Compliance Considerations for Best Outcomes
Written in collaboration with the AIHC Volunteer Education Committee
Delivering mental health services via telehealth has increased since the COVID-19 pandemic. Both Federal and State rules are constantly evolving along with the use of Artificial Intelligence, creating a complex environment for compliance considerations. This article is not intended as legal or consulting advice. If your practice is currently using a telebehavioral health approach for patient treatment, or if you organization is considering implementing this approach, we hope this article will give some food-for-thought on the topic. Keep in mind coding and documentation is extremely important for psychiatric services – consider registering for the Psychiatric Compliance – coding & documentation short course offered by the American Institute of Healthcare Compliance.
Telemedicine is considered to be under the umbrella of telehealth and refers specifically to clinical services. Telehealth and telemedicine cover similar services, including medical education, remote patient monitoring, patient consultation via videoconferencing, wireless health applications, and transmission of imaging and medical reports.
Behavioral telehealth may also be referred to as telebehavioral health, telemental health, telepsychiatry, or telepsychology.
Higher rates of use of telehealth are now standard in many practices since the coronavirus disease 2019 (COVID-19) pandemic. Increasing importance on patient satisfaction, providing efficient and quality care, and minimizing costs have also led to higher telehealth implementation.
This increase in telebehavioral health has been especially enjoyed by both patients and providers since the pandemic, but widespread adoption has been hindered by regulatory, legal, and reimbursement barriers.
Individual, one-on-one therapy, is the most common form of behavioral and mental health treatment. Telehealth can be an effective way to deliver individual therapy, as long as your practice carefully considers compliant technology, implementation and reimbursement concerns. Medicare covers many telebehavioral and telemental health services including audio-only services. Most private insurers and Medicaid cover telebehavioral health care, but check for reimbursement restrictions and obtain professional coding and billing guidance to avoid overpayment situations.
Substance use disorders impact a significant number of individuals, families, and communities. When used in combination with other treatment methods, telebehavioral health interventions can be part of an integrated approach to treating substance use disorders. These interventions can include screening and diagnosis, online counseling, consults for prescriptions, and individual and group talk therapy. Treating substance use disorders via telehealth requires expertise and training in addiction care.
Benefits of Using Advanced Technology
The terms telehealth and telemedicine are often used interchangeably. Telehealth is a subset of e-health and is the use of telecommunications technology in health care delivery, information, and education according to the Health Resources and Services Administration (HRSA).
Telehealth has been used to bring healthcare services to consumers in distant locations, but became a necessity since the 2020 COVID-19 pandemic. Telehealth effectively connects individuals and their healthcare providers when in-person care is not necessary or not possible. Using telehealth services, patients can receive care, consult with a provider, get information about a condition or treatment, arrange for prescriptions, and receive a diagnosis. In the 30 plus years that telehealth has been in-use, it has been consistently shown to be a safe and quality care modality, a convenient option for both patients and the clinicians who care for them, and a secure environment for the collection and transmission of personal health information. In combination, these attributes extend where and how care is delivered for a stronger healthcare system.
Given provider shortages around the world, telehealth has a unique and appealing value proposition. It can provide millions of people in both rural and urban areas access to safe, effective, and appropriate care when and where they need it.
Reducing or containing the cost of healthcare is one of the strongest motivators to fund and adopt virtual care technologies. Telehealth reduces the cost of healthcare and increases efficiency with better management of chronic diseases, shared health professional staffing, reduced travel times, and fewer or shorter hospital stays.
Meeting Patient Expectations
Patient utilizing telehealth during the pandemic may continue to expect remote care. Using telehealth technologies reduces travel time and related stresses for the consumer.
Understanding the Technology
Gaining a basic understanding of the technology will help your organization can help the wise professional make informed choices about telehealth purchases. Terminology used for the various forms of telehealth technology are summarized below which applies to both general and behavioral health care use. Not all forms of technology are recognized as services which can be reimbursed by health insurance.
Chat-Based (Asynchronous) – This approach is online or through a mobile app communication which transmits the patient’s personal health data, vital signs, and other physiologic data or diagnostic images to a healthcare provider to review and deliver a consultation, diagnosis, or treatment plan at a later time. This is also called “store-and-forward telemedicine.”
- Store-and-forward is less commonly reimbursed by Medicare and Medicaid programs. In many states, the definition of telemedicine and/or telehealth stipulates that the delivery of services must occur in “real time,” automatically excluding store-and-forward as a part of telemedicine and/or telehealth altogether.
Mobile Health (mHealth) – Mobile Health, otherwise known as mHealth utilizes smart devices and can be now used for many specialized aspects of health care that benefit from continuous data collection about a person’s behavior or condition. Smartphones, tablets, smart wearables like iWatch can monitor a variety of factors such as pulse rate, heart rate, and with some, blood sugar levels or quality of expired air. Apps are now available to encourage healthier lifestyles and behaviors by providing heart-rate variability scores, sleep cycles, movement tracking, weight changes, dietary tracking and much more.
Remote Patient Monitoring or RPM – The remote patient monitoring approach supports ongoing condition monitoring and chronic disease management and can be synchronous or asynchronous, depending upon the patient’s needs. The application of emerging technologies, including artificial intelligence (AI) and machine learning, can enable better disease surveillance and early detection, allow for improved diagnosis, and support personalized medicine. This includes the collection, transmission, evaluation and communication of the patient’s health data to the provider or extended care team from outside a hospital or clinical office. It involves using personal health technologies including wireless devices, wearable sensors, implanted health monitors, smartphones, and mobile apps.
Virtual Visits (Synchronous)
This approach includes live, synchronous and interactive communication during the encounter between the patient and healthcare provider. This is accomplished via video, telephone or live chat.
Facing Implementation Challenges
Health care providers should keep risk management strategies in mind and familiarize themselves with potential telehealth legal risks and implications. This will ensure best practices for patient care and to avoid licensure or litigation issues.
Telehealth faces many legal and regulatory hurdles, including large variations in rules, regulations, and guidelines for practice which contributes to the confusion for providers engaged in the practice of telehealth. Telehealth rules and regulations vary greatly by state.
- Providers should have awareness of and maintain compliance with state and federal legal requirements while using best practice guidelines to provide patient safety.
- The lack of multistate licensure presents a barrier to telehealth because providers must obtain and uphold licensure (and the associated medical education and financial obligations) in multiple states.
The Federation of State Medical Boards created the Interstate Medical Licensure Compact to ease portability of licensure and the practice of telemedicine from state to state for physicians and physician assistants.
- Under the compact, state medical boards would maintain licensure and disciplinary authority of providers. However, they would share information and processes essential to these providers’ licensure and regulations.
- This compact does not apply to nurse practitioners (NPs) because they are licensed under state boards of nursing and not medicine.
- Because state regulation and practice authority vary from state to state, NPs face more barriers than physicians or physician assistants.
Compared with face-to-face encounters, telemedicine encounters are more vulnerable to privacy and security risks. Your telehealth platform should be secure in accordance with several laws, including the:
- Health Insurance Portability and Accountability Act (HIPAA);
- Health Information Technology for Economic and Clinical Health (HITECH); and
- Children’s Online Privacy Protection Act (COPPA).
These laws protect medical information for both face-to-face and telehealth encounters which includes privacy, security, and protection for health information collected by covered entities such as health care plans, health care clearinghouses, and health care providers who use electronic resources for the transmission of health care information.
Only Consider Using HIPAA-Compliant Technology
The HIPAA Rules establish standards to protect patients’ protected health information. All telehealth services provided by covered health care providers and health plans must comply with the HIPAA Rules.
Covered health care providers and health plans must use technology vendors that comply with the HIPAA Rules and will enter into HIPAA business associate agreements in connection with the provision of their video communication products or other remote communication technologies for telehealth.
The Office for Civil Rights (OCR) is the HIPAA enforcement agency. OCR released guidance on April 12, 2023 to help covered health care providers and health plans understand how they can use remote communication technologies for audio-only telehealth. This information was published due to the end of the COVID-19 Public Health Emergency (PHE) which began May 12, 2023.
- Click Here for OCR’s guidance “How the HIPAA Rules Permit Covered Health Care Providers and Health Plans to Use Remote Communication Technologies for Audio-Only Telehealth”
Comply with Consent Requirements
Most states have telehealth specific informed consent requirement in their statute, administrative code and/or Medicaid policies. This requirement can sometimes apply to specific types of professionals when located in law or regulations governing their profession. The requirement for consent is sometimes paired with other requirement such as the need to ensure the same level of care is delivered via telehealth as would be expected in-person.
Make sure to have your medical/intake forms reviewed by your legal team. Obtaining informed consent with your patient is typically done before the first appointment. Click Here for the interactive map to research your state, provided by the Center for Connected Health Policy (CCHP), federally designated as the National Telehealth Policy Resource Center.
Another resource is AHRQ resource page “How to Obtain Consent for Telehealth” – providing discussion tips for the before and during the consent periods.
Other Compliance Considerations
Compliance to both Federal and State privacy rules should be at the forefront of any telehealth endeavor, but none so important as those services provided by behavioral health professionals. Telehealth providers must take responsibility for ensuring compliance with regulations, patient confidentiality, and system security at all times when practicing in a telehealth model.
The practice of telehealth raises many questions regarding malpractice liability including informed consent (addressed in more detail below), practice standards and protocols, supervision requirements for nonphysician providers, and the provision of professional liability insurance coverage.
- Simply applying existing principles of malpractice liability to telehealth is not straightforward, especially when it is unclear what an appropriate “standard of care” is.
- Professional liability policies may not include telehealth in the scope of coverage.
- Providers need to be cognizant of what exactly liability insurance policies cover, especially when providing telehealth services in other states.
In addition to knowledge of legal aspects of telehealth, it is important for providers to be aware of and practice telehealth etiquette. These etiquette standards should be observed when providers are working remotely at home or performing telehealth visits at their practice location. Also follow all clinical standards for care and adhere to practice standards determined by the profession, state regulatory boards, and state law. Reference the CCHP Professional Boards Standards interactive map..
Providers should be appropriately licensed, credentialed, or certified to deliver care and permitted to practice without impermissible influence on their clinical judgement.
The transition to telehealth is an adjustment for patients as well as health care providers. By preparing your patients for remote medical care, you help ensure their comfort and maintain quality care. This includes understanding various fraud and abuse laws. As telehealth use grows, caution and care should be taken to ensure that the practice of telehealth does not violate federal antikickback and Stark Law statues. These laws prohibit providers from receiving compensation for accepting or making referrals to other facilities or providers where the referring provider has financial interests.
- Violations to these laws can result in fines, prison time, and/or exclusion from the Medicare and/or Medicaid programs.
- The Federal Physician Self-Referral Law, also referred to as the Stark Law, prohibits a health care provider (or an immediate family member of a provider) from referring Medicare patients to entities providing designated health services if that provider or the provider’s immediate family member has a financial interest.
When considering potential fraud and abuse scenarios and related risks, a provider needs to keep in mind that each state has its own variations of these laws. A state-by-state analysis is necessary because of variations in statutes and/or regulations.
Advertising for virtual care services should be truthful and non-misleading and demonstrate a commitment to quality healthcare that meets the standard of care and compliance with all applicable state and federal laws. The use of these telehealth appointments boomed during the pandemic. However, there are concerns about the quality of care patients receive and whether telehealth services are accessible to everyone, according to the September 2022 GAO article “Telehealth in the Pandemic—How Has It Changed Health Care Delivery in Medicaid and Medicare?” Any website or other promotion of offering behavioral health services via telemedicine or telehealth should be reviewed by legal counsel or your Risk Attorney (free) through your malpractice insurance company.
Free Available Resources
American Telemedicine Association (ATA)
American Psychiatric Association – Telepsychiatry
Arizona Telemedicine Program: How AI Helps Physicians Improve Telehealth Patient Care in Real-Time (June 2023)
Center for Connected Health Policy (CCHP) – nonprofit organization federally designated as the National Telehealth Policy
Government Accountability Office (GAO) – Medicare Telehealth: Actions Needed to Strengthen Oversight and Help Providers
Educate Patients on Privacy and Security Risks
Copyright © 2023 American Institute of Healthcare Compliance All Rights Reserved