On March 17, 2020, in response to the national COVID-19 public health emergency, divisions of the Department of Health and Human Services (HHS) outlined a series of policy changes regarding telehealth services. In an effort meant to expand the capacity of the healthcare system and protect seniors who are the most vulnerable to COVID-19, the government announced that it would both expand Medicare coverage for telehealth services and relax enforcement of certain HIPAA rules against providers furnishing telehealth services.

Specifically, CMS announced that it will expand Medicare coverage for telehealth services provided to beneficiaries, covering telehealth visits furnished to beneficiaries in all areas of the country, and covering such services furnished in any setting, including the beneficiary’s home. Normally, Medicare will only pay for telehealth services when a patient lives in a rural area and receives the telehealth service at a health care facility. CMS is temporarily waiving both requirements, allowing beneficiaries located outside of rural areas to receive telehealth services, and allowing for patients to receive telehealth services inside in all settings. CMS also explained that HHS will not conduct audits to enforce any patient-physician “established relationship” requirements that would otherwise be applicable to such telehealth services. The announcement does not generally change the billing and payment rules and procedures surrounding telehealth services, meaning that patients may still have out of pocket costs for telehealth services. However, the HHS Office of Inspector General (OIG) announced that it will not enforce any fraud and abuse laws against a practitioner that waives or reduces any beneficiary’s cost-sharing obligations for telehealth services during the COVID-19 outbreak.

In conjunction with the announcement from CMS, the Office for Civil Rights (OCR) announced that qualified providers may “use any non-public facing remote communication product that is available to communicate with patients…in the good faith provision of telehealth.” This means that common applications like Skype, FaceTime, or Google Hangouts may be used by doctors to communicate with patients to provide telehealth services. The announcement further clarified that providers will not need to enter in with HIPAA business associate agreements with technology vendors before providing telehealth services. The OCR stressed, however, that public facing video communication services, such as Facebook Live, Twitch and TicTok, are not acceptable under this new policy.

While both announcements are temporary measures, effective for the duration of the COVID-19 public health emergency, it is important to highlight that they do not only apply to the provision of telehealth to those seeking treatment for COVID-19. These policy changes are applicable to all patients no matter what care they are seeking.