New telehealth guidance from HHS in preparation for PHE expiration
The U.S. Department of Health and Human Services (HHS) released new guidance this week surrounding telehealth and HIPAA compliance following the eventual conclusion of the COVID-19 public health emergency (PHE). Throughout the pandemic, the Department instituted various flexibilities tied to the PHE that waive many of the generally applicable rules governing Medicare telehealth services. While largely not new information, HHS’ guidance does provide helpful clarifications surrounding when the Office for Civil Rights will stop utilizing enforcement discretion, as well as important clarifications on audio-only telehealth visits which were not reimbursable under Medicare prior to the pandemic.
Of note, HIPAA enforcement discretion was not one of the waivers extended by Congress for five months following the conclusion of the PHE. In an effort to ensure medical groups are aware of their obligations immediately following the expiration of the PHE, MGMA Government Affairs will soon release a member-exclusive resource outlining the reintroduction of HIPAA requirements for audio-visual and audio-only telehealth services.
MGMA provides recommendations to HHS on provisions of the HITECH Act
Last week, MGMA provided feedback to HHS Secretary Becerra in response to the Department’s request for information on certain provisions from the Health Information Technology for Economic and Clinical Health (HITECH) Act. With cybersecurity attacks on healthcare organizations escalating in recent years, medical groups have had to become more vigilant and take increased precautions to protect themselves and the patients they treat.
MGMA applauds HHS for engaging with stakeholders to better understand what recognized and effective cybersecurity practices medical groups have voluntarily implemented and offers the following recommendations as the Department considers future cybersecurity regulations:
-
Offer flexibility to medical groups surrounding which security programs they implement;
-
Provide best practices and frameworks to help medical groups as they implement acknowledged cybersecurity policies into their practices; and
-
Take steps to prevent unnecessary confusion and burden by considering other rules and policies impacting medical groups while developing additional regulations.
Additional education opportunities needed on information blocking
On Monday, MGMA and other leading healthcare organizations wrote to HHS Secretary Becerra urging that the Office of the National Coordinator (ONC) for Health Information Technology, Office of the Inspector General, and Centers for Medicare & Medicaid Services, work collectively to provide additional educational opportunities and content — including best practices and implementation guides — for medical groups surrounding the implementation and enforcement of information blocking requirements. The letter also requests that the agencies provide medical groups with warning communications that include corrective action steps prior to imposing any penalties related to information blocking adjudication.
More information about information blocking requirements, including FAQs and webinars, may be found on the ONC’s website