Disruption of traditional health care is inevitable and poses a central challenge for health care governance. While the size and complexity of the health care industry have slowed the process of business disruption, its high costs and lack of convenience make it highly vulnerable to innovative, nontraditional competitors.

To make sure boards are well-prepared to address this challenge, McDermott Will & Emery and Kaufman Hall have partnered on a new thought leadership series designed to help you identify the signs of disruption, learn how to prepare your organization, and understand the implications for health care governance.

Get critical insights on how to spot, prepare for and manage disruption in your organization now:

  • Listen to Surviving Disruption Podcast, Episode 1: The Signs of Disruption.
  • Download Is Your Organization Disruption Ready? Questions to Assess Preparedness.
  • View our Top 5 Business Disruption Considerations for Corporate Governance infographic.
  • Watch our Behind the Scenes: The Making of the Surviving Disruption Podcast Series video.

Subscribe to the Surviving Disruption podcast on iTunesSoundCloud and Pocket Casts, and keep an eye on the Resource Center for Episode 2: The Path Through Disruption and Episode 3: A Governance Foundation, being released on December 27 and January 10.

The Centers for Medicare & Medicaid Services (CMS) reiterated its commitments to expanding access to telehealth services and paying “appropriately” for services that maximize technology in the Medicare Program; Revisions to Payment Policies under the Physician Fee Schedule and Other Revisions to Part B for CY 2018; Medicare Shared Savings Program Requirements; and Medicare Diabetes Prevention Program Final Rule published on November 15, 2017 (the Final Rule). Among many other developments, the Final Rule expands allowable telehealth reimbursement under the calendar year (CY) 2018 Physician Fee Schedule, List of Medicare Telehealth Services (list) and permits virtual sessions in certain circumstances under the Medicare Diabetes Prevention Program Expanded Model (MDPP, or the Program). The regulations are effective January 1, 2018.

“New” and “Add-On” Telehealth Services Slated for Reimbursement

CMS evaluates requests for the addition of telehealth services on the basis of two categories: (1) services that are similar to services already on the list and (2) services that are not similar to services already on the list. An evaluation of a category (2) service requires CMS to assess, based on the submission of evidence, whether the use of a telecommunications system to furnish the service “produces demonstrated clinical benefit to the patient.” Continue Reading Slow and Steady – CMS Expands Telehealth Reimbursement Opportunities in 2018

In September, the Office of the National Coordinator for Health Information Technology (ONC) announced that it is scaling back requirements for third-party certification of criteria related to certified electronic health record (EHR) technology (CEHRT). Going forward, ONC will allow health developers to self-declare their products’ conformance with 30 of the 55 certification criteria.

ONC will also exercise discretion and not enforce the requirement that certification bodies conduct randomized surveillance of two percent of the health IT certifications they issue.

Read “ONC’s De-Regulatory Announcement Aims at Enticing Industry to Adopt 2015 Edition Criteria.”

Copyright 2017, American Health Lawyers Association, Washington, DC. Reprint permission granted.

Jennifer Geetter and Lisa Schmitz Mazur wrote this bylined article on the regulatory implications of technology-supported devices, resources, and solutions that facilitate health patient-provider interaction. “Health industry regulators are struggling with how to apply the existing privacy regulatory regime, and the permitted uses and disclosures for which they provide, in this new world of healthcare innovation,” the authors wrote.

Continue reading.

As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Texas has eliminated its most restrictive requirement for delivering care via telemedicine in Texas, increasing opportunities for providers to reach patients using technology.  Senate Bill 1107 was passed on May 11, 2017, and the House added an amendment in passing Senate Bill 1107, which was approved in the Senate on May 18.  The bill was signed into law by Governor Abbott last weekend.

Read the full article.

On March 23, 2017, the New York Attorney General’s office announced that it has settled with the developers of three mobile health (mHealth) applications (apps) for, among other things, alleged misleading commercial claims. This settlement highlights for mHealth app developers the importance of systematically gathering sufficient evidence to support their commercial claims.

Read the full article.

Digital health—the intersection of health care related software applications, analytical tools, medical device technology and electronic data assets that are enabled and achieved through the use of the internet and hand-held devices—is empowering the innovation needed to meet the imperative for a transition from payment based on volume to payment based on value that is evaluated in terms of measurable improvements in care delivery and population health.

ODI post 2

One prominent example is the use of digital health solutions to implement the payment innovation contemplated by the Medicare Access and CHIP Reauthorization Act (known as MACRA)—which directly ties both payment increases and reductions to various, specific efficiency and value measures. The Merit-Based Incentive Payment System (MIPS), one of the two available payment pathways under MACRA, assigns points to clinicians in different performance categories, several of which promote the adoption of digital health solutions. To illustrate:

  • The Quality category requires six measures to be reported, many of which may be leveraged through the use of digital health tools. For example, the Maternity Care: Post-Partum Follow-Up and Care Coordination measure tracks the percentage of patients who were seen for post-partum care within eight weeks of giving birth who received particular evaluations, screening and education. Obstetricians, gynecologists and family medicine practitioners could earn points under this measure by using telemedicine technologies, like videoconferencing platform, to engage in virtual patient visits with post-partum patients to answer the patient’s questions, provide education on the recovery process and assess the patient’s physical and mental health status, including the performance of mandatory post-partum depression screenings.
  • The Advancing Care Information category requires the use of certified electronic health record technology to coordinate care through patient engagement (g., secure messaging). The implementation of patient portals with integrated messaging platforms facilitate communication between the patient and health care practitioner, providing additional functionalities like sending reminders, engaging in dialogue about follow-up care, encouraging preventative action and distributing educational materials. These portals typically also give the patient access to timely and informative data, like test results, that allow the patient to play a role in decision making and (hopefully) empower the well-informed consumption of care.
  • The Clinical Practice Improvement category is perhaps the best opportunity for digital health integration. Activities that improve beneficiary engagement, population management, expanded practice access and care coordination—among others—are assigned points and weighted. Here, mobile apps have the capability to enable e-visits via videoconference as an alternative method to an in-person visit; facilitate questionnaire reporting; and send reminders, materials and other notifications to alert and educate patients about services due. The apps also provide opportunities to generally inform the delivery of care for the specific patient by sending alerts to providers to indicate that it’s time for a visit or that a problematic symptom was noted on a questionnaire. Further, clinical practices could leverage app-sourced data to gain information about patient trends, clinical areas of concern or successes related to digital health tool utilization.

For additional examples and insights on how digital health tools will be necessary for a successful transition to alternative payment schemes, please read Managing the Transition to Transformation: Digital Health Solutions: Essential Ingredients in Alternative Health Care Delivery and Payment Innovations.

In its tenth OCR Cyber Awareness Newsletter of the year (Newsletter), the Office for Civil Rights (OCR) reminded HIPAA-covered entities and business associates of the importance of selecting an appropriate authentication method to protect electronic protected health information (ePHI). Authentication is the process used to “verify whether someone or something is who or what it purports to be and keeps unauthorized people or programs from gaining access to information.” The Newsletter notes that the health care sector has been a significant target of cybercrime and that some incidents result from weak authentication methods.

Authentication methods can consist of one or more factors and are often described as: (1) something you know, such as a password; (2) something you are, such as a fingerprint; or (3) something you have, such as a mobile device or smart card. Single-factor authentication requires use of only one of the methods. Multifactor authentication requires use of two or more methods (for example, a password prompt followed by an additional prompt to a mobile device). Continue Reading OCR Guidance Underscores Importance of Authentication under HIPAA

On August 3, 2016, the Federal Trade Commission (FTC) staff submitted public comments regarding the Delaware Board of Occupational Therapy Practice’s proposed regulation for the provision of occupational therapy services via telehealth in Delaware (the Proposed Regulation).  The FTC’s comments to the Proposed Regulation follow its comments to Alaska’s telehealth legislation earlier this year and evidence its continued focus on telehealth’s ability to foster flexibility in health care delivery by increasing practitioner supply; encouraging competition; and improving access to affordable, quality health care.

By way of background, in 2015, Delaware amended its Insurance and Professions and Occupations Code (the Code) to include the regulation of telehealth and telemedicine services, including the delivery of occupational care remotely under existing, in-person standards of care.  Consistent with the Code, the Delaware Board of Occupational Therapy Practice (the Board) revised its rules and regulations to address telehealth services.  The Proposed Regulation defines telehealth as “the use of electronic communications to provide and deliver a host of health-related information and health care services, including occupational therapy related information and services, over electronic devices. Telehealth encompasses a variety of occupational therapy promotion activities, including consultation, education, reminders, interventions, and monitoring of interventions.”

The Proposed Regulation gives Occupational Therapist and Occupational Therapist Assistant licensees’ (Licensees) discretion in assessing and determining the appropriate level and type of care for an individual patient, provided that certain requirements are satisfied. Specifically, under the Proposed Regulation, Licensees that provide treatment through telehealth must have an active Delaware license in good standing to practice telehealth in the state of Delaware.  In addition to obtaining informed consent and complying with confidentiality requirements, the licensee must also: (1) be responsible for determining and documenting that telehealth is an appropriate level of care for the patient; (2) comply with the Board’s rules and regulations and all current standards of care requirements applicable to onsite care; (3) limit the practice of telehealth to the area of competence in which proficiency has been gained through education, training and experience; (4) determine the need for the physical presence of an occupational therapy practitioner during any interactions with patients, if he/she is the Occupational Therapist who screens, evaluates, writes or implements the plan of care; (5) determine the amount and level of supervision needed during the telehealth encounter; and (6) document in the file or record which services were provided remotely. (24 Del. Admin. Code § 2000-4.2.)

Staff of the FTC’s Office of Policy Planning and its Bureaus of Competition and Economics, responding to the Board’s request for public comments, stated that by not imposing rigid and unwarranted in-person care and supervision requirements, the Proposed Regulation could have various positive impacts, including: (1) improving access to cost-effective, quality care, especially for patients with limited mobility; (2) reducing Medicaid’s transportation expenditures as well as individuals’ pecuniary and time costs; (3) addressing anticipated workforce shortages in the health care sector by increasing practitioner supply and facilitating care of an aging population; and (4) enhancing competition, consumer choice and access to care.

The FTC did recommend the clarification of the Proposed Regulation on the scope of practice of Occupational Therapist Assistants.  The determination of the appropriateness of remote care and decisions about the amount and level of supervision during a telehealth encounter are expressly restricted to Occupational Therapists, while all other requirements also apply to Occupational Therapist Assistants.  The FTC noted that the ambiguities regarding the role of Occupational Therapist Assistants in telehealth evaluations and the determination of whether to use telehealth could discourage their participation in telehealth care.

If you haven’t heard about newest gaming craze yet, it’s based on what is called “augmented reality” (AR) and it could potentially impinge on your home life and workplace as such games allow users to “photograph” imaginary items overlaid with objects existing in the real world. An augmented reality game differs from “virtual reality” in that it mixes elements of the real world with avatars, made up creatures, fanciful landscapes and the like, rather than simply presenting a completely fictional scenario. Whether you play such games yourself or are merely existing in nearby surroundings, here are few things to think about as an active participant, and some tips regarding Intellectual Property and confidentiality issues that arise from others playing the game around you.

Augmented reality games are typically played on a smartphone app and some of them allow the user to capture images of the player’s experience and post it on social media, text it to friends or maintain it on the phone’s camera roll. However, special glasses could be used or other vehicles could deliver the augmented reality experience in different contexts—not just gaming. For example, technology in this area is rapidly advancing which will allow users to link up and “experience” things together way beyond what exists in the real world, i.e., in a “mixed world” experience, if you will. These joint holographic experiences are just one facet of the direction that augmented reality is taking.

As always, with new technological advancements, there are some caveats to using AR that you should be aware of.

Trademarks

If a company’s trademark is visible in the photo of your AR experience, you need to be mindful that you do not run afoul of trademark laws. For the same reasons that some trademarks are blurred out on TV shows, you should not be publishing such photos in any fashion that might draw negative attention from the trademark owner on social media accounts. Even if you are not selling competing goods, you could potentially be liable for trademark infringement. There is another, more important reason not to post such photos that is discussed below and can lead to a second cause of action against you arising from the same photo—the right of publicity, which is a personal right and is treated in vastly different ways in each state.

Right of Publicity

The Right of Publicity (ROP) protects everyone from misappropriation of his/her name, likeness, voice, image or other recognizable element of personal identity. It is protected by state law and many states vary greatly in their treatment of ROP. For example, some states protect a person’s ROP post-mortem, whereas others have no protection whatsoever. Due to the ease with which still or moving images can be reproduced and posted on the Internet, it is critical that you consider your postings from a ROP standpoint before you upload that image to a social media account. For instance, if your photo features your best friend taken in a shared AR experience, she may not object to you posting her photo to one of your social media accounts. However, if a brand name clothing manufacturer reposts it and somehow uses the momentum of the AR craze to show how game players and/or the avatars and creatures within the game are attracted to their brand of clothing, it could result in not just an issue with the game developer, but also your best friend, who may now be the unwitting spokesmodel for that brand of clothing. Basically, the manufacturer would be receiving an unfair free endorsement deal without ever having to negotiate with your best friend. In many states, she would have a ROP cause of action against the clothing manufacturer for commercial use of her image without her permission. This is exponentially dangerous if the best friend is a minor and her parents have not consented to this use of her image. As you can see, the landscape is fraught with potential pitfalls unless you are a news reporting agency or the like and your actions clearly fall under the First Amendment/free speech exception.

Confidential Information

One very important aspect of an AR game is a player’s ability to capture a photograph of the scene being explored or the personal experience of the user in a real world setting (e.g., it could show your desk at work, but in an outer space setting, or your car dashboard with the view from the driver’s perspective out the windshield showing a fairyland with mythical creatures in the distance). However, in taking these mixed virtual/real world photos, it is essential to be mindful of your surroundings. Doctors, lawyers, mental health professionals, bankers, and others with a much higher level of fiduciary duty to their clients must ensure that if they are taking such photos, no confidential information that would breach such duties is captured in the photos. Whether taken in the app itself or in screenshot form, these photos could prove to be problematic if they are automatically uploaded to the cloud or captured in the app. For example, a judge recently tweeted that defense counsel had beenplaying an AR game in the courtroom while court was in session. Setting aside the appropriateness of such behavior, query whether such actions violate confidentiality rules.

For all such professionals there are governing rules about the treatment of certain types of confidential information (The Gramm-Leach-Bliley (GLB) Act, The Health Insurance Portability and Accountability Act (HIPAA), etc.). If the game is set to capture images of the AR characters or scenes in the real world then anything within the player’s view or in the surrounding area is captured in the photograph with the character. To the extent that confidential personal information or trade secret information is being captured, this is a problem. The quick fix is to set the game to have a fully virtual background, rather than an AR one, a feature that some AR games already have. Although this is arguably less fun, it mitigates the danger of capturing sensitive data on your camera roll, in the cloud, or accidentally posting it, all of which could have very serious consequences.

In summary, the new AR games are wildly popular and likely are here to stay. Given that, it’s best to be mindful of your surroundings and make sure that you, and those around you, are playing responsibly.