New Oregon Telehealth Rules to Assist Providers with COVID-19 Pandemic Efforts (Updated March 31, 2020)

Several updates have made by the Oregon Health Authority (“OHA”) and the Health Evidence Review Commission (“HERC”) since this alert was first posted.  The following is updated as of March 31, 2020.

On March 16, 2020, the Oregon Health Authority (“OHA”) issued a new temporary emergency rule revising OAR 410-130-0610 – OHA’s Medicaid telehealth reimbursement rule.  The new rule is intended to broaden the use of telehealth services for Medicaid recipients and to increase reimbursement for certain telehealth services.  OHA also adopted a modified Prioritized List of Health Services issued by the Health Evidence Review Commission (“HERC”) on March 13, 2020 (“Prioritized List”).  The Prioritized List contains an updated Guideline Note A-5 and a new Statement of Intent 6.  The Guideline Note, Statement of Intent, and temporary rules define the scope of telehealth services that are considered covered for Medicaid recipients.

The revised Guideline Note A-5 is intended to facilitate access to key services, including electronic, video, and telephone visits to enable providers to service patients without the patients risking disease transmission.  It includes a fairly robust list of procedure codes that will be considered covered when providers are engaged in synchronous visits with both audio and video capability.  In addition, HERC issued an amendment to the Guideline Note A-5 on March 23, 2020 stating that “[t]hese services can be provided by telephone when appropriate during the COVID-19 crisis.  See CMS FAQ #2 and Oregon Health Plan COVID-19 page for up-to-date details and billing guidance for fee-for-service.”  Permitted services include, for example, psychotherapy, End-State Renal Disease-related services, new and established patient visits, subsequent hospital care, subsequent nursing facility care, and certain behavioral health and care management codes.  The note provides:

Telehealth (Synchronous audio/video visits)

Telehealth visits are defined as synchronous visits with both audio and video capability. The patient may be at home or in a health care setting. The originating site code Q3014 may only be used by appropriate health care sites. Codes eligible for telehealth services include 90785, 90791, 90792, 90832-90834, 90836, 90837-90840, 90846, 90847, 90951, 90952, 90954, 90955, 90957, 90958, 90960, 90961, 90963, 90964-90970, 96116, 96156-96171[1], 96160, 96161, 97802-4, 99201-99205, 99211-99215, 99231-99233, 99307-99310, 99354-99357, 99406-99407, 99495-99498, G0108-G0109, G0270, G0296, G0396, G0397, G0406-G0408, G0420, G0421, G0425-G0427, G0436-G0439, G0442-G0447, G0459, G0506, G0508, G0509, G0513, G0514, G2086-G2088.

Telehealth visits are covered for inpatient and outpatient services for new or established patients.

Telehealth consultations are covered for emergency and inpatient services.

Billing for telehealth visits requires the same level of documentation, medical necessity and coverage determinations as in-person visits.

This is a significant update because of the expanded number and type of procedural codes that qualify for telehealth visits and because it applies to both new and existing patients.  The note continues to authorize certain codes (CPT 98966-98968, 99441-99443, 99421-99423, 98970-98972, G2012, G2061-G2063)  that were previously available when a clinician had certain telephonic or electronic service visit with an established patient but also recognized that the requirement that the codes be used only for established patients would be waived during the Covid-19 crisis.  The note also continues to recognize coverage for certain clinician-to-clinician consultations by telephone.  According to HERC, the revisions to Guideline Note A-5 will enable access to telemedicine services going forward.

HERC’s new Statement of Intent 6 applies specifically during an outbreak or epidemic and provides:

During an outbreak or epidemic of an infectious disease, reducing administrative barriers (e.g. increasing reimbursement rates) for telephonic evaluation and management services (CPT 99441-99443) and assessment and management services (CPT 98966-98968) is appropriate to ensure access to care while avoiding and preventing unnecessary potential infectious exposure.

The referenced codes will permit reimbursement for certain Non-Face-to-Face Physician and Nonphysician Telephone Services.  OHA’s temporary rule also specifies that during an outbreak or epidemic, OHA will provide coverage and reimbursement of patient-to-clinician telephonic and electronic services for established patients using the OHA’s maximum allowable rate-setting methodology.  OAR 410-130-0610(4).  On March 20, OHA issued a public notice stating that OHA intends to submit an expedited State Plan Amendment to the Centers for Medicare & Medicaid Services (“CMS”) asking CMS to approve an amendment retroactive to Oregon’s State Medicaid Plan allowing Oregon to increase reimbursement for telehealth services to rates that are comparable to in-person services.

The new temporary rule specifies requirements that must be met to obtain reimbursement for physical health telemedicine services including:

  • Compliance with HIPAA and OHA’s Confidentiality and Privacy Rules and security protections for the patient in connection with the telemedicine communication and related records;
  • Using technology in the telemedicine communication that is compliant with privacy and security standards in HIPAA and the Authority’s Privacy and Confidentiality Rules set forth in OAR 943 division 14;
  • Ensuring policies and procedures are in place to prevent a breach in privacy or exposure of patient health information or records (whether oral or recorded in any form or medium) to unauthorized individuals;
  • Complying with the relevant HERC guideline note for telehealth, teleconsultation, and electronic/telephonic services;
  • Maintaining clinical and financial documentation related to telemedicine services as required in OAR 410-120-1360;
  • Ensuring that the performing providers hold a current and valid license without restriction from a state licensing board where the provider is located and have authority to provide physical health telemedicine services for eligible Oregon Medicaid beneficiaries; and
  • Compliance with correct coding standards using the most appropriate Current Procedural Terminology (CPT) or Healthcare Common Procedure Coding System (HCPCS) codes.

Note that two days after OHA issued its temporary rule, the Office of Civil Rights of the U.S. Department of Health and Human Services announced that it would exercise its enforcement discretion and waive any potential penalties for HIPAA violations against health care providers that serve patients through everyday communications technologies during the COVID-19 nationwide public health emergency.  See our blog post discussing other changes at the federal level designed to bolster the accessibility of telehealth services.  HERC promptly amended its Guideline Note A5 to state “[c]ertain requirements for encryption will not be enforced by federal authorities during this crisis. This means services like Facetime, Skype and Google Hangouts can be used for patient contact. Compliant platforms are of course preferred when available.”  We would expect to see OHA amend its rule to align with this position in the near future.  As this is an evolving area we will plan to update our post as new information becomes available.

_________________________

[1] HERC issued an errata on March 23, 2020 removing “96150-96154” and replacing it with “96156-96171.”

COVID-19 Leads to Liberalization of e-Prescribing of Controlled Substances, May Presage Permanent Rulemaking

In light of the COVID-19 pandemic, the Drug Enforcement Agency (“DEA”) recently issued guidance permitting the use of telemedicine to prescribe controlled substances (schedule II to V) for the duration of the public health emergency declared by the Secretary of Health and Human Services.

Specifically, if (a) the prescription “is issued for a legitimate medical purpose” in the usual course of professional practice; (b) “audio-video, real-time, two-way interactive communication system” is used for the telemedicine encounter; and (c) the practitioner complies with applicable state and federal laws, then controlled substances may be prescribed via telemedicine without first conducting an in-person medical evaluation. DEA FAQ. Nonetheless, if the practitioner has previously conducted an in-person examination, then telemedicine may be used to prescribe controlled substances regardless of whether a public health emergency has been declared as long as the prescription is made in compliance with state law and within the usual course of the provider’s professional practice. Id. Continue Reading

CMS Takes Significant Action to Spur Use of Telehealth Services for Duration of COVID-19 Emergency

On March 13, 2020, President Donald Trump issued a proclamation declaring a national emergency concerning the novel coronavirus disease (the “Emergency Declaration”).  The president framed the emergency declaration as empowering the Secretary of Health and Human Services (“HHS”) to waive “laws to enable telehealth,” which gave providers hope that the administration would remove some of the primary regulatory barriers to the broad implementation of telehealth services. In the days since the declaration, the administration has taken increasingly significant steps to do just that.

The Emergency Declaration authorized the Secretary of HHS to exercise his waiver authority under Section 1135 of the Social Security Act (42 U.S.C. § 1320b–5). Section 1135 empowers the Secretary to waive or modify only certain provisions under Medicare, Medicaid, the Children’s Health Insurance Program (“CHIP”), and the Health Insurance Portability and Accountability Act (“HIPAA”) during a national emergency.  Congress broadened these waiver authorities in the emergency supplemental appropriations bill, signed into law on March 6, which gave the Secretary additional authority under Section 1135 to loosen Medicare’s telehealth billing standards. It also specifically allowed the Secretary to waive the requirement that the beneficiary live in a rural area and receive the services at an approved remote site, such as a rural hospital.

Continue Reading

Trickbot and Emotet Financial Malware Now Attacking the Healthcare Industry

In a recent Cybercrime Tactics and Techniques Report focusing on the health care industry, cybersecurity company Malwarebytes discovered a significant 82% spike in Trojan malware attacks on health care organizations in Q3 2019. Emotet and TrickBot, two especially sophisticated and dangerous forms of malware, were mostly responsible for this surge.

Used primarily as ’banking Trojans” to steal credentials and financial information, these intrusive, fast-replicating Trojans spread quickly. Emotet is polymorphic, which makes it difficult for traditional antivirus solutions to detect.  It worms its way through a network, generally using phishing emails from compromised systems to spread as quickly as possible. Once it’s infected enough computers, it will “drop” (install) other malicious programs, especially TrickBot, which has all sorts of modular, built-in tools to discover system information, compromise that system and steal data.

The presence of either of these Trojans on a network is a serious threat. Both of these Trojans are closely related; where you see one, you often see the other. To help visualize how they work, think about them like a team of professional robbers:

  • Emotet is the ‘strike team’ hired to get Trickbot through as many doors as possible, by exploiting vulnerabilities or by stealing keys
  • Trickbot is the professional ‘safe-cracking team’ the Emotet strike team gets in the door
  • Trickbot might install ransomware to collect a ransom, or maybe just cover their tracks when they’re done. When it installs ransomware, it’s often Ryuk.

Continue Reading

AKS and Medicare Advantage Plans: Don’t Kickback and Relax!

Health care attorneys have long questioned whether there are significant Anti-Kickback Statute (AKS) risks associated with financial transactions between Medicare Advantage plans and their participating providers. An ongoing case in the Northern District of Illinois could provide Medicare Advantage organizations with a clear answer regarding the nature of such risks.

United States ex rel. Derrick v. Roche Diagnostics Corp., brought by a qui tam relator under the False Claims Act, involves Roche Diagnostics Corp. (“Roche”), a manufacturer of glucose monitoring products, and Humana, Inc. (“Humana”), an issuer of Medicare Advantage plans (collectively the “Defendants”). United States ex rel. Derrick v. Roche Diagnostics Corp., 318 F. Supp. 3d 1106 (N.D. Ill. 2018). The relator alleges that the Defendants violated the AKS when Roche agreed to settle an overpayment owed by Humana for pennies on the dollar in exchange for the exclusive placement of Roche products on Humana’s formularies. This litigation has been ongoing since 2014 and the trial is set for early 2020.

Prior to the events giving rise to this action, Roche sold glucose monitoring products via Humana’s Medicare Advantage formularies. The relator alleges the following sequence of events. First, in March 2013 Humana notified Roche that it would be terminating its supplier contract with Roche and removed Roche’s products from its formularies. After protracted settlement negotiations, Roche agreed to accept only $11 million of the $45 million overpayment. That same week, Humana placed Roche products back on the Humana formularies and, crucially, also agreed to remove from its formularies all products that competed with Roche. Additionally, Roche “reserved the right to recover the full amount owed if Humana did not satisfactorily perform its obligations” under the debt forgiveness agreement. The relator claims that this exchange of debt forgiveness (remuneration) for formulary placement (recommendation/referral) amounted to an AKS violation. Continue Reading

NLRB Gives Employers Greater Discretion to Limit Union Activity on Their Premises

The National Labor Relations Board (the “Board”) recently issued a decision in UPMC Presbyterian Shadyside that reverses longstanding Board precedent and holds that employers no longer have to allow nonemployee union representatives access to public areas of their property unless (1) the union has no other means of communicating with employees or (2) the employer discriminates against the union by allowing access to similar groups.

The UPMC case arose after the employer, a hospital, ejected two union representatives from its cafeteria, where they had been discussing organizational campaign matters with and providing union literature and pins to employees.  Previously and for many years, the Board had held that an employer could not restrict nonemployee union representatives from engaging in promotional or organizational activity in its public spaces, including cafeterias, so long as the union representatives were not “disruptive.”  In UPMC, the Board returned to a more common-sense approach and held that the National Labor Relations Act “does not require that the employer permit the use of its facility for organization when other means are readily available.” Continue Reading

Medicare Advantage Premiums Are Not Subject to Washington Tax

Appeals Court ruling supports MA organization request for refund of B&O taxes paid on premiums

On April 1, 2019, the Washington Court of Appeals Division 1 ruled unanimously in a published opinion that premiums received by Medicare Advantage (“MA”) organizations from or on behalf of their members are not subject to Washington’s business and occupation (“B&O”) tax. Grp. Health Coop. v. Dep’t of Rev., No. 79091-9-1 (Wn. Ct. App. Apr. 1, 2019).

Washington’s B&O tax is imposed broadly on gross receipts but incorporates numerous exemptions, including an exemption for “premiums or prepayments that are taxable under RCW 48.14.0201 [Washington’s premium tax].” RCW 82.04.322. MA premiums are not subject to Washington’s 2% tax, which includes an exemption for Medicare premiums. RCW 48.14.0201. The Washington State Department of Revenue (“DOR”) has imposed B&O tax on MA premiums, reasoning that their exemption from the premium tax renders them ineligible for the exemption under the B&O tax.

Group Health Cooperative and Group Health Options, Inc. (collectively, “Group Health”) applied for a refund of the B&O tax imposed on its MA premium payments, asserting that MA premiums were exempt from the state’s B&O tax, or alternatively that the B&O tax on MA premium payments was preempted by federal law. The complaint was summarily dismissed in trial court. The court of appeals agreed with DOR’s interpretation of state law holding that MA premiums are not exempt from B&O tax, but reversed the lower court on the issue of federal preemption.

A federal law enacted with the Balanced Budget Act of 1997 provides that “[n]o State may impose a premium tax or similar tax with respect to [MA premiums].” 42 U.S.C. § 1395w-24(g). The appeals court agreed with Group Health that this language preempts state law imposing B&O tax because the B&O tax shared key characteristics with, and thus is similar to, a premium tax. First, this is a case of DOR imposing the B&O tax on premiums, just like an explicit premium tax. Second, both the B&O tax and the premium tax are assessed on a gross basis. In holding that federal law preempts DOR from implementing a B&O tax on MA premiums the court stated that Group Health was entitled to a refund of the B&O taxes previously paid.

It is unclear at this time whether the DOR will try to appeal to the Washington Supreme Court, and whether that court will accept the case for review. Regardless, as a result of this decision, any MA organization that has paid B&O tax on their MA premiums in Washington should immediately seek assistance in requesting a refund from the DOR. MA organizations should not wait to see if the matter is further appealed and should act now to preserve any potential refund claim.

For help requesting a refund, or if you have additional questions about this case and its implications, please contact Chauncey MacLean at chauncey.maclean@stoel.com or (206) 386-7551, or Kara Morse at kara.morse@stoel.com or (206) 386-7657.

HHS Issues Practical New Cybersecurity Guidance for Healthcare Businesses of all Sizes

In late January, the U.S. Department of Health and Human Services’ Healthcare & Public Health Sector Coordinating Council issued a new cybersecurity guidance document for healthcare businesses of all sizes. The guidance document, entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx, provides concrete and practical guidance for addressing what the Council has identified as the “most impactful threats . . . within the industry” and serves as a renewed call to action for implementation of appropriate cybersecurity practices. This document is critical reading for healthcare business managers faced with ever-increasing cybersecurity risks and the attending risks to patient safety and operational continuity, business reputation, financial stability, and regulatory compliance. Continue Reading

Washington Supreme Court Announces Zero-Tolerance Approach to Sexual Harassment in Places of Public Accommodation

The Washington Law Against Discrimination (WLAD) prohibits “places of public accommodation” from discriminating against their customers on the basis of several protected characteristics, including, without limitation, sex, race, national origin, and sexual orientation. Sexual harassment is one prohibited form of such sex-based discrimination.  Generally speaking, a place of public accommodation is any business that is open to the public.

On January 31, 2019, the Washington Supreme Court announced a new sexual harassment standard for places of public accommodation. In so ruling, the Court held that, under the WLAD, employers are “directly liable for the sexual harassment of members of the public by their employees, just as they would be if their employees turned customers away because of their race, religion, or sexual orientation.” Floeting v. Group Health, Inc., No. 95205-1. Continue Reading

Effects of State Individual Mandates on Employer Group Health Plans

Late last year, Congress passed the Tax Cuts and Jobs Act, which included a provision  effectively repealing the requirement for most Americans to have health insurance.  This “individual mandate” was originally imposed by the Affordable Care Act (“ACA”). Beginning in 2019, the tax penalty individuals face if they do not enroll in health coverage considered minimum essential coverage (“MEC”) will drop to zero.

For many Americans, the individual mandate was satisfied by the health coverage provided by employers. From an employer perspective, the repeal of the individual mandate penalty might first appear to have little effect. The ACA’s employer shared responsibility provisions (also known as the “pay-or-play penalties”) remain intact, and applicable large employers (“ALEs”)  will likely continue to provide group health coverage to employees and their dependents even though the individual mandate is no longer in effect. And though the Congressional Budget Office projected that an additional 4 million individuals will go uninsured when the federal penalty disappears, most of these individuals were previously insured in the individual market, not the group market.

But the repeal of the federal penalty has spurred activity at the state level that will require employer attention. Many states are concerned that the resulting increase in uninsured individuals will further strain state safety nets, resulting in accelerated efforts to strengthen state insurance markets by imposing state-law individual mandates to reduce the rate of uninsured individuals. Continue Reading

LexBlog