State and Federal Regulatory Issues

Capitol BuildingAs requested by Congress as part of an appropriations bill signed into law late last year, this month, the Department of Health and Human Services (HHS) released a report highlighting its e-health and telemedicine efforts.  The report makes for interesting reading, and while there are no significant surprises in the report, it offers a clear snapshot of some of the agency’s thinking regarding virtual care.

The first thing I noted in the report is the agency’s view that “telehealth holds promise as a means of increasing access to care and improving health outcomes.”  This is important because it has not always been clear whether the agency views telehealth quite in the same favorable way as other stakeholders increasingly do.  The other thing I noted was the agency’s view that the various alternative payment methods currently being tested may facilitate expansion of telehealth.

Among other things, the report details some of the policy challenges faced by telehealth stakeholders:

  • Significant variability in telehealth coverage from one payer to another.
  • State licensure requirements for clinicians and the administrative burden such requirements impose on clinicians.
  • Credentialing and privileging.
  • Gaps in access to affordable broadband.

HHS indicates that many reforms are currently being tested or implemented to address these challenges. For example, in the area of reimbursement, the agency notes that it is currently testing more expansive telehealth coverage through its Next Generation ACO Demonstration, and highlights MACRA’s incentives for physicians to use telehealth.  The report references the agency’s new rule that permits the use of telehealth modalities to provide Medicaid home health services.

The report also provides an overview of telehealth-related federal activity including:

  • The number of telehealth grants administered by HRSA and SAMHSA.
  • The establishment of the Federal Telemedicine Working Group (comprised of 26 agencies and departments such as USDA and the FCC) to facilitate telehealth education and information sharing.
  • ONC developing an inventory of federal telehealth activities.
  • AHRQ providing an evidence map of the available research regarding telehealth.
  • The continued great telehealth work being done within the VA and reasons why that model may not be scalable.

Overall, the report is an illuminating but relatively unsurprising take on agency thinking.  In particular, two nuggets stood out. First, the agency appears to view chronic disease management as a particularly good fit for telehealth.  In recounting that almost half of all adults have at least one chronic illness and that chronic disease accounts for 75 percent of all health expenditures, the report concludes that telehealth “appears to hold particular promise for chronic disease management.” It goes to reason that any expansion of telehealth under Medicare will probably first focus on chronic disease management. Second, HHS signaled the importance of Medicare Advantage in any telehealth expansion effort, by including a proposal in the President’s budget request for FY 2017 to expand the ability of MA organizations to provide telehealth by eliminating otherwise applicable Part B requirements that certain services be provided only in-person.

We are pleased to present our 50-State Survey of Telemental/Telebehavioral Health (2016), published by Telehealth practice at Epstein Becker Green.

Learn more about the survey here and download your complimentary copy here.  See our full announcement below:

# # #

As Cyber-Counseling Booms, Complex Legal and Regulatory Issues Grow;
Survey Breaks New Ground in Tracking Related Laws

WASHINGTON, DC – May 11, 2016 –Epstein Becker Green (EBG), has released a groundbreaking, comprehensive survey on the laws, regulations, and regulatory policies impacting telemental health in all 50 states and the District of Columbia. The “50-State Survey of Telemental/Telebehavioral Health (2016)” details the rapid growth of telemental health (mental health care delivered via interactive audio or video, computer programs, or mobile applications) and the increasingly complex legal issues associated with this trend.

Telemental/telebehavioral Health Survey
While other telehealth studies exist, this survey focuses solely on the remote delivery of behavioral health care. The survey was spearheaded by René Y. Quashie and Amy F. Lerman, both EBG Senior Counsel in the Health Care and Life Sciences practice in the firm’s Washington, DC, office.

“As telemental health care gains in popularity, it gives rise to a number of significant legal and regulatory issues, including privacy and security, follow-up care, emergency care, treatment of minors, and reimbursement, among other things,” said Quashie. “While some federal laws and regulations (such as HIPAA) apply, most of the issues involve state law, which has resulted in an inconsistent patchwork of laws and regulations that vary widely by state. And there are a number of states that don’t address telemental health specifically in their laws.”

Bridging the Care Gap

The survey begins with a report on the state of telemental health in 2016, highlighting its growing legitimacy (and acceptance by payers) as a treatment option, the barriers to delivery that persist, the high costs of care and prescription drugs, and insurance reimbursement parity issues.

Mental health care lends itself particularly well to remote delivery, since the provider usually need not lay hands on the patient to provide care. In addition, this method helps bridge the gap between the large numbers of Americans (about 60 million) experiencing mental illness and the significant shortage of qualified mental health care providers. Only 40 percent of Americans with mental illness report receiving treatment, and there is one mental health care provider for every 790 individuals.

The EBG survey also reports that new technologies are driving the boom in telemental health, with a significant increase in mobile applications related to mental health (now almost 6 percent of all mobile health apps) and another 11 percent devoted to stress management. There is also a growing number of companies providing “text therapy” services, which allow users, for a flat-rate fee, to text chat with any number of licensed mental health providers.

“Accessing mental health care is a significant challenge for most Americans, with wait times to see a provider measured in weeks and months, rather than days. In addition to long wait times, distance, cost, and stigma present significant barriers to getting care. These are all challenges that telemedicine is uniquely equipped to solve,” said Dr. Ian Tong, Chief Medical Officer at Doctor On Demand.

Deep Dive into Legal Issues

The survey provides a detailed state-by-state analysis of legal issues related to telemental health, such as:

  • Definitions of “telehealth” or “telemedicine”
  • Licensure requirements
  • Governing bodies
  • Reimbursement and coverage issues
  • The establishment of the provider-patient relationship
  • Provider prescribing authority
  • Accepted modalities for delivery (e.g., telephone, video) to meet standards of care

There is also comprehensive data tracking telehealth legislation and rulemaking in progress for each state. Highlights include the following:

  • Psychiatrists, as practicing physicians, must comply with all the obligations that apply to physicians practicing telehealth generally. Very few states exempt mental health from physician requirements despite the fact that many psychiatrists never lay hands on patients. Ironically, Texas is one of the few states that explicitly carves out mental health services from other telehealth requirements.
  • In New York, psychologists may engage in telepractice so long as, among other things, they obtain informed consent from patients describing the benefits and risks of telepractice, and they conduct an initial assessment of each client to determine whether telepractice is appropriate.
  • In Delaware, an individual practicing “telepsychology” must conduct a risk-benefit analysis and document findings specific to issues such as whether a patient’s presenting problems and apparent condition are consistent with the use of telepsychology to the patient’s benefit, and whether the patient has sufficient knowledge and skills in the use of technology involved in rendering the service or can use a personal aid or assistive device to benefit from the service.
  • Kansas requires psychologists and social workers providing telemental health services to obtain the informed consent of the patient before services are provided.
  • In Maryland, physicians (psychiatrists) are required to develop a procedure to prevent access to data by unauthorized persons through password protection, encryption, or other means and to create a policy on how soon an individual can expect a response from the physician to questions or other requests included in transmission.

“As telemental health continues to grow and evolve, it will increasingly be viewed as a viable solution by clinicians, payers, and policymakers,” said Lerman. “At the same time, legal and regulatory issues will continue to proliferate. The survey breaks new ground for anyone navigating this multifaceted legal landscape.”

In addition to Mr. Quashie and Ms. Lerman, EBG attorneys Jonathan K. Hoerner, Bonnie I. Scott, James S. Tam, and Meghan F. Weinberg contributed to the survey.

Click here to download the survey.

# # #

About Epstein Becker Green

Epstein Becker & Green, P.C., is a national law firm with a primary focus on health care and life sciences; employment, labor, and workforce management; and litigation and business disputes. Founded in 1973 as an industry-focused firm, Epstein Becker Green has decades of experience serving clients in health care, financial services, retail, hospitality, and technology, among other industries, representing entities from startups to Fortune 100 companies. Operating in offices throughout the U.S. and supporting clients in the U.S. and abroad, the firm’s attorneys are committed to uncompromising client service and legal excellence. For more information, visit www.ebglaw.com.

International TelemedicineAs 2015 winds down, I think it is safe to say that it has been a whirlwind year in telehealth.  According to the National Conference of State Legislatures (NCSL), over 200 telehealth-related bills were introduced in 42 states.  The Federation of State Medical Boards (FSMB) has launched an interstate physician licensure compact that creates a new pathway to expedite physician licensure in multiple states.  Twelve states (with Wisconsin being the latest) have so far enacted the licensure compact.  Many states such as Colorado, Iowa, and Louisiana released regulations or policies that in my view took a more progressive approach to telehealth regulation.

Activity has not just been limited to the states.  Congress has introduced a number of telehealth-related bills such as the TELE-MED Act of 2015 which permits certain Medicare providers licensed in a state to provide telemedicine services to certain Medicare beneficiaries in a different state without having to be licensed in that state.  In addition, a number of reports, surveys, and white papers have been published on all aspects of telehealth.  After many false dawns, telehealth has truly arrived.  But many issues remain to be addressed.

Now we look forward to a new year.  What can we expect?  In addition to a continuation of what has occurred in 2015, there are a few other issues and/or trends that bear watching.  Here are a few:

The Rise of Compacts to Address Licensure Issues

The use of compacts to address licensure issues will continue to gain steam in 2016.  I have already mentioned FSMB’s interstate physician licensure compact.  As many of you know, nurses (RNs and LPNs/VNs) have long had a licensure compact in which a nurse who declares a compact state as his or her primary state of residence can practice (physically and remotely) in other compact states without having to obtain another license.  There are 25 states that are members of the nurse compact.

Other providers are getting in on the act.  Recently, the National Council of State Boards of Nursing, a non-profit association comprising 59 boards of nursing, released a draft compact for advanced practice registered nurses (e.g., nurse practitioners).  The draft APRN compact essentially follows the framework of the nurse licensure compact allowing APRNs to practice in any participating state with just once license. One interesting change in the draft APRN compact not included in the nurse compact is the requirement that states “implement procedures for considering the criminal history records of applicants for initial APRN licensure.”  I expect a number of states to enact the APRN compact in the coming years.

Note that psychologists, physical therapists, counselors, and EMS personnel are just a few of the provider groups that have considered or are considering compact models in some fashion.

Telehealth Accreditation

While there have been some accreditation programs that have touched on telehealth, I believe that 2016 will be the year in which telehealth accreditation takes on new significance.  Two recent examples highlight my point.  About a year ago, the American Telemedicine Association launched an accreditation program for online consultations in which ATA accredits organizations that provide online, real-time health services complying with certain standards.  Among the examples the ATA offers of what kind of the kind of organizations the program would accredit is an employer providing its employees with online, real-time telehealth services.

More recently, URAC, a longstanding accrediting organization, has launched its own telehealth accreditation program for providers involved in consultations with facilities, consumers, and other health care providers through televideo and other electronic methods.  URAC’s accreditation standards were developed by an expert panel that included health systems, hospitals, health plans, telemedicine companies, and academic medical centers.

The Voice of Large Employers

I believe 2016 will be the year large employers will be heard loud and clear in the telehealth regulatory debates that are sure to take place.  The fact is many Americans receive their health insurance through their employers.  And, according to the National Business Group on Health, 74 percent of large employers are expected to offer telehealth in 2016 compared to 48 percent in 2015.  Given the important role employers play in health care, and how telehealth is increasingly being used by employers, it is only logical that employers would ultimately play a significant role in our ongoing telehealth regulatory debate.

One group is leading the charge.  The ERISA Industry Committee (ERIC), the only nonprofit national association advocating solely for the employee benefit and compensation interests of the country’s largest employers, earlier this year launched a telehealth initiative to promote policies that facilitate access to telehealth for employees to have expanded access to health care services.  ERIC will be actively involved in the major telehealth discussions that occur next year both at the state and federal levels giving large employers a significant voice not usually heard from in telehealth regulatory circles.iStock_000062830618_Small

Wearable Market Poised for Breakout

As I have written before in previous blog posts, the healthcare wearables market is projected to significantly increase in the next few years. Generally speaking, wearables are devices (which usually include microchips or sensors) that, among other functions, collect data and track fitness and wellness. Market research is bullish.  For example, Soreon Research, a leading independent research firm, projects that the wearable healthcare market will reach $41 billion by 2020—with diabetes, obesity, sleep disorders, and cardiovascular disease as the largest growth segments in the market.  From my perspective, a combination of the ability to collect data along with big data analytics capabilities will drive this market.  And as the market booms and the technology becomes more sophisticated, legal and regulatory issues loom.  Here are a few issues of which to be mindful:

  • Data privacy and security (who has access to the data, who owns the data, how long the data will be used, etc.).
  • Potential changes to malpractice liability (clinicians having access to more information regarding a particular patient, providers ability to review the voluminous data, etc.).
  • Employer issues (wellness programs, ADA concerns, etc.)
  • FDA.

I have only touched on a few issues.  Other issues such as reimbursement (particularly Medicare), use of telehealth in ACOs and similar models, antitrust, use of diagnostics and peripherals, scope of practice, and privacy and security will be some of the frontline telehealth issues in 2016.  We look forward to addressing all of those issues throughout next year.

medicare1As many of you know, reimbursement for telehealth services is a mixed bag.  On the one hand, private payers generally seem ahead of the curve.  Many leading private insurers reimburse for telehealth.  Generally these coverage policies provide reimbursement for telehealth services when they involve the use of real-time interactive audio, video, or other electronic media for diagnosis and consultation.  Just as significantly, more than half the states and the District of Columbia have passed telehealth parity statutes which require health insurers to provide coverage for services provided via telehealth if those services would be covered if provided in-person.  The picture for private insurer telehealth coverage is generally good and getting better.

On the other end of the scale is Medicare.  I think it is fair to say that no payer lags further behind in reimbursing for telehealth than Medicare.  The numbers tell the story.  The Center for Telehealth and eHealth Law reports that in calendar year 2014, Medicare reimbursed approximately $14 million under its Part B telehealth benefit—or about .0023 percent of total Medicare spending in 2014—a mere pittance.  The real reason for this is that the Medicare telehealth benefit was primarily intended for rural patients.  In addition:

  • The definition of “telehealth” is limited to real-time audio visual communication between provider and patient (in other words, there is no coverage for so-called asynchronous or “store and forward” technology).
  • Fewer than 100 codes are reimbursable under the telehealth benefit.
  • Other restrictions exist related to type of facility where a patient may present, and what kind of provider may deliver services (e.g., physicians, nurse practitioners).

Medicare Advantage offers more opportunities for telehealth coverage, but overall the current Medicare telehealth reimbursement picture is relatively bleak.

medicaidMedicaid Reimbursement for Telehealth

Medicaid telehealth reimbursement exists somewhere in the space between private payers and Medicare.  As you know, Medicaid provides health coverage to about 70 million low-income adults, children, pregnant women, and others.  The program is administered by states who are required to cover certain mandatory services (such as hospital and physician services, home health), but is funded jointly by the states and the federal government.  States do have flexibility to decide what optional services (such as telehealth) to cover beyond the mandatory services.  This has resulted in a patchwork of different coverage policies that vary by state.

Fortunately, there a number of stakeholders that closely track Medicaid telehealth coverage policies by state.  One of these is the Center for Connected Health Policy, which issues a quarterly report reviewing various telehealth legal and regulatory issues for all states.  In its last report (July 2015), the Center found the following regarding Medicaid telehealth coverage:

  • 47 states and the District of Columbia provide some coverage for telehealth (Iowa, Massachusetts, Rhode Island do not according to the report).
  • In many Medicaid programs, the definition of “telemedicine” or “telehealth’ for purposes of reimbursement is limited to services that take place in real time—thereby excluding asynchronous or remote patient monitoring from coverage.
  • Live video is the most predominantly reimbursed form of telehealth with almost all of the states that cover telehealth offering some type of live video reimbursement in their Medicaid programs.
  • Services provided via telephone, e-mail, or fax are seldom covered unless they are used along with other forms of care delivery.
  • Only 9 states (including Illinois, New Mexico, and Virginia) currently reimburse for store-and-forward services. Even in states that do cover store-and-forward, covered services may be iStock_000043291394_Smalllimited—such as in California, where only store-and-forward services related to teledermatology, teleophthalmology and teledentistry are reimbursable under Medicaid.
  • 16 states (including Colorado, Maine, and South Carolina) provide Medicaid coverage for remote patient monitoring although many restrictions exist. For example, in some states, coverage for remote patient monitoring is limited to home health agencies. There are also restrictions regarding the conditions which may be monitored and the type of monitoring devices that may be used.
  • 29 states reimburse a transmission and/or facility fee.
  • 29 states (including Connecticut, Kansas, and Maryland) require some form of informed consent prior to the use of telehealth.

All in all, the picture for Medicaid reimbursement for telehealth is far better than it has been in the past. Each state Medicaid program is different, so stakeholders need to carefully analyze each state’s telehealth coverage policies. My sense is that given the serious fiscal and clinical (e.g., provider shortages, network inadequacy) issues faced by many Medicaid programs, telehealth will increasingly be viewed as a means to seriously address these challenges. We are starting to see this play out in the Medicaid managed care space.

Medicaid Managed Care Coverage

By way of quick background, a majority of states contract with managed care organizations to provide services to certain Medicaid beneficiaries. Generally, these managed care plans receive a monthly premium from the states for each enrollee, and have greater flexibility to cover more services and allows the states to better target and customize services. As the American Telemedicine Association noted in its report on telehealth and Medicaid managed care published last year, “states have increasingly used [Medicaid managed care] to create payment and delivery models involving capitated payments to provide better access to care and follow-up for patients, and also to control costs.” Because of this flexibility, a number of leading Medicaid managed care plans are either already covering telehealth or are developing telehealth initiatives and pilots—especially related to telemental health and teledermatology. In my view, the future looks bright when it comes to Medicaid managed care and telehealth.

As we have explored a number of times on this blog, telemedicine has gone mainstream.  The more recent development is that employers seem to be paying more attention now. The numbers speak for themselves. A recent Towers Watson study focusing on employers with at least 1,000 employees concluded that U.S. employers could save up to $6 billion per year if their employees routinely engaged in remote consults for appropriate medical problems instead of visiting emergency rooms, urgent care centers, and physicians’ offices.

Attitudes towards telemedicine more generally in the United States also have undergone a significant shift:

  • 74 percent of consumers would use telehealth services given the opportunity;
  • 76 percent of patients prioritize access to care over the need for human interactions with health care providers; and
  • 70 percent of patients are comfortable communicating with their health care providers via text, e-mail, or video, in lieu of seeing them in person.

Just as significantly, telemedicine is increasingly viewed as an efficient and cost-effective care delivery vehicle, due to several factors: i) a health care system transitioning from fee-for-service to one where reimbursement is closely tied to quality and patient outcomes; ii) an increase in the use of integrated delivery models such as accountable care organizations and medical homes; and iii) the relative ubiquity of sophisticated health care technologies.

Employers, in particular, are paying close attention to developments in telemedicine for another reason: the looming “Cadillac Tax.”  Starting in 2018, a 40 percent excise tax will be imposed annually on health plans with premiums exceeding $10,200 annually for individuals and $27,500 annually for families. Given this impending tax, employers are looking for efficient ways to cut their employee health care costs. Telemedicine has become an extremely viable option for several reasons:

  • Many employees hesitate to take time off work and to pay the copayments associated with physicians’ visits, particularly for ailments perceived as minor.
  • Many employees forego physician visits entirely, causing relatively minor health issues to sometimes escalate into costly conditions.
  • Although some employers have established onsite clinics where employees can receive sick care and preventive care services, there are high costs associated with creating these clinics.

iStock_000016401740SmallAccording to the Towers Watson study, only about 20 percent of U.S. employers offer telemedicine services to employees today, but nearly 40 percent of employers surveyed said that they plan to offer access to such services in 2015, while 33 percent are considering offering access to telemedicine services within the next three years. It is clear to see why. Effective use of telemedicine services could eliminate 15 percent of physician office visits, 15 percent of emergency room visits, and 37 percent of urgent care visits. This all results in significant savings to employers that cover any part of the costs of their employees’ health care.   Employers considering the inclusion of telemedicine services in their employee benefit offerings should pay attention to some significant, but not insurmountable, legal and regulatory issues implicated by the use of telemedicine. In brief, those issues include:

  • Licensure: State licensure laws are a major stumbling block to the interstate practice of telemedicine. With limited exceptions, providers must be licensed in every state in which they intend to practice medicine (location of patient and the provider), and each state has its own licensure requirements. This tension creates a patchwork of inconsistent laws. The Federation of State Medical Boards has developed an Interstate Medical Licensure Compact that would facilitate license portability and the practice of interstate telemedicine. Mid-level practitioner organizations are working on their own compact proposals.
  • Physician-Patient Relationships: Among the factors required by states to establish a physician-patient relationship is an evaluation or examination of the patient by the treating physician. This is especially important when the treating physician is prescribing medications for the patient. States have different requirements that must be met in order for a proper examination to have occurred.
  • Privacy & Security: Numerous privacy and security issues are implicated by the use of telemedicine technologies, including compliance with federal and state privacy and security standards, data management, data sharing (and management responsibility for such sharing) with other providers, and data storage.
  • Medical Liability: Adapting existing principles of medical malpractice liability to telemedicine is a challenging task, especially regarding what constitutes the applicable “standard of care.”
  • Fraud & Abuse: Telemedicine arrangements must comply with federal and state health care fraud and abuse laws, including anti-kickback statutes and/or physician self-referral prohibitions.

Employers seeking to access the telemedicine market must carefully assess the legal and regulatory requirements, and limitations, of any potential arrangements.

As a lawyer practicing in the telemedicine space, I am rarely surprised these days.  But every once in a while I will read or hear something that stops me in my tracks. That is exactly what happened when I read a blog post by an FTC Commissioner which, among other things, calls for government policies that help facilitate greater adoption of telemedicine.  The post was part of a broader piece about the FTC’s role in promoting competition and innovation in health care.

By way of quick background, the Federal Trade Commission is the federal agency charged with protecting consumers and promoting competition, which includes challenging anticompetitive business practices.  The agency has been active in the health care sector, challenging several hospital and physician practice mergers. In an effort to highlight some of the FTC’s non-enforcement efforts, one of the agency’s five commissioners, Maureen Ohlhausen, wrote a blog post touting the agency’s advocacy efforts in the health care arena, and specifically highlighted how the FTC’s competition policy could help facilitate greater proliferation of telemedicine.

Among the highlights in the post related to telemedicine:

  • Telemedicine can reduce costs and increase access to care, but such advantages often run afoul of state professional licensing schemes that were developed to regulate local medical practices.
  • The variation in state licensure and other requirements continues despite “the fact that the core entry requirements for physicians are essentially uniform across the U.S”.
  • Legacy statutes and regulations are barriers “to the efficient flow of health care information and expertise and, indeed, specialized labor — barriers that can be costly to public and private payers and, in the end, individual patients,” without necessarily offering better consumer protection benefits.
  • Lawyers and policymakers need to creatively address ways to lower barriers without sacrificing the good in state regulations.
  • It is critical that policymakers “approach new technologies with a dose of regulatory humility” and should educate themselves about technological innovation, and:
    • Understand its effects on consumers and the marketplace;
    • Identify benefits and likely harms, and;
    • If harms do exist, consider whether existing laws and regulations sufficiently address the issues before assuming that new laws would be required.

Ms. Ohlhausen goes on to call for the FTC to use its policy research and development tools to better understand innovative technology, new business models facilitated by the new technology, and the likely risks and benefits for consumers.  More significantly, Ms. Ohlhausen also challenges the agency to educate itself “about undue impediments to innovation and competition” while also using its authority to enforce against harm to consumers from the use of new health information technology vehicles.

I can only applaud Ms. Ohlhausen’s approach.  It is encouraging to see a policymaker acknowledge the role regulations may play in stifling innovation and call for government agencies to find creative ways to lower barriers while balancing consumer protection.  I only hope other regulators follow Ms. Ohlhausen’s lead.


On January 9, 2015, New Jersey Governor Chris Christie signed new legislation that will require health insurance carriers authorized to issue health benefits plans in the state—including insurance companies, health service corporations, hospital service corporations, medical service corporations, and health maintenance organizations—to encrypt personal information. Triggered by a series of data breaches involving the health information of almost a million residents, Senate Bill No. 562 (“SB 562”) was passed unanimously by both houses of the state legislature and will take effect on August 1, 2015.

Under SB 562, health insurance carriers will be prohibited from maintaining computerized records that contain personal information unless the information is “secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.” The use of a password protection program that prevents general unauthorized access will not suffice to meet the encryption requirement. “Personal information” is defined as an individual’s first name or first initial and last name linked with at least one of the following: (1) Social Security number, (2) driver’s license number or state identification card number, (3) address, or (4) identifiable health information.

The law applies only to end user computer systems and computerized records transmitted across public networks. “End user computer systems” include desktop computers, laptop computers, tablets and other mobile devices, and removable media.

The requirement to encrypt makes the New Jersey law stricter in this regard than the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), under which encryption of electronic protected health information (“ePHI”) is an addressable specification. Nonetheless, given that encrypted ePHI is exempt from HIPAA’s breach notification requirements, it is considered a best practice to encrypt ePHI.

Violation of New Jersey’s encryption mandate will constitute a violation of the New Jersey Consumer Fraud Act, which imposes penalties of up to $10,000 for the first offense and up to $20,000 for any subsequent offense. The state Attorney General may also issue cease-and-desist orders to violators and award treble damages and costs to affected individuals. Given these potential penalties, health insurance carriers in New Jersey should carefully review their policies and procedures and ensure compliance with the new law.

There can be no question that telehealth has gone mainstream.  The numbers speak volumes. Telehealth companies have been able to raise almost $500 million since 2007 according to a noted venture capital analyst.  A recent study indicated that U.S. employers could save up to $6 billion a year through telehealth.  Per the American Telemedicine Association, more than half of all U.S. hospitals now offer some form of telehealth service.  Some leading analysts estimate that global revenue for telehealth will reach $4.5 billion by 2018, and the number of patients using telehealth services will rise to 7 million by the same year.   I can cite countless examples showing the bullish trajectory of telehealth.  But problems remain.

One of the issues I constantly deal with is the patchwork of state statutes and regulations governing various aspects of telehealth. Some of these issues are being addressed by stakeholders such as the Federation of State Medical Boards—which has released a draft model physician licensure compact that could go a long way in streamlining multistate licensure for physicians.  The Federation has also developed a  model telemedicine policy it hopes states will adopts.  Other leading organizations such as the American Medical Association, the American Academy of Pediatrics, the American Academy of Dermatology, and the American Telemedicine Association are addressing various issues in their own way.

These initiatives, however, cannot hide the fact that many state regulators are troubled by a number of issues when evaluating whether various direct-to-consumer telehealth models comply with state law. This is especially true in situations in which the telehealth provider does not have a pre-existing relationship with the patient.  Even beyond the legal issues, the state regulators I have spoken to express unease with various aspects of direct-to-consumer telehealth.  Essentially, their concerns can be boiled down to the following five:

  • Overprescribing.  E-visits drive over-prescription.  That is a view voiced by many state regulators.  Often cited is a study examining urinary tract infections among other things which showed significantly higher antibiotic prescriptions as a result of e-visits for UTIs when compared to in-person provider office visits.  Patients were also more likely to be prescribed an antibiotic for sinusitis if they were treated via an e-visit as opposed to an in-person visit—although that disparity was nowhere near as significant.  The CDC notes that the drivers of inappropriate antibiotic prescribing are more pronounced with telephone and e-visits.
  • Lack of Access to a Patient’s Medical Record.  State regulators also point out that providers in many direct-to-consumer telehealth models usually do not have access to a patient’s full medical record.  In the vast majority of cases, telehealth providers are making diagnoses and treatment recommendations relying on questionnaires the patients are required to complete immediately prior to obtaining services.  Critics believe providing health care without the full context of a patient’s complete medical record is simply not good medicine.
  • No Ability to Document E-Visit Into a Patient’s Medical Record.   Related to the last point, some state representatives voice concern that providers in direct-to-consumer models are unable to document the e-visit into a patient’s medical record—meaning that subsequent health care providers are unable to see the diagnosis, treatment recommendations, or medications prescribed to the patient from the e-visit.
  • No Follow-Up Care.  The nature of how direct-to-consumer telehealth is currently structured does not lend itself easily to follow up care as a normal course of practice.  And many medical board representatives I have spoken to believe that follow-up care is critical to sound medicine.
  • Quality of Care.  Perhaps the most troubling issue for many of the regulators I talk to is the belief that many of the models they see cannot deliver the same quality of care as patients walking into their doctor’s offices.  They point out that quality is compromised without: 1) direct in-person physical examination of the patient by the distant providers; 2) the lack of access to a patient’s full medical record; and 3) the general lack of follow up care.  Moreover, many regulators simply refuse to believe that conditions such as strep throat or ear infections, for example, can be treated via an e-visit—especially when no pre-existing provider/patient relationship exists.  These concerns, they emphasize, are exacerbated by the lack of highly developed protocols and guidelines governing telehealth.  While many recognize that organizations have been developing such guidelines, they warn a lot more work needs to be done.

No one can doubt that regulators raise very valid concerns.  In talking to various clinicians and providers, however, they indicate that many of the issues have been or are being addressed.  One of the problems is that the lines of communication between regulators and industry have not always been open.  In my next blog post, I will discuss what telehealth stakeholders have been doing to address the regulators’ concerns.

On September 5, 2014, the Federation of State Medical Boards, a nonprofit organization representing the 70 state medical and osteopathic boards nationwide, announced the completion of its drafting process for its Interstate Medical Licensure Compact (“Compact”). Finalizing the Compact is a critical step toward removing one of the major barriers preventing a greater proliferation of telehealth technologies and services. Under the Compact, a physician who is licensed in his or her principal state and who meets certain educational, certification, and disciplinary criteria would be eligible to apply for an expedited medical license in another state that has adopted the Compact. Adoption of the Compact by states not only will increase license portability for physicians by alleviating the traditional rigid state licensure requirements that impede the practice of telehealth, but also will help improve access to health care for patients across the nation who will benefit from greater adoption of telehealth.  You can read more here.

Earlier this week, a popular source of regulatory news published an article claiming FDA “finalized a new rule this week that prohibits manufacturers from using so-called “split-predicates”. However, it appears that the article may instead be referencing the Final Guidance for Industry and Food and Drug Administration Staff entitled “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)]” that FDA published earlier this week.  Unfortunately, as often occurs on the Internet, the post was disseminated by several other popular sources of regulatory news.

This confusion comes a little less than three months after four Senator’s sent a letter to FDA raising concerns about FDA draft guidance “becoming the default FDA policy and position.”

Guidances and final rules carry different legal weight.  Final regulations are legislative rules that have the force of law. Whereas, guidances do not set new legal standards, impose legal requirements or have the force of law. Instead guidances are issued to help interpret or clarify an existing regulation.   

FDA certainly understands this difference.  As FDA notes, “FDA regulations are [] federal laws, [even though] they are not part of the [federal Food Drug & Cosmetic Act (FD&C Act)].”  Whereas, “FDA guidance describes the agency’s current thinking on a regulatory issue [but guidance] is not legally binding on the public or FDA.”

FDA also emphasizes this latter point in many of its guidance documents by including the following disclaimer:

This guidance represents the Food and Drug Administration’s (FDA’s) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You can use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations. If you want to discuss an alternative approach, contact the FDA staff responsible for implementing this guidance. If you cannot identify the appropriate FDA staff, call the appropriate number listed on the title page of this guidance.

Unfortunately, not everyone fully appreciates the difference between rules and guidance. The recent confusion suggests that there is a disconnect between FDA’s position on the difference between guidance and final rules and the understanding of at least some in industry.  Therefore, as FDA reviews its current guidance development practice, it is important that FDA look for ways to ensure (draft or final) guidance is just that, guidance.  For example,

  • FDA should make the guidance development process more efficient and so that there is a significant difference between the time it takes to publish a final guidance and the time it takes to implement a final rule;
  • If a manufacturer uses an alternative approach and provides reasonable support for taking such an approach, FDA should be required to provide a reasonably explanation as to why the alternative is insufficient;
  • FDA should include a process for quickly and efficiently incorporating alternative approaches into existing final guidance.