Home Is Where The Patient Is – The New Washington State Telemedicine Bill

It is official. The Washington State Legislature appears to have bought into the promise of telemedicine. For the second year in a row, the Legislature has passed a bill (Senate Bill 6519) that helps reduce the barriers to patient access to remote healthcare.

Senate Bill 6519 builds on the 2015 telemedicine bill in the following ways:

  1.  It establishes a collaborative that is tasked with determining the best course for telemedicine in Washington; and
  2. It requires health insurers to pay providers for telemedicine services provided to a patient who is located at his or her home.

Telemedicine Collaborative

The bill creates a telemedicine collaborative, to be convened by July 1, 2016, whose purpose is to “enhance the understanding and use of health services provided to telemedicine and other similar models in Washington State.”

The members of the collaborative will include representatives from the Washington State House and Senate, academic community, hospitals, clinics, health care providers, insurers, and other interested parties.

The collaborative will focus on developing recommendations on improving telemedicine reimbursement and access to services. It will also determine best practices for telemedicine, including billing and fraud and abuse compliance, and explore other priorities identified by the members.

One specific item that the collaborative must consider is the creation of a “technical assistance center” to support providers in implementing or expanding telemedicine services. The bill does not specify how such a center would be funded.

The collaborative must submit an initial progress report on its activities by December 1, 2016, and follow-up reports by December 1, 2017, and December 1, 2018.

Reimbursement for Home-Based Telemedicine Services

One key requirement in the 2015 telemedicine bill was that insurers must reimburse providers for telemedicine services if:

  1. The insurer provides coverage of the health care service when provided in person by the provider;
  2. The health care service is medically necessary; and
  3. The health care service is a service recognized as an essential health benefit under the Patient Protection and Affordable Care Act.

Also, the bill only required an insurer to pay a provider if the patient receiving telemedicine services was located in a healthcare facility that met the definition of “originating site.”

Under the 2015 bill, if a patient receiving telemedicine services was located in his or her home, the insurer had no obligation to reimburse the provider for the services. This was a major limitation for many healthcare professionals, including mental health providers, who desired to provide telemedicine services to patients in the security and privacy of their home.

The new bill does away with this limitation. A patient’s “home” is now listed as an “originating site.” Therefore, an insurer is required to reimburse a provider for telemedicine services that are provided to a patient located in his or her home.

However, presumably to make the “home” change palatable to insurers, the bill also includes new requirements on telemedicine services, including the following:

  1.  The health care service must be determined to be safely and effectively provided;
  2. The health care service must be provided according to generally accepted health care practices and standards, and
  3. The technology used to provide the health care service must meet the standards required by state and federal privacy and security laws (e.g. HIPAA).

These standards are relatively vague and could allow an insurer to deny reimbursement for a service if it determines that the service did not meet professional standards or HIPAA requirements.

For example, if a patient who is located at his or her home utilizes a video conferencing system to speak with a provider, the provider needs to ensure that the system meets HIPAA standards for the transmission of electronic health information.

Conclusion

The 2016 Washington telemedicine bill is a step in the right direction for remote healthcare in Washington. With that said, the true success of the bill is dependent on the ability of the collaborative to understand and address the current barriers to telemedicine in Washington.

The bill’s option for patients to receive telemedicine services at home could help to remove some of these barriers; however, the usefulness of this change is dependent on how insurers interpret the increased standards that require services to be provided according to “accepted practices” and in accordance with “privacy and security laws.”

For more information about telemedicine, please contact Casey Moriarty.

Failure to Patch Software Leads to $150K HIPAA Settlement

Anchorage Community Mental Health Services, Inc. (“ACMHS”) a nonprofit mental health provider in Alaska, has agreed to a $150,000 HIPAA settlement and 2 year Corrective Action Plan with HHS following a breach of 2,743 patient records due to malware.  According to the HHS press release:

OCR’s investigation revealed that ACMHS had adopted sample Security Rule policies and procedures in 2005, but these were not followed. Moreover, the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software.

According to the Resolution Agreement, OCR uncovered the following HIPAA violations:

  • ACMHS failed to conduct an accurate and thorough risk assessment.
  • ACMHS did not implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI.
  • ACHMS’ security infrastructure did not appropriately guard against unauthorized access to ePHI that is transmitted over an electronic communications network.  Specifically, HHS noted that ACHMS failed to “ensure that firewalls were in place with threat identification monitoring of inbound and outbound traffic and that information technology resources were both supported and regularly updated with available patches.”

In addition to the $150,000 HIPAA Settlement, ACMHS will be under HHS’ microscope for the next two years.  The Corrective Action Plan requires ACMHS to implement the following changes:

  • Draft updated and adopt Security Policies and Procedures and submit to HHS within 60 days.
  • Distribute new Security Policies and Procedures to all workforce members and require the workforce members to sign a compliance certification.
  • Provide training on security awareness to all workforce members and annual training thereafter.
  • Perform an accurate and thorough risk assessment.
  • Inform HHS if a workforce member fails to adhere to the Security Policies and Procedures.
  • Provide annual reports to HHS.

ACMHS’ settlement provides three key takeaways for covered entities and business associates:

1) Patch & Update.  Like Community Health Systems, which reported a breach of 4.5 million patient records due to Chinese hackers targeting a heartbleed vulnerability, ACMHS is finding out the hard way the importance of software patching and updating.  Staying up to date on security patches and software updates is not an easy task, but an important one considering that hackers are exploiting these vulnerabilities.

2) Tailor the Security Policies and Procedures.  Simply having in place template Security Rule policies and procedures is insufficient to satisfy the requirements of the HIPAA Security Rule and to ultimately secure ePHI.  HIPAA Security policies need to be tailored for the actual information security infrastructure in place at the covered entity/business associate.  The Security Rule permits flexibility when choosing which tools to deploy to protect ePHI, but requires that the covered entity/business associate actually evaluate its infrastructure to make these decisions.

3) Security Risk Analysis.  Further, once the Security Policies and Procedures are in place they need to be evaluated, and the actual system needs to undergo a security risk assessment (suggestion to do this at least annually).  The process of drafting the Security Policies and Procedures as well as the security risk assessment will aid covered entities/business associates in identifying vulnerabilities, evaluating security options, and ultimately safeguarding their ePHI.  HHS has created a security risk assessment tool to help covered entities (not really business associate focused) in evaluating its security compliance.

For more information about the HIPAA Security Rule or if you need assistance in creating your HIPAA Security Policies and Procedures please contact Elana Zana.

Emergency Rulemaking Amends Single-Bed Certification Rules

On September 18, 2014, the Washington Department of Social and Health Services (“DSHS”) amended its rules regarding single bed certifications for psychiatric patients, publicized in this  Rule Making Order.  The new rules were issued in response to the recent Washington State Supreme Court decision regarding psychiatric boarding which declared the use of single bed certifications to detain involuntary mental health patient at non-certified evaluation and treatment facilities unlawful.   The amended rules made two key changes impacting hospitals and other non-certified facilities where single bed certification is sought.

First, the facility that is the site of the proposed single bed certification must confirm that it is willing to provide treatment to the consumer suffering from the mental disorder for whom the single bed certification is sought.  This revision now gives facilities a role in the issuance of single bed certifications.

Second, the amended rules expanded the available criteria to support the single bed certification.  In addition to criteria available under the prior rule, criteria to support the issuance of a single bed certification now includes that the patient can receive appropriate evaluation and treatment in a residential treatment facility, a hospital with a psychiatric unit, a hospital that can provide psychiatric services, or a psychiatric hospital.

While the amended rules expands the opportunity for ITA patients to receive necessary services at non-certification evaluation and treatment facilities, the practical effect of actually providing services to ITA patients remains to be seen.  For example, hospitals and other facilities may be hesitant to confirm their willingness to provide treatment in order for the single bed certification to be issued.  Ambiguity also exists regarding the treatment to be provided under a single bed certification.

The amended rules went into effect September 18, 2014.  It is expected that DSHS will issue new final rules to be effective when the Washington State Supreme Court’s 120-day stay on its decision expires on December 26, 2014.

For more information about Washington’s Involuntary Treatment Act or mental health services, please contact Lee Kuo.

 

 

Washington Supreme Court Bans “Psychiatric Boarding”

On August 7, 2014, the Washington State Supreme Court ruled that “psychiatric boarding” under Washington’s Involuntary Treatment Act (“ITA”) is unlawful.

“Psychiatric boarding” is a term used to describe the practice of leaving mentally ill patients in hospital emergency rooms because there is no space at certified evaluation and treatment facilities.  Certified evaluation and treatment facilities are the facilities authorized under the ITA to detain involuntary mental health patients.

County mental health officials began using authority granted under the ITA to issue “single-bed certifications,” which permits mental health officials to leave patients at hospitals which are not certified evaluation and treatment facilities, to address the increasing – and now common – problem of insufficient space at the certified facilities.

In its clear opinion, the court held that the ITA does not authorize single bed certifications to avoid overcrowding at certified facilities.  In doing so, the court recognized that the ITA repeatedly provides that persons who are involuntarily detained under the ITA must be held in certified evaluation and treatment facilities in order to receive the proper evaluation, stabilization and treatment afforded to these patients under the ITA:  “Patients may not be warehoused without treatment because of lack of funds.”

Although the court’s opinion may be a catalyst towards forcing the state to address failures and flaws in its mental health system, the immediate impact of the ruling has left hospitals and county mental health professionals scrambling to figure out what to do.  If mental health professionals are unable to detain psychiatric patients who present at hospital emergency departments and who otherwise meet the criteria for detention but no evaluation and treatment bed is available, hospitals will find themselves in the difficult position of choosing between either allowing a mentally ill patient to leave the hospital or detaining the patient without clear legal authority under the ITA to do so.  The issue is further complicated for hospitals as they must also consider their EMTALA obligations in this situations.

A copy of the court’s ruling can be found here.   For more information about Washington’s Involuntary Treatment Act or mental health services, please contact Lee Kuo.

WA Certificate of Need Waiver for Psych Beds

The Washington Certificate of Need (“CN”) Program recently announced a temporary change in the CN requirements for acute care hospitals to change the use of existing licensed beds to psychiatric care beds.  Acute care hospitals choosing to convert some of their acute care beds to psychiatric beds will not have to undergo the CN review process.  This exemption however does not extend to the addition of new beds added to the hospital’s licensed bed count, only the conversion of existing beds.  Hospitals will also be allowed to return the use of the exempt psychiatric beds to general acute care services (i.e. med/surg) without full CN review.

In order to take advantage of this exemption, acute care hospitals will still have to submit a “Hospital Change of Use Exemption Hospitals Licensed Under RCW 70.41 Proposing Psychiatric Beds” application to the CN Program with an application fee of $1,925.  If the project is approved it must commence within two years of the exemption issue date (unless a 6 month extension is otherwise granted).  Hospitals applying for this exemption will still need to meet the physical plan standards and staffing ratios required for providing psychiatric care.

For more information about this exemption or Certificate of Need generally please contact Elana Zana.

HHS Issues HIPAA Guidance For Mental Health

HHS recently issued HIPAA guidance for mental health practitioners, in an effort to help providers wade through complicated decisions of when disclosures of patient information are permissible.  This guidance, set up in a FAQ format, is designed to incorporate common questions related to the intersection of mental health and privacy laws.  The guidance addresses when healthcare providers are permitted to:

  • Communicate with a patient’s family members, friends, or others involved in the patient’s care;
  • Communicate with family members when the patient is an adult;
  • Communicate with the parent of a patient who is a minor;
  • Consider the patient’s capacity to agree or object to the sharing of their information;
  • Involve a patient’s family members, friends, or others in dealing with patient failures to adhere to medication or other therapy;
  • Listen to family members about their loved ones receiving mental health treatment;
  • Communicate with family members, law enforcement, or others when the patient presents a serious and imminent threat of harm to self or others; and
  • Communicate to law enforcement about the release of a patient brought in for an emergency psychiatric hold.

The guidance also addresses FERPA (privacy laws in a school setting), Federal alcohol and drug abuse confidentiality (42 CFR Part 2 Programs) and the rights of parents to have access to a minor child’s information.    Though not addressed in the guidance, those mental health practitioners practicing in Washington State should also be aware of  the new statutes regulating mental health record disclosures which take effect on July 1, 2014.

For assistance in navigating these privacy rules please contact Elana Zana or Dave Schoolcraft.

Proposed HIPAA Rule to Enhance Criminal Background Check System

On January 7, the U.S. Department of Health & Human Services (HHS) published a notice of proposed rulemaking (NPRM) to revise the HIPAA Privacy Rule expressly permitting certain covered entities to disclose specific information about individuals who are subject to the federal mental health prohibitor to the National Instant Criminal Background Check System (NICS). HHS stated the purpose of this amendment is to help “strengthen the federal background check system to keep guns out of potentially dangerous hands” by removing legal barriers under HIPAA that may prevent reporting relevant information to the NICS.

The NICS is a national system used to conduct background checks on individuals who may be disqualified from purchasing or receiving firearms based on federally prohibited categories or state law. One such category is the federal “mental health prohibitor,” which includes individuals who have been (1) involuntarily committed to a mental institution; (2) found incompetent to stand trial or not guilty by reason of insanity; or (3) determined by a court, board, commission, or other lawful authority to be a danger to themselves or others or to lack the mental capacity to contract or manage their own affairs.

The proposed amendment would permit HIPAA covered entities that perform the commitments or adjudications that make individuals subject to the federal mental health prohibitor, or that act as repositories of NICS records on behalf of a state, to use and disclose certain information for NICS reporting purposes. These select covered entities would be permitted to disclose only  the “individual’s name; date of birth; sex; a code or notation indicating that the individual is subject to the Federal mental health prohibitor; a code or notation representing the reporting entity; and a code identifying the agency record supporting the prohibition.” Covered entities would not be permitted to disclose clinical or diagnostic information, medical records, or other identifiable health information. Covered entities could disclose the information directly to the NICS or to an entity designated by a state as a data repository for NICS reporting purposes.

Because the proposed rule focuses on covered entities that actually are responsible for ordering involuntary commitments or conducting adjudications, or that act as a designated repository of NICS records, it does not affect most treating providers or covered entities that only engage in treatment functions. Further, this modification would permit, not require, the specified covered entities to disclose information.  The proposed amendment would not include any additional notification requirements to individuals whose information was disclosed and would not require covered entities to change their notice of privacy practices.

HHS is seeking comments, which are due on March 10, on various issues addressed in the NPRM, including whether the permission should be broadened to include reporting on individuals subject to state firearms prohibitions and additional (non-clinical) identifying information.

For more information about the proposed rule or HIPAA in general, please contact Jefferson Lin.

Joint Commission Standards for Boarding and Leadership Collaboration with Behavioral Health Community

Effective January 1, 2014, hospitals, accredited by the Joint Commission, will be required to meet the elements of performance (EPs) related to boarding and leadership collaboration for behavioral health patients, as part of The Joint Commission’s revised standard for managing the flow of patients through the emergency department. Overcrowding and patient boarding in the emergency department has drawn considerable attention recently (see e.g., Seattle Times article on psychiatric boarding), and The Joint Commission recognizes that the problems with patient flow may have multiple factors and stem from other areas within and outside the hospital, not just the emergency department.

Under Leadership Standard LD.04.03.11 or the “Patient Flow” Standard, the following EPs will go into effect for hospitals starting next year:

  • EP 6. The hospital measures and sets goals for mitigating and managing the boarding of patients who come through the emergency department. Note: Boarding is the practice of holding patients in the emergency department or another temporary location after the decision to admit or transfer has been made. The hospital should set its goals with attention to patient acuity and best practice; it is recommended that boarding time frames not exceed 4 hours in the interest of patient safety and quality of care.
  • EP 9. When the hospital determines that it has a population at risk for boarding due to behavioral health emergencies, hospital leaders communicate with behavioral health care providers and/or authorities serving the community to foster coordination of care for this population.

The Joint Commission notes that the four-hour time frame referenced in EP 6 serves as a guideline (not a requirement) to help the hospital set a reasonable goal for its institution. Also, the goal of EP 9 is to “facilitate the more efficient use of limited resources, and build leverage to implement more effective systems of care for individuals at risk of psychiatric emergencies.” Though the communication required in EP 9 will vary depending on the nature of the relationship, The Joint Commission advises that “such communication should occur at least annually and may range from conference calls and correspondence to meetings, education forums, and strategic working groups.”

EP 6 and EP 9 are in addition to the revised EPs that went into effect at the beginning of this year on January 1, 2013.  The other revisions address: the use of data and measures to identify, mitigate and manage issues affecting patient flow; the management of emergency department throughput as a system-wide issue; and the environment of care, staffing, assessment, reassessment and care for patients with behavioral health emergencies.

To help organizations implement these requirements, The Joint Commission released an “R3 Report on Patient Flow through the Emergency Department” that provides the requirement, rationale and references for the updated standards.  If you have questions about these accreditation standards, please contact Don Black or Jefferson Lin.