The onset of the COVID-19 public health emergency (“PHE”) has resulted in an increase in the use of telehealth by healthcare providers. Additionally, the PHE has fueled a boom in the number of direct-to-consumer (“DTC”) telehealth platforms, many of which have relied on COVID-19 regulatory waivers to launch and operate in multiple states across the country. For the reasons discussed below, DTC telehealth platforms should review their compliance plans and prepare for increased state and federal regulatory scrutiny.
Concerns proliferate for telehealth platforms
Recent reports from major newspapers and other healthcare media outlets have raised concerns about DTP platforms, especially those that exploit high patient-to-provider ratios to prescribe controlled substances. This kind of media attention has resulted in increased scrutiny of these platforms by federal and state regulators. Additionally, allegations of improper care or non-compliance with applicable law may even cause ancillary service providers to cease doing business with the platforms, particularly when ancillary providers receive prescriptions or orders resulting from encounters with telehealth. Industry publications have recently reported that: (i) federal prosecutors have begun investigating a behavioral telehealth platform, likely related to issuing prescriptions for controlled substances through the platform; and (ii) two major pharmacy chains stopped filling prescriptions for controlled substances issued by providers associated with certain behavioral telehealth platforms.
Regulatory landscape and exemptions
Stakeholders should recognize that a multi-state telehealth platform will involve the laws of each jurisdiction in which patients are located, including federal laws that may apply. Therefore, a telehealth platform operating in all 50 states will need to, for example, comply with laws governing business formation, provider licensing, scope of practice, and telehealth dating in all 50 states. .
In addition to applicable federal and state laws and regulations, vendors or platforms that rely on PHE-related waivers should also keep themselves informed of the status of any waivers they rely on. For example, New York continues to maintain a professional license exemption that allows certain out-of-state licensed providers to provide in-state care for the duration of a declared state of emergency. Similarly, with respect to Medicare, Congress extended certain Medicare telehealth flexibilities for 151 days after the conclusion of the PHE, as part of the Omnibus appropriations bill for fiscal year 2022. However, other states, including Florida, have not extended their declarations of states of emergency, resulting in the reversal of emergency powers that previously allowed state agencies to relax or waive laws or regulatory requirements in health care.
Variety of risks present in telehealth agreements
The severity and type of risk present in a telehealth business will vary by jurisdiction, type of provider, service offering and composition of payers. For example, the Department of Justice has aggressively pursued health care fraud claims against individuals and entities involved in non-compliant telehealth models. Following a series of similar enforcement actions announced at PHE, on April 20, 2022, the Department of Justice announced that it had initiated criminal charges against individuals involved in various non-compliant telehealth models or ineligible, including an arrangement whereby a provider allegedly ordered genetic testing following “fictitious” telemedicine encounters.
As such, it is important for telehealth platforms – and their investors, lenders and other stakeholders – to stay informed of the regulatory pitfalls and risks associated with multi-state DTC platforms. It is important to note that telehealth platforms should be prepared to modify their business models to reduce the risk of non-compliance with applicable laws or regulations, or in response to the cancellation of COVID-19 waivers.
Notwithstanding the above, and as evidenced by the waiving of many state-level licensing or telehealth requirements, elected officials, state regulators, and industry stakeholders are increasingly aware challenges posed by the regulatory regime faced by healthcare providers and telehealth platforms. who wish to render care across state lines. In light of this increased awareness, the decline of the PHE is an opportune time to advocate for the permanent adoption of PHE telehealth-related flexibilities or waivers. However, advocacy efforts may not respond to immediate or short-term business needs in a timely manner, given the breadth of the types of laws involved in telehealth models and the number of jurisdictions served by many major health platforms. telehealth.
Top Legal Issues Telehealth Platforms Should Consider
Below are some of the important health care regulatory concerns that should be considered and re-examined by any DTC telehealth platform as scrutiny of these platforms increases.
Corporate practice of medicine and formation of professional entities
- Does the State adhere to the doctrine of practicing medicine in the workplace?
- Does the state require professional services to be rendered through a professional entity?
- What combination of entities will be needed to implement the model in all states in which the telehealth platform operates?
Cost sharing, consumer/patient cost management and financial relationships
- Does the state prohibit licensees, including physicians, nurse practitioners, or pharmacies, from sharing their professional fees with third parties?
- If so, how will patient fees be structured to meet these restrictions?
- Are financial relationships between platform stakeholders compliant with fraud, waste and abuse laws, such as prohibitions on bribery or brokering of patients which may apply regardless of payer source?
- What types of providers will provide care via telehealth?
- Are all providers licensed or otherwise authorized to provide telehealth care to patients located in a given state?
- Are all nurse practitioners, physician assistants or other licensees practicing within their respective scope of practice? Are these licensees properly supervised, where supervision or oversight is required under applicable law in the jurisdiction(s) in which they operate?
Requirements for telehealth encounters
- What type of telehealth meetings will take place on the platform?
- Do these encounters comply with telehealth encounter requirements set forth by applicable state laws, or government or private payer requirements? Does the state apply different standards, for example, to Medicaid encounters?
- Do these meetings comply with the standards of care in force, in particular when a prescription is issued following a telehealth meeting?
Prescriptions and controlled substances
- Does the state limit the types of products or medications that can be prescribed via telehealth?
- Does the state impose any other requirements or restrictions on prescribing controlled substances beyond the requirements imposed by the federal controlled substances law?
- How will the platform market its services to consumers or patients and what will the marketing entail?
- How will marketing comply with FDA rules regarding the marketing of prescription drugs and/or professional practice rules applicable to licensees?
- Does the platform treat certain data as consumption data? If so, at what point in the consumer’s interaction with the platform is the data generated governed exclusively by HIPAA? How is this disclosed to consumers?
- Have patients received appropriate consents, including a HIPAA notice on privacy practices?
- Has the platform (whether in its role as covered entity or business associate) adopted all necessary policies and procedures required by HIPAA?
- How will the data be used for marketing purposes, in accordance with applicable laws, including HIPAA?