The easing of telehealth requirements improves access to care but involves risk management concerns. Understand the types of telehealth and the requirements for each.

  • Telehealth will be reimbursed as an in-person visit.
  • A patient’s telehealth costs may be reduced or waived.
  • Exercise caution when using technology that is not HIPAA-compliant.

The federal government acted quickly to make telehealth services more accessible in the COVID-19 pandemic, but risk managers must fully understand the changes to avoid creating liability risks.

Some telehealth changes are aimed at making the service reimbursable, and therefore available to more patients. But there also are compliance issues, says Matthew R. Fisher, JD, partner with Mirick O’Connell in Worcester, MA. The Department of Health and Human Services (HHS) announced several regulation changes and new approaches to compliance that are designed to increase access to telehealth services during the pandemic. The Centers for Medicare & Medicaid Services (CMS) explained telehealth falls into the categories of telehealth visits, virtual check-ins, and e-visits.

The categories include their own requirements for billing. Medicare considers a telehealth visit to be an encounter between a patient and a clinician that uses interactive audio and video, Fisher explains. These are visits that usually could occur in person and are used as a replacement for an office visit. In this encounter, the telecommunication platform must provide real-time communication between the patient and the clinician, Fisher says.

“An important concession by CMS involves the established patient requirement for telehealth visits. This service previously was permissible only when the patient and physician had an established relationship, which would not be as useful in helping respond to the COVID-19 increase in patient volume,” Fisher says. “Under the new conditions, CMS will turn a blind eye to the established patient requirement so you can use it for new patients as well. They’re also saying that telehealth services can be used to interact with a patient in their own home rather than having them go to an approved healthcare site.”

Virtual check-ins are brief discussions between a clinician and an established patient, unlike the more thorough telehealth visit. A check-in can be audio-only, but it cannot be related to an office visit from the previous seven days, and it is not reimbursable if it is followed by a full office visit within 24 hours. Additionally, the patient must verbally agree to the check-in. An e-visit is similar to a virtual check-in, but must be initiated by the patient.

A significant change from CMS is the decision to reimburse the telehealth visits at the same level as in-person visits, which, under normal circumstances, could lead to fraud or compliance failures.

“The HHS OIG [Office of Inspector General] issued a policy statement saying that because patients may not be able to afford cost-sharing amounts for telehealth services, it will not pursue fraud-based enforcement actions when the healthcare organization waives cost-sharing amounts, or if it waives the cost-sharing for the duration of the emergency,” Fisher explains. “This is important for compliance reasons because in normal circumstances waiving or reducing cost-sharing, even if done with best intentions, can result in fraud allegations. Waiving or reducing the costs can be seen as inducement to patients.”

Eliminating or reducing those costs can encourage patients to seek or accept telehealth services from the physician, which provides more Medicare reimbursement, Fisher explains. For that reason, CMS normally prohibits waiving or reducing the costs. (Complete guidance on telehealth services during the pandemic is available on the CMS website at: https://www.cms.gov/newsroom/fact-sheets/medicare-telemedicine-health-care-provider-fact-sheet.)

Embrace Telehealth

Healthcare organizations should embrace the wider use of telehealth during the pandemic, says Georgia Reiner, risk specialist for the Nurses Service Organization (NSO) in the Healthcare Division of Aon’s Affinity Insurance Services in Philadelphia. Any concerns about compliance and reimbursement issues are outweighed by the significant benefits of making healthcare services available to more patients, reducing exposure to the virus, and minimizing the use of personal protective equipment, she says.

When expanding telehealth services, Reiner says risk managers should remember the key requirements that always apply regardless of any regulatory modifications. Providers must practice in accordance with the standard of care and within the limits of their licenses, she says.

“It’s essential to verify with the state and the medical licensing board which practitioners can legally provide telehealth services,” she explains. “Some states limit the type of providers that can provide telehealth services, but most states allow physicians, clinical nurse specialists, nurse practitioners, physician assistants, licensed counselors, and other types of practitioners.”

The healthcare organization also must protect patient information during telehealth services, which usually means using HIPAA-compliant technology. But Reiner notes the HHS Office for Civil Rights recently stated that everyday communication technologies are acceptable during the health emergency. However, using those technologies, such as FaceTime, is not without risk.

“It is incumbent on providers to notify patients that if they do choose to use these third-party applications like FaceTime, Google Hangout, or Skype, there are privacy risks with those applications. They are certainly easier and quicker to implement when you’re trying to get telehealth services up and running quickly, but they do not offer the optimal protection,” Reiner says. “Whatever platform you’re using, providers should make sure they are implementing all the privacy and protection modes or options available on that application.”

Reiner cautions against any tendency to let one’s guard down too much with the expansion of telehealth. The relaxed rules do not mean telehealth can be used casually or without concern for the usual risks that come with electronic communications, she says.

“There is going to be an increased usage of telehealth services, so it is more important to follow best practices to maintain the security and privacy of patient health information. That includes threats like ransomware and other malware threats,” she says. “We know that cybercriminals are trying to take advantage of the coronavirus situation and trying to dupe people into downloading malware on their systems. It is important for everyone to inspect email and links carefully before downloading anything and to be sure systems are updated.” (NSO guidance for nurses using telemedicine is available online at: https://www.nso.com/Learning/Artifacts/Articles/Risk-Management-Considerations-in-Telehealth-and-Telemedicine.)

The Drug Enforcement Administration also said it will allow physicians using telehealth to prescribe controlled substances without a prior in-person exam. This telehealth exception had been approved previously but was lacking rules to implement it, says Kyle A. Vasquez, JD, shareholder with Polsinelli in Chicago.

“They’re saying you can go ahead and use telehealth for prescribing controlled substances, but then the issue we still run into is how state laws may apply. A lot of states have laws that say they don’t allow pharmacies to fill prescriptions for controlled substances from out-of-state physicians,” Vasquez says. “It’s unfortunate how you still have conflicts from all these rules.”

Malpractice coverage also may be problematic with interstate use of telehealth, Vasquez notes. Not all professional liability policies will cover care provided by telehealth to a patient in another state, so physicians and risk managers overseeing physician groups should check before agreeing to the service.

“There may be exclusions that specifically state the policy only covers the in-state practice of medicine,” he explains. “Employed physicians may be covered under a hospital or health system’s policy. That may provide more coverage, but it’s something to think about if you have not traditionally had an active telehealth program.”

Polsinelli created an interactive map that explains the regulatory issues pertaining to telemedicine during the pandemic. That map is available online at: https://www.covid19.polsinelli.com/telehealth.


  • Georgia Reiner, Risk Specialist, Nurses Service Organization, Healthcare Division, Aon’s Affinity Insurance Services, Philadelphia. Phone: (215) 293-1178. Email: georgia.reiner@aon.com.