On March 13, 2020, President Donald Trump issued a proclamation declaring a national emergency concerning the novel coronavirus disease (the “Emergency Declaration”).  The president framed the emergency declaration as empowering the Secretary of Health and Human Services (“HHS”) to waive “laws to enable telehealth,” which gave providers hope that the administration would remove some of the primary regulatory barriers to the broad implementation of telehealth services. In the days since the declaration, the administration has taken increasingly significant steps to do just that.

The Emergency Declaration authorized the Secretary of HHS to exercise his waiver authority under Section 1135 of the Social Security Act (42 U.S.C. § 1320b–5). Section 1135 empowers the Secretary to waive or modify only certain provisions under Medicare, Medicaid, the Children’s Health Insurance Program (“CHIP”), and the Health Insurance Portability and Accountability Act (“HIPAA”) during a national emergency.  Congress broadened these waiver authorities in the emergency supplemental appropriations bill, signed into law on March 6, which gave the Secretary additional authority under Section 1135 to loosen Medicare’s telehealth billing standards. It also specifically allowed the Secretary to waive the requirement that the beneficiary live in a rural area and receive the services at an approved remote site, such as a rural hospital.

Since the emergency declaration, CMS has taken three separate actions to spur the implementation of telehealth during this crisis.

First, on March 13, the Secretary published an initial list of waivers available for health care providers under his 1135 authority. Of these, only one is applicable to telemedicine. HHS is waiving the Medicare billing requirement that out-of-state providers be licensed in the state where they are providing services when they are licensed in another state. Thus, providers who are licensed in State A may bill Medicare for telehealth services delivered to residents of State B, provided they are not barred from practice in State B. Note that this waiver is for the purposes of Medicare, Medicaid, and CHIP reimbursement; it does not preempt state licensing rules.

Generally, all states require telemedicine providers to be licensed domestically prior to delivering services to patients located in their state. Twenty-nine states plus the District of Columbia have joined the Interstate Medical Licensure Compact, which enables expedited licensure for physicians to practice across state lines. Other states, such as Oregon, have a specific expedited licensure process for out-of-state providers who wish to deliver telemedicine services within their borders. Even with these expedited applications, licensure requirements still pose a significant barrier to practicing medicine across state lines, unless state licensing agencies follow suit and begin to allow waivers .

Second, on March 17, CMS issued a waiver to allow Medicare to reimburse for telehealth services under a much broader set of circumstances. Effective March 6, 2020 and for the duration of the COVID-19 public health emergency, Medicare will:

  • Reimburse telehealth online “visits” at the same rate as regular in-person visits.
  • Make payments for professional services furnished to beneficiaries in all areas of the country in all settings.
  • Allow services to be furnished to beneficiaries in any health care facility and in their homes.
  • Allow health care providers to reduce or waive cost-sharing for telehealth visits.

The waiver authority requires that the telehealth practitioner (or someone else in the practitioner’s group practice) have an established patient relationship with the individual receiving telehealth services. However, CMS has announced that it will not conduct audits to confirm whether a prior relationship exists.

Finally, also on March 17, HHS’s Office of Civil Rights announced that it would exercise its enforcement discretion and will not impose any penalties on covered health care providers for noncompliance with HIPAA in connection with the provision of telehealth services during the COVID-19 nationwide public health emergency. In short, this means that a provider may use any non-public facing audio or video communication products, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19. This means that providers can interact with patients with the most widespread video conferencing platforms, including Skype, FaceTime, or Google Hangouts. And providers can do so without executing a business associate agreement with the platform provider, and without delivering a notice of privacy practices.

HHS warns, however, that Facebook Live, Twitch, TikTok, and similar video communication applications are public facing, and should not be used in the provision of telehealth by covered health care providers. HHS also advised providers to notify patients that these third-party applications potentially introduce privacy risks, and recommended that providers enable all available encryption and privacy modes when using non-compliant applications.

Together, these waivers and announcements of enforcement discretion represent a significant lessening of the practical, technological, and financial barriers to the widespread use of telehealth services during the COVID-19 crisis.