbursement, to potentially be in another state, provide an eligible service and be reimbursed.

That reimbursement exception that Medicare has stated, does not negate the state-specific professional conduct rules requiring licensure. Unless those have also been waived by the state, you still need to tackle that issue before you can provide services. That’s an important example in terms of where you’ve got to pay attention.

Is this a CMS Medicare change or is this a professional practice change? You think about it in terms of these questions. Ultimately with professional practice, can we provide this service through telemedicine? Now, can we do it maybe through a telephone call?

Who can provide the service through telemedicine? Doctors, APRNs, PAs, what about genetic counselors, physical therapists, et cetera? What requirements do we need to meet to provide these services? What technology can we use and how? That’s the professional practice side.

On the reimbursement side, it’s pretty simple. If we can do these services, if we can provide these services, can we get paid for them and by whom? The rules for Medicare and the rules for Medicaid and the rules for commercial payers, are all different in this regard.

I do want to note, with all this variability, there is one universal truth. That is, if you’re going to provide healthcare services through telemedicine or telehealth technology, you’ve got to comply with the same standard of care as you would need to meet if you were doing the visit in person.

That needs to always be in the backdrop here in terms of, is this something that we can do? Essential rules and regs, whether it’s COVID-19 related or not. These are fundamental federal laws and regs, and state laws and regs you need to pay attention to. The Medicare rules obviously relate to the reimbursement bucket.

DEA rules on prescriptive authority and controlled substances through telemedicine, relate to professional practice. There are a host of other agency rules out there as well, that potentially relate to professional practice. Then the state laws, as I’ve said, are very highly variable.

The Medicaid rules are different one state to the next, in terms of what qualifies for reimbursement through telemedicine. Parity provisions, most states at this point, pre-COVID-19 have a requirement that commercial payers must reimburse for services provided through telemedicine, if they provide reimbursement for an in-person visit.

There can be qualifications. Those can vary state to state, and not all states have them. They’re there and they are helpful, irrespective of the current healthcare crisis. Professional practice boards, medical licensing boards, psychology boards, each of those boards state to state, routinely have their own guidance.

Then there are scope of practice considerations in terms of supervision and such, that you always need to pay attention to. We’ll work through this quickly, to give you a sense of what we have and what’s changed. There has been massive change in very little time. Really, in the last two and a half weeks I’d say everything has changed.

At the federal level, we’ve seen CMS waivers, some multiple rounds of waivers, statements regarding non-discretionary… or discretionary non-Exercise such as relates to HIPAA, related FAQs from various agencies. We’ve seen legislation, including the CARES Act at the end of last week.

Then last night, as I mentioned, the CMS Interim Final Rule, just issued. We have DEA exceptions and other agency waivers which we’ll highlight. I do want to point out just quickly, with the CARES Act… and obviously there’s a whole lot more there.

One of the significant pieces was to authorize HHS and CMS, to make more aggressive and affirmative changes to the telehealth program. That just happened the end of last week. We were curious as to when those changes would be made. As I mentioned, the first big round of that was last night, CMS Interim Final Rule.

As this relates to Medicare, Regan’s going to get into more of the specifics. I wanted to highlight some of the major changes quickly. This rule vastly expands the list of services that may be provided and reimbursed through telehealth technology.

Even with some of these geographic changes that we’ll talk about, the list of what could be an approved telehealth service was still pretty small, relatively speaking. That’s been drastically expanded to capture things like ED visits, initial nursing facility and discharge visits and other things that Regan will expand upon.

Also, changes in reimbursement to reflect non-facility place of service. A recognition that, because providers… at least during this period, are going to be using telemedicine more frequently. There’s going to be more of an opportunity to bill for that encounter, as you would an in-person encounter.

There is expansion of the potential use of audio-only visits. Again, Regan will I think dive deeper on that piece. We will expect to see more guidance around it. It’s really Medicare saying, “We will adopt and utilize those codes that we’ve not previously recognized, that would allow for audio-only encounters between a practitioner and a patient.”

Expands the practitioners who can perform eVisits and virtual check-ins. Made some clarifications and some expansion with respect to remote patient monitoring, and importantly, expanded some opportunities for physicians to supervise their clinical staff by way of using telehealth.

If you have a quarantine physician, there’s now in certain settings, an opportunity to be quarantined and yet still supervise those nonphysician providers through a telemedicine technology. There is a link here to the Final Rule, the interim rule that was issued last night.

All right, Medicare before COVID-19, as I said, had to be a designated telehealth service. Had to utilize across the board a synchronous audio-visual technology, or designated store-and-forward technology. The patient had to be at a qualifying originating site, which was very narrowly drawn.

A geographic requirement, had to be in a designated rural area. A location requirement, had to be at a physician office or at a hospital, or critical access hospital and at a few other locations. All of this has been changed. In some ways, very dramatically. Qualifying originating site, much broader now.

Almost as broad as it could be, in the way of, there’s no longer… during this period of emergency, a geographic restriction. You don’t have to be in a rural area, you can be in an urban area. You can be really anywhere in the United States and meet this requirement.

The site restriction has been done away with now as well, so that patients can receive services in their homes or in other locations that were not on the more limited list of eligible sites. I mentioned professional licensure, it’s been waived for purposes of Medicare reimbursement, as long as you are licensed and in good standing in another state.

Preexisting patient relationship, you may have seen when the first round of changes came out. The first round of waivers, there was a requirement. Yes, you can use telemedicine, but you have to have a preexisting relationship with a patient which was spelled out and defined. That’s been done away with.

You can now use telehealth in this context for new patients as well as existing patients. Also, importantly, as of last night in the Interim Final Rule, the existing patient relationship has been done away with for eVisits and virtual check-ins. That had not changed until last night.

You can now use eVisits and virtual check-ins with respect to new patients. All right, I’m going to move on to DEA. I’ve included a slide on the Ryan Haight Act. This was kind of where we started with prescription analyses, in the context of telemedicine pre-COVID-19.

That’s because this federal law requires an in-person visit, before there is a prescription of a controlled substance through telemedicine. It provides for a few narrow exceptions, but they were just that. Very narrow and didn’t really come into play all that often.

Now, the DEA has invoked… about a week and a half, two weeks ago, its an emergency authority to permit temporary waiver of that in-person exam, for prescribing controlled substances to new patients through telemedicine.

As long as the prescription is issued for a legitimate medical purpose, by a practitioner acting in the usual scope of the profession, scope of practice. It’s got to be an audio-visual, real-time communication. This is important. This goes back to that concept of the two buckets.

You’ll see there’s more opportunity to provide telephone-only consult, perhaps for purposes of Medicare reimbursement. That does not supersede this DEA requirement at this time, that if you’re going to prescribe a controlled substance, you have to have an audio-visual interactive communication in play.

You also have to comply with the pertinent federal and state law, which I’ll come back to. HIPAA, Mike will speak more about this. There has been a statement that there will be non-discretionary exercise.

OCR will not penalize for HIPAA violations, in relation to using non-HIPPA compliant technology to accomplish telemedicine or telehealth as long as it’s non-public facing. This means you can use FaceTime at this point in time.

Now, there are some considerations that Mike will get into. This is also an opportunity to more easily and quickly get ramped up with a telemedicine encounter, using technology that may otherwise already be available. All right, so those are all kind of federal law and federal level items.

I want to mention state law and regulation. I mentioned the variability that was in place before any of this started. That’s still there. We’re seeing of course a lot of action at the state level, in the way of emergency orders. Medicaid waivers and exceptions, and professional licensing boards making an exception.

Just as there is a lot of activity at the federal level, there’s just as much activity at the state level. The challenge continues to be though, those efforts are variable. I’ll speak to licensure in a minute.

We see some themes, but there is still variation in these changes, in a way where ideally if you’re going to manage risk, decide on how you need to do telemedicine in a way that’s compliant, you still need to understand what the rules of the game are in the states where you will be offering those services. Some of the themes are licensure exceptions.

We’re seeing a lot of states more generally, allow for the use of telemedicine technology in the lieu of in-person requirements that may otherwise be found in the state regs. We’re seeing increased use of telephone calls in lieu of audio visual. We’re also seeing a lot of professional boards make specific exceptions for their practitioners in their states.

Let me talk quickly about professional licensure. As I mentioned, I’ve gotten a lot of questions about this. First, the confusion regarding Medicare and Medicaid exceptions, which I’ve already mentioned. Other things that you need to be mindful of.

Well, first of all, not all states have enacted a licensure exception. Most at this point have, but not all. Secondly, it’s typically in nearly all of those jurisdictions. It’s not as easy as just going into that jurisdiction and practicing. There’s typically a requirement that you submit an emergency application or attestation.

Next, you have to pay attention to whether the licensure exception is specific only to physicians or all licensed healthcare providers. In some states, the emergency orders that have been entered, speak specifically to physicians.

You may find that other licensing boards have waived, but you really need to pay attention to that and not just assume that PAs or APRNs or other providers, can enjoy the same licensure exception. Some states are qualifying what you can do and taking advantage of the licensure exception.

Perhaps a requirement that you have to have a pre-existing relationship with the patient that’s in that state, or your activity must specifically be related to COVID-19 activities. Long and short of it is, you do need to pay attention to what those states have to say.

It’s just not as simple as they’ve kind of opened up the border and said, “Come in and practice medicine or your specialty.” Informed consent, also a challenge right now. A, because how do we do it? B, we may not be able to get something in writing. Lots of questions here as well. This falls typically into both buckets.

The reimbursement rules will have requirements for obtaining consent, and the professional practice standards will as well. There is a lot of variability state to state, but I would say this is generally true.

In most jurisdictions and with most payers, verbal consent from the patient during the encounter is going to be sufficient, as long as the telemedicine practitioner documents on his or her end. That’s not universal, but I can tell you that’s in nearly all settings at this point.

You still though need to consider that dialogue. Both for purposes of risk management, and for a more meaningful and well-organized telemedicine encounter. You need to identify the patient. Is this an adult? Is this a minor? If it’s a minor, you need an authorized representative participating in that visit. We need to think through that.

Two, you need to discuss the risk benefits and limitations of virtual care. That’s going to depend upon the service you are providing. It may not need to be a whole big discussion, but maybe it is, because again, we’ve got to meet the same standard of care. Typically, we want to remind patients that this is not intended to be an emergency visit encounter.

If you’re having an emergency or something happens to our connection and you have an emergency, you need to dial 911, come to the ED or pursue a different option. We want to clarify what the followup responsibilities are. Are we supposed to call you? Are you supposed to call us? That should part of the scheduling process and/or this dialogue.

We need a backup plan. What if the feed goes out? What if we have an issue with technology? This may be a very sensitive encounter. Let’s map out ahead of time how we’re going to deal with that if the video drops or we have some other issue.

Chris Eades:

Also, pay attention to again, state-specific requirements may require more, is part of that dialogue. Behavioral health is a great example. A lot of states require when it’s a behavioral health encounter, that you provide specific information to the patient. For example, the access to facilities or assistants that are geographically proximate to the patient.

If they need urgent care, where can they go that’s close to them if they need? You do need to pay attention to those issues as well. Talking points, during these times, you do have to just ramp up quickly on occasion. Ideally, we need to discuss this workflow and our talking points, depending upon the service we’re providing, so that we map this out.

If we can’t get an informed consent document signed by the patient… and we need to decide if we can or not. If we can’t, it’s going to be really important that we do address these items as part of our dialogue, and that practitioners understand they need to do so and why. Developing a script or some talking points around this can be very, very helpful.

Lastly, I’m going to wrap with prescriptions. I’ve already mentioned the DEA exception. I’ve already mentioned how that may differ from some of the payer requirements. Also, pay attention to state law. Most states have prescription requirements through telemedicine, that are more restrictive than the exception made by the DEA.

There are frequently prohibitions on prescribing opioids through telemedicine, which creates a challenge right now in situations like chronic pain management. There may be specific medical record, treatment plans requirements. Pay attention to those state rules, because the DEA’s exception is contingent upon compliance with those state rules.

As I mentioned, they are quite frequently more restrictive in terms of what you can prescribe in the way of a controlled substance, in particular through telemedicine. All right, I’m going to pass the baton now to Regan, who will focus on some reimbursement.

Regan Tankersley:

Thank you, Chris. This next portion of the presentation will focus on reimbursement considerations, focusing primarily on Medicare reimbursement. That has been the biggest change and impact that we have seen under the current public health emergency. I see the timeline of events, for purposes of Medicare coverage of telehealth services in three buckets.

We have the world as it existed prior to the public health emergency, prior to the 1135 waivers. As Chris had already discussed, Medicare coverage of telehealth services in the pre-public health emergency world was very limited. There was the geographic restriction for the location of the patient. The patient had to be in a qualified originating site.

The only way that a practitioner, as a distance-site practitioner could bill and be paid for those services as telehealth services under the Medicare policy, was if that patient was located in a qualified originating site. Again, it had a geographic restriction.

Distance site was the location of the practitioner, generally not restricted. For federally qualified health centers and rural health centers, were not viewed as appropriate locations for distance-site practitioner. There were the defined set of telehealth services, within the Social Security Act that existed in the statute.

This in my description here, I will pivot from something Chris had said about, there isn’t a good definition between telehealth and telemedicine. For Medicare payment purposes, telehealth is defined within the Social Security Act, within that defined statutory provision.

Meaning, only those services as identified within the act or as updated by the secretary of HHS on an annual basis, can be covered and paid for under Medicare as a telehealth service. Which we will distinguish from other types of virtual communication services.

For purposes of our discussion here, recognizing that there is a distinction for Medicare payment for telehealth versus other types of communication services. For telehealth services to be provided under that strict statutory provision, is generally required a HIPAA compliant two-way audio-visual communication.

That was also somewhat limited, as to the types of platforms that could be available for use by the beneficiary on the originating site, and by the physician or other practitioner on the distant site.

The next bucket in the time table related to Medicare coverage for telehealth services, would be our coverage post the 1135 waivers, once the emergency period began. I would say this bucket up until 5:30 yesterday, was a continuing bucket.

We’ll get to that in the next set of the timeline, is that the world all of a sudden changed yesterday with the release of the Interim Final Rule. Initially, when we were first seeing the coverage expansion under the waivers, what it did initially was remove the geographic restrictions.

Which was big for Medicare payment purposes, because they always had that geographic restriction. That meant a patient could be located anywhere within the United States, including in the patient’s home.

The patient’s home was then added to the statutory provision as a qualified originating site. Even though there was not going to be a recognized site, originating site facility fee for that location. It was a very broad expansion, to allow these patients to receive services in their home.

It then included the FQHCs and the RHCs. Those became added as an approved location for a distance-site practitioner. Therefore, if a beneficiary’s primary care physician was actually a practitioner at an RHC or an FQ, they would not be limited by that provision.

Those physicians could still… or practitioners could still be that distance-site practitioner for purposes of a telehealth visit. Again, as the first wave of waivers are going through, and we are seeing changes within the emergency legislation that authorized waiver authority.

The guidance removed that requirement, that a patient would have had to have been seen within the last three years or be an established patient. CMS and HHS had originally said they were not going to enforce or audit that provision. It was subsequently changed within the waiver guidance to remove that restriction.

That is where the world existed under the waivers. As we move forward… and again, this is prior to the Interim Final Rule issued yesterday, we continue to see some more increased flexibility for purposes of Medicare covers of telehealth. Increased flexibility for home dialysis patients.

Increased flexibility for hospice re-certification. Those required face-to-face periodic evaluations or re-certifications. Those were going to allow it to be completed through telehealth. Again, initially, all of this was limited to the very defined set of telehealth services.

Medicare has those described in the statute. They publish a list every year. It’s on the CMS website of those identified approved telehealth codes, that can be built and provided as a telehealth service.

There is an enforcement discretion during this emergency period, as Chris had mentioned, regarding OCR was not going to enforce HIPAA requirements for technology used in good faith. That allowed Medicare beneficiaries to be able to access their practitioners via smartphones, via two-way video such as FaceTime or Skype, anything that was not public facing.

There had been some guidance from the OIG, that they were not going to pursue enforcement action for provider waiver of cost sharing related to these telehealth. Now eventually, other types of virtual communication services. That is where we were. Then Friday of last week when the CARES Act was signed, that gave us some additional expansion.

We had the original waivers, what Medicare was allowing under the waivers that existed versus the waiver authority. Under the original waivers again, we only had coverage for those defined set of telehealth services within that identified section of the Social Security Act.

All definitions within the Social Security Act still applied, if they required real-time two-way audio-visual communication. You look at those first set of waivers, the waiver authority granted initially was somewhat limited. It basically removed that geographic restriction.

It allowed the originating site to be a patient’s home, but it did not provide for any kind of a payment for an originating site facility fee, when the patient was located in the patient’s home. What did the waiver authority do?

This is where when we were preparing our materials yesterday initially, we thought we would be making our distinctions between the current waiver and what was created under the waiver authority. Which was the CARES Act signed last Friday.

When we read it, it looked like it was really going to be able to give the secretary, that very expansive authority to really waive a lot of those requirements that existed within the Social Security Act, very defined section around telehealth services.

When we were looking at that initially, the question we had was, “Well, we have the waiver authority. When do we expect to get those expanded waivers?” If you recall from the first set of emergency spending legislation, it took several days to actually get to that official waiver from the secretary to implement some of those telehealth provisions.

Well, we didn’t have to wait for very long, because as of around 5:30 Eastern Time last night, CMS issued an Interim Final Rule, which was really implementing a lot of changes under this recently established increased waiver authority. We provide the link to the CMS fact sheet, regarding these services in our slide.

This is very significant for purposes of telehealth coverage under Medicare, because now that it has expanded that defined list of services that Medicare will pay for as a telehealth service. When I say telehealth service, that means that those are the services that are still required to be provided real time, face to face, audio and visual.

That is a telehealth service and that criteria hasn’t changed. There is a lot of commentary discussion in the rule around other types of services. For purposes of Medicare coverage and payment, that list of telehealth services that can be paid for has been expanded to include ED visits, initial nursing facility, discharge, home visits.

Things that really before, Medicare had determined were not appropriate to not be provided face-to-face, because of the risk to the beneficiaries and the risk to the provider community, of the virus, they are increasing a lot of this flexibility. To provide these services remotely, to protect both the beneficiaries and the healthcare providers.

Very importantly, the services must still be provided by a clinician that is allowed to provide telehealth services under the statute. That is still an important distinction. A lot of these services now can be provided to both new and established patients.

One of the important components listed on the fact sheet… and then if you go through the rule, is that there is a bullet point in the fact sheet, that providers can evaluate beneficiaries who have audio-only phones. This is an important distinction. What has not occurred is the waiver of that two-way video, visual communication for our telehealth service.

What CMS has done, is actually taken the existing CPT codes within the manual for telephone-only services, that Medicare has always considered to be non-covered, they are now covering those.

This gives increased flexibility for practitioners and providers, to be able to have essentially an E&M telephone call visit, recognized by those existing CPT codes for telephone-call-only, audio only, so we don’t have to be concerned about beneficiaries who don’t have access to two-way communication or access to a smartphone.

Those are now going to be covered CPT codes. Again, making the distinction, those are not telehealth codes. Those don’t fall under the statutory provision for telehealth. This is just taking those defined set of telephone-only CPT codes, which some payers have already been paying for. Medicare is now going to pay those as covered.

Further, for telehealth under the expanded provisions under the Interim Final Rule, telehealth… and again, when we say that two-way video, audio-video communication, it can be used to fulfill many of the face-to-face visit requirements that clinicians were subject to prior, including inpatient rehab, hospice, home health.

That there were several types of services that way, that could only be provided in-person, that now under the public health emergency during this time period can be provided via telehealth. Again, just some highlights from the Interim Final Rule regarding, home health agencies can provide more services to beneficiaries using telehealth.

It has to be included in the plan of care. More flexibility for hospice providers, getting those routine services. Importantly, if a physician determines that a beneficiary should not leave their home due to a medical condition, or are they suspected COVID-19 and that beneficiary needs skilled services?

That will qualify the beneficiary for services under the Medicare home health benefit. Another important change under the Interim Final Rule, is that for purposes of a physician incident to services that require direct supervision, that direct supervision can now be met through a virtual presence.

Meaning, that two-way audio-visual communication does not have to be provided in-person in the office suite. That also extends to services provided in a hospital outpatient department. Medicare is revising the definition of direct supervision, that lives within the regulation relating to diagnostic services.

That also feeds over into hospital services, that anything requiring that direct supervision during this emergency period, you’re permitted to provide that direct supervision through a virtual presence. I’ve included this slide from the original March 17th, 2020 fact sheet, that talked about telehealth visits versus virtual check-ins and eVisits.

I think it’s still a good way to distinguish that the Medicare telehealth visits… and now again, this slide is outdated. You can see from the bucket, that it’s really those services that could be provided under the Social Security Act provision that pays for telehealth services. Which is distinct from virtual check-in services which are not telehealth.

Those are paid under the Medicare Physician Fee Schedule. Those were not subject to the telehealth statutory limitations, and the same thing for eVisits. You can see on this slide, that the virtual check-ins and the eVisits which have existed prior to any of the telehealth waiver authority, were only allowed to be used for established patients.

We have now seen that expanded under the Interim Final Rule. I’d like to use that slide as a way to just draw the distinction between what virtual check-ins are and eVisits, as distinct from the telehealth services. Those have the drawn defined set of CPT codes, that can be used by different types of practitioners.

I will mention that the Final Rule, has a lot of information at the code level. Very specific to the CPT codes that can be used, very specific to the code descriptions. CMS has provided some very good information via fact sheet, on their new waiver and flexibilities page at their website, which is a helpful resource.

Virtual check-ins and eVisits can now be provided to both new and established patients. Prior to the Interim Final Rule, those services could only be provided to established patients and importantly the consent, because those services require verbal consent. Those can be documented by auxiliary staff.

If we go back to that slide, you can see that the virtual check-ins, where those brief check-ins are over the phone or some other type of electronic device. Whereas an eVisit was communication through an online patient portal.

For purposes of what’s been expanded continuing, clinicians can now provide some remote patient monitoring services for patients with COVID-19 or any other chronic conditions. There is an example there that CMS gives related to monitoring a patient’s oxygen level.

This is important and another big change, providers can now bill for telehealth visits. Again, telehealth, the two-way communication, at the same rate as in-person visits. Prior to this expansion under the Final Rule, telehealth services had to be billed with a place of service code 02 on the CMS-1500.

That is how you identify that with a telehealth service to Medicare. Medicare paid for those services at the facility payment rate, under the Medicare Physician Fee Schedule. Which means there isn’t any practice expense included in that.

That made sense under the original telehealth coverage under the statute, because only patients who were present at an originating site could receive services that would be billable by the distance-site practitioner. The originating site could bill that at originating site facility fee.

Medicare has since recognized that most of these services that are able to be provided now, is likely to occur from a patient in their home. They’ve updated the billing guidance for the distance-site practitioners, such that they can bill for their services from where they would normally be seeing their patient.

Meaning, if a physician is in their office, where they’re going to bill it with an office place of service code, they’re going to include now a 95 modifier to identify to the telehealth service. Then that physician or practitioner will be paid at the non-facility full office payment rate for those services.

Place of service 02, will continue to be paid at the facility payment rate. The rule suggested that for practitioners who don’t want to change the way they do it, they can continue use the 02.

If you’re a physician in their office or even their home, if you’re billing that with an appropriate office place of service, then you’ll be paid at the office visit non-facility payment rate.

Our assumption at this point, is that if you’re a physician providing services in their home as a distance-site practitioner, that it would be billed with an office place of service, because your billing would still be going through your reassigned physician or group practice.

This is a little off topic, but there’re some provider enrollment guidance out there as well, regarding physicians who can provide services in their home during this time period. Our assumption is that those would be billed with an office place of service, if that guidance changed or we get clarification we can update that.

Again, from the prior guidance, we assume no other emergency waiver modifiers are required. There are modifiers required by the Medicare program for services provided via an 1135 waiver. That Medicare had already said that those modifiers would not apply to telehealth services.

I did not see any apparent changes to the originating site requirements within the Interim Final Rule. It’s safe to assume that you can only still bill that originating site facility fee, if you’re one of those qualified originating sites that exist within the statute. I have them listed on the slide.

Then again, the originating site is where the patient is located. There’s been no changes to that portion of the coverage. If the patient is in a skilled nursing facility or in a hospital or in an RHC, and they are there receiving telehealth services from a distance site. That originating site fee can still be billed by that originating site entity.

Method two, critical access hospitals can bill for professional telehealth services on the UB, with their required modifier. Again, we don’t see any indication that the [inaudible 00:43:21] condition code would be required.

What else has changed from the Interim Final Rule? I think this is important, because there’s some discussion in there that can be a little confusing, because of the services that they expanded. The distance-site practitioners must still be qualified providers under the original coverage rules.

Those qualified providers include, as listed on the slide, physicians, certain nonphysician practitioners such as nurse practitioners and physician assistants, and certain other practitioners operating within their scope of practice, such as certified nurse anesthetist, licensed clinical social workers, dieticians, et cetera.

Those are still the only practitioners who can provide telehealth services under Medicare, because they have not made a change to that qualified provider requirement under the statutory provision. This is an important distinction.

Medicare has been adding codes they would cover as telehealth, and including therapy codes. Meaning, outpatient therapy codes, outpatient rehab, physical therapy, occupational therapy, speech language pathology.

Importantly… and this is discussed in the rule, why Medicare went ahead and made the decision to add those codes to the list of telehealth services codes that can be provided. Again, meaning the audio-visual two-way communication.

They have not added physical therapists, occupational therapists or speech language pathologists, to the types of practitioners who can provide those telehealth services. They made that clear in the rule, that they didn’t add these codes back in 2008 when they were asked to, because they were afraid it would cause confusion.

Since these codes are predominantly billed by therapists who are not qualified practitioners for telehealth services, those coasts now exists. It’s qualified as telehealth services that can be billed and paid for as telehealth, but not if they’re provided by PTs, OTs or speech language pathologists.

Those group of practitioners however, can provide and bill for the telephone call CNM, CPT codes. Also, there are some opportunities there for those types of practitioners under eVisits. Really quickly, before I move on to Mike… and again, we focus this part of the presentation on Medicare with all of the changes.

When you look at Medicaid, Medicaid is going to be state specific. The blanket waivers that CMS has issued under 1135 and under the Interim Final Rule, those waivers apply to Medicare requirements and payments.

It’s very important that you need to look at each state, to determine what they have requested or approved via Medicaid waiver. Has there been other guidance issued by the state Medicaid programs? We looked at several states that are issuing guidance related to telemedicine and telehealth services, and they vary from state to state.

It’s important that you look at your particular state’s authority or guidance that they’re giving, related to these types of services. Commercial payers, varied and rapidly evolving. Again, commercial payers have always had more flexibility than Medicare in providing more additional coverage health services.

They generally appear to be following the lead of CMS, albeit in a different pace. It’s very important to check also your commercial payer contracts and guidance, to see what they are allowing for under this emergency period.

We know some are allowing audio only, some already had, and calling those telehealth services versus just those telephone calls. With that, I will move onto Mike.

Mike Batt:

Thank you, Regan. We’ve talked about licensing and credentialing and reimbursement, and now we’re going to talk a little bit about the technology. As was mentioned at the front end, in each one of our disciplines, we know that we use these terms differently. In the IT space generally, telemedicine is the term we use for that face-to-face component.

Telehealth is everything that doesn’t require that face-to-face component. If you’re coming into this conversation from the IT world, know that in the IT world, telemedicine translates in the reimbursement world to telehealth. Moving into the technology.

As we try to replace that face-to-face video component with technology, there’s really three big buckets of the technology that fill that gap. Kind of from the [inaudible 00:47:36] here. The first bucket is really that fully integrated patient portal. Here, we’re looking at our Epic or Cerner system.

The patient navigates to the patient portal, clicks the link and obtains access to the provider. It’s a really rich environment here for the healthcare provider, for the patient. There is a lot of continuity as you move between the physical office visit and into virtual care.

Stepping out of that patient portal version, we kind of step into kind of the mid level. Here, that video component tends to be provided by a third-party standalone solution. This augments the healthcare provider’s EHR, but it’s a wholly separate system.

You may do some patient encounter functions, by bypassing your consents through your notice of privacy practices. There may be some workflow there. You may collect a patient’s medical history, but you’re still documenting your patient encounter in your EHR. Finally, the [inaudible 00:48:42] version is what has just been opened up by OCR.

It’s the ability to use FaceTime or Skype for business, or Google Hangouts to fill just that video link. As we go through these next few slides, we’re going to be talking about how… depending on what kind of solution you have, that kind of indicates how you can make use of some of the waivers that are out there and where some of the confusion lies on those waivers.

As Chris and Regan mentioned, last night we received some additional waivers. The one that really caught my attention was the adjustments to start. There’re a whole slew of opportunities to rent equipment that are off market value and whatnot. The one that really jumped out to me for the telemedicine solutions, was the non-monetary remuneration waiver.

This allows for an entity to provide to a physician… in the form of nonmonetary compensation, something that exceeds the statutory limits. Then they went on to provide the example of an entity that’s providing free telehealth equipment to the physicians.

For those health systems that are trying to push telemedicine solutions on to their non-employed med staff, this waiver is going to function very similar to what you may have already been familiar with under that EHR donation regs, without the cost share component. You can extend with this waiver, during the emergency some telehealth equipment.

The other piece that came out late yesterday, was the FCC’s COVID-19 Telehealth Program. This program sets aside $200 million, to help healthcare providers acquire and deploy eligible telehealth service equipment. This program is likely going to function a lot like the FCC’s Universal Service Fund Program.

Although the FCC has indicated that this rule will be quick in motion, where the USF program is… that it takes about a year to cycle through. Not a lot of details from the FCC initially on this, well, you’d expect those here in the coming days.

Mike Batt:

Be aware that if funding for telehealth equipment is a challenge, the FCC’s program is just going to get [inaudible 00:51:06]. With those three kind of levels of telehealth equipment, we’ve got a whole slew of documents that are going to govern how you use that equipment, what your obligations are to the vendor of that equipment or that service.

How that impacts the privacy of the data that’s pulling over it. As you think about licensing a piece of telehealth equipment, whether it’s a cart or if you’re just buying a software service, like American Well or one of those video tools like Zoom, you’re going to have a provider to vendor license agreement.

That agreement is going to… if you have an interface through EHR, it’s going to define that. They’re likely going to be functioning as a business associate, when you have that written agreement with the vendor. In addition, you’re going to have let the provider in to that communication tool.

At the other patient end, you’re going to have the patient end user license terms or terms of use. Then on each side of that communication, you’re going to have privacy policies. The vendor will have a privacy policy, and the provider likely on their website will have a privacy policy

The provider will also have a notice of privacy practices. The reason that I list all four of these documents, is each one of those class of documents is going to define the privacy rights.

How the vendor can use that data either as a business associate, when they’re functioning as an agent with the provider. Or if it’s coming from the patient’s side, as a licenser of technology, they may also have rights to the patient data as the patient pushes that data into that platform.

That becomes particularly acute, when you’re looking at scenarios where the vendor of the IT solution is also functioning in patient to provider matching. There are technologies out there as you look at telehealth solutions, that allow a patient to log in and enter, “I want to see this kind of provider. I’m in this kind of insurance and I’m in this geographic location.”

That IT platform will do that kind of Uber matching, to help you find an available provider. In many of those cases, the data that’s being pushed in there by the patient is viewed by the platform vendor as the platform vendor’s data, not health information.

As you start to put together an understanding of how that data moves across the platform, and who owns it and what your obligations are in HIPAA, it’s important to understand how each one of those four documents is going to impact that. With that as background, looking at what’s happening now within our emergency.

Here we have the OCR that has issued its waiver that says, “Healthcare providers will not be subject to penalties for violating HIPAA privacy or security rule, breach of notification rules that occur during a good faith provisioned telehealth during the COVID-19 national public health emergency.”

What is really key in that phrase is, it is a exercise of enforcement discretion during the telehealth visit. Some have read this and think that it’s a free pass for all things HIPAA. It’s not. It’s a very limited element of the telehealth visit.

Going back to those three types of platforms, the [inaudible 00:54:54], if you’re in the mid-level space where you are pushing patient data into the platform, it is really important that you understand that once that telehealth visit ends, that platform will continue to hold your patient data.

It’s essential in those cases, to maintain a business associate relationship with the vendor, because you will not have protection under the OCR exercise of discretion likely. That OCR’s enforcement discretion, really is going to apply just to that simple video link when you’re using FaceTime or one of those tools.

There’s been a whole slew of additional HIPAA guidance, and that’s located at our link there, that will walk you through the other pieces. It’s not all relevant on the telemedicine front. In addition to HIPAA, we need to pay attention to part two. Part two, we have two pieces of guidance here.

The first, SAMHSA came out and said that it’s up to the provider to determine in each case whether the medical emergency exists. If the medical emergency exists, then that information can be provided to another healthcare provider. The existence of that medical emergency should be documented in record.

I’m trying to simplify the challenges of part two compliance, the CARES Act directs HHS and SAMHSA to align services across the two organizations and do so in the next 180 days. Now that we’ve talked about HIPAA and SAMHSA, much like in Chris’s presentation, we have to give some considerations to state law.

Although HIPAA came out and indicated that we would not have… or we would have enforcement discretions, the HIPAA preemption of state laws creates some confusion. As the floor is dropped by the federal government, it leaves space for the state’s attorney general to exercise their enforcement authority.

As you look at launching your telemedicine solution, do give some consideration to your particular state law privacy as well as medical privacy laws. Also, the recent announcements. Some of you may be aware of the TCPA or Telephone Consumer Protection Act.

It’s a law that stands out there and bars use of automatic telephone dialing systems and prerecorded voice messages. The FCC came out and said, “Look, during this state of emergency, hospitals and government officials, if the content of call is solely informational and related to the COVID-19 outbreak.

Be a little more secure that you’re comfortable within the penalties of the TCPA and we’ll not enforce against you.” There were a series of changes there. Telemedicine, we’re trying to stand it up quickly. It’s important to understand the limits of the waivers, as well as the funding mechanisms and how it works.

With everything that has changed, a lot is still the same. A telemedicine visit still requires synchronous audio and video. As Regan noted, there are things that fall outside of telehealth that require only audio. Telemedicine visits still require audio and video as has been, today.

Provider must also maintain a record of the encounter. The provider must obtain informed consent from the patient through one means or another. Provider must advise the patient of their financial responsibility. The provider must make the notice of privacy practices available to the patient.

In addition, we have the various state laws that may also creep in there. How do we accomplish that? The easiest route in the virtual encounter is to start with the scheduling process. As you look at standing up to your telemedicine encounter, consider what kind of information is provided through the scheduling process.

Are we taking patients as they need an encounter or is this scheduled in advance? If it’s scheduled in advance, what documentation can we forward to them for that to support the consent for treatment and to support the compliance with HIPAA?

In addition, in that time, if you are using particularly one of the non-secured applications… so FaceTime, Google Hangouts and whatnot, during that scheduling process or at the initiation of the visit, it’s really important that you talk with the patient and explain to them that they are using a non-secure solution for communication.

They understand what that means, and they assume the risk of the use of that insecure platform. We think if you do that and it’s documented in the record, it puts you in a much better place and the patients made informed decisions. Once the visit is initiated, the provider can memorialize in the medical record that they’ve received informed consent.

That they’ve received the notice of privacy practices, as well as any supplement related to the particular platform. Then as you finish up that telemedicine visit, you can take care of any continuing care documentation and routing of that. With that, I’m going to pass the mic back to Chris. He’s going to walk through how we do our game plan.

Chris Eades:

Great. Thanks, Mike. Before I wrap this up, we’ll move through these next few slides. Kind of coming full circle and just take us a few minutes to do so. Then we’ll stay on to answer a few questions. We’re clearly not going to have time to answer all of the questions we’re seeing, I do want to clarify two points.

One, we’re doing our best to make quick updates and alerts with respect to telemedicine and telehealth. Also, as relates to all other aspects of what we’re seeing during this period. All of this information is on our COVID-19 resource page.

We will take the questions we get, and we will make those part of the alerts in what we publish. You can find that at In addition to that, like I said, we’ll answer a few questions and certainly you’re welcome to follow up with us directly as needed.

Okay, so in terms of having a game plan, given we have these various buckets, we have reimbursement considerations, professional practice considerations, IT specific components, it’s important to ask a series of questions and we think in a particular order, to get from point A to point B.

Step one really is, where do we want to use telemedicine? The jurisdiction is going to matter. We’ve covered that. What states will we be in, 50 States or 2 states? We need to recognize that. Where will the patients be located amongst those states? Where will our distant providers be, distant-site providers? Where will the patients be?

That’s going to implicate what laws we need to pay attention to. Why do we want to use telemedicine? Three weeks ago, whether or not we could get paid for telemedicine, may have driven that decision almost entirely. That’s not the case anymore. There is value in isolating patients, practitioners, easing the burden on hospitals and EDs and offices.

What are our priorities? We may find, even though the answer over the last few weeks and as of yesterday is increasingly, “Yes, there will be reimbursement,” there may not be reimbursement. We may want to do telemedicine anyway. Know your priorities from the start. That’s also going to dictate what we’re looking at and the value of what we’re finding.

What specific services do we want to provide? We know we’re talking about telemedicine generally, but you can especially now, provide a whole host of different types of services in different settings. The dialogue you have with patients, your workflow, your reimbursement considerations are all going to be driven by those particular services.

Does state law permit these services? Are there specialty-specific requirements? Will these services involve prescriptions of controlled substances, of non-controlled substances? We need to nail that down. Four, who’s going to be providing these services, physicians, APRNs, psychologists, PTs?

As you’ve just heard, maybe a PT can practice therapy per the professional practice standards, but is not going to actually get reimbursement through Medicare. Who is providing the service certainly matters and factors into the equation. Then, is reimbursement available? Medicare, Medicaid, as Regan addressed.

How are we going to provide these services? Mike addressed technology, what technology will we use? Must they include… will they include live audio-video? That relates back to the prescriptions and other factors. Then what’s our workflow? Just to wrap this up, Mike talked about this just a bit. How are we going to schedule these visits?

What sort of information can we share at that time realistically? What consent can we get or consent issues can we vet? How are we going to deal with patient identification and consent issues? Our medical record keeping process. It’s really important to map this workflow out before you get started. Even if it’s a quick one, even if we’re ramping up immediately.

Let’s map out how we’re going to do it today and tomorrow, and then let’s put our game plan together for next week, in how we’re going to do this maybe on a more permanent basis. With that, I’m going to get to a few questions. Then as I said, we will post additional information on our resource page and certainly welcome you to follow up.

One of the questions I see is, “Does the DEA audio-visual requirement… is this relevant to established patients or just new patients?” The answer is all of the above. The rule and the exception relates specifically to new patients, in a way of allowing you to prescribe controlled substances through telemedicine to new patients.

The expectation is, even under the current rule, that you would have the ability to do so if you’ve already seen and have an established relationship with the patient. Again, the caveat being, you need to pay attention to applicable state law, because those requirements may be much more restrictive.

I see a question regarding kind of the length of time all of these exceptions and waivers will remain in place. Almost universally, they will remain in place pending the end of the declared state of emergency. When declared at the federal level, when the emergency period ends, almost all of these waivers and exceptions we’ve talked about will end at that time.

Certain statements regarding discretionary non-exercise of certain other provisions are in place until further notice. The expectation there is, once the period of emergency ends, so too will those exceptions. It’s on the one hand ramping up and addressing telemedicine awake quickly, that it accomplishes what we need in the short term.

In the back of our minds, particularly if we’re going to continue with telemedicine, we have to anticipate that much of this will revert back. Mike, do you have any questions before we adjourn or Regan?

Regan Tankersley:

Yeah, I’m sorry. I was just sent a question. The question relates to HOPDs. The question is, if a provider is at the HOPD and the patient is at home, the provider bills place of service 02 and hospital submits what? This would be a situation where if the provider is located in the outpatient department and the patient is at home.

The patient is at home. That’s not a qualified originating site. The only thing that would be billed, would be by that distance-site provider. They’re sitting in a physical hospital outpatient department, so the place of service code would reflect either 19 or 22. It will not reflect the 02, under their revised guidance.

Again, it goes on. Also, if the patient is at HOPD and the physician is at home. Then if the patient is at the HOPD, that is a qualified originating site. The hospital would bill on the UB, the originating site fee, the Q3014. Then the physician would bill on the 1500 as a distance-site practitioner.

They could continue to still use the 02 as the telehealth service code that’s allowed, or the physician more likely would bill with the office place of service, to identify that. Oh, I’m sorry, it would be the 02, because the patient would be at the HOPD. There would be an originating site fee billed by the hospital.

Mike Batt:

Hey, Chris. I had a question from someone that was looking to understand how to find all the agreements that relate to use of a vendor. It is really important. That’s a great question. Quite often, with a lot of the new upstarts, you’ll find that the vendor gives you a PO with a hyperlink with terms.

It is really important to kind of go through that hyperlink, as well as look at their privacy policy and their terms of use. Generally in their privacy policy, you’ll see some indication that they want to do marketing, based on the data that they collect. That’s always a red flag for healthcare providers.

Chris Eades:

Great. Thanks, Mike. Well, great. It looks like we’re over 10 minutes past. We do want to be respectful of everyone’s time, so we’ll end the webinar at this point. Again, we’ll do our best to address many of these topics, and some of these other questions in the alerts that we post. We appreciate you attending. Have a nice day.

Thank you for joining us for this episode. If you would like to learn more about any of the topics you heard in today’s episode, please visit our website at Please remember that the views expressed in this podcast, are those of the participants only and do not constitute legal advice.