OCR Guidance on Nondiscrimination in Telehealth

/in /by

The Office for Civil Rights has issued guidance on nondiscrimination regarding telehealth services and patients with disabilities and limited English proficiency. We will outline the guidance as well as the HIPAA requirements that come into play.

What is Required?

Federal civil rights laws require providers to furnish appropriate auxiliary aids and services, such as an American Sign Language (ASL) interpreter, to those who are deaf or hard of hearing upon request. Providers must also ensure meaningful access to services by limited English proficient (LEP) patients, such as professional interpretation services.

If it is determined that some type of professional interpretation service is required, it is the responsibility of the provider to cover the expenses. Likewise, if telehealth services are provided, they must be accessible to individuals with disabilities unless doing do would result in undue financial and administrative burdens or fundamental alteration of the health program. However, practices are expected to explore the most cost-effective means of providing services before limiting them due to resource concerns.  Please see the Resources section at the end of this article for links to more information on this subject and for assistance in locating medical interpreters, translation services, etc.

Telehealth Considerations

Before the appointment – Include a way for patients to note any special needs when making the appointment or on an intake form in advance of their virtual visit. Contact the patient before their appointment to work around possible technology challenges and ensure they feel comfortable with the platform. Consider whether some patients may need longer appointment times.

Online tools – Make sure your website and online tools are accessible such as by ensuring they are compatible with screen reader software, etc.

Your telehealth platform – Consider ways to make your telehealth platform and services more accessible for patients with disabilities or limited English proficiency:

  • Choose a telehealth platform that offers accessible features, such as:
  • The ability to include an interpreter or support person on the same call with the patient and provider (whether present with the patient or from a third location)
  • Live captions
  • High-contrast display
  • Automatic transcription
  • Ensure staff are trained on how to utilize accessibility features.
  • Provide closed captioning for all pre-recorded patient video resources.
  • Use Telecommunication Relay Services as an alternative to video appointments.
  • Offer video conferencing to connect to an interpreter virtual appointment for real-time sign language or oral interpretation.

HIPAA Rules Regarding Interpretation Services

When using interpreter services (as part of telehealth visits or regular office visits), a covered entity may use and disclose protected health information regarding an individual without an individual’s authorization as a healthcare operation, in accordance with the Privacy Rule, in the following ways:

  • When the interpreter is a member of the covered entity’s workforce (i.e., a bilingual employee, a contract interpreter on staff, or a volunteer);
  • When a covered entity engages the services of a person or entity, who is not a workforce member, to perform interpreter services on its behalf, as a business associate. A business associate agreement or other contract that includes satisfactory assurances that the business associate will comply with HIPAA requirements should be signed by both parties prior to disclosure of any protected health information.

In addition, a covered health care provider may use or disclose protected health information to the patient’s family member, close friend, or any other person identified by the individual as his or her interpreter for a particular healthcare encounter. In these situations, that interpreter is not a business associate of the healthcare provider. As with other disclosures to family members, friends or other persons identified by an individual as involved in his or her care, when the individual is present, the covered entity may obtain the individual’s agreement or reasonably infer, based on the exercise of professional judgment, that the individual does not object to the disclosure of protected health information to the interpreter.

Resources

Department of Health and Human Services website on telehealth:

https://telehealth.hhs.gov/

Improving access to telehealth – Department of Health & Human Services:

https://telehealth.hhs.gov/providers/health-equity-in-telehealth/improving-access-to-telehealth#telehealth-for-people-with-disabilities

ADA Requirements: Effective Communication:

https://www.ada.gov/resources/effective-communication/

American Translators Association – Search for an interpreter in your area:

https://web.atanet.org/directory/individuals.php

National Council on Interpreting in Health Care – Review the council’s list of Interpreter Associations under the Resources menu:

http://www.ncihc.org

Additional resources are listed at the end of the HHS OCR Guidance on Nondiscrimination in Telehealth: Federal Protections to Ensure Accessibility to People with Disabilities and Limited English Proficient Persons web page:

https://www.hhs.gov/civil-rights/for-individuals/disability/guidance-on-nondiscrimination-in-telehealth/index.html

Physician Self-Referral Clarifications

/in /by

This article will overview 2020 revisions to The Centers for Medicare & Medicaid Services (CMS) Subpart J – Financial Relationships Between Physicians and Entities Furnishing Designated Health Services, 42 CFR 411.350 – 411.357, that explains requirements of and exceptions to the physician self-referral law for certain value-based compensation arrangements between or among physicians, providers, and suppliers. The 2020 final rule established a new exception for certain arrangements under which a physician receives limited remuneration for items or services provided by the physician; establishes an exception for donations of cybersecurity technology and related services; and amends the existing exception for electronic health records items and services.

411.351 – Definitions.

This section provides detailed definitions of terms for which an understanding will be necessary to comply with the requirements.

411.352 – Group practice.

This section provides very specific criteria that define a group practice and the types of physician compensation that are permitted (i.e., those that are not based on the volume or value of referrals of designated health services). The conditions that must be met and documentation requirements for permitted profit share or productivity bonuses are also provided.

411.353 – Prohibition on certain referrals by physicians and limitations on billing.

This section outlines prohibitions on submitting claims for payment under Medicare for designated health services (DHS) referred by a physician to an entity with which the physician has a direct or indirect financial relationship or has an immediate family member with a direct or indirect financial relationship. Certain exceptions, denial of payments, and refunds are explained.

411.354 – Financial relationship, compensation, and ownership or investment interest.

This section defines financial relationship and ownership or investment interests as they relate to prohibited physician referrals. Direct and indirect financial relationships, as well as compensation arrangements and related exceptions are discussed.

411.355 – General exceptions to the referral prohibitions related to both ownership/investment and compensation.

This section enumerates the exceptions to prohibited referrals concerning physician services, in-office ancillary services, services furnished by an organization (e.g., health plan) to enrollees, academic medical centers, implants furnished by an ASC, EPO and other dialysis-related drugs, preventive screening tests

and vaccines, eyeglasses and contact lenses following cataract surgery and intra-family rural referrals.

411.356 – Exceptions to the referral prohibition related to ownership or investment interests.

Requirements for exception of publicly traded securities, mutual funds, and specific providers are described.

411.357 – Exceptions to the referral prohibition related to compensation arrangements.

A description for each type of compensation arrangement that does not constitute a financial relationship (e.g., rental of office space, rental of equipment, group practice arrangements with a hospital, payments by a physician, charitable donations by a physician, nonmonetary compensation, cybersecurity technology and related services, arrangements that facilitate value-based health care delivery and payment, electronic health records items and services and many more), including specific requirements necessary to meet the exceptions, are provided.

If the modifications to this rule might apply to your practice, you may access the revised Self-Referral regulations here:

https://www.federalregister.gov/documents/2020/12/02/2020-26140/medicare-program-modernizing-and-clarifying-the-physician-self-referral-regulations

Proposed Privacy Rule Changes

/in /by

Finalization of Privacy Rule modifications is still pending

The Department of Health and Human Services (HHS) published proposed changes to HIPAA’s Privacy Rule on January 21, 2021. The proposal was under a public comment period until May 2021 and HHS expects to publish final changes in March or April 2023.

Effective Date – Once published, the final rule will become effective 60 days from its date of publication in the Federal Register.

Compliance Date – The important date for covered entities and other parties affected by the rule will be the Compliance Date which will be 180 days from the Effective Date.  This will allow covered entities ample time to make changes in policies, forms, and procedures.

Proposed Changes – There are multiple possible changes affecting an individual’s (patient’s) right of access, permitted disclosures for the purpose of care coordination and case management activities, and more.  Here is a brief listing of proposed changes that, if finalized, will have the greatest impact for providers and their practices:

  • New Terms will be introduced for Electronic Health Records and Personal Health Applications.
  • Timeliness for access to records will be amended from the current 30-day period to 15 calendar days for responding to access requests for inspection and/or copies of PHI. An additional 15 calendar days will be permitted to fulfill the request if certain conditions are met.
  • Strengthened right of inspection – Individuals will be permitted to take notes, take photographs, and use other personal resources to capture information when inspecting their designated record set.
  • Right of access fees – Reasonable, cost-based fees that may be imposed for copies of PHI (or for a summary of PHI if agreed to by the individual) will be clarified.
  • Notice of access and authorization fees – A covered entity will be required to post a fee schedule on its website, if it has one, and make the fee schedule available at the point of service and upon request that specifies the types of access to PHI that are available free of charge and standard copy fees, including for any readily producible electronic and non-electronic forms and formats. Upon request, the covered entity must provide an individualized estimate of the approximate fee for any type of request covered by the fee schedule and provide an individual with an itemized list of the specific charges for labor, supplies, and postage that constitute the total fee charged, if requested.
  • Requests to direct PHI to a third party will enable an individual to make a request to disclose their PHI to a third party in oral as well as written form (current requirement is written form) and to direct transmission of their PHI in an electronic format to a third party (if records are maintained electronically by the covered entity).
  • Care coordination and case management activities are added to the exceptions to the Minimum Necessary Standard regarding disclosures to or requests by healthcare providers or health plans with respect to an individual.
  • Business Associate Agreements must specify if the Business Associate is expected to disclose PHI to an individual or the individual’s designee upon request, rather than to the Covered Entity, as necessary to satisfy the covered entity’s obligations (to comply with patient access rights).
  • Modified Language for Notice of Privacy Practices – Several new, specific statements will need to be prominently displayed in the notice. In addition, the email address of the person who is designated to provide further information and answer questions about the notice will need to be included.
  • Obtaining acknowledgement of receipt of the Notice of Privacy Practices will no longer be required.
  • Providers of Telecommunications Relay Services (as defined in 47 U.S.C. 255(a)(3)) will be specifically excluded from the definition of Business Associates and covered entities will be permitted to disclose PHI to a TRS Communications Assistant as necessary to conduct covered functions.
  • Presumption of compliance – There are several permissions for disclosure within the Privacy Rule that will be based on a covered entity’s good faith belief that providing access is in the best interests of the individual (e.g., to prevent a serious and reasonably foreseeable harm, or lessen a serious or reasonably foreseeable threat, to the health or safety of a person or the public). The covered entity will be presumed to have complied with the good faith requirement absent evidence that the covered entity acted in bad faith.
  • Uses to carry out treatment, payment or healthcare operations – Covered entities will be permitted to disclose an individual’s PHI to a social services agency, community-based organization, home and community-based services provider, or similar third party that provides health or human services to specific individuals for individual-level care coordination and case management activities.
  • Reducing identity verification burden – Verification of patient access requests will be permitted to be done orally or in writing.
  • Unreasonable measures of verification – Unreasonable verification measures will be defined, and examples provided to help covered entities avoid impeding an individual’s access rights.

Note – Eagle Associates will provide a detailed explanation of all changes and operational recommendations once the final rule is published. 

Notice for Subscribers to Eagle Associates’ HIPAA Compliance SystemEagle Associates will publish revised policies, forms (such as Notice of Privacy Practices and Business Associate Agreements), and workforce member training prior to the compliance date.  We will also provide guidance documents to help ensure your practice is fully prepared to meet the new requirements.

Safety Training Modules

/by

a:8:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:13:”page_template”;s:8:”operator”;s:2:”==”;s:5:”value”;s:28:”safety-training-template.php”;}}}s:8:”position”;s:6:”normal”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:3:”top”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;s:12:”show_in_rest”;i:0;}

Safety Archive

/by

a:8:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:13:”page_template”;s:8:”operator”;s:2:”==”;s:5:”value”;s:27:”safety-archive-template.php”;}}}s:8:”position”;s:6:”normal”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:3:”top”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;s:12:”show_in_rest”;i:0;}

Safety forms

/by

a:8:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:13:”page_template”;s:8:”operator”;s:2:”==”;s:5:”value”;s:25:”safety-forms-template.php”;}}}s:8:”position”;s:6:”normal”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:3:”top”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;s:12:”show_in_rest”;i:0;}