With the expanded use of telehealth, many patients and providers found new and unexpected benefits, applauding telehealth for increased convenience, lower costs and even improved patient outcomes. One might think that telehealth services are here to stay. However, with the COVID-19 national emergency set to expire on June 30, questions remain. When CMS’ waiver of its regulatory requirements also expires, will that draw us back to pre-COVID-19 restrictions and requirements? This would significantly restrict telehealth once again. With this dilemma, the big question now is – what’s next?
The increasing popularity of telehealth services would appear to continue to drive telehealth growth –if temporarily hindered by the expiring CMS waivers. Even if the appropriate regulations are put in place, success is not pre-determined. Providers wishing to harness the long-term benefits of telehealth must fine-tune and make permanent new approaches to practice and patient management, including increasing their use of technologies. Providers that can quickly and effectively adjust to this new, exciting environment will outpace those who do not – better serving their patients, potentially cutting their expenses and attracting new patients as their competitors fail to keep up with the changes or make critical mistakes in the adjustment to this new method of delivering care.
There are several keys to fully successful telehealth programs, including well-honed patient qualifiers and reimbursement strategies, enhanced information privacy and security, and the effective management of medical liability.
Patient qualifiers and reimbursement
Because pre-COVID-19 telehealth services were generally only covered for Medicare beneficiaries in designated rural areas where these beneficiaries traveled to a local medical facility for the services, many provider’s staff are not fully knowledgeable or skilled in the administration and management of patients and payments under telehealth, leaving the practice open to inefficient operations and reduced revenues. Patient scheduling and billing staff need clarity on which patients they can schedule for telehealth services and the necessary prior approvals and consents. Providers should review their policies to account for the location of the patients when they are receiving the services and provide guidance to staff as well as patient consent for telehealth visits. Providers should also ensure that their policies and procedures account for reimbursable services versus non-reimbursable services, the significant differences among payors and adequately train their employees on these policies.
Information privacy and cybersecurity
As organizations that receive, hold and transmit some of their patients’ most important and confidential information, providers are trusted to keep this information secure. In an environment of COVID-19, unfortunately, there has been a significant uptick in cybercriminal activity intended to exploit the vulnerabilities that often accompany telehealth. In order to better protect the security of confidential information, providers should implement a number of best practices:
- Review data protection policies and processes to be sure that they specifically address issues involving telehealth encounters and that they are fully up to date.
- Ensure that policies adequately address the use of company devices versus the use of personal devices. How is the use of personal devices controlled, tracked and managed?
- For staff working from home, be sure that they are taking care to protect confidential information, including using an up-to-date router and software and appropriate passwords. Review remote work policies to ensure these issues are addressed.
- Update employees on the changing risks, policies and best practices and document their training.
- Check-in on employee compliance from time to time. It’s tempting to take short-cuts when working at home rather than in the office.
While many government regulations have been relaxed during this national crisis, medical liability claims remain unaffected and are a real risk. Providers should fully understand their medical liability insurance requirements and limitations as they apply to telehealth. Now would be a good time to review policies to ensure that they provide for telehealth services, regardless of the method used for telehealth and regardless of the location of patients. Providers should also review best practices for remote patient care, along with requirements for properly documenting patient encounters in the telehealth context.
Granite GRC can guide you on the best way to implement and manage your telehealth program through the use of widely recognized regulatory and technical frameworks, describe and benchmark your current posture, and help you understand your environment to make the most informed decisions. For more information and a consultation, contact consultant Jeffrey B. Miller.
This article has been provided for informational purposes only. A professional consultant can best provide you with guidance tailored to your company’s specific needs. This information is current as of the publication date listed. Because COVID-19 response measures on all fronts are continually evolving, clients should stay alert to new developments and contact a consultant with critical questions.