Last week, President Trump signed the SUPPORT for Patients and Communities Act (SUPPORT Act), a bipartisan piece of legislation designed to tackle the opioid crisis by, among other approaches, increasing the use of telemedicine services to treat addiction. Several key provisions are summarized below.

The package includes provisions to expand public reimbursement for telemedicine services that focus on addiction treatment. Specifically, the legislation removes Medicare’s originating site requirement for substance abuse treatment provided via telemedicine, meaning that health professionals can receive Medicare reimbursement even if the patient is not located in a rural area. In addition, the Centers for Medicare and Medicaid Services (CMS) has been directed to issue guidance to states regarding possible ways that Medicaid programs can receive federal reimbursement for treating substance abuse via telemedicine. The legislation explicitly identifies services provided via a hub and spoke model and in school-based health centers, among others, as those that should be eligible for federal reimbursement.

In another development, the US Drug Enforcement Agency (DEA) is now required to implement regulations regarding a special registration process for telemedicine providers within one year of the passage of the SUPPORT Act. The aim of this process is to expand health providers’ ability to prescribe controlled substances to patients in need of substance use disorder treatment based on a telemedicine consultation, without having to conduct an in-person evaluation first. This special registration process was originally contemplated 10 years ago under the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (Ryan Haight Act) as one of the seven pathways through which a telemedicine provider could prescribe a controlled substance to his/her patient without having first conducted an in-person evaluation, but the DEA never issued any regulations to effectuate it. At present, the special registration process and requirements (e.g., registration costs, application processing timeline, provider qualifications) are still largely unknown. The answers to these open issues will determine how accessible this new registration pathway will be to substance use disorder providers and, therefore, how impactful it will be in connecting patients in need of substance use disorder treatment with qualified providers.

In addition to these policy reforms, the SUPPORT Act also directs government agencies to conduct additional research into the possible benefits of telemedicine technology for treating substance abuse. Both CMS and the Government Accountability Office (GAO) are tasked with publishing reports concerning the use of telemedicine technology for treating children: CMS is directed to analyze how to reduce barriers to adopting such technology, and GAO is directed to evaluate how states can increase the number of Medicaid providers that treat substance use disorders via telemedicine in school-based clinics. Furthermore, the Department of Health and Human Services must issue a report regarding the impact of using telemedicine services to treat opioid addiction within five years.

On November 1, 2018, the Centers for Medicare and Medicaid (CMS) issued final rules for updating the 2019 Medicare Physician Fee Schedule to implement recent telehealth-related legislative reforms. As reported in our Digital Health Mid-Year Report: Focus on Medicare, these changes are expected to have a material impact on the ability of providers to receive payment for delivering telehealth services. Certain key changes are highlighted below:

  • Qualified providers may be reimbursed when providing telehealth services for stroke and kidney disease—even when patients are located in their own homes.
  • Qualified providers may receive a small amount of reimbursement for holding “virtual check-in[s]” with patients and when they evaluate recorded video and images from an established patient. CMS noted that these changes are aimed at allowing providers to help determine whether an in-person visit or additional follow-up is needed. Doing so “increase[s] efficiency for practitioners and convenience for beneficiaries.”
  • CMS also issued an interim final rule related to the recently-signed SUPPORT for Patients and Communities Act, a bipartisan piece of legislation that was passed to combat the opioid crisis. Similar to the Bipartisan Budget Act, the SUPPORT Act removed the originating site requirement for substance abuse and related mental health treatments. There is a 60-day comment period before this rule will be finalized.

Together, these rules represent a substantial expansion of Medicare reimbursement for services provided via telehealth.  For additional guidance on how to interpret and implement these new changes, please contact your regular McDermott attorney.

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come.

Critical provisions

The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside the EU that offer goods or services to, or monitor the behavior of, individuals located in the EU.

The GDPR uses other terms not familiar to US businesses but which need to be understood. Both “data controllers” and “data processors” have obligations under the GDPR, and data subjects can bring actions directly against either or both of those parties. A data controller is an organization that has control over and determines how and why to process data. A data controller is often, but not always, the organization that has the direct relationship with the data subject (the individual about whom the data pertains). A data processor is an organization that processes personal data on behalf of a data controller, typically a vendor or service provider. The GDPR defines “processing” to mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., collection, recording, storage, alteration, use, disclosure and structuring).

The GDPR also broadly defines “personal data” as any information directly or indirectly relating to an identified or identifiable natural person, such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Organizations in the US are used to a narrower definition of personal data, which typically includes information that, if breached, would put an individual at risk of identity theft or fraud and require notice (e.g., Social Security numbers, driver’s license numbers, and financial account, credit and debit card numbers). Continue Reading GDPR 6 Months After Implementation: Where are We Now?

On October 26, 2018, CMS released a Notice of Proposed Rulemaking addressing expanded telehealth coverage in Medicare Advantage, extrapolation of RADV audit results, and updates to the Medicare Advantage and Part D Quality Star Ratings program, among other topics. If finalized, the regulations set forth in the Proposed Rule would impact not only Medicare Advantage and Part D plan sponsors but also a broad range of providers and health care companies, particularly those involved in the provision or delivery of telehealth services.

CMS is accepting comments on the Proposed Rule through December 31, 2018.

Access the full article.

As previously noted in our Digital Health Mid-Year Review, 2018 has seen greater acceptance of telemedicine within the Medicare program. Both regulatory and statutory changes have expanded reimbursement opportunities and, consequentially, opportunities for the deployment of telemedicine technologies. As we noted then, however, improvement in the Medicare reimbursement environment for telemedicine services has been tied to a policy goal of not increasing utilization unnecessarily. We noted in our Mid-Year Review that Congress appears to be following MedPac’s recent guidance that Congress “should take a measured approach to further incorporating telehealth into Medicare by evaluating individual telehealth services to assess their capacity to address. . . cost reduction, access expansion, and quality improvement.”

The recently introduced Reducing Unnecessary Senior Hospitalizations Act of 2018 (the RUSH Act), seems to deviate from MedPac’s suggested approach. The RUSH Act seeks to avoid hospitalizations through a program that creates financial incentives for providing certain nonsurgical services furnished by hospital emergency departments at skilled nursing facilities that are qualified to provide such services by the Secretary of Health and Human Services The RUSH Act specifically refers to the possibility that some of these services could be provided by licensed practitioners “through the use of telehealth.” Interestingly, the RUSH Act does not specify what telehealth services should be allowable or how they should be reimbursed; rather, the RUSH Act leaves these matters for agency determination.

According to Representative Diane Black (TN), one of the bill’s sponsors, “[t]here are companies who are ready and able to provide this innovative care. . . . These positive disruptors just need Medicare’s payment policies to catch up with the technology. . . giving [nursing homes] the technology-enabled tools needed to lower health care costs and, most importantly, save lives.”

As an observer of this industry, I tend to agree with this claim, but under the approach taken by this bill, that determination will need to be made by the Department of Health and Human Services. Digital health companies looking for a better reimbursement environment are well-advised to focus on the bottom line of federal health policy–lower cost, improved care and increased access.

Join us on November 8, 2018, for the third installment of McDermott’s live webinar series on digital health. In this installment, partners Bernadette M. Broccolo, Jiayan Chen and Vernessa T. Pollard will explore opportunities for accelerating biomedical research, development and commercialization through digital health tools and solutions, such as end-user license agreements (EULAs), wearables and mobile apps, telemedicine, and big data exchange and analytics. They will discuss tactics for overcoming challenges related to these new approaches, as well as evolving compliance issues, including:

  • Privacy and security
  • Human subject protection
  • The US Food and Drug Administration pre-market approval regime

They will also review alternative compliance and contracting strategies for managing risk while capturing opportunity from the perspective of key stakeholders, such as sponsors, investigators, research sites and digital health developers.

Click here to register for this event.

The Office of the National Coordinator for Health Information Technology (ONC) is one step closer to issuing its long-awaited proposed rule to implement various provisions of the 21st Century Cures Act, including proposed regulations distinguishing between prohibited health information blocking among health care providers and health information technology vendors and other permissible restrictions on access to health information. According to its website, the Office of Management and Budget (OMB) received ONC’s proposed rule for review on September 17, 2018. OMB review is one of the final steps in the process before a proposed rule is published in the Federal Register for public comments. OMB did not identify a deadline for completing its review. The agency generally has up to 90 days to complete its review, but can take less time than that.

In addition to defining the scope of prohibited information blocking conduct, the proposed rule is likely to address other issues of interest to health industry stakeholders. According to OMB, the proposed rule “would update the ONC Health IT Certification Program (Program) by implementing certain provisions of the 21st Century Cures Act, including conditions and maintenance of certification requirements for health information technology (IT) developers, the voluntary certification of health IT for use by pediatric healthcare providers, health information network voluntary attestation to the adoption of a trusted exchange framework and common agreement in support of network-to-network exchange, and reasonable and necessary activities that do not constitute information blocking. The rulemaking would also modify the Program through other complementary means to advance health IT certification and interoperability.”

Subscribe here to receive future updates from McDermott.

Companies looking to enter the digital health field face myriad legal implications unique to doing business in this sector. Whether emerging or established, companies exploring health care opportunities benefit from careful planning around complex issues such as pace of development, reimbursement systems, strategies for responsible data collection and use, and effective corporate compliance programs. In this podcast, McDermott partners Sarah Hogan, Lisa Schmitz Mazur and Dale Van Demark take a closer look at these and other important factors companies should review when contemplating a move into the digital health ecosystem.

Q. What issues should companies consider before they enter today’s digital health care market?

DV: The first and perhaps most important thing to focus on is the business plan. A lot of business plans that may work in other service sectors may not work in the health care industry because of the way that it is structured or because of consumer expectations.

Beyond that, there are real cultural differences that we see technology companies come up against when they enter into the health care market. Frequently, technology companies are used to a very fast pace. They are used to making mistakes and learning from them, and evolving and developing to move forward. The health care industry has traditionally been much slower and more deliberative, with the goal of getting it right the first time being predominant. That cultural difference can cause problems in building relationships and setting expectations for both pace and service levels.

Finally, understanding the complexity of health care infrastructure is very important. Understanding how the health care system works and how your product, service and business plan work within that ecosystem is critical to establishing the relationships you want and really selling into that marketplace. Continue Reading Breaking into Digital Health: Factors Companies Must Consider

In an effort to address the need for increased access to behavioral health services, Illinois has passed a series of bills that meaningfully expand the reimbursement of telehealth services delivered to its Medicaid patients. Illinois’ legislators, telemedicine advocates, healthcare providers and patient advocacy groups collaborated in an impressive effort to develop focused and targeted legislative solutions that effectively balance the need to get critical behavioral health services to patients in need with long-standing concerns that increasing access via telehealth will result in greater health care costs to a state already experiencing severe financial challenges.

Governor Bruce Rauner advised that these “initiatives work together to improve the quality of care and hopefully the quality of life for so many Illinoisans suffering from mental health and substance use disorders.” Supporters of the legislation are optimistic that these changes will further expand telehealth programs in Illinois, continuing the growth experienced in the past several years.

As a result of changes to the Illinois Public Aid Code (305 ILCS 5/5-5.25), the following will receive reimbursement from the Department of Healthcare and Family Services (“Department”) for delivering telehealth services that meet applicable requirements:

  • Clinical psychologists
  • Clinical social workers
  • Advanced practice registered nurses certified in psychiatric and mental health nursing
  • Mental health professionals and clinicians who are authorized by Illinois law to provide mental health services to recipients via telehealth (in addition to psychiatrists and federally qualified health centers)

The Department is also required to reimburse any Medicaid certified eligible facility or provider organization that acts as the originating site (i.e., the location of the patient at the time a telehealth service is rendered), including substance abuse centers licensed by the Department of Human Services’ Division of Alcoholism and Substance Abuse.

In addition to these changes, the Illinois Telehealth Act’s definition of a “Health care professional” (225 ILCS 150/5) has been revised to include dentists, occupational therapists, pharmacists, physical therapists, clinical social workers, speech-language pathologists, audiologists, and hearing instrument dispensers. As a result of this change, these professionals are now explicitly subject to the Illinois Telehealth Act’s requirements.

Finally, the Illinois Insurance Code (215 ILCS 5/356z.22) has been amended to require that any individual or group policy of accident or health insurance that provides coverage for telehealth services also provide coverage for telehealth services provided by licensed dietitian nutritionists and certified diabetes educators to senior diabetes patients. The amended section clearly states that this change is intended to “remove the hurdle of transportation for senior diabetes patients to receive treatment.” While this change is a step in the right direction, Illinois remains in the minority as one of the states without a telehealth coverage and/or payment parity law. The vast majority of states have parity laws that, at a minimum, include a coverage requirement, mandating certain types of payors to approve and reimburse certain telehealth encounters the same as they would in-person medical encounters.

*****

The Illinois legislators who sponsored the passed legislation will be recognized for their efforts at the 2018 Telehealth Awards Luncheon organized by the Partnership for a Connected Illinois scheduled at the Chicago office of McDermott Will & Emery on November 13, 2018. Please contact Laura Lewandowski for additional details on registration.

The author thanks McDermott Summer Associate Emily Edwards for her research contributions to this article.

The interest in leveraging the value of big data in digital health has become a focus of health care industry mainstays and newcomers alike. Within a challenging regulatory landscape, it is critical for those looking to play in this space to be proactive in planning their data strategy, with an eye towards compliance planning and solid due diligence to maximize its value. In this Q&A, big data thought leaders Bernadette Broccolo and Sarah Hogan, both partners in McDermott Will & Emery’s Health Industry Advisory group, discuss the challenges and opportunities that health industry stakeholders face when stepping into the world of big data.

For information on this topic and to hear the full Q&A with Bernadette and Sarah, listen to the newest episode of the Of Digital Interest podcast. You can access the full episode at here or subscribe to the podcast on iTunesPocket Casts or Soundcloud.

Q. Where is the value in big data in digital health? Who is seeing value today and what are their motivations?

BB: The best short answer is that everybody is seeing value – both long standing industry players and newcomers. The real value in big data comes not from raw data or just having a lot of data, but in the ability to use it and mine it, to have it in a form that’s analyzable. What’s very surprising too, in addition to the speed with which the interest in big data has escalated, is who is interested. In the past, one certainly expected academic medical centers and universities that have major research initiatives and clinical trial initiatives to be interested. But now others like molecular lab testing organizations, CLIA regulated laboratories and entrepreneurs are interested in capturing data.

SH: I think one of the surprising players is actually the pharma companies. It may sound odd to say that, but they have a lot of data – including a lot of clinical data – that they’re looking at mining to determine how they can target their therapeutics in a way that helps patients more efficiently. They are looking at themselves and asking “What does the 21st century pharma company look like?” Continue Reading Maximizing the Value of Big Data in Digital Health