What’s Ahead for Connected Health Policy: State & Federal Policies Impacting Telehealth Access, Privacy Laws & Policymaker Interests

The COVID-19 pandemic further ushered in an unprecedented era of change within the healthcare industry, particularly for telehealth. While telehealth, medical privacy, and broadband issues are not new to the regulatory environment, pandemic policies have allowed healthcare to become even more connected, raising more questions than ever related to what exists and what’s ahead for state and federal telehealth policies. While pre-pandemic telehealth policy at the state and federal level often focused around payer reimbursement policies, attention during the pandemic has lasered in on state licensing and prescribing compliance across state lines. Meanwhile, as providers have ramped up technology implementation in their practices to better utilize telehealth in a relaxed COVID-19 regulatory environment, this article will look at ever-complicated and evolving medical privacy laws, as well as remaining broadband infrastructure and digital barriers. Planned post-public health emergency (PHE) telehealth policies and areas of interest for policymakers contemplating long-term connected health policies are also highlighted in terms of the future of connected health policy.

By Amy Durbin^[1]

 

I. BACKGROUND: TELEHEALTH POLICY AT THE STATE AND FEDERAL LEVEL

State and federal governments have had connected health policies related to telehealth, privacy and the technological infrastructure required for it on the books for decades. Historically, telehealth policies have focused on payer reimbursement with the federal government focusing on Medicare telehealth coverage and deferring most Medicaid and private payer policies to the states. As providers have increasingly implemented telehealth, however, state licensing boards have become more involved and started adopting their own policies around licensure and prescribing specific to telehealth.

As the healthcare world has become more electronic, federal privacy laws, the most recognized of which being the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”),^[2] were adopted to primarily ensure providers were protecting patient medical information when they shared it with insurers electronically. However, most of those laws did not contemplate a world of telehealth vendors and medical app manufacturers, including connected devices much broader than healthcare such as smartphones and smartwatches that could begin to track, store, and share health information. Unfortunately, as with the pandemic, technological advancements have also exacerbated existing disparities amongst underserved populations that have not been afforded equitable access to most services, including healthcare, digital devices, and broadband infrastructure.

All of these issues rose in importance the moment COVID-19 hit the United States and policymakers realized that increasing access to telehealth was vital in order to maintain the healthcare delivery system during a pandemic. Existing state and federal policies were expanded, waived, or relaxed to promote telehealth, while new policies were implemented. Now more than two years into the pandemic, many temporary policies have expired, and restrictions re-implemented. Some new state and federal policies have been passed that may apply temporarily, permanently, or post-PHE, leaving both providers and patients struggling to keep up with what policies are in place and how to comply in order to continue providing and accessing services via telehealth into the future.

A. Telehealth Regulatory Environment Prior-to and During the COVID-19 Pandemic

Federal telehealth policies center around reimbursement related to Medicare, which prior-to the pandemic was very restrictive in covering services provided via telehealth. Not only was coverage limited to certain services and providers, but also certain patients. Most of the restrictions were waived at the start of the pandemic and most policy expansions remain in effect given their attachment to the ongoing federal PHE.^[3]

State reimbursement policies varied widely prior to COVID, though most expanded their coverage of telehealth substantially during the pandemic, especially related to audio-only and payment parity. In terms of licensure, when telehealth is used it is typically considered to be rendered at the physical location of the patient, therefore, providers generally must adhere to the laws and regulations of the state the patient is physically located in – meaning having a license, participating in a Compact or falling under a licensing exception. Licensing exceptions pre-pandemic were limited, but once COVID hit, almost all states implemented some type of temporary policy related to out-of-state providers.^[4] Emergency state orders related to out-of-state providers varied widely as some states allowed blanket licensure waivers while others had a very specific process put into place that required approval and association with in-state health care facilities. Many states also relaxed policies related to prescribing limitations. Remaining COVID-19 flexibilities can be found utilizing the Center for Connected Health Policy’s (“CCHP”) Policy Finder tool.^[5]

B. Overlapping Connected Health Privacy Laws

One of the main federal PHE flexibilities instituted at the beginning of the pandemic included relaxed enforcement of certain federal privacy laws related to the use of various telehealth technologies.^[6] The Telehealth Notification issued states that the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) will exercise discretion in penalizing providers under HIPAA related to their good faith use of audio or video remote communication technologies during the federal PHE. While states often refer to federal guidance related to privacy issues, especially during the pandemic, some may have their own privacy laws as well. Not only do federal and state privacy laws overlap, with states sometimes adopting more-strict requirements, but general privacy and medical privacy laws can also both apply. For example, California has their own medical privacy laws that are more expansive than HIPAA,^[7] as well as laws that apply to personal information outside of medical information.^[8] Since HIPAA only really applies to electronic information and medical providers, with the increased use of devices that track and receive health information, policymakers are now focused on adopting laws that apply medical privacy requirements beyond medical entities, such as computer and phone applications used by businesses as well as the manufacturers of connected devices that maintain and potentially share such information.

In addition, schools that may provide access to healthcare services either in-person and/or via telehealth must comply with their own set of privacy rules, and often laws may be different and specific in the case of a minor’s privacy. Sometimes mental health information is governed by even more heightened requirements. Varying regulatory environments and authorities when it comes to privacy have thus become even more complicated the more connected healthcare has become. Understanding who (i.e., medical provider, school, or general business) and what (such as medical information, personal information, medical records, or an actual device) exactly a law applies to is increasingly important. In terms of telehealth, rules may also vary based on the type of modalities used (i.e., audio-only, live video, or store-and-forward messaging applications), meaning providers need to be mindful of compliance across all different platforms or systems used.

Some states and insurers have their own policies governing the types of technologies that can be used as well. Regardless of platform or modality, under HIPAA, safeguards to limit incidental uses or disclosures of personal health information (“PHI”) should be implemented, such as conducting telehealth in a private setting, using low voices, and recommending patients be in private setting.^[9] OCR has also identified certain public-facing communication products to be unacceptable forms of remote communication as they are inherently designed to be open to the public, such as TikTok, Facebook Live, Twitch, or public chat rooms.^[10]

C. Broadband and Infrastructure Issues

While audio-only has not always been contemplated underneath telehealth policies, attention during the pandemic to the telephonic modality has largely risen due to remaining broadband and digital infrastructure barriers across the country, which often impact underserved communities in particular. Not only do technological issues often arise more frequently for providers and patients attempting to use live video telehealth, but for patients in rural areas and those without access to affordable broadband or digital devices, audio-only may be their primary option to accessing healthcare. As connected as it may seem we’ve all become, the digital divide – which refers to the gap between Americans with access to telecommunications and information technologies and those that do not^[11] – shows that is not always the case. This issue has become apparent in many other areas as well, for instance in education which struggled to provide distance learning to all students during the pandemic. Since the digital divide impacts numerous aspects of our lives, a real solution requires engagement across an expanding group of stakeholders and state and federal agencies. In response, numerous initiatives and investments into broadband have been made at all government levels just over the past couple of years, further necessitating outreach across communities to ensure those needing additional resources are aware of the options that may be available. In addition, some states are seeking to further regulate broadband providers directly so that they provide additional resources and access to affordable, high-speed, and high-quality broadband.

 

II. WHAT’S NEXT: THE FUTURE OF TELEHEALTH POLICY

The pandemic opened a policy window for the future of telehealth policy and connected healthcare. While advocates continue to press for policies to be made permanent at the state and federal levels related to telehealth there are certain policies that are still likely to end. The status of state COVID telehealth policies vary widely as some have ended due to a specific expiration date or the end of the state’s PHE, while other policies have been made permanent or extended to a future date. Federally, at the time this article is being written, we’ve seen the Administration taking some steps towards permanent policy for Medicare, but many of the temporary telehealth COVID policies on the federal level would require Congressional action to make them permanent.

At this time, there’s only been a small grace period provided after the PHE to extend some of the temporary telehealth policies. Part of the reason for the slower action by Congress is not only the continued existence of the PHE, but hesitation from some members on the efficacy of telehealth. Several Congressional members have been vocal in comments regarding needing more studies on telehealth utilization, potential inequities, and fraud, as well as the quality of care provided via telehealth, to officially guide their adoption of future telehealth policy. However, action on certain issues may be prompted by other factors. For example, regarding privacy, additional indicators exist pointing toward the potential for change and highlighting it as an area of continued focus for policymakers, regulators, and both healthcare providers and consumers – especially in light of Roe v. Wade recently being overturned by the Supreme Court in Dobbs v. Jackson. Therefore, while the opportunities for policy change in regard to telehealth and privacy may seem endless, opposing adjacent interests could further impact the ability to expand access to telehealth and connected healthcare generally.

A. Planned Post-PHE Telehealth Policies

With the renewal of the federal PHE on July 15, 2022 for another 90 days, federal Medicare telehealth expansions will remain in effect until at least mid-October 2022, including federal privacy and prescribing flexibilities.^[12] In addition, recent federal legislation passed to ensure continuation of most emergency Medicare telehealth expansions for 151 days post-PHE expiration as well.^[13] While Congress and CMS have made some policies permanent, many are set to expire either at the end of the PHE or at the end of the 151-day extension. State policies vary, but many have already entered into the post-PHE landscape and adopted long-term policies, especially related to reimbursement and licensure. Prescribing and privacy policy areas have the most unknowns but future changes at both the state and federal level are possible.

1. 1. Permanent Policies

Some of the main Medicare telehealth billing rules relaxed during the PHE were those related to audio-only reimbursement and rules limiting where the patient is located when the telehealth encounter takes place, or originating site rules,^[14] including allowing the home to be an eligible originating site. As discussed in a recent CCHP Newsletter,^[15] overall, Medicare reimbursement for eligible telehealth services^[16] when the patient is located in a geographically rural area AND in an eligible originating site will continue permanently after the PHE, similar to pre-PHE policy. There are some new allowances for mental health services and audio-only modalities post-PHE that CMS outlined through their approach to the 2022 Physician Fee Schedule (“PFS”).^[17] For instance, PFS policies will continue reimbursement of telemental health services, including audio-only, and when the patient is located at home in some instances, as well as reimbursement to federally qualified health centers (“FQHCs”) and rural health clinics (“RHCs”) for mental health visits on a permanent basis. Therefore, changes taken thus far at the federal level related to Medicare have been minimal and limited, as CMS is restricted in their ability to act without Congress making broader changes to remaining statutory requirements. The main statutory policy changes made by Congress were through H.R. 133 in December 2020, which added rural emergency hospitals as an eligible originating site and removed geographic restrictions for mental health services provided via telehealth, permitting the ability for patients to receive such services at home. However, the new allowances for mental health are attached to new in-person visit requirements and require an existing patient-provider relationship.^[18]

As far as prescribing, in one permanent federal development, the U.S. Food and Drug Administration (“FDA”) announced in December 2021 through an update on its FAQ webpage that it would be ending a longstanding policy to require the in-person dispensing of mifepristone (a drug used to terminate pregnancy).^[19] Prior to the PHE, dispensing of the drug had to occur at a clinic, medical office or hospital. However, the requirement was temporarily waived during the PHE when a mail order distribution model was launched and remains in use today.

At the state level, common permanent policy changes seen in Medicaid included allowing the home to be an eligible patient originating site, expanding covered services and providers, and adding audio-only reimbursement, which doubled from this time last year, reflecting its gained importance as a result of the pandemic. More states are explicitly allowing the ability to prescribe and a patient-provider relationship to be established through a telehealth exam, for instance West Virginia explicitly allows audio-only calls to establish the relationship. Many states have also updated their licensure policies, with joining licensure compacts continuing to be increasingly common.

As of Spring 2022, 15 states now have licensure processes and exceptions specific to practicing telehealth across state lines,^[20] although the criteria to participate in each vary widely. Some states still require certain fee and application processes similar to licensure, some of those processes only apply to certain boards/practitioners, and other exceptions only apply in very specific circumstances. Given nuances in state laws and requirements that continue to frequently evolve, it is best to check with state licensing boards both in the state where the provider is located and in the state the patient will be located to ensure the state doesn’t have any additional rules or unique interpretations of the law.

1. 2. Extended Policies Set to Expire

Medicare reimbursement for telehealth services provided to patients at home and the expanded list of eligible providers allowed during the PHE in Medicare, such as occupational therapists, physical therapists, speech language pathologists and audiologists, are policies only protected during the PHE and during the 151-day extension period. During the COVID-19 pandemic, additional services were also temporarily made eligible for reimbursement if provided by telehealth. Some of these services have been approved to be made permanently available after the PHE, others were put into a special category that will make them temporarily available through the end of 2023, and the rest would have not been eligible to be provided via telehealth in the Medicare program after the PHE is declared over. However, in July 2022 CMS released proposed changes for the FY 2023 Medicare PFS^[21] clarifying that they will continue to cover those latter services as eligible Medicare telehealth services^[22] through the 151-day extension period.

Some states have gone the temporary extension route, for instance Maryland^[23] and Minnesota^[24] passed laws extending COVID-19 audio-only reimbursement and payment parity requirements until June 30, 2023. Connecticut^[25] also extended some policies including audio-only until June 20, 2023, and California^[26] extended their COVID-19 telehealth policies until the end of 2022. Many states also seem poised to study COVID telehealth expansion impacts to govern further long-term regulatory changes.

1. 3. What We Don’t Know

Currently, emergency federal prescribing and privacy flexibilities are slated to end post-PHE. When the PHE ends, the in-person requirement (with limited exceptions that allow a patient to be located in a doctor’s office or hospital registered with the Drug Enforcement Agency (DEA)) will likely go back into effect. Congress directed the DEA to promulgate regulations to allow for further exceptions to online federal prescribing restrictions so that telehealth can be further used to prescribe controlled substances through creation of a registry, but the DEA has yet to do so – however, in 2021 they made a comment in an unrelated matter that they intend to do so soon.^[27] As far as privacy, OCR’s enforcement discretion to telehealth providers allowing them to utilize any non-public facing remote communication product, even if they don’t fully comply with the requirements of HIPAA,^[28] is also set to expire at the end of the PHE. Nevertheless, since this decision was made administratively, OCR technically has the ability to keep this policy or allow it to expire.

B. Ongoing Research Efforts: Policymaker Concerns & Desire for Data-Driven Policies

It is possible a number of recent telehealth studies and ongoing research efforts will impact long-term telehealth policy adoption and guide the future connected healthcare landscape. Not only have states commissioned studies into telehealth utilization and inequities, but Congress has as well. Therefore, it is important to note general findings and hope that policymakers take all studies into context as a whole before rushing to any conclusions that result in policy negatively impacting access to care.

1. 1. Inequity Concerns

Focus on the relationship between telehealth and disparities in access to care continues to be a main focus of research and has resulted in new studies examining pandemic era data and the use of telehealth among disadvantaged populations. While policymakers and studies often try to put findings into two groups, whether telehealth increases or decreases inequities, to determine whether to expand or restrict coverage long-term, research shows that the study framework used and considerations made may impact outcomes more so than telehealth itself. For instance, in May of this year, a study was published in Health Affairs that found that as a result of emergency federal telemedicine coverage expansions, access increased for all Medicare populations, including those in the most disadvantaged areas.^[29] The study was framed to examine the impact of expanded telehealth coverage policies on different populations, rather than looking at access generally where inequities have unfortunately always existed. Comparing pre-COVID temporary waiver data with post-waiver implementation data, the authors discovered that the highest odds of utilization were among those in disadvantaged and metropolitan areas. As reported in a Managed Healthcare Executive article on the study, the Johns Hopkins researchers concluded that the results suggest that increased Medicare telemedicine coverage policies improve access to underserved populations without worsening disparities.^[30]

An additional study published this year in Telemedicine Journal and e-Health showed that a virtual care program at Penn Medicine is reducing barriers to access specifically for Black patients and eliminating historic disparities. The authors looked at approximately one million appointments per year in both 2019 and 2020 for Philadelphia area patients and found that Black patients used telehealth more than non-Black patients and that appointment completion gaps between Black and non-Black patients closed.^[31]

Another recent study, Policy Considerations to Ensure Telemedicine Equity, looked at various factors that must be taken into account to allow telehealth to increase equitable access to care.^[32] The author clarifies that equity is a matter beyond telehealth and is related to patient-level barriers that include family, community, and general health care delivery level factors, such as issues related to the digital divide. In addition, the article cautions against policies focusing on increased utilization concerns, stating that increased use may mean that patients are finally attaining the care they need, in addition to the fact that increased access may reduce overall health care costs. Therefore, policies seeking to reduce reimbursement or limit audio-only modalities to address utilization and cost concerns may instead primarily reduce clinicians’ willingness to offer telehealth and modalities that mitigate access barriers for historically excluded groups. The article also highlights how varying payer policies, such as those that allow reimbursement for telehealth visits with new patients versus those that do not, creates inequities, and that differing medical licensing and/or prescribing regulations by states can create inequitable access issues on top of differing coverage policies. These policy considerations are key to ensuring telemedicine mitigates inequities rather than exacerbates them.

While the pandemic generally has highlighted and exacerbated existing inequities, it has also provided the information necessary to show telehealth’s ability to address disparities and increase equitable access to care. It is important that policymakers take such findings and opportunities from studies on telehealth equity into account when looking to potentially make pandemic policies permanent in order to properly preserve telehealth’s positive impacts. It is also important that the framework used in the study be placed in context to help explain why some research speaks to telehealth disparities, or health care disparities, versus how telehealth is decreasing health care disparities. As shown in the aforementioned studies and articles, the difference in framing showcases that telehealth in and of itself does not create or exacerbate disparities, rather it is a tool that can be utilized to decrease disparities in access to care.

The tool has to be allowed to be effective, however, and that is where the role of public policy comes in. Policies must support broadband and telehealth infrastructure and promote the use of technology to deliver care equal to the delivery of in-person care. For instance, Medicaid policies that limit when telehealth can be used and/or certain allowable modalities can create inequities in comparison to more expansive commercial policies that guarantee better telehealth access to non-Medicaid patients. Therefore, policymakers must recognize that regulatory restrictions around telehealth cannot prevent already existing general access disparities, rather it is often the regulatory restrictions around telehealth that lead to exacerbating disparities.  It becomes vital that research be put into context so that subsequent policies are implemented that allow telehealth to reach its full potential to reduce disparities.

1. 2. Utilization, Cost, and Fraud Concerns

State and federal policymakers often speak to inequity concerns connected to telehealth policy expansions, but many comments focus on utilization concerns as well, which is often connected to the perception that policies allowing for the increased use of telehealth will increase utilization, spending, and ultimately healthcare costs. For instance, a report released by the Committee for a Responsible Federal Budget in April of this year details fiscal considerations in relation to the continuation of telehealth flexibilities afforded during the COVID-19 emergency. The article argues that while telehealth has potential for improvements in timely and effective access to care, it also can result in increased utilization and misaligned provider payment incentives, fraud, and abuse. The authors point out that the Congressional Budget Office (“CBO”) estimated that a permanent expansion in telehealth could cost Medicare $25 billion over ten years. As such, they urge caution in how telehealth is approached in the realms of utilization, provider incentives and fraud and abuse. The authors ultimately suggest continuing to take a measured and temporary approach to the telehealth flexibilities, suggesting that they be extended for a maximum of two additional years in order to provide time for evaluation and adjustments before policies are made permanent.^[33]

Nevertheless, the actual data doesn’t generally support that telehealth policy expansions will increase overall utilization or costs. For instance, in a recently posted analysis conducted by researchers at the University of Michigan, Medicare claims data showed a slow decline in telehealth use for evaluation and management (“E&M”) codes between its peak in 2020 through the end of 2021.^[34] In fact, telehealth made up 50.7 percent of E&M codes in April 2020, and by the end of 2021 it plateaued between 8.5-9.5 percent. Additionally, total number of E&M services were lower in 2020 and in 2021 compared to 2019 indicating that increased use of telehealth did not increase overall claims volume as many feared it would. These results should help mitigate concerns regarding telehealth’s impact on overall healthcare utilization as well as worries that it will be over-utilized by providers given the relatively small percent of claims that were received by the end of 2021 for telehealth. 

Attention to the potential for fraud connected to expanded telehealth policies has also gained steam over the course of the pandemic. Multiple investigations and studies by the Inspector General for the Department of Health and Human Services (“HHS-OIG”) in particular have been of focus to policymakers. Late last year, as part of the nomination of Christi Grimm as Inspector General, the U.S. Senate Committee on Finance asked a number of questions to which HHS-OIG provided official responses for the record (“QFRs”), showcasing not only policymaker concerns and confusion related to telehealth fraud, but the important role of HHS-OIG in terms of the future of telehealth policy. Many of the questions focused on the potential for telehealth fraud, providing an opportunity for HHS-OIG to articulate their existing enforcement work and overarching telehealth oversight strategy, and again clarify the difference between telemarketing fraud or “telefraud” and telehealth fraud.

The QFRs clearly state that in most HHS-OIG telefraud cases to date, the criminals are not engaging in telehealth fraud. Instead, the main target for these schemes is the medically unnecessary ordering of durable medical equipment (“DME”), laboratory tests, and prescriptions. While HHS-OIG says it is aware of allegations of telehealth fraud – billing for a telehealth service that does not occur or upcoding telehealth claims – those are only a small portion of their work. The majority of their enforcement remains around telefraud – aggressive telemarketing scams where bad actors conduct “cold calls” to Medicare beneficiaries to connect them with fraudulent provider orders. In terms of addressing the potential for fraud generally within the system, HHS-OIG suggested the need to increase telehealth literacy amongst patients and disseminating additional compliance and billing materials for providers.^[35] It is important that policymakers understand these nuances in relation to telehealth fraud, as its potential in connection to telehealth policy expansions is not as significant as some appear to think.

C. Policymaker Interests, Privacy, and Abortion Decision Impacts

Some of the main indicators regarding potential long-term telehealth policy and the future of connected care regulation can be found in policymaker interests and comments, as well as the latest current events related to abortion considerations connected to both telehealth and privacy policy. Attention and support from prominent policymakers for making telehealth expansions permanent has been expressed, and generally, the issue of privacy is always a hot topic, with developments and interest in that area further increasing as of late in connection to health privacy policy. The recent Supreme Court ruling overturning Roe v. Wade has many looking to telehealth as a potential solution for those seeking abortion care and the federal government has also acted to increase telehealth access and address privacy concerns in that regard.

1. 1. Bipartisan Telehealth Support and Policymaker Privacy Focus

Hundreds of bills exist at both the state and federal levels regarding telehealth. Despite many being unlikely to pass, their introduction by legislators on both sides of the isle showcases there is a large amount of interest and bipartisan support surrounding long-term policies allowing access to care via telehealth. At the federal level, over 200 pieces of telehealth legislation exist^[36] not to mention bills that impact connected health, broadband, and privacy issues more broadly. In addition, the Secretary of HHS, Xavier Becerra has been quoted expressing support for telehealth multiple times – even despite CBO estimates that telehealth expansion would increase federal budget costs.^[37] A Politico article, sent via their email newsletter (subscription required) quoted him as pointing out that wearables can provide cost savings, and that “the Congressional Budget Office sometimes gets in the way because what they see as a savings may not be what you and I agree [are] a savings… there are some things that on a bipartisan basis we can do that will reduce cost, not just mask the cost.” In addition, earlier this year, a bipartisan group of 36 Senators and 7 members of the House sent a letter to Congressional leadership supporting permanent telehealth expansions.^[38] 

In June of this year, a bipartisan group of federal legislators introduced the American Data Privacy and Protection Act, which creates a national standard regarding the collection of consumer data by online companies, giving consumers more rights of the use of their data.^[39] According to a House Committee on Energy and Commerce press release on the bill, given its bipartisan and bicameral nature, it is being represented as “the best opportunity to pass a federal data privacy law in decades.”^[40] The bill does include health information, as well as some exceptions for entities covered by and in compliance with other privacy laws, including HIPAA,^[41] but it may still have some ability to overlap with and further complicate similar state laws.

In addition, last year the Federal Trade Commission (“FTC”) signaled a focus on further regulating health apps similar to health providers with its statement that apps and connected device companies that collect health information must comply with the FTC’s Health Breach Notification Rule.^[42] Thereby, while such companies are not directly subject to HIPAA as they are not providers, they may still be regulated as a provider under similar health rules.

1. 2. Dobbs v. Jackson – Abortion Decision Impact on Telehealth & Privacy

Given the recent Dobbs v. Jackson decision by the Supreme Court overrunning Roe v. Wade,^[43] many are now looking to telehealth as a means to help ease the burden of individuals seeking abortions in states where it may now be illegal. This has further raised concerns related to privacy of information, especially for telehealth companies and providers, as well as patients, that fear personal health information could be tracked through telehealth applications, including whether or not patients have sought an abortion across state lines. Mailing abortion medications only became possible last year due to the easing of FDA medication requirements as a result of the COVID-19 pandemic. According to research from the Guttmacher Institute, even prior to the recent decision, 19 states already prohibited medication abortions by requiring an in-person visit for abortion medication to be prescribed and dispensed.^[44]

Post-Dobbs, additional states may take similar action. While telemedicine allows individuals in states where abortion is banned to access physicians in states where it is allowed, it is important to note that the place of service is considered to be the physical location of the patient. Therefore, it would be the laws and regulations of the state the patient is physically located in that would apply, including any abortion ban. According to Politico, many physicians are planning to provide abortion services to out-of-state patients if they can.^[45] In addition to privacy, this will draw increased focus on state licensure policies and exceptions.

In response, we’ve already seen related federal policy actions. On June 29^th the HHS OCR updated their HIPAA Privacy Rule and Disclosure of Information online guidance for reproductive health. The guidance stresses that, without the individual’s express permission, PHI can only be shared in specific situations outlined in law, including when it is required by law, is a disclosure for law enforcement purposes, or is a disclosure to avert a serious threat to health or safety.^[46] In all these circumstances, HIPAA permits but does not require a provider to report an individuals’ PHI (including abortion status if that is what is being requested). On the same day, OCR also updated online guidance related to privacy and security of health information stored on personal cell phones and tablets, clarifying again that HIPAA rules generally do not protect health information when it is accessed through or stored on a personal cell phone or device, unless the app is provided by a covered HIPAA entity or business associate.^[47]

The Dobbs decision could lead conservative-leaning states to further restrict telehealth policies related to reimbursement, prescribing, and licensing, not to mention privacy policy impacts. The same may be seen in more progressive states in regard to adopting policies that further increase reproductive access via telehealth as well as privacy protections and potentially licensing flexibilities. Overall, given policymaker investment into promoting telehealth and privacy issues, pushes for additional policy changes appear inevitable at both the federal and state levels.

III. CONCLUSION

While connected health policies have never been as complicated and subject to change, the ability for telehealth and connected health technologies to improve access and decrease inequities has also never appeared stronger. It remains important to track regulatory efforts and perceptions that contribute to telehealth policy development, including privacy and broadband initiatives, as each is an integral component in ensuring practitioners and patients can provide and receive quality access to care. Moving forward, healthcare stakeholders and policymakers should continue to work together to understand and address remaining barriers while improving communication around available resources to providers and patients. In examining and committing to improve access to connected care long-term, policies could also help usher in some much-needed stability within the country’s post-PHE healthcare system.

---

[1] Policy Advisor, Center for Connected Health Policy.

[2] Health Insurance Portability and Accountability Act of 1996, 110 Stat. 1936, 42 U.S.C. §§ 101-521, https://www.govinfo.gov/content/pkg/PLAW-104publ191/html/PLAW-104publ191.htm.

[3] Office of the Assistant Secretary for Preparedness & Response, U.S. Department of Health & Human Services, Renewal of Determination that a Public Health Emergency Exists, (July 15, 2022), https://aspr.hhs.gov/legal/PHE/Pages/covid19-15jul2022.aspx.

[4] Juan J. Andino et. al., Interstate Telehealth Use by Medicare Beneficiaries Before and After COVID-19 Licensure Waivers, HEALTH AFFAIRS, June 2022, https://www.healthaffairs.org/doi/abs/10.1377/hlthaff.2021.01825?journalCode=hlthaff.

[5] Center for Connected Health Policy, Policy Finder, https://www.cchpca.org/all-telehealth-policies/.

[6] Office for Civil Rights, U.S. Department of Health and Human Services, Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency, (April 21, 2020), https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08416.pdf.

[7] Confidentiality of Medical Information Act, California Civil Code §§56, https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=56.10.&lawCode=CIV.

[8] California Consumer Privacy Act of 2018, California Civil Code §§ 1798, https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5.

[9] Office for Civil Rights, U.S. Department of Health and Human Services, FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency, https://www.hhs.gov/sites/default/files/telehealth-faqs-508.pdf.

[10] Id.

[11] Congressional Research Service, The Digital Divide: What Is It, Where Is It, and Federal Assistance Programs, (March 9, 2021), https://sgp.fas.org/crs/misc/R46613.pdf.

[12] Office of the Assistant Secretary for Preparedness & Response, supra note 2.

[13] Consolidated Appropriations Act, 2022, 136 Stat. 49, https://www.congress.gov/117/plaws/publ103/PLAW-117publ103.pdf.

[14] Center for Connected Health Policy, Federal Medicare Overview, https://www.cchpca.org/federal/?category=medicaid-medicare&topic=overview.

[15] Center for Connected Health Policy, Insight from CCHP: Telehealth Policies Impacted by Anticipated Upcoming End to PHE, (April 12, 2022), https://mailchi.mp/cchpca/insight-from-cchp-on-telehealth-policies-impacted-by-anticipated-upcoming-end-to-phe-and-much-more.

[16] Centers for Medicare and Medicaid Services, List of Telehealth Services, (June 17, 2022), https://www.cms.gov/Medicare/Medicare-General-Information/Telehealth/Telehealth-Codes.

[17] Centers for Medicare and Medicaid Services, 2022 Physician Fee Schedule, (November 19, 2021), https://www.govinfo.gov/content/pkg/FR-2021-11-19/pdf/2021-23972.pdf.

[18] Center for Connected Health Policy, Telehealth Provisions in the Consolidated Appropriations Act, 2021 (HR 133), (January 2021), https://www.cchpca.org/2021/04/Appropriations-Act-HR-133-Fact-Sheet-FINAL.pdf.

[19] U.S. Food and Drug Administration, Questions and Answers on Mifeprex, (December 16, 2021), https://www.fda.gov/drugs/postmarket-drug-safety-information-patients-and-providers/questions-and-answers-mifeprex.

[20] Center for Connected Health Policy, State Telehealth Laws and Reimbursement Policies, (Spring 2022), https://www.cchpca.org/2022/05/Spring2022_Infographicfinal.pdf.

[21] Proposed Rule, Centers for Medicare and Medicaid Services, Medicare and Medicaid Programs: Calendar Year 2023 Payment Policies under the Physician Fee Schedule, (July 29, 2022), https://www.federalregister.gov/public-inspection/2022-14562/medicare-and-medicaid-programs-calendar-year-2023-payment-policies-under-the-physician-fee-schedule.

[22] Centers for Medicare and Medicaid Services, supra note 15.

[23] Center for Connected Health Policy, Maryland Medicaid Email, Phone, & Fax, (Jan. 25, 2022), https://www.cchpca.org/maryland/?category=medicaid-medicare&topic=email-phone-fax.

[24] Center for Connected Health Policy, Minnesota Medicaid Email, Phone, and Fax, (March 28, 2022), https://www.cchpca.org/minnesota/?category=medicaid-medicare&topic=email-phone-fax.

[25] Center for Connected Health Policy, Connecticut Medicaid Email, Phone, and Fax, (Feb. 7, 2022),  https://www.cchpca.org/connecticut/?category=medicaid-medicare&topic=email-phone-fax.

[26] Center for Connected Health Policy, California Medicaid Email, Phone, and Fax, (Jan. 17, 2022), https://www.cchpca.org/california/?category=medicaid-medicare&topic=miscellaneous-medicaid-medicare.

[27] Final Rule, Drug Enforcement Administration, Registration Requirements for Narcotic Treatment Programs with Mobile Components, (June 28, 2021), https://www.federalregister.gov/documents/2021/06/28/2021-13519/registration-requirements-for-narcotic-treatment-programs-with-mobile-components.

[28] Office for Civil Rights, supra note 5.

[29] Sanuja Bose et. al., Medicare Beneficiaries In Disadvantaged Neighborhoods Increased Telemedicine Use During The COVID-19 Pandemic, HEALTH AFFAIRS, (May 2022), https://www.healthaffairs.org/doi/abs/10.1377/hlthaff.2021.01706?utm_campaign=may2022issue&_gl=1*1qy93rn*_ga*MTUyNzI2MDk2NC4xNjUxNjk0MTI4*_ga_PVWVB9KDNZ*MTY1MTY5NDEyOC4xLjAuMTY1MTY5NDEyOC42MA..&utm_medium=press&utm_content=bose&utm_source=mediaadvisory&journalCode=hlthaff.

[30] Peter Wehrwein, Pandemic Surge in Telehealth Did Not Worsen Healthcare Disparity: Johns Hopkins researchers, MANAGED HEALTHCARE EXECUTIVE, (May 13, 2022), https://www.managedhealthcareexecutive.com/view/pandemic-surge-in-telehealth-did-not-worsen-healthcare-disparity-johns-hopkins-researchers.

[31] Rebecca E. Anastos-Wallen et. al., Primary Care Appointment Completion Rates and Telemedicine Utilization Among Black and Non-Black Patients from 2019 to 2020, TELEMED J E HEALTH, (May 2, 2022), https://pubmed.ncbi.nlm.nih.gov/35501950/.

[32] Elaine C. Khoong, Policy Considerations to Ensure Telemedicine Equity, HEALTH AFFAIRS, (May 2022), https://www.healthaffairs.org/doi/abs/10.1377/hlthaff.2022.00300.

[33] Committee for a Responsible Federal Budget, Fiscal Considerations for the Future of Telehealth, (April 21, 2022), https://www.crfb.org/papers/fiscal-considerations-future-telehealth.

[34] Chad Ellimoottil, Trends in Telehealth Use by Medicare Fee-For-Service Beneficiaries and Its Impacts on Overall Volume of Healthcare Services, medRxiv, (June 21, 2022), https://www.medrxiv.org/content/10.1101/2022.06.15.22276468v1.full.

[35] U.S. Senate Committee on Finance, Official Responses to Questions for the Record in connection with The Senate Committee on Finance’s Consideration of the Nomination of Christi A. Grimm to be Inspector General, Department of Health and Human Services, (September 2021), https://www.finance.senate.gov/imo/media/doc/Official%20Responses%20to%20Questions%20for%20the%20Record%20-%20Nomination%20of%20Christi%20A%20Grimm%20-%20Senate%20Committee%20on%20Finance1.pdf.

[36] Center for Connected Health Policy, United States Pending Legislation & Regulation, https://www.cchpca.org/federal/pending-legislation/.

[37] Congressional Budget Office, Cost Estimate H.R. 5201, Telemental Health Expansion Act of 2020, (December 4, 2020), https://www.cbo.gov/system/files/2020-12/hr5201.pdf.

[38] United States Senator Brian Schatz et. al., Letter to Congressional Leadership, (January 28, 2022), https://www.feinstein.senate.gov/public/_cache/files/b/6/b6dc8608-24a4-4f7e-bdd9-4d63e143d8d8/C854D318465A3F370874F8F6C96A6388.telehealth-extension-letter.pdf.

[39] American Data Privacy and Protection Act, United States House Committee on Energy & Commerce Bill Discussion Draft, https://www.commerce.senate.gov/services/files/6CB3B500-3DB4-4FCC-BB15-9E6A52738B6C.

[40] Press Release, United States House Committee on Energy & Commerce, House and Senate Leaders Release Bipartisan Discussion Draft of Comprehensive Data Privacy Bill, (June 3, 2022), https://energycommerce.house.gov/newsroom/press-releases/house-and-senate-leaders-release-bipartisan-discussion-draft-of.

[41] American Data Privacy and Protection Act, supra note 38.

[42] United States Federal Trade Commission, State of the Commission On Breaches by Health Apps and Other Connected Devices, (Sept. 15, 2021), https://www.ftc.gov/system/files/documents/public_statements/1596364/statement_of_the_commission_on_breaches_by_health_apps_and_other_connected_devices.pdf.

[43] Dobbs v. Jackson, 945 F.3d 265 (5^th Cir. 2019), https://www.supremecourt.gov/opinions/21pdf/19-1392_6j37.pdf.

[44] Rachel K. Jones, et. al., Medication Abortion Now Accounts for More than Half of All US Abortions, GUTTMACHER INSTITUTE, (February 2022), https://www.guttmacher.org/article/2022/02/medication-abortion-now-accounts-more-half-all-us-abortions.

[45] Ben Leonard, What’s Next for Virtual Abortions Post-Roe, POLITICO, (June 24, 2022), https://www.politico.com/news/2022/06/24/whats-next-for-virtual-abortions-post-roe-00038085.

[46] U.S. Department of Health & Human Services, HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care, https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html?source=email.

[47] U.S. Department of Health & Human Services, Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet, https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html?source=email.