Close up of health insurance formThe New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act takes effect today, August 30, 2018, and requires all licensed health care professionals in New Jersey (including physicians, nurse practitioners and physician assistants, among others) who bill health benefits plans issued or delivered in New Jersey to provide certain disclosures to patients enrolled in such Plans.

The Act also contains additional obligations for physicians, including with respect to billing certain out-of-network services.  For more information regarding the Act’s impact on health care professionals and their employers, please see our Fox Rothschild Health Law Alert.

CMS recently issued its proposed changes to the 2019 Medicare Physician Fee Schedule, which include a controversial change to the reimbursement rates for Level 2-5 evaluation and management (E/M) services and some notable changes to the Quality Payment Program.  This post highlights some key aspects of the Proposed Rule that will affect medical practices.

Red stethoscope with a pile of hundred dollar bills.CMS views the Rule as one of “several proposed rules that reflect a broader Administration-wide strategy to create a healthcare system that results in better accessibility, quality, affordability, empowerment and innovation.”  Once finalized after public comment, the changes will be effective for calendar year 2019.

Notable Changes to the Medicare Physician Fee Schedule

Consolidation of Level 2-5 E/M Visits.  Probably the most significant change proposed to the Physician Fee Schedule in 2019, and the most controversial, is the consolidation of the reimbursement rates for Level 2 through 5 E/M visits into one flat base rate for new patients and one flat base rate for established patients.  The consolidated reimbursement rate for Level 4 and 5 visits would be approximately $50-75 less for new patients; and approximately $16-32 less for established patients.  For Level 2 and 3 visits, the consolidated rate would be substantially more.  CMS has also provided for a number of potential modifiers to account for additional time spent, and visits related to certain specialties, such as oncology.

However, the proposed change has drawn significant criticism because a visit for a minor health issue (such as an earache) would be reimbursed at the same base rate as a visit for stage IV cancer.  Further, the American College of Physicians has recently stated that the proposed rate model would result in lesser reimbursement for Level 4 and 5 visits overall, even considering the new modifiers.

Revised Documentation Requirements. In connection with the newly consolidated rates, CMS has proposed to streamline the documentation that physicians must provide for reimbursement for E/M visits.  The purpose of these proposals, and others which CMS says it plans to make in future years, is to allow physicians more flexibility to exercise clinical judgment in documentation.  The documentation changes:

  • Would allow physicians to document E/M visits based on medical decision-making and/or time, regardless of whether counseling or care coordination dominates the visit.
  • Would not require physicians to re-document information from prior visits, only what has changed for the patient (or what pertinent items have not changed) since the last visit.
  • Would be able to review and verify certain basic information entered into the medical record by physician extenders and other ancillary staff, instead of having to re-enter the information every time.

These revised documentation requirements are intended to lead to a lesser administrative burden on physicians, which could lead to fewer audit issues and overpayments.  In that regard, the proposal is seen by some as a trade, by which CMS relieved physicians and their practices of cumbersome documentation requirements in exchange for reduced reimbursement for level 4 and 5 E/M codes.  We expect that CMS will receive substantial commentary on these documentation and rate changes in advance of the Final Rule.

Additional Changes.  Other notable changes are as follows:

  • Medicare would pay for a virtual check-in service for which the physician would check-in with a patient by phone or other device to decide whether an office visit or other service is needed.  CMS believes that this will increase efficiency for practitioners and convenience for beneficiaries.
  • Medicare would pay for a Remote Evaluation service based on recorded video or images, so that a physician could be separately paid for reviewing a patient-transmitted photo or video to assess whether a visit is needed.
  • CMS will implement updated medical supply and equipment prices for purposes of determining the practice expense portion of its reimbursement rates.  The rates for supplies and equipment used in their payment formula had not been updated since 2005.  Based on a study conducted by a contractor, CMS will implement the new rates over a 4-year period beginning in 2019.
  • CMS plans to increase the overall reimbursement rate per RVU by $0.06.

Changes to the Quality Payment Program

Beginning with the 2019 calendar year, physicians and practices will be paid under Medicare Part B based on the standard rate for reimbursement for the service, plus or minus a bonus or penalty calculated on their performance under the Quality Payment Program during the 2017 calendar year.  For more information on the Quality Payment Program, please see our prior blog post here: https://physicianlaw.foxrothschild.com/2016/12/articles/medicare/are-you-ready-for-the-new-medicare-quality-payment-program-part-2-basics-of-the-mips-and-how-to-qualify-in-2017/.

In the face of doubts regarding the future of the Quality Payment Program and the Merit-based Incentive Payment System (MIPS), CMS is making substantial efforts to encourage participation of physicians.   A number of changes are focused specifically on making participation easier for small practices, including applying the existing small practice bonus to the Quality category (instead of overall score) and providing for an additional small practice bonus for meeting certain quality measures.  CMS has also proposed that small practices meeting certain requirements have the ability to opt-in to the MIPS, as opposed to being required to participate.  In addition, CMS continues to remind all practices that it offers free consulting services from its technical assistance network for any physician seeking to meet the MIPS requirements.

Practices should also note that CMS has proposed to require physical therapists, occupational therapists, social workers and clinical psychologists enrolled in Medicare to participate in the MIPS beginning in 2019.

With respect to scoring under the MIPS, CMS proposed to remove certain quality measures which physicians have complained are of low priority in their practice.  CMS also proposed a new scoring system for the EHR Incentive Program category, and proposed to change the title of the category from “Advancing Care Information” to “Promoting Interoperability.”  The change in name reflects CMS’s emphasis on increasing accessibility of health information to patients and their providers.  The new scoring system also matches up with the newly proposed Promoting Interoperability EHR incentive program for hospitals.

Finally, CMS proposed modifying the overall scoring weights for the MIPS during 2019 as follows:

  • Quality (45%)
  • Promoting Interoperability (25%)
  • Improvement Activities (15%)
  • Cost (15%)

…and increasing the bonuses and penalties from +5%/-5% to +7%/-7%.

 

Critics of the MIPS say that efforts to minimize penalties in the hopes of encouraging participation put the entire program at risk, as the MIPS is required by law to be budget-neutral.  When the penalties are reduced, so are the bonuses.  This is probably the biggest threat to the viability of the MIPS long-term.  However, the proposed changes show that CMS is committed to making the MIPS easier to comply with, even though it is still a complicated program.  Stay tuned to Fox Rothschild’s Physician Law Blog for an update on the Final Rule, once issued this Fall.

This is the second installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.  

Soldier in uniform and doctor shaking hands with U.S. flag on background In response to the publicity surrounding long wait times and poor quality of healthcare for veterans, Congress passed a law in 2014 to improve access to healthcare for veterans. The law established the Veterans Choice Program, which requires the VA to cover a veteran’s healthcare from a private community-based physician, if the veteran lives more than 40 miles away from a VA facility or would have to wait at least 30 days for an appointment at a VA facility.  However, to qualify for coverage, the veteran is also required to obtain certification from the VA that the veteran actually lives more than 40 miles from a VA facility or would actually have to wait at least 30 days for an appointment at a VA facility.  This certification process can take anywhere from 2-10 business days or more.  Throughout this process, the veteran must wait to receive an appointment with a physician, not to mention the treatment that he or she needs.

Last month, President Trump signed the VA MISSION Act into law.  Among other things, the Act consolidates the existing VA community care programs into one program (called the “Veterans Community Care Program”) that seeks to facilitate access to healthcare outside the VA by loosening the qualification requirements for covered medical services from non-VA physicians.  Although the Act fails to remove the certification requirement, it provides additional ways for a veteran to qualify for services from a community-based physician, most notably:

  • If the VA is not able to furnish care within designated access standards established by the VA; or
  • If the veteran’s VA physician believes that receiving services from a private physician is in the veteran’s best interest, considering certain criteria, such as the timeliness of available appointments and the distance between the veteran and the nearest VA facility.  [An easy-to-read summary of the entire Act is available here:  VA MISSION Act Summary].

The designated access standards have not yet been established by the VA; however, the VA has begun the process of defining those standards by requesting comments and guidance from the public and commercial health insurance plans.  [See the VA’s Request for Information, for which comments are still pending through July 30, 2018].

The Act also provides for the expansion of an approved network of VA community-based providers under contract with the VA.  Payment rates under the Act will generally be tied to Medicare rates, although the VA will be permitted to incorporate value-based reimbursement models to promote high-quality care.  The Act also seeks to improve the sharing of medical records between community-based physicians and the VA.

The biggest question right now is whether the Act will be funded.  Currently, funding for the Act is caught up in the politics of the federal government’s next appropriations bill, which must be signed by September 30, 2018 to keep the government operational.

If funded, the new Veterans Community Care Program will likely increase the number of veterans who are able to seek treatment with community-based physicians. In the interim, the Act provided for sufficient funding to extend the Veterans Choice Program for another year, so physicians should expect a continuation of the status quo while the Act is implemented.

Stay tuned to Fox Rothschild’s Physician Law Blog for further developments on the Act and how it may impact physicians.

This is the first installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.  

MedicareCMS recently updated its list of reportable final adverse actions with respect to Medicare enrollment matters.  The change became effective as of April 30, 2018.  Going forward, suppliers (such as physicians, physician assistants and nurse practitioners) are no longer required to report prior revocations of their Medicare enrollment to CMS, and their medical practices are no longer required to report such revocations, including with respect to owners or managing employees of the practice.

Also, Medicare payment suspensions are no longer considered to be reportable final adverse actions on Medicare enrollment forms or the PECOS system.

CMS released a short, easy-to-read Medicare Learning Network article summarizing what final adverse actions must be reported on all Medicare enrollment forms and the PECOS system.  The article is accessible at this link:  MLN Article – Reporting Adverse Actions

Of note, CMS reminds all suppliers (such as physicians and their medical practices) that all final adverse actions (including those of owners and managing employees) must be reported to CMS through the applicable Medicare enrollment form or the PECOS system, regardless of whether the action (e.g., a felony or license suspension) has been expunged from a criminal record or is pending appeal in front of a court or agency.

In April, the FDA released its “Medical Device Safety Action Plan,” a short to mid-term vision for increasing the safety of medical devices.  In it, the FDA acknowledges that enhancements and changes in its approach to device safety are necessary to ensure that it is “vigilant” in keeping up with the developments in the complexity and number of medical devices.

Key to the FDA’s new approach is focusing on the “Total Product Life Cycle (TPLC)” of each type of medical device, so that safety issues are not left unaddressed following a device’s approval by the FDA.  In this effort, the FDA will emphasize timely communication and resolution of new safety issues and help to advance innovations in technology that result in safer and more effective devices.

How will this impact physicians?

Medical devicesThe Plan sets forth certain action items that the FDA will be addressing over the next few years.  Each of these items could impact physicians who use medical devices in treating patients.  Some of these matters (such as additional training for physicians) will likely require new regulations.  Others may require only funds from Congress.  Highlights include:

  1. The FDA is considering a new regulatory approach to issuing additional safety requirements for devices with newly-discovered or increased safety risks. Instead of working on a one-off basis with individual manufacturers to address safety concerns, the FDA would like to issue regulations to address new safety matters.  These regulations (called “special controls”) could require manufacturers to conduct additional training for physicians who implant the devices.

 

  1. The FDA would like to facilitate the approval of devices that appear safer than devices that are currently on the market, so that government is less of a barrier to the entry of safer devices into the market.

 

  1. The FDA would like to focus on improving the safety of medical devices implanted in women, generally, as there have been many issues with these types of devices over the years.

 

  1. The FDA would like to expand its support for a public-private system called NEST (National Evaluation System for Health Technology), which is designed to monitor insurance claims, electronic health records and other data for early signs of device problems. The project will cost $250 million over 5 years, and device manufacturers are slated to contribute $30 million to the effort.

 

  1. The FDA would like to require cybersecurity features for electronic devices, such as pacemakers and defibrillators. In response to the growing awareness of the security risks of medical devices that connect to the Internet (and, therefore, become part of the “Internet of Things”), the FDA recognized the need for a long-term focus on pre-market and post-market actions to continually address cybersecurity threats.  Expect a CyberMed Safety Analysis Board to be formed to not only evaluate cybersecurity risks of electronic devices, but serve as a “go-team” deployed into the “field” by the FDA to investigate suspected compromises to electronic device security.

More details on the Plan can be accessed on the FDA website.  Stay tuned to the Fox Rothschild Physician Law Blog for updates on how the FDA’s implementation of the Plan could impact physicians.

The transportation landscape in America has evolved and these developments are now impacting health care. With about 75 percent of the U.S. population living in a county with access to an on-demand ride-hailing service, many patients are turning to ride-share services, like Uber and Lyft, as a means to obtain their medical care.

The idea of partnering ride-sharing and health care is not new. Over the past few years, ride-sharing companies have been edging their way into the health care realm. Both Uber and Lyft have been testing pilot programs involving nonemergency medical transportation (NEMT) and other non-traditional health care transportation models with major providers, institutions, insurers, and transportation brokers nationwide. Until recently, most of these programs have been limited in scope to specific health care facilities, by service (e.g., concierge services that ferry flu shots to people, or enabling users to request a doctor to provide on-demand diabetes and thyroid tests) and by patient population (e.g., Medicare Advantage, Medicaid, and limited commercial payors).

Recognizing the need for accessible and cost-efficient health care transportation is not unique to Uber and Lyft. A number of revolutionary NEMT companies have emerged in various markets to supplement traditional health care transportation options and the “Big Two” ride-share companies have partnered with many of these outside vendors to enhance an established and (presumably) compliant service offering in specific markets. Certain NEMT companies, like Veyo, American Medical Response, and Circulation, have made their own name in the NEMT space. Interestingly, both Uber (in 2016) and Lyft (in 2017) announced partnerships with Circulation, utilizing Circulation’s customizable NEMT platform to integrate with each ride-sharing companies’ application program interfaces (API) and connecting with the interfaces of the health care systems’ they service.

With these numerous initiatives, it was unsurprising this year when the Big Two made their entrance into the entire health care market official. By expanding beyond outsourced NEMT ridesharing services to predetermined health care facilities, both Uber and Lyft have launched their own platforms to allow all health care providers to schedule rides for their patients.

In March, Uber introduced and launched “Uber Health,” a distinct application from the traditional Uber app, which provides a digital portal allowing health care organizations to book rides for a patient or caregiver who need help getting to and from medical appointments. Through Uber Health, unlike traditional NEMT services (where government and certain commercial payors may reimburse the transportation company for the rides), Uber bills the health care providers who sign up for Uber health monthly based on the cost of their patients’ rides, which are on par with standard Uber rates at the time of the ride booking.

On the other hand, in 2016 Lyft first introduced a service called “Concierge,” which similarly allows health care providers to set up rides for patients to get to appointments; however, also in March of this year, Allscripts and Lyft announced their partnership to incorporate the Concierge patient transportation interface directly into Allscripts Sunrise EHR so that when a patient’s transportation needs are noted in his or her medical record, a Lyft is automatically scheduled for that patient. Similar to Uber Health, under Lyft’s Concierge service, the providers pay for the rides.

This shift in health care transportation was inevitable and providers are now able to leverage the convenience of these ubiquitous apps to ensure better experience and care for their patients; however, caution should be taken to ensure that these patient rideshares are done in a legally compliant way.

Primarily, these ride-share services raise concerns under fraud and abuse regulations. Because health care providers coordinate patient transportation through the applications, providers need to be careful about offering free or discounted rides to patients which could trigger the federal anti-kickback law. Providers who treat state and federal program beneficiaries will need to ensure that the method of delivery adheres (or as closely as possible) to the Office of Inspector General’s (OIG) safe harbor regulations applicable to free or discounted local transportation. As outlined in a prior post on this Blog, in 2016 the OIG announced a safe harbor that protects a health care provider or other eligible entity (i.e., any individual or entity, except those who primarily supply health care items) from Anti-Kickback Statute (AKS) and Civil Monetary Penalty (CMP) penalties if it provides free or discounted local transportation to Medicare patients and other federal health care program beneficiaries, so long as all of a number of conditions are met. These conditions require, among other things, that there be a written policy in place which restricts how transportation services are used and advertised, and that the transportation be available only to “established patients.” Therefore, if a health care provider attempts to advertise the availability of free rides as an inducement to grow its patient base, it could quickly find themselves paying fines, including treble damages.

Additionally, many states have their own kickback prohibitions, potentially placing limitations or restrictions on the utilization of ride-share platforms for professional services. If no government beneficiaries are seen by a provider, the provider can ultimately decide whether to pay for the service or pass some or all of the cost on to their patients. Therefore, a state-by-state analysis should be performed to assess appropriate practices prior to offering ride-share services to patients. These payment and kickback concerns will continue to develop as private insurers assess reimbursement eligibility for ride share services.

One population that has been left out of the trend to partner ride-sharing with providers are those in wheelchairs or who need transportation accommodations due to a disability. Uber, was recently sued by a San Francisco-based advocacy group for not providing wheelchair-accessible transportation, and the company is now piloting such vehicles in several cities. To the extent a health care practice is “participating” in a ride-share platform, any acts of non-compliance by the ride-share company, depending on the terms of the arrangement (or lack thereof), could potentially flow to the provider, as the ride-share companies, acknowledging their status as Business Associates, are ultimately performing the services on behalf of the provider.

This Business Associate recognition prompts the overarching patient privacy concerns inherent in the ride-sharing services. Since ride-sharing companies (and their drivers) will have access to individually identifiable and/or protected health information, providers must have appropriate Business Associate Agreements (BAAs) in place to comply with the Health Insurance Portability and Accountability Act (HIPAA). Both Uber and Lyft have touted their proactive and preemptive compliance with HIPAA and publicized engagements of third-party HIPAA compliance companies to ensure development, implementation, and customization of the necessary safeguards for data security in the distinct APIs for their new platforms.

Uber asserts that Uber Health drivers won’t know which of their passengers are using Uber Health. Like a typical Uber ride, only a passenger’s name, pickup and drop-off addresses will be given to the Uber Health driver and Uber drivers are not able to opt into or out of the health service the same way that they can with Uber Eats, an affiliated food delivery service. Therefore, on a trip to a hospital or medical practice, a driver won’t know whether a rider is traveling to the health care facility using the traditional Uber app—to commute to work, for example—or is meeting a doctor through the health care platform.

The logic (or belief) is that although the ride-share companies are Business Associates, the companies’ drivers are not given any medical information and are not even informed that a ride is under the health care platform; therefore, the drivers are not Business Associates (or “subcontractors” under HIPAA). This concept has seemingly satisfied the outsourced risk and compliance assessments; however, the government has yet to opine as to whether individually identifiable health information (not just “medical information”) is truly kept private under HIPAA’s somewhat ambiguous standard of requiring only a “reasonable basis to believe the information can be used to identify the individual.”[42 CFR 160.103 (Individually identifiable health information)]

Additionally, to address obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act, Uber is storing data from Uber Health in separate servers, meaning that only select Uber employees and the health care providers have access to patient data. Furthermore, Uber is housing everything itself and is not sharing Uber Health data with anyone downstream in its supply chain, thereby eliminating obligations to manage the transfer of data or implementing third-party vendor risk management programs. Accordingly, a breach in Uber’s servers presumably should not compromise Uber Health’s data.

Despite these safeguards and demonstrated HIPAA-compliance, risks still remain (e.g., potential data breaches). Not that long ago, Uber was hit by a cyberattack exposing the personal information of 57 million riders and drivers, and the company’s delayed public notification of the incident was disconcerting to many. Providers, as Covered Entities, participating in these ride-share platforms risk potential imposition of stiff penalties for data breaches, increasing the importance of entering into a well-drafted BAA with the ride-share company.

Uber has stated they are “pleased to sign BAAs with all participating healthcare organizations” and the Uber Health’s Dashboard Terms and Conditions provide that the “Terms shall automatically terminate upon the termination of the Business Associate Agreement that the parties separately entered into…” This acknowledgement is the first step, but it is unclear as to whether Uber has their own form BAA or will accept a provider’s form/terms for each individual relationship.

The incorporation of ride-sharing transportation into the delivery of health care services can provide benefits to both providers and their patients; however, the array of health care regulatory issues should be evaluated and assessed before signing up for such programs. If you or your practice have any questions or are interested in offering a patient ride-share program, please contact Michael Bassett at mbassett@foxrothschild.com or 215.444.7191, or any member of Fox Rothschild’s Health Law Group.

 

Last month, CMS Administrator Seema Verma announced several initiatives to innovate the delivery of patient care at the ground level.  In collaboration with the Trump Administration and other federal agencies, CMS is taking steps to implement a system in which patients have control of their electronic health information and can easily transfer it between health care providers.  This system, referred to as “MyHealthEData,” is also intended to allow both physician and patient to access the clinical and payment data required to make the best healthcare decisions at the point of care.

Doctor using tablet to view electronic medical recordAs announced, CMS’s short-term efforts in connection with the MyHealthEData initiative include:

  • Launching Medicare’s Blue Button 2.0, which will allow a patient to access and share his/her healthcare information and medical history with a new physician, leading to less duplication in testing and enabling continuity of care.
  • Requiring providers to update their systems to improve data sharing.
  • Requiring hospitals to share specific types of data with a patient’s receiving facility or post-acute care provider following discharge.
  • Streamlining documentation and billing requirements for E&M codes to allow doctors to spend more time with their patients.
  • Reducing the incidence of unnecessary and duplicative testing that occurs as a result of providers not sharing data.

CMS is also taking steps to overhaul the EHR incentive programs (including the Advancing Care Information category of the Merit-based Incentive Payment System (MIPS) and the EHR Incentive Programs for Hospitals) to prioritize interoperability of EHR systems, reduce the time and costs required to comply, and prevent providers from withholding healthcare data from patients.

For more information on the MIPS and the Quality Payment Program, please see our prior post here and CMS’s interactive website on the Quality Payment Program here.

For more information on the MyHealthEData Initiative, please see CMS’s published Fact Sheet.  Stay tuned to Fox Rothschild’s Physician Law Blog for updates.

On Fox’s In the Weeds blog, associate Richard Holzworth discussed the influx of patients registering for the Pennsylvania Medical Marijuana Program, and provided an overview of key policy and procedure updates that PA’s healthcare facilities, including hospitals and long-term care providers, should adopt:

Illustration of Rod of Asclepius on marijuana leafDespite Pennsylvania’s medical marijuana industry being in its infancy, more than 17,000 patients have registered for the program, and more than 4,000 already have received their medical marijuana card from the Department of Health. Now that cannabis products have burst onto the scene, hospitals and other residential healthcare facilities are struggling with what to do when patients present medical marijuana cards and attempt to use marijuana in the facilities. Indeed, it is high time for the healthcare providers to update their policies and procedures to address these growing concerns.

Policy Considerations

In developing a medical marijuana policy, it is important for healthcare administrators to remember that medical marijuana, although legal in most states, is still classified by the federal government as a Schedule I Controlled Substance. With medical marijuana laws varying from state to state, hospitals, healthcare associations, and other stakeholders have developed and implemented a wide range of policies addressing the use and possession of medical marijuana products. These policies range from strict, categorical prohibitions to sanctioned self-therapy during hospital admission. Regardless of a healthcare facility’s philosophy (either from a political or medicinal perspective) on medical marijuana, it is important for each institution to develop and implement a comprehensive set of policies and procedures to address the inevitable circumstance of a patient presenting with a medical marijuana ID card or cannabis products in hand.

Due to the large volume of patient registrants to the Commonwealth’s medical marijuana program, PA physicians and their staff may see local healthcare facilities make changes to their policies and procedures with respect to medical marijuana in the coming months.

We invite you to read Richard’s full informative piece and stay tuned for our coverage of further developments.

Kristen Marotta writes:

Recently on Fox’s HIPAA & Health Information Technology blog, we discussed the privacy and security issues arising from the growth of telemedicine, as well as the general benefits that such growth could have for recent medical graduates. Now, with more funding and attention being given to telemedicine, new physicians will have the opportunity to make a difference in rural health care and move the industry into an entirely new direction.

The New York City skyline, including the Empire State BuildingIn New York, recent funding has been made available through the New York Office of Mental Health (OMH) to expand the use of telemedicine in the treatment of mental health patients. This new funding stream for “telepsychiatry” provides a new avenue for the practice of psychiatry in New York and provides a unique consideration for New York physicians considering the practice of psychiatry for their long-term career.

Psychiatrists or physicians considering the practice of psychiatry should familiarize themselves with the OMH’s regulations on telepsychiatry services set forth in Title 14 of the New York Code, Rules and Regulations (NYCRR), including Part 596, which recently expanded the ability of physicians to practice telepsychiatry outside of outpatient clinic settings, including between OMH-licensed sites and provider sites enrolled in New York State Medicaid. A summary of the current regulations, as well as additional guidance on telepsychiatry in New York, can be found on the OMH website. In particular, we note a comprehensive checklist and guidance published by the OMH in early 2017 regarding provider responsibilities in practicing telepsychiatry.  We also note that privacy and security concerns are discussed in this checklist. Providers rendering telepsychiatry services must comply with all federal HIPAA laws and regulations, in addition to New York’s Mental Hygiene Law Section 33.13.

Due to the nature of telepsychiatry (or any type of telemedicine), it is important for providers to remember that there are two physical locations where protected health information of patients is potentially used and disclosed. For telepsychiatry in New York, the policies and procedures at the distant site must match those of the originating site exactly. In addition, both sites must meet “the minimum standards for privacy expected for patient-clinical interaction at a single Office of Mental Health licensed location.” [14 NYCRR 596.6(b)(2)(ii)]. For confidentiality purposes, when physicians practice telemedicine of any type, they should abide by the same rules as they would for written clinical medical records.

In addition to the highly technical components discussed in the OMH’s guidance, providers will also need to substantively update their policies and procedures. Two examples that providers should note are as follows. First, written protocols and procedures relating to telepsychiatry should be developed and followed. These policies and procedures should include a special provision for obtaining a patient’s informed consent before recording telepsychiatry sessions. Second, staff trainings must include the topic of telepsychiatry and technical training of telepsychiatry equipment. Staff will also need to be “immediately available” to attend to emergencies and other concerns during the patient’s actual telepsychiatry session. [14 NYCRR 596.6(b)(7)(iii).]

Stay tuned to Fox Rothschild’s Physician Law blog for updates on how developments in the practice of telemedicine in New York and other states affect physicians.


Kristen A. Marotta is an associate in the firm’s Health Law Department, based in its New York office.

On the firm’s HIPAA & Health Information Technology blog, associate Kristen Marotta discussed the privacy and security issues arising from the growing use of telemedicine, particularly for mental health treatment. Kristen examines the myriad considerations doctors should address in setting up a telemedicine model for their practices, and notes federal funding recently made available via New York State’s Office of Mental Health to expand the use of mental health-focused telemedicine in the state.

We invite you to read Kristen’s piece, and stay tuned for an upcoming post on this blog delving into New York’s regulations surrounding telepsychiatry.