Industry Insights

"The MedTech Act"—Real Change for Digital Health or More Vague Oversight?

The U.S. Senate Committee for Health, Education, Labor and Pensions, known as HELP, recently passed its marked version of the Medical Electronic Data Technology Enhancement for Consumers' Health Act, S. 1101, commonly known as the MedTech Act. Senators Michael Bennett and Orrin Hatch originally introduced the Act to high hopes late in 2014. A similar version of the legislation previously passed the House as part of the 21st Century Cures Act.

Industry and politicos alike are hungry for the relief and acclaim expected to accompany final passage. The Act is intended to provide comfort and stability at the dynamic intersection of medicine and technology by offering assurances that software designed for use in observational, monitoring, and lifestyle products will not be regulated by the U.S. Food and Drug Administration ("FDA").

By carving certain medical and decision‑support software out of the definition of "device," the Act limits FDA's regulatory authority with respect to software applications used for administrative functions, financial management, and static record review, as well as software designed to facilitate care coordination, data transfer, and development of treatment plans and recommendations. In doing so, the Act furthers industry and political aims of moving the FDA out of the way when it comes to low-risk, innovative software such as that used for wellness and lifestyle programs and similar applications. This is good news for commonly used wearables like wristbands and watches, and it presages brisk mainstreaming of related applications, such as in clothing, seating, steering wheels, earbuds, glasses, and contact lenses that monitor and report health, fitness, and wellness information.

While loosening the reins on applications seen as low risk, the legislation redirects FDA's focus to higher-risk medical software and devices, such as imaging, diagnostic, and implantable devices.

Be forewarned: What the Senate giveth, the FDA may taketh away, albeit via a public regulatory process. Under the Act as proposed, if the Secretary of Health and Human Services determines that an otherwise‑exempt software function would be "reasonably likely" to have "serious adverse health consequences," the Secretary may take action to enable the FDA to regulate the product or software as a medical device. In making such a finding, the FDA must consider matters such as the degree of harm likely to result if the software malfunctions, the extent to which the software is intended to support or influence clinical judgment, the opportunity for medical or professional intervention (such as review of the basis for treatment recommendations provided by the software), and the intended user and environment of use. Before taking action, the Secretary must publish its findings, including supporting evidence, in the Federal Register and offer a public comment period of at least 30 days. Only after the conclusion of that process may the Secretary regulate the software as a device.

Not everyone favorably views a more relaxed regulatory approach. Some fear that reliance on unregulated devices will lead to complacency. Others point to risks of manufacturing defects; susceptibility to bugs, glitches, viruses, and breaches; and possible lapses in the energy and connectivity infrastructure essential for these apps and devices to operate.

Ironically, the American Medical Informatics Association applauded the Act as necessary "to help ensure innovative products can more easily come to market" and at the same time called for "additional support from the federal government to tackle this mounting challenge" of ensuring health IT patient safety, concluding, "[n]ow is the time to fully fund a collaborative, national center for health IT safety."

While we live in a heavily regulated time, the pace of technological innovation in the health industry, as now fueled by consumer demand and a national health care framework dependent on big data and data analytics, is poised to accelerate, notwithstanding a few glitches along the way.

Federal Features

$1.55M HIPAA Settlement Between OCR and North Memorial Health Care

North Memorial Health Care of Minnesota ("North Memorial"), a comprehensive not-for-profit health care system, has agreed to pay $1.55 million to settle charges that it potentially violated the HIPAA Privacy and Security Rules when it failed to enter into a business associate agreement with a contractor and also did not conduct a risk analysis to address the security of patient data. The investigation by the Department of Health and Human Services Office for Civil Rights ("OCR") began in September 2011, when a report that an unencrypted laptop containing electronic private health information ("ePHI") for 9,497 patients was stolen from the car of an employee of contractor Accretive Health, Inc. Although Accretive Health had access to the ePHI of 289,904 patients, North Memorial did not have a business associate agreement in place with the contractor. In addition to this violation, North Memorial did not complete a risk analysis to address all the potential risks to its ePHI for its enterprise-wide IT infrastructure. Not only will North Memorial pay the $1.55 million fine, but it has entered into a Corrective Action Plan whereby it will develop policies and procedures related to business associate relationships, modify existing and create new risk analysis procedures, develop and implement a risk management plan, train its employees on all new policies and procedures, report additional events, and provide annual progress reports to OCR. In addition to the press release, the Resolution and Corrective Action Plan are available on the HHS website.

MACRA Proposed Rule

The U.S. Department of Health and Human Services ("HHS") issued a proposed rule under the Medicare Access and CHIP Reauthorization Act of 2015 ("MACRA") on April 27, 2016. Continuing efforts to incorporate quality measures and value into provider payments, HHS's new proposed rule would streamline the current disparate Medicare quality programs into a framework called the Quality Payment Program, which establishes two payment paths: Merit-based Incentive Payment System ("MIPS") and Advanced Alternative Payment Models ("APMs"). MIPS bases reimbursement on four factors: quality, cost, advancing care information, and clinical practice improvement activities. Notably, the advancing care information proposal will allow practitioners to select measures that reflect how technology best suits their practice and will reduce the number of required measures from 18 to 11. The MIPS program is aimed at supporting simple, connected, less-burdensome technology. CMS would begin measuring performance through this payment program in 2017 and would begin payments through the program in 2019. On the other hand, APMs were developed with an eye toward the promotion of the highest quality and most coordinated care that is patient-centered and practice-driven by giving a heightened role to information technology. APMs must meet three requirements: they must (i) use certified electronic health records, (ii) pay for covered professional services based on comparable quality measures, and (iii) either be an enhanced medical home or bear more than nominal risk for losses. This program is meant to strengthen quality-based payments while incentivizing flexible, coordinated care that is patient-centric. Medicare practitioners who participate to a sufficient extent in the various APMs, such as Comprehensive Primary Care Plus and Next Generation ACOs, may be exempt from MIPS reporting requirements and may qualify for financial bonuses. Comments to the proposed rule are due June 27, 2016.

VA Plans to Enhance Telehealth Care

The Department of Veterans Affairs ("VA") recently announced the development of five VA Mental Health Telehealth Clinical Resource Centers, one of which is already operational. The Centers are designed to provide veterans with rapid access to mental health services, particularly veterans in rural and underserved communities. According to the VA 2017 Budget Request, Volume II Congressional Submission, and a VA News Release from May 2016, the VA served 677,000 patients via telehealth in 2015, which is approximately 12 percent of the veterans receiving health care from the VA. The VA has demonstrated that it is a world leader in telehealth services through these structural and technical investments in care management and health informatics. As a further demonstration of the VA's commitment to telehealth, the Volume II Congressional Submission states the VA's commitment to provide telemedicine services to 762,000 veterans in 2017.

FTC Tool Helps Health App Developers Determine if Regulations Apply

The Federal Trade Commission ("FTC") has released a new interactive tool on its website to help health app developers determine when certain regulations apply to their apps. The tool is designed to provide better protection for consumes and guides app developers through a series of 10 questions to identify which laws may be relevant.

CMS Managed Care Final Rule Contemplates Telemedicine Measures to Bolster Networks

CMS released its Medicaid Managed Care Final Rule regarding managed care in Medicaid and the Children's Health Insurance Program, which revises and expands federal rules governing contracting and payment of Medicaid managed care plans. The Final Rule includes provisions regarding "network adequacy standards" and advises states to contemplate telemedicine and other technological solutions to ensure beneficiaries have reasonable access to all necessary care in order to obtain reimbursements. Additionally, the National Association of Insurance Commissioners previously released its model legislation for health benefit plan network access and adequacy ("Model Act"). The Model Act is designed for use by state legislatures. Like the Medicaid Managed Care Final Rule, the Model Act establishes standards for network adequacy. In doing so, the Model Act recognizes telehealth as an acceptable means (among others) of achieving network adequacy. These developments demonstrate the increasing acceptance of telehealth in the mainstream healthcare delivery system and illustrate how telehealth may be used as an essential element of network development and adequacy.

State Summaries

Four States Adopt the Interstate Medical Licensure Compact

As of June 8, 2016, Arizona, Colorado, Kansas, Mississippi, and New Hampshire enacted the Interstate Medical Licensure Compact, bringing the total number of states that have adopted Compact legislation to 17. The Compact offers an expedited and streamlined licensing process for physicians interested in practicing medicine in multiple states. Learn more about the Compact and follow the status of pending Compact legislation.

Arkansas Medical Board Proposes Telemedicine Rules

The Arkansas State Medical Board, following the release of its draft telemedicine proposal last November, recently proposed to amend its regulations to allow for a physician–patient relationship to be established via telemedicine. Specifically, on April 27, 2016, the medical board proposed to revise its Regulation 2 to allow for a proper physician–patient relationship to be established by a "face to face examination using real time audio and visual telemedicine technology that provides information at least equal to such information as would have been obtained by an in-person examination." In addition, the board proposed a new Regulation 38, which would create standards for telemedicine practice in the state. Specific requirements include, among other things, that: (i) telemedicine services are held to the same standard of care as in-person services; (ii) the physician agrees to provide or arrange for follow-up care if indicated; (iii) the physician refrains from issuing a prescription for a controlled substance unless certain additional requirements are met; (iv) the physician must make available to the patient the patient's medical record documenting the encounter upon request; (v) in advance of the encounter, the patient must have access to information regarding the identity of the physician, licensure and board certifications, and patient financial responsibilities; and (vi) the physician has established protocols for referrals for emergency services. Regulation 38 also clarifies that while use of store-and-forward technology, such as X-rays, MRIs, and digital images, is permitted, a patient completing a medical history online and forwarding it to a physician does not qualify as store-and-forward technology.

Under the current statute, an in-person examination is generally required for a valid patient–physician relationship; as such, these actions by the Medical Board could significantly expand the current options for compliant telemedicine services within Arkansas. The Medical Board conducted a public hearing involving the proposed amendments on June 9, 2016, at 8:30 a.m.

Missouri Telemedicine Bill Signed into Law

The governor of Missouri signed SB579 into law on June 8, 2016, establishing a new telemedicine policy for the state. The bill defines "telehealth" and "telemedicine" as the delivery of health care services by means of "information and communication technologies," including the use of asynchronous store-and-forward technology, to facilitate the assessment, diagnosis, consultation, treatment, education, care management, and self-management of a patient's health care while the patient is at a location remote from the provider. Under the law, a licensed health care provider can provide telehealth services to patients under the same standard of care as services provided in person, with no requirement for the originating site to maintain on-site clinical staff during the encounter except as necessary to meet the standards of care for treatment of the patient's medical condition. In addition, the bill allows a physician–patient relationship to be established by a telemedicine encounter if: (i) the standard of care does not require an in-person encounter; (ii) the technology utilized is sufficient to establish an informed diagnosis as though a medical interview and physical examination had been performed in person; and (iii) prior to providing treatment, the physician interviews the patient, collects or reviews relevant medical history, and performs an examination sufficient for the diagnosis and treatment of the patient. Importantly, a questionnaire completed by the patient via the internet or telephone does not constitute an acceptable medical interview. Likewise, no health care provider may prescribe any drug or other treatment to a patient "based solely on an internet request or internet questionnaire."

In addition, the bill amends various laws related to the provision of services via telehealth for Missouri "HealthNet" participants, including specifying eligible providers and originating sites. The bill also addresses the use of asynchronous store-and-forward technology in the provision of telehealth services for HealthNet participants and establishes a statewide home telemonitoring program for the HealthNet program.

This bill is substantially similar to Missouri HB1923 and SB621, discussed in previous Updates (here and here).

Missouri Pharmacy Board Issues Emergency Rule on Telehealth Prescriptions

In an emergency rule issued on March 1, 2016, the Missouri State Board of Pharmacy amended its regulations to allow Missouri pharmacies to dispense prescriptions based on a "valid medical evaluation," including a telehealth evaluation. The previous regulations prohibited a pharmacist from filling a prescription if the prescription was written without a physical, in-person examination of the patient. Specifically, the emergency rule: (i) removes the language in the current regulation requiring a "sufficient physical examination and clinical assessment of the patient" before a pharmacist can dispense a prescription; and (ii) eliminates the prohibition on dispensing prescriptions based on an "Internet-based questionnaire, an Internet-based consultation, or a telephonic consultation." Missouri SB579, however, described above, expressly prohibits health care providers from prescribing drugs or other treatment to a patient based solely on an internet request or an internet questionnaire.

New York Office of Mental Health Proposes Telepsychiatry Rule

The New York Office of Mental Health ("OMH") recently proposed a rule to establish basic standards and parameters to approve the use of telepsychiatry in certain OMH-licensed programs. The rule defines "telepsychiatry" to mean the use of "two-way real-time interactive audio and video" to provide and support remote clinical psychiatric care. While the definition does not include telephone conversations, electronic mail messages, or facsimile transmissions, the rule notes that such encounters may support telepsychiatry services. Importantly, the proposed rule would expand the ability to provide telepsychiatry services to qualified mental health professionals, including physicians, licensed practical nurses, nurse practitioners, licensed psychologists, and physician assistants. The rule would replace the existing regulations, which allow for the use of telepsychiatry by OMH-licensed clinics only. OMH accepted comments on the proposed rule through June 13, 2016.

Ohio Medical Board Proposes Rules on Remote Prescribing

In April 2016, the State Medical Board of Ohio proposed new rules that outline the requirements for a physician to prescribe a drug to a person who is at a location remote from the physician and on whom the physician has not conducted a physical examination. The proposal comes after the Ohio legislature enacted a law requiring the Medical Board to adopt such rules in March of this year. Specifically, the proposed rules would allow a physician to prescribe medication (other than a controlled substance) based on a telemedicine encounter if the physician uses appropriate technology that permits, in a manner consistent with the minimal standard of care for in-person care, a medical evaluation and the collection of relevant clinical history as needed to establish a diagnosis, identify any underlying conditions, and identify any contraindications to the treatment recommended or provided. The physician must also establish the patient's identity and physical location, obtain the patient's informed consent for treatment, and provide or recommend appropriate follow-up care as needed. The rule would allow the prescribing of controlled substances based on remote examinations if additional conditions are satisfied. The new rules would replace the current Rule 4731-11-09, which requires a physician to have personally and physically examined a patient before prescribing any drug to the patient, except in specific situations.

South Carolina Enacts Telemedicine Legislation

On June 3, 2016, the governor of South Carolina signed into law SB1035, the South Carolina Telemedicine Act ("Act"). The Act broadly defines "telemedicine" to mean "the practice of medicine using electronic communications, information technology, or other means between a licensee in one location and a patient in another location with or without an intervening practitioner" and requires that telemedicine services be held to the same standard of care as in-person services. Importantly, the Act allows a physician to establish a physician–patient relationship solely via telemedicine, requiring only that the physician provide an "appropriate evaluation" prior to diagnosing and/or treating the patient. Such evaluation need not be done in person if the licensee employs "technology sufficient to accurately diagnose and treat the patient in conformity with the applicable standard of care." This requires more than a "simple questionnaire" and could require the use of an on-site practitioner who provides physical findings to the remote physician. In addition, the Act explicitly provides that a physician may prescribe for a patient whom the physician has not "personally" examined if the physician has established a physician–patient relationship with the patient solely via telemedicine. The Act largely adopts the current policy of the state medical board.

Alaska and Louisiana Bills Sent to Governor for Approval

Since our last Update, telemedicine bills in Alaska and Hawaii moved through the legislative process and were sent to their respective governors for approval. Alaska SB74, which would enable out-of-state telehealth providers to provide services via telemedicine if the physician or another licensed health care provider in the physician's practice group is available to provide follow-up care, was passed by the legislature and transmitted to the governor on June 6, 2016. The governor has until June 23, 2016, to sign or veto the bill before it takes effect without his signature. Louisiana HB570, a bill that would remove the state's current requirement that a physician providing services via telemedicine maintain an office or an arrangement with a physician who maintains an office within the state and would expressly permit audio-only telehealth, was also sent to the governor for executive approval on June 6, 2016. The governor must sign or veto the legislation within 10 days of transmittal or it becomes law without his signature.

Reimbursement Review

Alaska Legislature Passes Telemental Parity Law

On June 14, 2016, the governor of Alaska signed into law HB234, which requires health insurers that offer a health care insurance plan that provides mental health benefits to also provide coverage for mental health benefits provided through telehealth. Under the bill, a health insurer may not require that prior in-person contact occur between a health care provider and a patient before payment is made for covered services. The law takes effect on September 11, 2016.

Kentucky Bill Establishes Telemonitoring Reimbursement Pilot Project

On April 13, 2016, the governor of Kentucky signed into law HB95, requiring the state Department of Medicaid Services to establish a pilot project to create coverage provisions and reimbursement criteria for telemonitoring services by July 1, 2017. In order to effectuate the policy, the Department may: (i) submit a state plan amendment or waiver for approval to CMS in order to provide coverage for medically necessary telemonitoring services performed for a Medicaid beneficiary; (ii) request funding from the General Assembly; (iii) ensure that clinical information gathered while providing telemonitoring services is shared with the patient's treating health care professionals; and (iv) promulgate any necessary regulations.

Maine Issues New MaineCare Telehealth Rules

The Maine Department of Health and Human Services recently adopted new MaineCare telehealth reimbursement rules, replacing the current telehealth rules effective April 17, 2016. Importantly, the new rules: (i) eliminate the approval process previously required for use of telehealth, including the requirement that providers submit documentation showing that a physical, social, or geographic limitation existed that prevented the provider from delivering service in a face-to-face encounter or otherwise justify the use of telehealth as more appropriate; (ii) allow interactive telehealth for all medically necessary services that can be delivered remotely at comparable quality; (iii) provide for an "originating site fee" to be paid to the site housing the patient (while the remote site bills for the services rendered); (iv) provide for real-time, interactive visual and audio telecommunications or, if not available, telephonic services; (v) require providers to use secure, HIPAA-compliant equipment; and (vi) require member choice, written informed consent, and member education. In addition, the rules provide for telemonitoring services to certain "eligible" members.

Maryland Amends Requirements for Medicaid Reimbursement of Telehealth Services

Maryland HB886 and SB242, signed into law by the governor on May 10, 2016, amend the requirements for the reimbursement of telehealth services provided under the Maryland Medical Assistance Program. The revised law, effective June 1, 2016, requires the Department of Health and Mental Hygiene to include primary care providers in the types of health care providers eligible to receive reimbursement of health care services provided to program recipients and authorizes the Department to require health care providers to submit a registration form with information required to process claims for reimbursement. In addition, the new law requires the Department, in consultation with the Maryland Health Care Commission, to submit a report to the Senate Finance Committee and the House Health and Government Operations Committee assessing the telehealth policies of Medicaid programs in other states and detailing planned enhancements to the Maryland Medicaid telehealth program.

Tennessee Amends Telehealth Parity Law

On April 27, 2016, the Tennessee governor signed into law SB2373, which amends the state's telehealth parity law. Specifically, the new law, which takes effect on January 1, 2017, adds state-contracted crisis service providers as covered providers and requires reimbursement for telehealth services without any distinction or consideration of the geographic location or any federal, state, or local designation, or classification of the geographic area where the patient is located.

Telehealth Parity: Legislative Recap

A number of state bills regarding reimbursement for telemedicine services have moved through their respective legislatures since our last Update. Arizona SB1363, which removes the "rural region" limitation in the telehealth parity law, was signed by the governor on May 17, 2016. The governor of Florida approved HB7087 on April 14, 2016, creating the "Telehealth Advisory Council" within the state Agency for Health Care Administration to review the current insurance landscape and make a formal report to the governor and legislature. Hawaii SB2395, which removes language requiring a health care provider to be physically present with the patient at the originating site during a telehealth encounter and requires all insurers to provide current and prospective insureds with written disclosure of coverages and benefits associated with telehealth services, was enrolled to the governor on April 29, 2016. Finally, Washington SB6519, which adds the patient's "home" to the list of approved originating sites, was signed into law on March 29, 2016.

Global Happenings

China Issued New Work Plan to Develop the Digital Health Care and Telemedicine Industry

On April 21, 2016, China's highest executive body, the State Council of People's Republic of China ("PRC"), circulated a Key Work Plan for Deepening the Medical and Health Care System Reform in 2016 ("2016 Work Plan") to highlight key tasks for its ministries and departments as well as provincial-level governments to deepen medical reform in 2016. Such key tasks include speeding up the establishment of a hierarchical medical treatment system and promoting the use of health care and medical big data in certain mature regions and industries as pilots.

To establish a hierarchical medical treatment system, patients with different needs will be directed to hospitals at different levels as opposed to one prestigious hospital. This preliminary ranking process in the 2016 Work Plan is widely viewed as a win for the digital health and telemedicine industry. The 2016 Work Plan is also expressly aimed at driving online medical appointment payment systems and developing telemedicine and telepharmaceutical services.

Chinese local governments are anticipated to provide follow-up guidance to implement the 2016 Work Plan. On May 16, 2016, the Shanghai government held a meeting regarding further medical and health care system reform, and Yang Xiong, the mayor of Shanghai, pointed out at this meeting that the government will embrace the "internet plus medical treatment" modalities promoted by the 2016 Work Plan.

Some pioneering industrial players have already made movements in this regard. For example, on December 7, 2015, the first online hospital in China was incorporated in Wuzhen, Zhejiang Province, and its services include making appointments with a doctor online, providing telemedical treatment, and issuing e-prescriptions. On January 18, 2016, Ali Health (a subsidiary of the Alibaba Group) entered into a cooperation agreement with a hospital in Wuhan, Hubei Province, under which they will establish a virtual hospital to conduct medical treatment, prescribe medicines, and sell and even deliver drugs and therapies. Additionally, Tencent, a leading Chinese internet service company, is also working on an online platform that provides integrated physician information to assist patients in making well-informed decisions when choosing doctors.

Mexican Official Standard for Telemedicine Services

On December 21, 2015, the Ministry of Health published the Mexican Official Standard project PROY-NOM-036-SSA3-2015 ("NOM") for a 60-day public consultation period that expired on February 19, 2016. The NOM establishes procedures for medical personnel providing remote medical attention and minimum requirements, and infrastructure characteristics for establishments providing remote medical attention.

The project was prepared in compliance with the provisions of Article 32 of the Mexican General Health Law, which establishes that in order to promote investment in telehealth and telemedicine applications, the government must develop a legal framework to ensure safety and efficiency in distant medical attention, encourage use of communication technologies, and employ communication as an instrument to reach the public health objectives. Although a strict reading of the NOM could indicate that the law may be enforced only in Mexico, the law appears to apply only where both the consulting hospital and remote physician/hospital meet NOM requirements.

Given the novelty of this issue and the increasing importance of telehealth in Mexico, it is surprising that a definitive version of the NOM (with related comments received during the public comment period that ended in February 2016) has not yet been published.