Photo of Ryan Marcus

Ryan B. Marcus maintains a general health care practice. He advises hospitals health systems, and health industry clients on a variety of regulatory and transactional matters, including mergers, acquisitions, affiliations, and joint ventures. Read Ryan Marcus' full bio.

President Trump declared the opioid addiction epidemic a public health emergency yesterday. The White House made it clear that this declaration would allow officials to remove barriers to the prescribing of controlled substances via telemedicine, which would permit DEA registered providers to prescribe anti-addiction medications, such as Naloxone, to patients in need without first performing an in-person exam.

As background, the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (the Haight Act) requires a telemedicine provider who is prescribing a controlled substance to a patient to perform an in-person medical evaluation of the patient prior to prescribing a controlled substance, unless one of the narrow telemedicine exceptions set forth in the Haight Act applies. Additional information on the Ryan Haight Act and the implications of this declaration can be found here.

There are many important questions remaining to be answered, including whether any funding will be available to support the implementation of this declaration and whether the declaration will be renewed upon its expiration in 90 days. The answers to these questions are important to healthcare providers who will need to invest resources and time into developing telemedicine programs to reach more substance use disorder patients, which may take longer than 90 days to implement.

On September 29, the Federal Trade Commission (FTC) formally announced a December 12th workshop on informational injury—the injury a consumer suffers when information about them is misused. The workshop will address questions such as, how to characterize and measure such injury and what factors businesses and consumers should consider the benefits and risks of collecting, using and providing personal information so as to gain further perspective for how the FTC should apply its legal framework for privacy and security enforcement under 15 USC § 45 (Section 5). In her September 19th remarks to the Federal Communications Bar Association, Commissioner Maureen Ohlhausen, the Acting Chairman of the FTC, metaphorically characterized the workshop’s purpose as providing the next brushstrokes on the unfinished enforcement landscape the FTC is painting on its legal framework canvas. The full list of specific questions to be addressed may be accessed here.

Background. The FTC views itself as the primary US enforcer of data privacy and security, a role it recently assumed. While the FTC’s enforcement against practices causing informational injury through administrative proceedings goes back as far as 2002, its ability to pursue corporate liability for data security and privacy practices under its Section 5 “unfair or deceptive trade practices” jurisdiction was only ratified in 2015 by the US Court of Appeals for the Third Circuit in FTC v. Wyndham Worldwide Corporation. The FTC has actively invoked its enforcement authority but, in doing so, has been selective in determining which consumer informational injuries to pursue by questioning the strength of evidence connecting problematic practices with the injury, examining the magnitude of the injury and inquiring as to whether the injury is imminent or has been realized. Continue Reading Upcoming FTC Workshop on Informational Harm | Next Brushstrokes on the FTC’s Consumer Privacy and Security Enforcement Canvas

On July 31, 2017, President Donald Trump’s Commission on Combating Drug Addiction and the Opioid Crisis recommended that he declare the opioid epidemic a national emergency. In August 2017 and again on October 16, 2017, the president indicated he would declare the opioid crisis a national emergency. While it is apparent that the nation is suffering a drug overdose and opioid-specific crisis, the question remains as to what effect such a declaration would have on combatting the crisis.

The president’s powers to declare a national emergency arise from the Stafford Act, and once a national emergency is declared, it enables 1) access to US Department of Homeland Security ‒ Federal Emergency Management Agency (FEMA) funding, with states able to request grants for the specific purposes of treating opioid addiction; 2) the ability to re-appropriate federal agency workers, such as those employed by the agencies under the US Department of Health and Human Services (HHS) umbrella, to specifically research and treat opioid addiction; and 3) waiver of federal Medicaid regulations to provide additional aid to beneficiaries, ensuring sufficient health care items and services are available to meet the needs of beneficiaries. Such a declaration would undoubtedly open up both federal and state governments to formulate a comprehensive, unified strategy to combat the opioid epidemic sweeping the nation. Continue Reading The Opioid Crisis: Declaring a National Emergency and the Effect on Remote Prescribing through Telemedicine

The Office of the National Coordinator for Health Information Technology recently released a report (the Report) detailing user experience research on patient access to health data. The Report sought to examine the experiences of 17 individuals and processes of 50 health systems, with commentary from four medical record fulfillment administrators, to determine how the medical record request process can be improved for consumers. The Report ultimately concludes that patients and health care providers alike are in need of a well-defined process that is convenient, expedient and transparent.

Background

The Health Insurance Patient Portability and Accountability Act (HIPAA) does not create a uniform process for storage and production of medical records across providers, and in-turn did not create a convenient request process for patients. Generally, patients have a right to access a designated record set, which includes 1) medical records and billing records about individuals maintained by or for a covered health care provider; 2) enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and 3) other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. Upon receipt of a request by a patient to access their health records, the covered entity receiving the request must produce the records within 30 days. Prior to producing those records, however, the covered entity must verify the identity of the individual making the request. This often involves signature verification or similar processes.

Continue Reading Many Lessons Still Need to be Learned regarding Patient Access to Health Care Information

As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Texas has eliminated its most restrictive requirement for delivering care via telemedicine in Texas, increasing opportunities for providers to reach patients using technology.  Senate Bill 1107 was passed on May 11, 2017, and the House added an amendment in passing Senate Bill 1107, which was approved in the Senate on May 18.  The bill was signed into law by Governor Abbott last weekend.

Read the full article.

Utah is one of the many states that started off 2017 with proposals to change its existing telehealth laws and regulations. Proposed Utah HB 154 (the Proposed Bill), endorsed by Ken Ivory and Allen Christensen, amends the regulatory infrastructure for telehealth, with a focus on mental health. Two of the key components of the Proposed Bill are listed below:

  • The Proposed Bill creates a scope of telehealth practices within the Utah Health Code. Under the scope of practice requirements, any provider using telehealth to provide care will be held to the same standard of care as that applicable to in-person care. In addition, the Proposed Bill stipulates that a provider may not prescribe using telehealth unless the provider has obtained the patient’s relevant clinical history and documented the relevant clinical history and current symptoms. The provider must also be available for follow-up care and familiar with available medical resources near where the patient was located during the telehealth consult.
  • The Proposed Bill enacts a new provision to the Utah Medical Assistance Act specifically enabling the provision of mental health services—treatment of mental conditions that are approved in the DSM-V—via telehealth technologies. This provision of the Proposed Bill is Utah’s attempt to increase access to behavioral and mental healthcare services in Utah. In particular, the DSM-V addresses substance abuse disorders as mental health disorders, and the telehealth provision will enable providers to help treat addiction using telehealth services where treatment facilities may not otherwise be available. Importantly, the Proposed Bill’s Medical Assistance Act amendment applies to any managed care organization that contracts with Medicaid, or any provider who is reimbursed under the Medicaid program, and requires insurers to disclose whether they provide coverage for telehealth services for mental health as part of the price and value comparison requirement under Utah law.

The Proposed Bill was passed by both the Utah House of Representatives and Senate and was enrolled on February 24, 2017. The Proposed Bill now awaits Governor Gary Herbert’s signature. If approved, the Proposed Bill will greatly expand access to health care for the mentally ill in Utah, and additionally provide more guidance to assist in the expanded use of telehealth and telemedicine services within the state.

Arkansas currently has one of the most restrictive telemedicine environments in the country, and was one of the last states to require an in-person examination to form a provider-patient relationship. Prior to September 2016, Arkansas telemedicine laws required an initial in-person encounter to establish a valid physician-patient relationship. In September 2016, the state expanded the formation of a provider-patient relationship to include a face-to-face examination using both real time audio and visual telemedicine technology that provides information at least equivalent to the information that would have been obtained through an in-person examination.

Then, early last month, Arkansas Senate’s Public Health, Welfare and Labor Committee approved Senate Bill 146, which was signed by the Governor and became Arkansas Act 203 on February 20th, which further amended the state’s telemedicine laws to, among other things, enable patients to access telemedicine services from their home or other remote locations. The Act modified the “originating site” location requirement, redefining “originating site” to permit services to be provided wherever the patient is located at the time of the consult.  While this change has the potential to expand the use of telemedicine in Arkansas, the Act added more to its restriction on the formation of a professional relationship through telemedicine, as it states that a professional relationship cannot be formed through an internet questionnaire, email message, patient-generated medical history, audio-only communication, text messaging, fax machine or any combination of these technologies. This provision reaffirms that a patient relationship can only be formed in Arkansas with an Arkansas-licensed provider utilizing both real time audio and visual technology.

Notably, the Act also has implications for school-based telemedicine programs, which are increasing in popularity across the country. Arkansas requires school-based telemedicine programs that treat Medicaid recipients to utilize either the minor’s regular pediatrician or other primary care physician; a physician with a cross-coverage arrangement with the regular pediatrician or primary care physician; or have authorization from the regular pediatrician or other primary care physician of the minor.  (In most cases, school-based telemedicine programs require a parent’s consent for telemedicine services, and a child’s pediatrician or other primary care provider is notified after the child treated via telemedicine.) This specific provision is particularly protective of the role of treating physicians, but does not include the requirement that a parent or guardian have the power to consent to the formation of a physician-patient relationship with a minor, which is ordinarily expected.

In sum, while the law will not make Arkansas a leader in expanded access to telemedicine, it will help bring Arkansas into line with the rest of the US.