A Complex Regulatory Landscape Emerges for Telemedicine

Every year, Rock Health surveys the digital health landscape, noting the changing trends related to adoption by providers, patients and payers of these innovative new technologies.

Their most recent survey, which had more than 8,000 respondents, found that eight out of 10 people used telemedicine services in 2022, and that many of these were older patients, people living in rural areas and patients without health insurance. Not only has the use of telehealth programs continued to rise, but it is accomplishing the important goal of extending quality care to underserved populations and enables overburdened medical care providers to more efficiently treat patients.

This is extremely encouraging news, but it comes with an important caveat: much of the rapid adoption came when COVID-19 was declared a public health emergency in 2020, resulting in policymakers temporarily waiving many state and federal regulations governing who can use telemedicine and how, and payment for healthcare services and items provided via telehealth.

With President Biden’s recent announcement of the administration’s intent to end the COVID-19 national emergency and the public health emergency on May 11, 2023, some of these waivers will expire this year. Many states have already expired their own waivers relating to the COVID-19 emergency. If telemedicine companies aim to continue their impressive growth, they will likely need to navigate some of the regulatory changes ahead, including:

• Medicare/Medicaid: The Centers for Medicare and Medicaid Services (CMS) eliminated many of the barriers for federal healthcare program coverage of telehealth services during the pandemic so more patients could benefit from it. These temporary waivers are scheduled to expire 151 days after the federal emergency declaration ends in May. CMS says some waivers will remain in place through this year, and others could become permanent. What telehealth services Medicare will cover—and for whom—is in flux when looking beyond this year.

• Controlled Substances: Under the Ryan-Haight Online Pharmacy Consumer Protection Act, the Drug Enforcement Agency (DEA) mandated an in-person visit with a physician before a controlled substance—for example, an opiate-based painkiller or ADHD medication—could be prescribed. The in-person visit requirement was waived during the public health emergency, creating a boom in new telehealth prescribing entrants in the market. With the May end of the public health emergency looming, the DEA unveiled proposed rules to reimpose some of the pre-COVID era restrictions on telehealth prescribing of controlled substances, including the in-person visit requirement. With telehealth stakeholders up in arms about the more restrictive than expected proposed rules, many are anxiously awaiting the DEA’s final rules for prescribing controlled substances via telehealth.

• State Licensure Laws: Throughout the pandemic, physicians and other licensed healthcare providers were able to treat, via telehealth, a wide range of patients, including those based in states where the provider did not hold a license. This is because many states waived licensure requirements to ensure their citizens would be able to access care. Some of those waivers have expired, while others will in a matter of months. In planning for the end of the pandemic, some state licensing boards have entered into compacts and/or introduced legislation that allow for multi-state licensure with a single license application, but other states (including those in more populous markets) have not. Pending decisions by state lawmakers, many providers’ reach may soon end at the state line.

• Tightening HIPAA: With data an increasingly important part of the delivery of healthcare, the federal government has strict provisions when it comes to the sharing of sensitive health information under HIPAA. Enforcement of some of the rules governing the privacy and security of health data was somewhat relaxed during the COVID emergency, but it will ramp up again when the emergency declaration expires.

The digital health sector moves “at the speed of trust,” Rock Health likes to say. And trusting that healthcare data is being kept secure is essential for consumers to continue using telehealth services.

This is especially true since last year’s Dobbs decision overturning Roe v. Wade. Women seeking reproductive care are concerned about the privacy and security of their health information, and telemedicine companies will need to earn their trust. The Dobbs decision galvanized many women to become more involved in their healthcare, which has been an exciting thing to see and to be a part of. It also helped fuel a sharp rise in femtech, or technologies specially designed to improve healthcare for women.

The federal government is also up ticking regulatory oversight in reaction to consumers’ mounting concern over the privacy and security of their sensitive health data. Recently, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) released a bulletin on the use of online tracking technologies by covered entities and business associates, concluding that the use of such technologies to share health and personal identifying information with tracking vendors for marketing purposes without patient authorization amounts to impermissible disclosures in violation of HIPAA.

In the same vein, the Federal Trade Commission (FTC) is also enforcing data privacy compliance, specifically targeting digital health and other healthcare entities disclosing sensitive health information to third parties for targeted advertising without user consent, extending the government’s enforcement reach to companies operating outside of HIPAA.

Securing data is just one front where telemedicine companies will be competing this year. There will also be a series of possible changes when it comes to who can access telemedicine, how they can access it and under what circumstances they can use it.

It will be a lot to navigate. But the opportunities going forward will be enormous for companies that earn and keep the trust of consumers, understand and adapt to changing regulatory and reimbursement pathways and provide high-quality care. That’s because telehealth—the fastest growing area of digital health—has earned a permanent place in our healthcare system.

Any questions? We’re happy to help. It was great seeing many of you last week at Rock Health’s Digital Health CEO Summit!