Digital Health: a COVID-19 Era “Win” Now Needs to Solidify Gains

Last year, the COVID-19 pandemic continued to deliver an unprecedented in vivo stress test to the US healthcare system and to the digital health and telemedicine sectors, in particular. While some cracks and weaknesses were identified, for the most part, providers, regulators, insurers and other stakeholders performed admirably.

As the health crisis shifts into a lower gear, however, the attention of legislators, public-health policymakers and other parties has been pulled toward other pressing issues, including inflation, supply chain disruptions, labour shortages and more. As a result, many COVID-19-related federal and state public health policies are facing a period of uneven transition. One of the primary results of this uncertainty is that the state of digital health today remains in flux.

Among notable recent developments, the US Department of Health and Human Services (HHS) renewed the COVID-19 public health emergency (PHE) on 13 April 2022. This renewal has occurred every quarter since the initial declaration in January 2020. In its accompanying statement, the HHS said that it will give states 60 days’ notice prior to termination.

Many analysts believe that this will be the last, or one of the last, such renewals of the PHE from the federal government. In fact, a 46-page “Dear State Health Official” letter from the Centers for Medicare and Medicaid Services (CMS) dated 3 March 2022, outlined a 12-month unwinding plan and provided detailed guidance on how states should pivot toward a restoration of routine operations following the end of the federal PHE. The unwinding plan includes discussions on eligibility, enrollment operations and other types of flexibility, noting that the CMS has, as of the date of the letter, approved nearly 1,000 disaster-relief actions for states during the PHE.

Among other effects, healthcare analysts and researchers estimate that somewhere between 13 and 17 million people in the US will lose their eligibility for Medicaid coverage when the PHE and various waivers are lifted. Additional actions that will lapse include waivers of numerous telemedicine-related requirements involving licensing, physician and patient locations, video-enabled prescribing of medications and more.

Similarly, on 22 December 2021, the US Food & Drug Administration (FDA) published transition-plan guidance in preparation for end of the federal PHE. This guidance includes information on regulatory requirements for devices that were authorised under the emergency use authorisation (EUA) process and devices that fell under temporary FDA policies that implemented specific enforcement discretion during the pandemic. Once the federal PHE ends, any device that received an EUA, or was developed, manufactured, labelled and distributed in accordance with the FDA’s enforcement policies, will lose all marketing authorisation or enforcement discretion.

Although declaring the actual end of the federal PHE is the responsibility of the HHS, state and territorial governments have already taken action – or, in certain cases, taken no action – regarding the PHE in their jurisdictions. As of May 2022, more than two-thirds of US states had declared the end of their COVID-19 PHEs or have allowed the PHE timeframes to expire. The vast majority of the remaining state PHEs are scheduled to expire sometime during the summer of 2022.

Unfortunately, relatively little direct action has been taken by elected and appointed officials to make permanent some of the pandemic-related changes regarding the regulation of digital health services. This lack of initiative has occurred despite considerable evidence that alternative approaches to the in-person delivery of healthcare services has significant positive results, particularly in rural communities, among chronically ill or homebound individuals, for people seeking mental and behavioural health services and in many other medical disciplines.

Despite these clear benefits, the stop-and-start approach to telemedicine delivery and regulation that has persisted for decades remains unchanged, creating an uncomfortable status quo, particularly when recent events have demonstrated the value of telehealth solutions in every respect, including cost-containment, quality of care, patient outcomes and consumer demands. Now is the time – when the evidence of telemedicine’s effectiveness is well documented – to make permanent a number of temporary policies enacted because of the PHE.

To help pursue this and other goals, on 21 January 2022, the American Telemedicine Association (ATA) announced a new affiliated trade organisation – ATA Action. Founding members of ATA Action include such well-known names in healthcare as LifePoint Health, Teladoc Health, HCA Healthcare and Intermountain Healthcare, as well as leading retail brands and other businesses, including Walmart, Philips and Best Buy Health. The organisation will work to support the enactment of state and federal telehealth coverage and appropriate payment policies to secure telehealth access for all Americans, including those in rural and underserved communities.

Unfortunately, it is too soon to determine whether this new, collective call to action will be heeded. With this in mind, providers and participants in the digital health sector will need to focus on the following key considerations:

• understanding the implications of, and preparing an unwinding plan for, the end of the federal and state PHEs, with particular attention to licensure, waivers, modifications and enforcement discretion that will soon be gone; and
• establishing (or re-establishing) compliance measures and best practices with respect to Stark Law and Anti-Kickback Statute fraud and abuse, Medicare and other requirements that will hold providers to a higher regulatory standard.

At every step, adherence to the following principles is essential:

• good medicine is good medicine, whether delivered remotely or in person; and
• telehealth should be integrated into an overall care plan as an adjunct to, and not replacement for, in-person care.

The primary goal of telemedicine providers, insurers, technology companies, lawmakers and regulators should be equally simple and singular: high-quality patient care.

In this context, the following is a review of some of the key developments in the digital health space over the past year, with an eye toward 2022 and beyond.

Licensing: A Primary and Long-Standing Barrier to Telemedicine Access

Prior to the COVID-19 pandemic, most states had strict limitations on the licensing of healthcare professionals to practise telemedicine within their borders. Physicians and non-physician practitioners (including nurses, psychologists and physical therapists) were required to hold licences in the states where their patients resided. In certain states, “relationship requirements” also required that the provider or someone in the provider’s practice examine the patient in person before initiating telemedicine services.

In early 2020, as the pandemic gained momentum, the HHS issued a series of bulletins, notifications and FAQs, announcing and then clarifying, then-HHS Secretary Alex Azar’s waiver of certain federal Health Insurance Portability and Accountability Act (HIPAA) regulations and the Health Information Technology for Economic Clinical Health (HITECH) Act non-compliance sanctions against covered entities and providers. As a result, state licensing boards, in turn, began to loosen their telemedicine licensing requirements. 

As federal and state COVID-19 PHEs expire, industry groups and advocates continue to strengthen options to expand licensure for providers. For example, the Federation of State Medical Boards supports the Interstate Medical Licensure Compact (the Compact), an agreement among nearly three dozen states, the District of Columbia, and the Territory of Guam, who work together to streamline the licensing process for physicians who want to practise in multiple states. More than 80% of US physicians are eligible to obtain licensures through the Compact.

Under the Compact, qualifying physicians who practise in multiple states can complete a single application in order to receive separate licences from each state in which they intend to practise. The Compact is modelled after the Nurse Licensure Compact, which allows holders of a multi-state nursing licence to practise in all of the 39 participating jurisdictions. However, a key distinction between the two compacts is that physicians must still pay between USD300–700 for each state licence – a significant financial burden and ongoing expenditure for providers practising telemedicine at the national level.

A more effective solution would be to allow simple reciprocity of licences across states. Not only would it be less expensive for physicians and/or their employers, but it would also streamline the qualification process. This option is likely to meet resistance from state medical licensing boards, which have a strong investment in maintaining control over the licensure process to protect the health, safety and wellbeing of its citizens.

State medical boards have posed an important question: “How can we effectively sanction bad players?” The answer to this challenge lies in developing consistent standards and methods of accountability across states. However, this resolution will require a willingness among state licensing boards to loosen their hold and work collaboratively with other state boards.

Reimbursement May Increase but at a Slow Pace

Despite cross-jurisdictional licensing issues, states had already begun to expand telehealth coverage within their borders prior to the pandemic. In 2019, the ATA reported that 40 states and the District of Columbia had adopted substantive policies or received funding to expand telemedicine coverage since 2017, and that the majority of states had no restriction around eligible provider types.

Following the passage in 2020 and 2021 of major pieces of federal COVID-19-related legislation, the CMS took a number of steps to loosen restrictions on, expand the use of and adjust payment rates, in order to ensure reimbursement for telemedicine services. These included the following:

• the list of telehealth codes for which providers can be reimbursed was expanded;
• payment rates were equalised between in-person and telehealth visits;
• limitations on the number of times certain services could be provided via telemedicine were eliminated;
• state Medicaid programmes were encouraged to increase access to telemedicine; and
• non-enforcement policies were applied to situations in which a plan or issuer added benefits or reduced or eliminated cost-sharing for telemedicine and other remote-care services.

Though major stakeholders are optimistic, it remains to be seen whether these pandemic-era policies will survive in their current form, with modifications or not at all. The future of telemedicine reimbursement will depend in large part on the ability of providers, insurers and states to convince relevant officials of the ongoing value of digital health services.

Healthcare private equity investments grow so will conflicts with corporate practice of medicine prohibitions.

Throughout the pandemic, healthcare mergers, acquisitions, joint ventures, and investment activity continued to increase at a rapid pace. In its Healthcare Private Equity Market 2021: The Year in Review, Bain & Company reported that global healthcare private equity posted a record year in virtually every region and sector. More than 30 of the surveyed transactions were valued at over USD1 billion.

While many of these transactions offer distinct advantages – including expanded geographic reach and market share, greater efficiencies and economies of scale, synergies with current private equity holdings and access to management expertise – they risk running foul of state corporate practice-of-medicine prohibitions.

Generally speaking, state corporate practice-of-medicine prohibitions restrict corporations from practising medicine or employing physicians to provide professional medical services. Although these regulations vary significantly by state, such prohibitions are designed to prevent the commercialisation of the practice of medicine, avoid conflicts of interest between a corporation’s obligations to its shareholders and physicians’ obligations to their patients and eliminate any interference with a physician’s medical judgement.

By their very nature, telemedicine and digital health typically transcend jurisdictional boundaries, meaning that compliance with ownership, employment and other obligations in one state may not ensure compliance in another. This diversity of rules and exceptions has the effect of limiting the formation, development and use of telemedicine alternatives for fear of creating legal exposure – particularly when the entities most likely to have the resources and scale to provide effective telemedicine are often corporations.

Rather than modifying restrictions with the goal of supporting appropriate delivery of telemedicine and other medical services, some states are taking a somewhat regressive approach, attempting needlessly to tighten corporate practice of medicine restrictions. The results of these efforts have been mixed.

For example, on 1 February 2022, California Senate Bill 642 (SB 642) was returned to the Secretary of the Senate after failing to pass through the Senate Appropriations Committee. SB 642 had previously cleared the Senate Health Committee in April 2021. This bill would have imposed limitations on some types of contractual arrangements between professional medical corporations (PCs) and entities owned by non-physicians, including corporations, private equity investors and other businesses. The bill would have also required that shareholders, officers and directors of a PC have “ultimate control” and management responsibility for the entity and would prevent such persons from being replaced or removed from their positions at the direction of non-physicians.

However, recent court cases have made it clear that in restrictive corporate practice of medicine states, courts will continue to scrutinise medical practice ownership and management carefully, particularly when determining whether insurance companies are required to reimburse practitioners for medical services or in medical malpractice cases.

In the Allstate Insurance v Northfield Medical Center case, the New Jersey Supreme Court upheld a trial court’s USD4 million verdict in favour of Allstate Insurance, in which it ruled that a New York lawyer and a California chiropractor violated the state’s Insurance Fraud Prevention Act because the medical practice was not legitimately structured, in violation of the corporate practice of medicine regulations and was, therefore, not allowed to submit medical insurance claims.

In June 2019, New York State’s highest court ruled in a consolidated action (Andrew Carothers MD, PC v Progressive Insurance Co.) that the ownership and control structure of the plaintiff’s practice violated state corporate practice of medicine laws and was ineligible for reimbursement by insurers.

Both of these cases found that the corporate structure and operational control over a physician’s practice amounted to false billing, notwithstanding that all care was warranted and rendered by physicians.

Conversely, in an October 2020 decision in Smith v Surgery Center, the Colorado Court of Appeals vacated a nearly USD15 million state-court medical malpractice verdict in which the plaintiff pursued claims against an ambulatory surgery centre following an epidural procedure that left the plaintiff partially paralyzed. In its decision, the appeals court noted that because a hospital may not tell a physician how to practise medicine, it also may not be held accountable for lapses in a physician’s professional judgment, as long as it was not aware of any propensity on the part of the physician to commit negligent acts.

Until such time as state legislatures take into account new methods for delivering care – and the financial and operational arrangements that support such methods – telemedicine providers and healthcare entities that contract with providers will need to scrutinise their contracts and structures on a state-by-state basis to avoid running up against state corporate practice of medicine prohibitions.

Enforcement Actions Targeting Fraud, Over-Utilisation and Malpractice Likely to Increase

On 26 May 2021, and as part of a concerted, coordinated law enforcement effort to combat healthcare fraud related to COVID-19, the US Department of Justice (DOJ) announced criminal charges against more than a dozen defendants. DOJ officials alleged that the defendants, many of whom were owners of laboratory and other testing facilities, took advantage of loosened telehealth regulations and rules to defraud the government of more than USD143 million in combined false billings. On the same day, CMS’s Center for Program Integrity announced that it had taken adverse administrative actions against more than 50 medical providers for their involvement in healthcare fraud schemes relating to COVID-19 or abuse of CMS programmes that were designed to increase access to medical care during the pandemic.

Nearly a year later, on 20 April 2022, the DOJ announced another coordinated enforcement action, this time involving charges against 21 individuals across nine federal districts and more than USD149 million in alleged false claims submitted to federal programmes. Simultaneously, the CMS announced that it had taken another 28 administrative actions against healthcare providers for “alleged involvement in fraud, waste, and abuse schemes related to the delivery of care for COVID-19.”

These actions serve as bookends to a series of law-enforcement actions that appear to affirm fears of fraud and abuse from telemedicine practitioners. Some have also expressed concern that over-utilisation and unnecessary procedures may increase should telemedicine gain a permanent role in the broader healthcare delivery system. Others point to concerns that patients may be more likely to experience medical malpractice.

To date, despite the uptick in law-enforcement scrutiny, there appears to be no evidence that digital health services give rise to higher rates of fraudulent or inappropriate activity as compared to other healthcare providers. If anything, the investigations conducted and charges filed over the past year indicate that, when applied, fraud and abuse laws are strong and that payers will – and should – continue to scrutinise over-utilisation. Potential fraud has always been highly scrutinised by payers, regardless of whether patient interactions occur in person or via telemedicine.

Patient Data Privacy and Ethics and the Technologies That Support Them Will Take Centre Stage

Like all healthcare professionals, telemedicine providers are subject to HIPAA and the HITECH Act, as well as a range of more recent federal and state data privacy and breach notification laws, such as the California Consumer Privacy Act and the Illinois Biometric Information Privacy Act. Such laws have been established because healthcare data and personally identifiable information are rich targets for hackers and cyber criminals. In 2020 alone, hundreds of data breaches, often involving data from hundreds of thousands of individuals, were reported to HHS.

A number of the temporary waivers issued by HHS during the pandemic loosened restrictions on the types of technologies through which telemedicine could be conducted. Among other examples, then-Secretary Azar waived sanctions against the use of audio and video communications products such as Skype, Zoom, and Google Meet. As usage of these and other platforms boomed during the pandemic, a number of key vulnerabilities became clear. (In 2020, the Oxford English Dictionary included “zoombombing” among its tech-related words of the year.)

As waivers from the HHS and other agencies expire, telemedicine providers will likely be required to restrict the number and nature of the secure tools through which they conduct patient interactions. However, wider exposure to telemedicine has led to rapid acceptance among patients, insurers, and even some regulators – a degree of enthusiasm that must be maintained even as more stringent technology standards return.

Physicians and other practitioners will need to identify the most appropriate service models and technologies that meet their practice and patient needs. Providers should ensure that they seek out and retain the services of reputable vendors that provide full inter-operability with existing electronic medical record systems, are willing to sign business associate agreements, and provide reliable customer service while maintaining robust data security measures. Integration and automation are challenges, but they are not insurmountable.

Telemedicine providers will also need to establish and document clear ethical guidelines about what types of patient information can be collected and how it can be disseminated and used to guide care. Patients are in a uniquely vulnerable position when working with providers, particularly those patients whose mental and physical health issues may impair their ability to understand fully or agree to the terms of a telemedicine visit.

A positive side-effect of the pandemic has been the degree to which healthcare-providers have shared – as appropriate and legal – key data that has helped combat COVID-19. Entities that once hoarded information are now making it available in ways that can help shape effective (from cost and outcome perspectives) policy, treatment modalities and preventive measures. Telemedicine can help support this kind of information and knowledge-sharing – an important argument for expanding its use, even after the current crisis subsides.

Conclusion

Telemedicine has gained wider acceptance among patients, providers, hospitals and insurers. Although the rollback of pandemic-related waivers is likely to continue, gaps between services available during and after the pandemic are clearer to all parties. This may lead to increased pressure on lawmakers and regulators to enshrine some of these advancements into law and policy.

To achieve their full potential, however, digital health services will need to overcome a number of persistent barriers. Ultimately, just as online education and work-from-home employment options have changed the lives of millions of students and workers, telemedicine will continue to play a growing role in the delivery of quality care to patients.