COVID Waivers: Preparing for the End

How many people remember how healthcare fully operated prior to the onset of the COVID-19 driven pandemic? The question is only somewhat facetious as the delivery of care and running of organizations along with so many other components of the healthcare industry have changed to a large degree. Telehealth is an obvious area that expanded, but relationships and compliance have been impacted too.

Public Health Emergency Declaration

Back in March 2020 when COVID emerged and disrupted the world, the United States declared a public health emergency (“PHE”). The PHE was also noticed by the Department of Health and Human Services (“HHS”). The HHS PHE opened the door for the Secretary of HHS (through all of the subagencies and offices) to issue waivers or notices of non-enforcement of many regulations impacting the healthcare industry. The changes will broadly be referenced as waivers, even though from a technical legal standpoint not all waive an obligation or requirement.

A quick, non-comprehensive review of the waivers will give a bit of a reminder of just how many changes occurred. HIPAA experienced enforcement discretion to enable the rollout of telehealth tools that may not meet all HIPAA privacy or security protections. While not ever tool was given a free pass (think public facing interactive tools like Facebook Live), a whole host of tools were enabled, which ignored that so many easy to acquire compliant tools were available. While healthcare organizations are moving to mature the telehealth and virtual care offerings, it is not clearly known what posture has been adopted by all organizations. There are likely a large number of organizations still relying on free tools that don’t take the effort to meet HIPAA requirements.

Foregoing cost sharing requirements, such as copays or coinsurances, is another change that swept across the healthcare landscape. While many commercial insurance plans already stopped the cost sharing waivers, Medicare still arguably lets waivers occur without needing to go through a financial hardship or other analysis. Some waivers were more clearly enacted by emergency legislation to address cost sharing related to COVID-19 care, but guidance form the Office of the Inspector General also broadly addresses cost sharing for Medicare. Normally cost sharing waivers should only occur on a limited basis and after conducting a financial hardship assessment. Those requirements were thrown out the window as a result of the COVID-19 impact and lack of cost sharing has let enabled certain services to thrive. Those certain services include a number of virtual care services that are driving better patient outcomes, but will come with a monthly patient financial responsibility that could impact ongoing participation.

Reimbursement coding also experienced a constantly changing environment early in the pandemic. While the pace of changes slowed down after a few months, a number of modifiers and new codes to reflect newly adopted services. Workflows have been adjusted and systems changed to ensure that appropriate codes and supplements are included. Going back to scrub all of those changes out will be another issue to pile on top of already busy operations.

New arrangements connected to delivery of COVID-19 services, or potentially more expansive deals, benefited from the waiver of fraud and abuse regulatory requirements. The fraud and abuse regulations are very technical, detailed, and full of traps. Not having to keep those front and center while arrangements were often established on the fly means that a whole host of contracts likely need to be rewritten or potentially terminated altogether. Reviewing and confirming compliance of all of the impacted contracts could result in potential disruption of services or the ending of certain beneficial relationships.

Where Can be Done?

Even with the PHE remaining in place, the current waning of pressing COVID issues offers an opportunity to get in front of any formal termination of the PHE. Competing concerns will always be grabbing attention, but refreshing memories as to the full scope of changes from the PHE and comparing to action taken to permanently encode changes is necessary. If an organization does not remember what modifications to procedures were put into place because of the PHE, unwinding where necessary becomes impossible. A collective effort will be necessary to tease apart all of the interconnected threads related to PHE changes.

At the same time, assessing what changes should still be permanently encoded will also help. Full relaxation of regulatory requirements is clearly not a realistic possibility or even preferred outcome, but some of the changes do need to stay. Assessing impact and developing evidence as to the good and bad of all changes can appropriately inform future action.

The current key though is to get prepared now. Waiting until the PHE expires from non-renewal will unnecessarily stress operations, which means individuals across all organizations. A proactive approach (which mirrors the trend for delivery of care) will set organizations up to continue succeeding and delivering care, which is the real goal.

The End of the PHE?

The PHE was last renewed in January 2022 and would currently expire in April. That time will be here before anyone knows it or is really ready for it. Get going now to avoid an unpleasant surprise.

Mitigate Pandemic Risks: Track Government Guidance

The COVID-19 pandemic has brought about numerous changes to the healthcare industry, most notably on the regulatory front. When the pandemic reached emergency levels in the mid-March time period, the order officially declaring a state of emergency was quickly followed by many regulatory waivers, announcements of enforcement discretion, or outright changes to the regulations. Those changes along with the interpretive guidance came out on what felt like a daily or even more frequent basis. The flurry of changes meant that all, whether the government agencies, hospitals, physicians, and others, were all scrambling to figure out what to do.

Telehealth is one area that went from extremely low utilization to the predominant means of delivering healthcare services. The Centers for Medicare and Medicaid Services started that trend by providing reimbursement equal to in-person visits for telehealth along with not paying attention to location or patient relationship requirements, among other areas. Further, the scope of who could provide services by telehealth was expanded over time, some of which came in response to pushes from particular industry groups. While the types of services that can be delivered and the types of clinicians that could bill may have received more general attention, the detail of how to file a claim and how to fill in billing documentation became very complex. At times, guidance could be completely altered from one announcement to another.

The changing ground rules on the reimbursement front are not relegated solely to telehealth. A lot of new services specifically connected to COVID-19 were rolled out, such as testing for the virus and care related to the virus for those infected. The exact billing codes and modifiers changed as new paradigms were established.

On top of the expansion of services, the government also recognized that individuals needing care may not be able to afford out of pockets costs given the cratering that occurred to the economy. To mitigate those impacts, the government permitted a lot of individual financial responsibility to be waived or otherwise not collected. Indiscriminately not collecting patient financial responsibility is a relatively significant departure from the norm, since waiving financial responsibility for all patients or even a decent number without determining need would be viewed as a form of fraud.

Other programs rolled out to benefit physicians were various funding initiatives to direct money to physician groups to make up for the lack of revenue caused by patients not coming in. At times money would just show up in individual physicians’ bank accounts or the accounts of practices. However, none of that money came free of strings. Instead, the money would be followed by lengthy attestation documents that, in brief, had physicians certifying to the government that the funds would be used for the appropriately designated purposes and that operations within the practice fit within the eligibility criteria identified by the government. Submission of the attestation was official and binding confirmation.

As already suggested though, each and every change under went at least a couple of iterations that would all come with its own guidelines for implementation. Given the fast pace of changes, how many practices or individuals could realistically state that each and every claim or attestation was submitted correctly? Likely none. Further, it is possible that a “correct” action one day could be incorrect the next. What can be done in that regard? Document, document, and document some more.

While The federal Department of Health and Human Services does have a single landing page to find all COVID-19 related documents, will that page always be there? Can the desired guidance or announcement be found? If there is skepticism about being able to locate everything resource in the future, how can documentation be achieved? Aside from what should be the standard practice of having appropriate support for claims, it may be advisable to maintain a copy of all guidance, announcements, and other statements that informed why a particular course of action was followed. Having copies of all documentation may be helpful in the event an adverse action is attempted to be taken down the road, even in spite of many statements that no fraud or abuse recoveries will be attempted absent clear indicia of fraud.

Individual maintenance of documents from the government may provide a necessary defense if things go a little haywire. Considering the need for the documentation may also push even more attention to all of the changes since collecting the documents may offer the needed push to dig a little deeper or confirm an understanding. While most are clearly trying to do the right thing and just survive with a practice still intact following the pandemic, preparing for all possible outcomes (even an optimistically unlikely worst case one) can be more fruitful from the start than trying to prove a negative in the future.

Information Blocking: Possible Fraud Concern?

National Health IT Week was a busy time with regard to government announcements. First, the final rule for Meaningful Use Stage 3 and Modifications was released and second, on the same day, the Office of the Inspector General (the “OIG”) released a reminder about information blocking concerns. The issue of information blocking has been coming up more frequently this year. It has been the subject of congressional inquiries, Office of the National Coordinator of Health IT (“ONC”) reports, and more. To some degree then, it almost seems natural that the OIG, an enforcement wing within the Department of Health and Human Services, would join the party.

The OIG is concerned the information blocking could be a way of forcing referrals or otherwise generating business. For the basis of its concern, the OIG reminds the healthcare industry that there is a safe harbor to the Anti-Kickback Statute that addresses provision of an electronic health record (“EHR”) by one company to another. The safe harbor exempts provision of an EHR from one healthcare entity to another, if the following elements are met:

1. The EHR is provided to someone engaged in the delivery of healthcare by another individual or entity (other than a lab) that bills a federal healthcare program, or a health plan;
2. The EHR is “interoperable” when it is provided (for purposes of the safe harbor, interoperable means it has been certified by the ONC);
3. The entity or individual providing the EHR does not take any action to limit or restrict the use, compatibility, or interoperability of the software with other systems;
4. The provision of the EHR is not conditioned on conducting other business;
5. The provision of the EHR in no manner takes into account the volume or value of referrals between the donor entity and the recipient entity;
6. The donation is set forth in a written agreement;
7. The entity or individual providing the EHR does not have actual knowledge or should have knowledge that the receiving entity or individual received similar items from another;
8. If the EHR can be used with any patient, there is no restriction on use of the EHR with any patient; and
9. Staffing is not included, nor is the EHR used primarily for personal use.

The elements of the EHR safe harbor have been around for a number of years at this point. It is from the basis that the OIG sent out is reminder. As the OIG states in the reminder, interoperability is a prerequisite for satisfying the safe harbor. If an EHR cannot work with others, then it is a warning sign of an issue. The reminder implies that a key and essential purpose of permitting the provision of an EHR is to enable the free flow of medical information.

Where does the reminder leave the industry though? It is clear from many discussions that interoperability is high on the mind of many in the industry. However, there is not a clear consensus as to what interoperability even means. The definition in the EHR safe harbor for the Anti-Kickback Statute likely does not bear any resemblance to popular discussions of interoperability. Merely receiving certification from ONC does not often come up as a hallmark of interoperability.

The more interesting statements from the OIG’s reminder are the examples of what the OIG is concerned about. The examples include provision of an EHR that precludes or inhibits a competitor from interfacing with the system, and a second is one where the EHR vendor agrees with the entity or individual providing the EHR to charge a high-interface fee. Both examples seem to go beyond the bare definition of interoperability contained in the safe harbor.

Interestingly, the second example veers in the direction of a concern raised by Paul Levy in a post on his blog Not Running a Hospital. Mr. Levy wrote about the new relationship between Epic and Partners Healthcare. Mr. Levy did not allege potential Anti-Kickback Statute concerns, instead questioning whether the new Epic and Partners Healthcare relationship violated antitrust requirements. However, the post focused on the requirement that all in the Partners Healthcare network adopt Epic, with a fair amount of attention spent on the difficulty of getting Epic to interact with other EHRs. Is the OIG reminder a harbinger of actions against Epic?

Time will tell whether any EHR donations will be pursued for violating the Anti-Kickback Statute or EHR vendors will be hassled for locking down systems. The primary issue is that so many branches and divisions of the government are discussing interoperability issues and are trying to address it. ONC is trying to solve from the technology side and ensure that interoperability truly exists; the OIG wants to ensure that blocking interoperability is not a means of locking in a referral source or otherwise rewarding a referral source; other branches are also considering interoperability and what it means.

The one thing missing from all of these efforts though is a common understanding of what interoperability really is. The health IT community has one view, the OIG clearly has a different one, patients likely have a third, and each new group will add its own. A common understanding or goal will be very helpful in advancing the debate and getting to a goal that could actually be realized.

One thing is for sure though, healthcare organizations should evaluate relationships where an EHR is provided under the ambit of the Anti-Kickback Statute EHR safe harbor. The OIG has puts its stake in the ground. It is a fair bet that at some point an example will be made or a whistleblower will take the reminder and run with it. Remember, the OIG has provided its warning, do not ignore it.