The Department of Health and Human Services’ (HHS) Centers for Medicare & Medicaid Services (CMS) component has not comprehensively assessed the quality of care patients have received through telehealth services, and lacks some key data on telehealth services delivered in patients’ homes or via phone, according to a recent report published by the Government Accountability Office (GAO).
By law, Medicare pays for telehealth services under limited circumstances. But in response to the COVID-19 pandemic, HHS temporarily waived certain Medicare restrictions on telehealth services. When telehealth restrictions were lifted, the use of those services jumped tenfold – increasing to 53 million telehealth visits from April to December 2020 versus five million during the same period in 2019.
According to GAO, CMS took action to monitor some program integrity risks related to the telehealth waivers, but has more to do on that front.
“CMS lacks complete data on the use of audio-only technology and telehealth visits furnished in beneficiaries’ homes,” the report says. One reason for this, according to GAO, is that there is no billing mechanism for providers to identify all instances of audio-only visits. In addition, providers are not required to use available codes to identify visits.
“Complete data are important, as the quality of these services may not be equivalent to that of in-person services,” the report says.
GAO also found that CMS has not comprehensively assessed the quality of telehealth services delivered under the waivers and has no plans to do so, which the watchdog agency said is inconsistent with CMS’ quality strategy.
“Without an assessment of the quality of telehealth services, CMS may not be able to fully ensure that services lead to improved health outcomes,” the report says.
In addition, patients may also be unaware that their private health information could be overheard or inappropriately disclosed during their video appointments, GAO said.
In March 2020, HHS’s Office for Civil Rights (OCR) announced that it would not impose penalties against providers for noncompliance with privacy and security requirements in connection with the good faith provision of telehealth during the COVID-19 pandemic, the report explains.
And while OCR encouraged covered providers to notify patients of potential privacy and security risks, it did not advise providers on specific language to use or give direction to help them explain these risks to their patients.
“Providing such information to providers could help ensure that patients understand potential effects on their protected health information in light of the privacy and security risks associated with telehealth technology,” the report notes.
GAO made three separate recommendations for CMS to strengthen its telehealth oversight.
Specifically, it recommends CMS develop an additional billing modifier or clarify billing guidance of audio-only visits to allow the agency to fully track these visits; require providers to use the available site of service codes to indicate when Medicare telehealth services are delivered; and comprehensively assess the quality of Medicare telehealth services.
HHS neither agreed nor disagreed with the three CMS recommendations.
GAO also made a separate recommendation to the OCR to provide additional insight to providers to help them explain the privacy and security risks to patients in plain language when using video telehealth platforms to provide telehealth services.
OCR concurred with that recommendation.