The following is a guest article by Diana Warner, MS, RHIA, CHPS, CPHI, FAHIMA, Director, Client Relations and Account Management at MRO.
Health information management has seen many new processes quickly evolve during the COVID-19 pandemic. COVID-19 forced the healthcare industry to change how healthcare is delivered, with telehealth taking a front row seat. Rules and regulations around telehealth are currently relaxed to accommodate this change in the interaction between patient and provider.
As a result, it is necessary to review and update documentation practices, content, policies and procedures, while upholding patient privacy and confidentiality. Consents may also need to be updated for telehealth visits, especially if unsecured connections are used. Now is the time for health information professionals to take the lead to ensure workflows are in place for documenting, sharing and storing telehealth encounters.
COVID-19 Telehealth Rules Relaxed
At the beginning of March, telehealth services were relaxed due to the COVID-19 pandemic. As of April 29, all 50 states plus Washington, D.C., offered licensure flexibilities. Between March and June, over 9 million beneficiaries received telehealth services.
Providers and patients may now conduct visits from the privacy of their homes or in other private locations. That said, services should never be provided or received in public or semi-public locations. As standard protocol, providers to be in a private environment. It is recommended that providers ask patients to be in a private space as well. Here are three other changes to know.
CMS Relaxed Licensing Requirements
The Centers for Medicare & Medicaid Services (CMS) requirement for providers to be licensed in the state where the patient resides has been removed. HHS Secretary Alex Azar has requested all states allow licensed providers to practice across state lines.
CMS Relaxed Rules for both Telehealth and Audio-Only Visits
Telehealth services are now available to new patients as well as established patients. Patient consent must be obtained before or at the time of service, and documented in the medical record.
DEA Relaxed Restrictions on Remote Prescribing of Controlled Substances
The Drug Enforcement Administration (DEA) is allowing providers to prescribe controlled substances via telemedicine without requiring an initial face-to-face evaluation.
Specific guidelines for chronic care management and transitional care management include obtaining verbal consent and documenting this in the medical record. Any patient that has not been seen in the last 12 months will need an initiating visit.
For patients who do not have access to an audio-video connection, audio-only visits are accepted. Just as with telehealth, the consent must be obtained prior to or at the time of service and documented in the patient’s medical record.
Documentation requirements for telemedical records are the same as for other health records. It is HIM’s responsibility to ensure policies for telehealth address the documentation requirements, maintain images or recordings, know when these should be considered part of the patient’s health record, and confirm records are retained according to state retention laws. Polices are needed to identify who owns the records and who is responsible for amendments and release of information.
In addition, here are the documentation requirements for each telemedical record visit:
- Visit occurred via telemedicine
- Location of the provider
- Location of the patient
- Names of all persons participating in the telemedicine service and their role in the encounter
- Length of time of the consultation visit and notation that more than 50 percent of the encounter was spent counseling/coordinating care
- Differential diagnosis, active diagnosis, prognosis, risks, benefits of treatment, instruction, compliance, risk reduction, and coordination of care with other providers
- Orders should include:
- Review/Order of clinical lab tests
- Review/Order of radiographs
- Review/Order of medical tests (PFTs, ECK, Echo, Cath)
- Review/Summary of old records
Telehealth Privacy and Security
When using telehealth, privacy and security practices remain in place, even though some of the telehealth rules are currently relaxed. Best practice is to develop or update policies and procedures for the specific type of telehealth platform being used (secure/unsecured). Make sure policies specify where the provider can offer the service (ensuring no PHI is visible) and who is responsible for handling any possible breaches. When using unsecured connections, update consents outlining the unsecured telehealth service being used and obtain patient understanding and consent prior to the visit.
Telehealth: Close the GAP
As telehealth continues to ramp up, take measures to address the following areas:
- Medical Credentialing processes
- Providers Licensed to Practice
- Liability Insurance Updated
- Standard IT Practices
- Backup and downtime procedures
- Equipment used for telehealth is secure
- Education for providers on security protections
HIPAA-compliant technology for telemedicine includes:
- Skype for Business
- Zoom for Healthcare
- Microsoft Teams
- Cisco Webex Meetings/Webex Teams
- Amazon Chime
- Spruce Health Care Messenger
Currently CMS is not enforcing the requirement that the technology used for a video visit between a physician and a patient be HIPAA-compliant. Some video chat solutions such as Apple FaceTime, Skype, or Facebook Messenger video chat are allowed.
If a healthcare provider using telehealth services during COVID-19 has their transmission intercepted, the OCR will not pursue breach penalties, assuming the good faith provision of the telehealth services during this national public health emergency.
The New Normal
Telehealth is quickly becoming the new normal. Congressional leaders have reached out to the leaders at the Health and Human Service Department (HHS) and the Centers for Medicare & Medicaid Services (CMS) to continue telehealth services past the COVID-19 emergency and asked what areas would need legislation actions.
Legislation is already being proposed to keep and even expand access to telehealth. The Equal Access to Care Act (EACA) allows licensed providers to conduct out-of-state telehealth services for patients for another 180 days. EACA also further expands patient access to care during the pandemic.
Protecting Access to Post-Covid-19 Telehealth Act is another proposed legislation that recommends expanding the use of telehealth:
- Ensures use of telehealth for Medicare patients during future disasters and emergencies.
- Provides regulatory flexibilities for removing geographic restrictions on where a patient must be located in order to use telehealth services and enabling telehealth services to be provided to patients in their homes.
- Ensures federally qualified health centers and rural health centers can furnish telehealth services.
As the new normal continues to evolve, more changes are still to come. It is imperative that HIM professionals keep up with telehealth updates required for new policies, resources and related information. As we continue in these unprecedented times, HIM leaders are paving the way to accommodate change and promote positive outcomes for their organizations.