Healthcare Information Technology

HHS Makes $20 Million Available to Expand COVID-19 Vaccine Information Sharing

The U.S. Department of Health and Human Services has made $20 million available to improve data sharing between health information exchanges (HIEs) and immunization information systems.

The money comes from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) fund that was signed by President Trump on March 27, 2020 to support vaccination efforts to fight the COVID-19 pandemic.

The investment expands the Office of the National Coordinator for Health Information Technology (ONC)’s Strengthening the Technical Advancement and Readiness of Public Health Agencies via Health Information Exchange (STAR HIE) Program and will help communities improve health information sharing related to COVID-19 vaccinations.

Public health agencies will be able to receive additional help to track and identify individuals who have not yet received a second dose of the COVID-19 vaccine and the additional investment will help clinicians identify and contact high risk individuals who have not yet received their first vaccination.

The additional investment will be spread across the country and will be used to support communities that have been hit particularly hard by COVID-19. The HHS will also be awarding funds to the Association of State and Territorial Health Officials (ASTHO) and the Colorado Regional Health Information Organization (CORHIO) to improve HIE immunization collaborations.

“These CARES Act funds will allow clinicians to better access information about their patients from their community immunization registries by using the resources of their local health information exchanges,” said Don Rucker, MD, national coordinator for health information technology. “Through these collaborative efforts public health agencies and clinicians will be better equipped to more effectively administer immunizations to at-risk patients, understand adverse events, and better track long-term health outcomes as more Americans are vaccinated.”

The success of vaccination programs is dependent on correctly identifying patients and ensuring patients receive two doses of the correct vaccine. That means providers, pharmacists, and public health officials will need access to patient data and vaccine records. Effective data exchange and patient matching will also help to provide insights into the effectiveness of the vaccines and tracking long term health outcomes. STAR HIE intends to provide statistics to measure vaccination outcomes.

There are approximately 100 HIEs in the United States which reach around 92% of Americans and 63 immunization information systems in the United States, one in each state, 8 in territories, and in five cities. The immunization information systems are funded, in part, by the Centers for Disease Control and Prevention’s National Center for Immunization and Respiratory Diseases (NCIRD).

The post HHS Makes $20 Million Available to Expand COVID-19 Vaccine Information Sharing appeared first on HIPAA Journal.

Webinar Today: How HIPAA-Compliant Messaging Transforms Healthcare

Data show 70% of delays in providing treatment to patients is due to miscommunication, so resolving the problems that result in miscommunication in healthcare is key to improving quality of care, clinical outcomes, and the patient experience.

One of the biggest contributory factors to miscommunication is the use of outdated communications systems, which has long been a problem in healthcare. Fortunately, there is a solution that has been shown to greatly improve communication efficiency and reduce the potential for errors and miscommunication – a secure texting platform.

To find out more about secure, HIPAA-compliant messaging and how it can make care teams immediately more efficient and effective, we invite you to join this upcoming webinar.

During the webinar you will discover how this single change can lead to major improvements in collaboration, save valuable time, decrease costs, and lead to happier staff and patients.

The webinar is being hosted by TigerConnect, the leading secure healthcare messaging provider, and will take place on Wednesday, December 9 at 10 a.m. PT / 1 p.m. ET.

Webinar Details:

How HIPAA-Compliant Messaging Transforms Healthcare

Date/Time: Wednesday, December 9 – 10 a.m. PT / 12 p.m. CT / 1 p.m. ET

Hosted by:
Julie Grenuk, Nurse Executive, TigerConnect
Tommy Wright, Director of Product Marketing, TigerConnect

Register Here

The post Webinar Today: How HIPAA-Compliant Messaging Transforms Healthcare appeared first on HIPAA Journal.

HHS Releases Final Rules with Safe Harbors for Cybersecurity Donations

On Friday last week, the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) and Office of Inspector General (OIG) published final rules that aim to improve the coordination of care and reduce regulatory barriers. Both final rules contain safe harbor provisions that allow hospitals and healthcare delivery systems to donate cybersecurity technology to physician practices.

The CMS released the final version of the 627-page Modernizing and Clarifying the Physician Self-Referral Regulations, commonly called Stark Law, and the OIG finalized revisions to the 1,049-page Safe Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty Rules Regarding Beneficiary Inducements.

Physician practices often have limited resources, which makes it difficult for them to implement solutions to address cybersecurity risks. Without the necessary protections, sensitive healthcare data could be accessed by unauthorized individuals, stolen, deleted, or encrypted by threat actors. Threat actors could also conduct attacks on small physician practices and use them to gain access to the healthcare systems to which they connect.

When the rules were first proposed, commenters emphasized the need for a safe harbor to allow non-abusive, beneficial arrangements between physicians and other healthcare providers, such donations of cybersecurity solutions to help safeguard the healthcare ecosystem. The CMS first proposed the changes in October 2019 as part of the Regulatory Sprint to Coordinated Care.

The CMS final rule clarifies the Stark Law exceptions concerning donations of electronic health record donations to physicians, expanding the EHR exception to include cybersecurity software and services. A standalone exception has also been introduced for broader cybersecurity donations, including donations of cybersecurity hardware.

“These finalized exceptions provide new flexibility for certain arrangements, such as donations of cybersecurity technology that safeguard the integrity of the healthcare ecosystem, regardless of whether the parties operate in a fee-for-service or value-based payment system,” said the CMS.

The changes recognize the risk of cyberattacks on the healthcare sector and create a safe harbor for cybersecurity technology and services to protect cybersecurity-related hardware, and will help to ensure that cybersecurity software and hardware are available to all healthcare providers of all sizes.

The safe harbor applies to, but is not limited to, “software that provides malware prevention, software security measures to protect endpoints that allow for network access control, business continuity software, data protection and encryption and email traffic filtering.” The exception also covers the “hardware that is necessary and used predominantly to implement, maintain or re-establish cybersecurity” and a broad range of cybersecurity services such as updating and maintaining software and cybersecurity training services. There is no distinction in the rule between locally installed and cloud-based cybersecurity solutions.

Under the cybersecurity exception, recipients are not required to contribute to the cost of the donated cybersecurity technology or services. Under the EHR exception, the cost contribution requirement for donations of EHR items or services is retained.

“It is our position that allowing entities to donate cybersecurity technology and related services to physicians will lead to strengthening of the entire health care ecosystem,” said the HHS.

The final rules are due to be published in the federal register on December 2, 2020 and are expected to take effect on January 19, 2021.

The post HHS Releases Final Rules with Safe Harbors for Cybersecurity Donations appeared first on HIPAA Journal.

FTC Settlement with Zoom Resolves Allegations of Cybersecurity Failures and Deceptive Security Practices

The U.S. Federal Trade Commission has reached a settlement with Zoom to resolve allegations that the teleconferencing platform provider misled its customers about the level encryption and had failed to implement appropriate cybersecurity protections for its users.

During the pandemic, use of the Zoom platform skyrocketed, with business users and consumers adopting the platform in the millions. The platform was used by consumers to maintain contact with friends and family, while remote workers used the platform to communicate with the office and collaborate while working from home. The platform proved to be extremely popular in healthcare for providing telehealth services and in education for communicating with students.

Zoom reported in its second quarter earnings call that it has seen 400% growth of corporate clients with more than 10 employees and around 300 million meetings were taking place each day. The massive increase in popularity attracted the attention of security researchers, who discovered multiple security vulnerabilities in the platform.

One of the main issues concerned encryption. Zoom stated on its website that the platform offered end-to-end encryption when this was not the case. Meetings were encrypted, but Zoom was able to access customer data. The company also stated AES 256 encryption was used, when encryption was only AES 128, and recorded meetings were immediately encrypted prior to storage.

Other cybersecurity issues included a Zoom software update that circumvented a browser security feature and a lack of security protections which allowed uninvited individuals to join meetings – termed Zoombombing. The company was also discovered to be sharing email addresses, photos, and user’s names with Facebook, albeit unwittingly.

The investigation by the FTC revealed Zoom had “engaged in a series of deceptive and unfair practices that undermined the security of its users.” A settlement was reached with the firm that requires the company to implement and maintain a comprehensive security program within 60 days.

The 17-page agreement details the steps that Zoom must take to ensure the security of its platform. They include conducting annual assessments on potential internal and external security risks and developing and implementing safeguards to reduce those risks to a low and acceptable level.

Additional safeguards must be implemented to protect against unauthorized access to its network, multi-factor authentication, steps must be taken to prevent the compromise of user credentials, and data deletion controls must be implemented. Zoom is required to review all software updates to identify potential security flaws prior to rollout and must ensure that any new features or security measures do not interfere with third party security features. The company must also implement a vulnerability management program.

Zoom has been prohibited from misrepresenting the security features of its platform to users, the categories of data accessed by third parties, and how data privacy and security are maintained.

Zoom must undergo a third-party audit by an independent security firm to ensure the company is complying with all requirements of the agreement and is successfully remediating risks. The agreement will last for 5 years, during which time the FTC will be monitoring Zoom for compliance.

Zoom avoided a financial penalty, but if the company is discovered to have violated the terms of the agreement or federal laws, financial penalties will be applied up to a maximum of $43,280 per violation.

“Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection.

The post FTC Settlement with Zoom Resolves Allegations of Cybersecurity Failures and Deceptive Security Practices appeared first on HIPAA Journal.

TigerConnect Survey Confirms Widespread Support for Telehealth Among Providers and Patients

The coronavirus pandemic has resulted in a major increase in healthcare providers offering telehealth services to patients. Virtual visits are being offered to reduce the number of patients visiting hospitals and physician offices to limit transmission of the virus to ensure patient safety. The increase in use is out of necessity, but new research confirms telehealth services are popular with providers and patients alike.

TigerConnect, the provider of the most widely adopted communication platform in healthcare, recently commissioned a comprehensive Harris Poll survey to explore attitudes to telehealth among patients and healthcare providers. The survey was conducted on 2,039 U.S. adults aged 18 or older between July 23-27, 2020 and 500 healthcare clinicians between June and July 2020.

88% of healthcare providers who were already offering telehealth services to patients saw an increase in the use of telehealth services due to the coronavirus pandemic, with 71% of providers saying there was a large increase in use. It is understandable that so many providers and patients have embraced telehealth in order to reduce infection risk and prevent transmission of the virus, but even when the pandemic is over it is likely that use of telehealth services will continue at the same or even an increased level. Over two thirds of providers (71%) believe use of telehealth services will continue at the same or even a higher level when the pandemic is over.

There is also strong support for telehealth services among patients. 87% of patients who tried telehealth said they were satisfied with the experience, with 7 out of 10 patients saying it is important for providers to offer telehealth services to patients. Many patients appear to prefer virtual visits to in-person visits. Only 40% of patients said they prefer to meet their providers face to face.

Patients may be apprehensive about trying telehealth, but once they have their first virtual visit they are keen to go virtual again. Patients who have had one telehealth or video consultation in the past year were twice as likely to express a strong preference for a virtual visit over an in-person visit.

When patients were asked if there was anything about telehealth they did not like, almost half of patients could not think of a single criticism about their experience. The main advantages of telehealth among patients were convenience (50%), allowing appointments to be kept that may otherwise have been cancelled (36%), and the ease at which health check-ups could be scheduled (34%). 52% of patients said they believe telehealth was a safe alternative to an in-person office visit.

Boomers (Over 55s) and Gen Z (Under 24s) were the age groups least satisfied with telehealth. The most common complaint among Boomers was excessive complexity, while the most common complaint with Gen Z users was a lack of features, showing there is clearly further scope for refinement.

The survey on clinicians revealed there is a majorly fragmented market, with 140 different telehealth solutions in use. 14% of respondents said they are currently using multiple telehealth solutions. That may well change after the pandemic is over and the notice of enforcement discretion of the HHS’ Office for Civil Rights expires. The notice of enforcement discretion for telehealth services temporarily allowed telehealth solutions to be used that may not be fully compliant with HIPAA requirements.

65% of respondents said they were happy with their current telehealth solutions and almost 90% of users of the TigerConnect platform said they were happy with the TigerConnect platform.

The survey also revealed there is strong bipartisan support for telehealth, with 77% of Democrats and 66% of Republicans believing healthcare providers should offer telehealth services to patients. There are still some challenges to overcome to ensure that telehealth services are accessible to all. 53% of surveyed patients living in urban areas had utilized telehealth services compared to just 31% of patients in rural areas, which suggests there may be issues with broadband availability and cellular reception in rural areas which is limiting uptake.

“The people have spoken: telehealth is here to stay,” said TigerConnect CEO Brad Brooks. “The overnight move to telehealth is one of the fastest cultural shifts in healthcare in decades, and this research reveals it has already transformed the habits of millions of Americans who can now access great healthcare as easily as they can catch a ride to the airport. It’s up to our industry to seize this moment and ensure that it’s as easy as possible for anyone to access or administer world-class healthcare anywhere and anytime to improve health outcomes for all Americans.”

The post TigerConnect Survey Confirms Widespread Support for Telehealth Among Providers and Patients appeared first on HIPAA Journal.

OCR Publishes New Resources for MHealth App Developers and Cloud Services Providers

The Department of Health and Human Services’ Office for Civil Rights has announced it has published additional resources for mobile health app developers and has updated and renamed its Health App Developer Portal.

The portal – Resources for Mobile Health Apps Developers – provides guidance for mobile health app developers on the HIPAA Privacy, Security, and Breach Notification Rules and how they apply to mobile health apps and application programming interfaces (APIs).

The portal includes a guidance document on Health App Use Scenarios and HIPAA, which explains when mHealth applications must comply with the HIPAA Rules and if an app developer will be classed as a business associate.

“Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is secure and will be used and disclosed only as approved or expected,” explained OCR. “Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security, and Breach Notification Rules.”

The portal provides access to the Mobile Health Apps Interactive Tool developed by the Federal Trade Commission (FTC) in conjunction with the HHS’ Office of the National Coordinator for Health IT (ONC) and the Food and Drug Administration (FDA). The Tool can be used by the developers of health-related apps to determine what federal rules are likely to apply to their apps. By answering questions about the nature of the apps, developers will discover which federal rules apply and will be directed to resources providing more detailed information about each federal regulation.

The portal also includes information on patient access rights under HIPAA, how they apply to the data collected, stored, processed, or transmitted through mobile health apps, and how the HIPAA Rules apply to application programming interfaces (APIs).

The update to the portal comes a few months after the ONC’s final rule that called for health IT developers to establish a secure, standards-based API that providers could use to support patient access to the data stored in their electronic health records. While it is important for patients to be able to have easy access to their health data to allow them to check for errors, make corrections, and share their health data for research purposes, there is concern that sending data to third-party applications, which may not be covered by HIPAA, is a privacy risk.

OCR has previously confirmed that once healthcare providers have shared a patients’ health data with a third-party app, as directed by the patient, the data will no longer be covered by HIPAA if the app developer is not a business associate of the healthcare provider. Healthcare providers will not be liable for any subsequent use or disclosure of any electronic protected health information shared with the app developer.

A FAQ is also available on the portal that explains how HIPAA applies to Health IT and a guidance document explaining how HIPAA applies to cloud computing to help cloud services providers (CSPs) understand their responsibilities under HIPAA.

The post OCR Publishes New Resources for MHealth App Developers and Cloud Services Providers appeared first on HIPAA Journal.

OIG Identifies Barriers to the Use of Health Information Exchanges by the Department of Veteran Affairs

The Department of Veteran Affairs (VA) Office of Inspector General (OIG) has conducted a review of VA facilities and community providers to identify any barriers that are hampering the use of health information exchanges (HIEs). OIG identified several issues that need to be addressed to improve the exchange of health information.

HIEs are used to share healthcare information for the purpose of coordinating and improving the continuity of care for veterans enrolled in a VA facility. Following a pilot program, the VA introduced the Veterans Health Information Exchange (VHIE), which uses two methods for sharing veterans’ data between VA facilities and members of VA healthcare teams: VA Exchange and VA Direct.

OIG conducted a survey and interviews at 48 lower complexity Level 2 and 3 Veterans Health Administration (VHA) facilities, along with interviews of staff in the VHIE Program Office. OIG also met with the Office of Information Technology, Office of Community Care, Office of Rural Health, Cerner, and two state HIEs.

According to the VHIE Program Office Director, all 140 VA facilities have access to both VA Exchange and VA Direct, but currently only 28 of the 140 facilities have implemented VA Direct, which connects directly to DirectTrust. The facilities that had not yet implemented VA Direct report that they had not received adequate training by DirectTrust, did not have community partners using DirectTrust, or were using alternate HIEs.

OIG suggests in its report that “Expansion of VA Direct usage to all facilities would increase the instances of health information sharing and improve the timeliness of health information exchange while efforts continue with development of community partnerships through VA Exchange.”

Based on the survey results, OIG found 46 of the 48 facilities were using VA Exchange, VA Direct, or both, and only two facilities used neither. 22 facilities reported exchanging healthcare data by scanning, faxing, or mailing patient information.

Survey respondents indicated they needed additional training on HIEs to give them a better understanding on health information exchange and expressed a need for more community partners. There were also technology challenges with viewing community health information through VA Exchange, which required them to sign in to view the electronic health record and then sign in to the Joint Legacy Viewer (JLV) in order to access patient information from community partners. There were also issues with the quality of JLV data, access was not user friendly, and the cumbersome process delayed accessing patient information.

There are currently two contracts establishing community coordination for VHIE and 56 VHIE community coordinator positions to support facilities and Veterans Integrated Service Networks. Coordinators are required to provide training, policy, and process assistance to VHA directors and staff to enhance infrastructure, outreach, and training.

OIG found there was considerable variation in engagement across the 56 VHIE community coordinator, ranging from a high level of participation to next to none. OIG also discovered that when a coordinator leaves the position, it is common for communication issues to be experienced and training to suffer, which creates a barrier for staff knowledge and ability to use the programs.

“With the addition of more training, communication, and future planned technological changes, VHA could more effectively streamline the continuity of care received by veterans,” wrote OIG. “Electronic Health Records Modernization should alleviate some of the technology challenges currently experienced with the use of VHIE.”

The Under Secretary of Health concurred with the 4 recommendations made by OIG:

  • Review the barriers related to the use of VA Direct and increase the number of facilities using VA Direct to share health information.
  • Evaluate the VA Exchange and VA Direct training and education programs and increases accessibility to VHA staff, community partners, and veterans.
  • Increase the number of community partners, including more state exchanges and other HIE stakeholders to facilitate the expansion of bidirectional health information exchange.
  • Evaluate the performance work statements of the Veterans Health Information Exchange community coordinators and confirm compliance with the scope of work.

The post OIG Identifies Barriers to the Use of Health Information Exchanges by the Department of Veteran Affairs appeared first on HIPAA Journal.

States Start to Make Temporary COVID-19 Telehealth Changes Permanent

Following the decision of the HHS’ Centers for Medicaid and Medicare Services (CMS) to expand access to telehealth services and increase coverage in response to the COVID-19 pandemic, states introduced temporary emergency waivers to their telehealth laws. Healthcare providers and patients have welcomed the changes to telehealth policies, which improved access to telehealth services to help control the spread of the virus, SARS-CoV-2. There have been increasing calls for the changes to be made permanent, and several states such as Massachusetts, Colorado, and Idaho have taken steps to ensure the changes continue after the COVID-19 public health emergency is declared over.

On March 16, 2020, the Massachusetts Board of Registration in Medicine (BORIM) approved a new policy that states the same standard of care applies to in-person and telehealth visits and a face-to-face encounter is not a pre-requisite for a telehealth visit. The policy was introduced on a temporary basis in response to COVID-19, but on June 26, 2020, BORIM made the policy change permanent. This is the first telehealth-specific policy to be adopted by BORIM and Massachusetts was one of the first states to make temporary COVID-19 telehealth policies permanent.

There have been increasing calls at the Federal level for the expansion of access to telehealth services to be made permanent and for there to be continued reimbursement parity for in-person and virtual visits when the COVID-19 nationwide public health emergency is declared over.

CMS Administrator Seema Verma has expressed support for the expansion of telehealth access to continue and, at a recent meeting of the Senate Committee on Health, Education, Labor & Pensions (HELP), the 30+ temporary changes to Federal telehealth policies were discussed and Congress was urged to make several of the changes permanent. There is a commonly held view that telehealth can improve patient outcomes, help providers deliver a better patient experience, and that telehealth will help to reduce the cost of healthcare provision.

Two Federal policy changes that have attracted considerable support are the relaxation of the Medicare originating site requirement to allow physicians to provide telehealth services to all patients, no matter where they are located, and expansion of the number of telehealth services covered under Medicare.

These and other policies changes have received support at the state level. Several other states have now taken steps to improve telehealth access. Colorado Governor, Jared Polis, signed a bill this week that prohibits health insurance companies from requiring a patient to have a pre-established relationship with a virtual care provider. The law, which applies to Medicaid and state-regulated health plans, also prohibits insurers from imposing additional location, certification, or licensure requirements on providers as a condition for telehealth reimbursement and the restrictions on the technology that can be used to provide telehealth services have also been removed. Audio or video communication solutions only need to be compliant with the HIPAA Security Rule.

Idaho Governor Brad Little has similarly taken steps to make the COVID-19 changes to telehealth laws permanent, including the state’s temporary telehealth rule waivers that increased the medications that could be prescribed in telehealth visits, the broadening of the technology that can be used for providing telehealth services, and the change that allows out-of-state providers to treat patients virtually.

“Our loosening of healthcare rules since March helped to increase the use of telehealth services, made licensing easier, and strengthened the capacity of our healthcare workforce – all necessary to help our citizens during the global pandemic,” said Gov. Little. “We proved we could do it without compromising safety. Now it’s time to make those healthcare advances permanent moving forward.”

All states expanded access to telehealth services for Medicaid beneficiaries following the announcement by the CMS about the expansion of access to telehealth and increased coverage. Many more states are now expected to make the emergency changes permanent.  However, health insurers must also make changes and confirm that they will continue to reimburse physicians for virtual visits at the same rate as in-person visits, otherwise it is likely that telehealth will be dropped in favor of in-person visits.

The post States Start to Make Temporary COVID-19 Telehealth Changes Permanent appeared first on HIPAA Journal.

Senate HELP Committee Considers Permanent Changes to Telehealth Policies

The Senate Health, Education, Labor, and Pensions (HELP) Committee is considering which of the 31 recent changes to telehealth policies should be kept in place when the COVID-19 national public health emergency comes to an end.

The temporary changes to policies on telehealth have served to expand access during the COVID-19 public health emergency. These changes were necessary to help prevent the spread of COVID-19 and ensure that Americans are given easy access to medical services. During the COVID-19 crisis, patients have embraced the new approach and many have taken advantage of virtual visits and are using remote monitoring tools.

The June 17, 2020 Senate HELP Committee meeting was convened to explore which of the recent changes should be made permanent or at least be extended once the COVID-19 crisis comes to an end. All members of the committee supported making at least some of the recent changes permanent, with HELP Committee Chairman Sen. Lamar Alexander (R-Tenn.) advocating two permanent changes: The elimination of limitations on originating sites and the expansion of the types of providers who can be reimbursed through Medicare and Medicaid for providing virtual visits.

Sen. Alexander explained that both changes will help providers to achieve better patient outcomes, will improve patient experiences, and will help to reduce the cost of healthcare provision. There is wide support for these two changes to be made permanent. “As dark as this pandemic has been, it creates an opportunity to learn from and act upon these three months of intensive telehealth experiences, specifically what permanent changes need to be made in federal and state policies,” said Sen. Alexander. He suggested that were it not for the pandemic, the recently introduced changes may not have occurred for a further 10 years. It is too early to tell whether the telehealth changes have had any significant effect on patient outcomes, but they have certainly helped to improve access to healthcare services.

The University of Virginia (UVA) experienced a 9,000% increase in virtual visits between February and May, according to Karen Rheuban, M.D., director of the UVA Center for Telehealth. Sen. Alexander explained that Ascension Saint Thomas had gone from providing around 50 telehealth visits a year to more than 30,000 per month between April and May. Between April and May, telehealth accounted for around 45% of all visits.

The HHS’ Office for Civil Rights announced a Notice of Enforcement discretion covering the platforms that could be used for providing telehealth services during the public health emergency. Aside from public-facing platforms, apps that would not normally be permitted under HIPAA could be used for telehealth. While the move was necessary, it is one of the changes that requires closer scrutiny moving forward to ensure the privacy and security of healthcare data is not placed at risk.

The expansion of telehealth services has not proven to be a great equalizer, as many people lack the technology to take advantage of telehealth services. “The disparities in access to technology reflect the underlying inequity that exists throughout society,” said Sen. Tina Smith (D-Minn), a view shared by Karen Rheuban, M.D., who suggested “Congress should provide support for further broadband deployment, including to the home, as appropriate, to reduce geographic and sociodemographic disparities in access to care.”

There was strong support for reimbursement for telephone visits to be continued. At Massachusetts General Hospital and Brigham and Women’s Hospital, 60% of telehealth visits took place over the telephone in the past 3 months. “Telephone visits are important to cross the digital divide. We should continue that level of reimbursement to address this underserved population,” said Joe Kvedar, president of the American Telemedicine Association.

In addition to advocating for permanent changes to originating site limitations, Kvedar recommended giving the HHS the flexibility to expand the list of practitioners and therapy services eligible for telehealth reimbursement and to continue the grant and technical assistance programs and also cover infrastructure needs.

There is a commonly held view among providers that the decision to continue offering telehealth is largely dependent on reimbursement rates for telehealth. If reimbursement is lower for virtual visits, that may prevent providers from continue offering telehealth over in-person visits. Sen. Mike Braun (R-Ind) suggested that there should not be pay parity due to the differences in overheads. Sen. Bill Cassidy (R-La.) also questioned whether reimbursement should be equal when telehealth reduces providers’ overhead costs.

While access to telehealth has been expanded for Medicare and Medicaid patients, changes also need to be made in the private sector. “It would be very difficult to conduct this care model in a world where we got some payment for some things and didn’t get paid for others,” suggested Kvedar. “As much harmonization as possible would be huge incentive for adoption and expansion,” said Rheuban.

The post Senate HELP Committee Considers Permanent Changes to Telehealth Policies appeared first on HIPAA Journal.