Introducing Jones Day's Digital Health Law Update
Jones Day lawyers are at the forefront of digital health and health information technology topics, with leading industry attorneys around the globe experienced in all aspects of the legal and regulatory issues arising from the use of technology and devices to deliver and improve health care and wellness. In light of the rapidly developing nature of these topics, we decided to utilize a more systematic method of keeping our clients, colleagues, and friends abreast of developments and changes in this area of law. We hope you enjoy this, our first of many legal updates on notable happenings affecting digital health, mobile health, and telemedicine.
Patient Portals—Are You Managing Your Risk?
In the face of increasing demands to improve the convenience and accessibility of health care while also controlling costs, health care providers are increasingly offering patients access to electronic patient portals as a means of promoting efficient access to patient health information and enabling provider-patient communication.
While patient portals can provide notable benefits to both providers and patients, they can also present some unexpected challenges for providers in ensuring compliance with applicable federal and state legal requirements. Often-cited among such challenges is the need for health care providers to protect the privacy and security of patients' personal health information as required under applicable federal and state statutes and regulations (e.g., HIPAA/HITECH). However, in addition to such privacy and security concerns, there are a number of other considerations that health care providers should examine to ensure they don't run afoul of federal and state laws regulating the use of technology in the provision of health care services.
Some states' laws governing the use of telehealth require that new patients have an "in-person" exam before receiving a prescription or otherwise limit the technology modality that may be used for initial or even established patient encounters (e.g., only "real time" audio/video conferencing). Likewise, some states are pursuing a doctrine in which the standard of care for telehealth services is deemed to be the same as that for an in-person encounter. Such requirements may limit the types of services or interactions for which a provider may utilize a patient portal with a new or established patient. On the other hand, as government and commercial payors increasingly examine the levels of reimbursement available for services provided through telehealth, there may be potential opportunities for reimbursement available to providers through use of such portals depending upon the portal's functionality and the particular state's regulations governing the use of telehealth.
As the use and functionality of patient portals continue to grow, health care providers would be well advised to take a careful look at federal and state laws applicable to the use of telehealth to ensure they do not inadvertently create potential legal risk through their policies, procedures, and practical use of such patient portals.
21st Century Cures Discussion Document—Earlier this year, the House Energy & Commerce Committee released a discussion document about the 21st Century Cures Act, a bill intended to accelerate the discovery, development, and delivery of new therapies. The document contains provisions for telehealth, including new authority for the Department of Health & Human Services Secretary to waive "originating site," geographic, and type-of-provider restrictions on Medicare reimbursement. However, the draft does not address technology limitations; in other words, if approved in this form, the legislation would maintain the current rule that reimbursable telehealth services may be provided only via interactive video-audio systems.
FDA—In February 2015, the Food and Drug Administration ("FDA") issued final guidance explaining its intent not to enforce compliance with the regulatory controls for medical device data systems ("MDDS"), medical image storage devices, and medical image communications devices. The decision is meant to help advance digital health by relaxing requirements for certain hardware and software, but the guidance clarifies that devices used for "active patient monitoring" fall outside the scope of MDDS and therefore will continue to be separately regulated. Earlier this year, FDA released another draft guidance document discussing its policies for low-risk "general wellness products," a category that includes certain mobile apps for monitoring food consumption and measuring daily energy expenditures.
Internet of Things—The Federal Trade Commission ("FTC") recently issued a staff report titled "Internet of Things: Privacy & Security in a Connected World," which outlines recommendations for the increasingly interconnected world of devices and products and discusses the related risks of unauthorized access and misuse of personal information, cyber attacks, and personal safety hazards. Stemming from a 2013 workshop, the report recommends that companies implement "security by design" by incorporating cyber protections into their products at the outset, that companies examine ways to minimize the collection and retention of consumer data, and that Congress consider legislation to promote data security generally (not specific to the Internet of Things).
Competition Policy—Separately, FTC Commissioner Maureen Ohlhausen recently published an article in Health Affairs magazine regarding the agency's competition advocacy in health care, the impact of scope of practice laws, and the significance of innovations such as telehealth, citing New Mexico's Project ECHO as a successful model for connecting rural primary care physicians and nurse practitioners with academic medical center specialists. According to Ohlhausen, regulators can help ensure these innovations are realized by using their "policy research and development function to get a better understanding of: the technology itself; the new business models it may enable; any existing regulatory structures, including any industry self-regulation; relevant market dynamics; and the nature and extent of likely consumer and competitive benefits and risks."
Interstate Medical Licensure Compact—Since its introduction in fall 2014, the Interstate Medical Licensure Compact (the "Compact") has been introduced as legislation in 15 states, and this winter, Wyoming and South Dakota became the first states to adopt the Compact when their governors signed enabling legislation into law. Similar legislation in Utah is awaiting review by the governor. By its own terms, the Compact becomes effective upon adoption by no less than seven states. You can track the status of the Compact and learn more about it by visiting the Compact website.
Texas—On March 6, 2015, the Texas Medical Board released proposed amendments to its Telemedicine Rules (22 TAC §§174.2, 174.5, 174.6, 174.8) to clarify, among other things, certain aspects of establishing a doctor–patient relationship using telemedicine and to expand the definition of an "established medical site" for purposes of using telemedicine to include additional locations when providing mental health services. Notably, the Board also proposed clarifying changes to its Violation Guidelines (22 TAC §190.8), mandating that prior to prescribing, a defined doctor–patient relationship must be established, which requires at a minimum, among other things, a physical examination that must be performed by either a "face-to-face" visit or in-person evaluation. The rule changes highlight that questions and answers exchanged through email, electronic text, or telephonic evaluation of or consultation with a patient are inadequate to establish a defined doctor–patient relationship.
Ohio—On January 14, 2015, Ohio released an updated draft of its proposed rule change regarding prescribing to persons the physician has never personally examined. Notable components include: (i) a requirement for visual real-time images for prescribing (even of noncontrolled substances), although the rule does not dictate real-time video and audio; (ii) the inclusion of diagnostic equipment capable of transmitting real-time "physical data" of the patient; (ii) an obligation to provide the medical record to the patient and to the patient's other health care providers; and (iv) a limitation on "cross-coverage" exemptions necessitating an agreement between the "covering" physician and the physician with whom the patient has a prior relationship.
Connecticut—Advancing out of committee in January 2015, a new senate bill, SB 246, defines the practice of telemedicine and establishes standards, including written informed consent and a requirement that the telemedicine provider have previously personally seen and examined the patient or provided telemedicine services at the request of a CT licensed provider who has personally seen and examined the patient.
West Virginia—On January 27, 2015, West Virginia introduced senate bill SB 334, setting out specific practice standards for providers utilizing telemedicine. SB 334 requires, in particular, that when a prior physician–patient relationship does not exist, it can be established using telemedicine as long as real-time video conferencing or similar technologies are utilized.
ACOs—On March 10, 2015, the Centers for Medicare & Medicaid Services ("CMS") announced the Next Generation ACO Model, which, in addition to creating ACOs with greater financial risk and potential savings than those in current Medicare ACOs, also provides for telehealth coverage in order to encourage closer care relationships between ACO providers/suppliers and beneficiaries and encourage additional growth of both telemedicine use and ACO formation. A CMS blog post, "Building on the Success of the ACO Model," provides more information.
State Reimbursement—Eight different states introduced bills regarding reimbursement during January and February 2015, including SB 133 in Arkansas, SB 467 and HB 6487 in Connecticut, House File 218 in Iowa, SB 981 in Minnesota, SB 758 in Oklahoma, SB 144 in Oregon, HB 5422 in Rhode Island, and SB 5175 in Washington. The Arkansas and Minnesota bills would require reimbursement parity under Medicaid, whereas the proposals in Connecticut, Iowa, Oregon, and Rhode Island focus on requiring telemedicine coverage without requiring in-person contact. The Washington bill ensures telemedicine services are reimbursable under public employee benefit plans, health carriers, and managed care organizations, and the Oklahoma bill requires Medicaid reimbursement for telemedicine services at no more than 85 percent of usual and customary Medicaid fee schedule.
Remote Chronic Care Management—Beginning with the 2015 Medicare Physician Fee Schedule, CMS has implemented the new billing code 99490 for non-face-to-face chronic care management ("CCM") services, specifically defined as "at least 20 minutes of clinical staff time directed by a physician or other qualified health care professional, per calendar month, with the following required elements: multiple (two or more) chronic conditions expected to last at least 12 months, or until the death of the patient; chronic conditions that place the patient at significant risk of death, acute exacerbation/decompensation, or functional decline; comprehensive care plan established, implemented, revised, or monitored." The code provides reimbursement of about $41 per beneficiary per month for remote CCM services. The billing provider may not bill for both CCM services and any of the following four services: transitional care management, home health care supervision, hospice care supervision, and certain end-stage renal disease services. More information about CCM services is available in section H of the 2015 Physician Fee Schedule Final Rule.
China—In February 2015, China's National Health and Family Planning Commission issued a "Work Plan on Large Hospital Inspections (2015–2017)" (English translation provided by U.S.-China Business Council), which names specific hospitals that will be reviewed and outlines the general process for inspections aimed at fighting corruption and promoting effective management standards. The Work Plan comes on the heels of other policy developments announced last year that would allow foreign investors to establish new, wholly owned hospitals or to acquire existing hospitals within seven pilot zones in China, subject to certain requirements and standards. The Chinese government is also taking efforts to promote innovation in health care, including recent guidelines to develop a uniform telemedicine network connecting patients with health care providers throughout China.
Germany—The Ministry of Health recently proposed draft legislation intended to ensure secure digital communication and applications and promote interoperability of IT systems within the health sector.