Hint: Skype, FaceTime are now acceptable F2F encounters. With Medicare’s COVID-19-inspired telehealth expansions, Part B providers have a plethora of options to safely care for beneficiaries. In coordination with these new offerings, the feds have also released new HIPAA guidance to address privacy and security during the pandemic. Details: “Patients will now be able to access their doctors using a wider range of communication tools including telephones that have audio and video capabilities, making it easier for beneficiaries and doctors to connect,” notes CMS in its initial March 17 release on the telehealth expansion. The feds have further clarified that non-public-facing technologies like FaceTime and Skype can be used for telehealth visits, but public-facing technologies like TikTok and Facebook Live can’t. “We are empowering medical providers to serve patients wherever they are during this national public health emergency,” said Roger Severino, HHS Office for Civil Rights (OCR) director. “We are especially concerned about reaching those most at risk, including older persons and persons with disabilities,” Severino added. Hand-in-hand with the telehealth expansion came an OCR announcement of HIPAA enforcement discretion. “OCR will ... not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency,” OCR said. And HHS also issued a waiver of certain sanctions for noncompliance with certain HIPAA requirements. Further, the HHS Office of Inspector General (OIG) announced it would not apply “administrative sanctions for reducing or waiving any cost-sharing obligations Federal health care program beneficiaries may owe for telehealth services,” according to a March 17 announcement. Remember: The telehealth visit doesn’t have to be for COVID-19 reasons to qualify for the expansion and exemptions. “OCR emphasized the need to ensure remote access to care for patients, especially those most at risk, regardless of whether or not the service is related to COVID-19,” note attorneys Rebecca Schaeffer and Cheryl Choice with law firm K&L Gates in online analysis. “Increasing access to telehealth will reduce the need for healthy or non-symptomatic individuals to travel to facilities for health care, which in turn will help interpersonal interactions and further reduce transmission.” Don’t Forget That State Laws Still Apply Providers must also look to another authority which may have stricter requirements, Schaeffer and Choice remind. “Telehealth is heavily regulated by state law, and providers should ensure that they are meeting all state requirements prior to initiating telehealth services.” “Many states impose licensure, technology, consent, or other procedural requirements. Unless waived by state agencies, these state laws must also be considered before launching telehealth services,” warns attorney Kim Stanger with Holland & Hart LLP in the firm’s Health Law blog. Also, don’t take the OCR statement as carte blanche to ignore HIPAA requirements. “While these OCR pronouncements give covered entities some additional flexibility, it is limited, and overall HIPAA requirements continue to apply,” Schaeffer and Choice caution. Heads up: Not only should you be checking in with your Medicare Administrative Contractor (MAC) and state boards, but you may want to revisit private payer telehealth policies, too, urges Stanger. “Absent state laws to the contrary, whether private payers will pay for the telehealth services generally depends on the payer contracts. Accordingly, just because a provider may render services via telehealth does not necessarily mean that the provider will be paid for such services,” he says. Resources: See OCR’s notice of enforcement discretion at www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html and review the HHS’ HIPAA waiver announcement at www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf. Find OIG’s copay waiver notice at https://oig.hhs.gov/fraud/docs/alertsandbulletins/2020/factsheet-telehealth-2020.pdf. Disclaimer: Information related to COVID-19 is changing rapidly. This information was accurate at the time of writing. Be sure to stay tuned to future issues of Part B Insider for more information. You can also refer to payer websites, CMS (cms.gov), CDC (cdc.gov), and AAPC’s blog (www.aapc.com/blog) for the most up-to-date information.