Federal Government Encourages Provision of Telehealth Services During Crisis

March 20, 2020

On March 17, 2020, in response to the coronavirus pandemic, the federal government loosened restrictions on telehealth services and expanded Medicare’s coverage of such services. New regulations from the Centers for Medicare and Medicaid Services will now make it easier for health care providers to administer care to Medicare patients remotely rather than in person. Nonetheless, providers still must comply with state telehealth requirements, including but not limited to licensure, scope of practice, standard of care, and other issues. Additionally, advocacy groups have called upon state governors to waive licensure requirements for out-of-state providers administering telehealth services.

President Trump took this action under Section 1135 of the Social Security Act, which gives the Secretary of the Department of Health and Human Services (“HHS”) certain powers during a national emergency, and the Coronavirus Preparedness and Response Supplemental Appropriations Act. Medicare may now pay for office, hospital, and other visits conducted via telehealth, and providers have greater flexibility to reduce or waive cost-sharing for telehealth services.

Prior to this waiver, Medicare could only pay for telehealth on a limited basis: when the person receiving the service was in a designated rural area and when they left their home to go to a clinic, hospital, or certain other types of medical facilities for the service.


To properly administer telehealth services, the Centers for Medicare and Medicaid Services (“CMS”) advises that providers must use an “interactive audio and video telecommunications system that permits real-time communication between the distant site and the patient at home,” such as Skype and FaceTime. These telehealth services will be paid at the same rate as regular, in-person visits (a list of the health care services that can be administered via telehealth is found here). HHS has also advised that it will not conduct audits that previously ensured that Medicare beneficiaries using telehealth services had a prior relationship with the provider. This guidance practically means that telehealth services can now be administered to new or established patients.

Virtual Check-Ins

CMS guidance also advises that Medicare beneficiaries may also have a “brief” communication with their provider via telehealth called a “virtual check-in.” Medicare will pay for these “virtual check-ins,” which can be administered using a wider array of telecommunications means than can regular telehealth visits (for instance, virtual check-ins are not required to have both audio and video). Whereas telehealth services are more in-depth, virtual check-ins are used to determine if an in-office visit is necessary. Virtual check-ins can only be provided to already existing patients, are not “related to a medical visit within the previous 7 days,” and do not lead to “a medical visit within the next 24 hours (or soonest appointment available).” The patient’s verbal consent must be given to receive these services, and Medicare co-insurance and deductibles generally apply.


In addition to telehealth services and virtual check-ins, Medicare beneficiaries may initiate communications with their provider by using the provider’s online portal (“E-Visits”). E-Visits can only occur with already existing patients, and may occur over a 7 day period. The patient must verbally consent. Medicare coinsurance and deductibles apply.

Providers and payors should become educated on the relevant codes associated with telehealth services, virtual check-ins, and E-Visits. CMS has provided a helpful chart, included below. Providers should also remain mindful of other risks associated with telehealth, such as prescribing medication without a physical exam, the need to take vitals, and otherwise maintaining the standard of care.


HHS’ Office of Civil Rights (OCR) is responsible for enforcing HIPAA. It notified the health care community on March 17, 2020, that, effective immediately, in light of the pending national emergency, it will exercise its enforcement discretion and will not impose penalties for noncompliance with HIPAA by “covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” This applies only to non-public facing remote communication products, such as Skype, FaceTime, and Zoom for Healthcare. This exercise of enforcement discretion applies to all telehealth services, not only those related to COVID-19.

When using services like Skype and FaceTime, HHS has advised that providers should notify patients that these services have privacy risks, and HHS has further encouraged providers to encrypt the communications if possible. Public facing services like Facebook Live, Twitch, and TikTok should not be used.

HHS advises providers to use services that represent that they are HIPAA compliant and that will enter into business associate agreements. But this guidance is not mandatory as HHS’ Office of Civil Rights has advised that it will waive HIPAA penalties for providers that provide telehealth services to patients “in good faith through everyday communications technologies, such as FaceTime or Skype.” The Office of Civil Rights has advised, though, that the protections of HIPAA’s Privacy Rule are otherwise still in place.

In response to the coronavirus (COVID-19) pandemic, Lewis Rice has formed a COVID-19 Task Force which brings together subject matter authorities from various practice areas within the Firm who stand ready to assist our clients as they navigate these challenging and evolving issues. We will continue to monitor the myriad legal and other developments that may impact our clients.

If you have legal questions related to COVID-19, please reach out to a member of the Task Force. If you have any questions or need assistance with these new telehealth guidelines, please contact one of the authors above or another member of the Lewis Rice Health Care Group.