An older woman having a telehealth visit with medical personnel using a tablet.

Medicare Telehealth: Actions to Strengthen Oversight and Help Providers Educate Patients About Privacy and Security Risks

What GAO found

In response to the COVID-19 pandemic, the Department of Health and Human Services (HHS) has temporarily waived some Medicare restrictions on telehealth — providing some services via audio-only or video technology. The use of telehealth services increased from approximately 5 million pre-assignment services (April-December 2019) to more than 53 million post-assignment services (April-December 2020). Overall use of all Medicare services decreased about 14 percent after the waiver due to a 25 percent decrease in personal service use. The GAO also found that post-assignment telehealth increased across all provider disciplines, and 5 percent of providers provided more than 40 percent of services. Providers in urban areas delivered a greater percentage of their services via telehealth than providers in rural areas; Office visits and psychotherapy were the most common services.

Use of telehealth and in-person, by month, April 2019 – December 2020

The Centers for Medicare and Medicaid Services (CMS) within HHS has taken action to monitor certain program safety risks related to telehealth exemptions. However, CMS lacks complete data on the use of audio-only technology and telehealth visits that are provided in beneficiaries’ homes. This is because there is no billing mechanism for service providers to identify all instances of voice traffic only. Moreover, providers are not required to use the available codes to identify the visits that are furnished in the homes of the beneficiaries. Complete data is important, as the quality of these services may not be equivalent to the quality of personal services. Also, CMS has not comprehensively assessed the quality of telehealth services provided under the waivers and has no plans to do so, which is inconsistent with CMS’s quality strategy. Without an assessment of the quality of telehealth services, the CMS may not be able to guarantee that the services fully improve health outcomes.

In March 2020, HHS’ Office for Civil Rights (OCR) announced that it would not sanction providers for failing to comply with privacy and security requirements regarding the bona fide provision of telehealth during the COVID-19 public health emergency. OCR encouraged covered providers to notify patients of potential privacy and security risks. However, it did not advise specific language providers to use or give guidance to help them explain these risks to their patients. Providing such information to providers can help ensure that patients understand the potential impacts on their PHI in light of the privacy and security risks associated with telehealth technology.

Why Gao this study

By law, Medicare pays for telehealth services under limited circumstances—such as in certain geographic locations (mostly rural ones) only. Other waivers and flexibilities issued by HHS in March 2020 (including under its own regulatory authority) allowed services to be safely provided and received during the pandemic. There is stakeholder interest in making these changes permanent. The Government Accountability Office and others note that extending them could increase spending and pose new risks of fraud, waste, and abuse.

The Government Accountability Office has been asked to review telehealth services under the waivers. This report describes, among other things, (i) utilization of telehealth services, (ii) CMS efforts to identify and monitor risks posed by Medicare telehealth exemptions, and (iii) the OCR change made in implementing regulations that govern patient protection. Health information during the COVID-19 public health emergency.

The Government Accountability Office analyzed Medicare claims data from 2019 through 2020 (the most recent data available at that time); review of federal laws, CMS documents (including their assessment of the risks posed by telehealth exemptions) and OCR guidelines; He interviewed agency officials.


#Medicare #Telehealth #Actions #Strengthen #Oversight #Providers #Educate #Patients #Privacy #Security #Risks

Leave a Comment

Your email address will not be published. Required fields are marked *