Question of the Week


Question of the Week:    When do the Metropolitan Statistical Area changes take effect?   These changes will have an impact on CMS’s telemedicine reimbursement.

Answer:  Earlier this year, the Federal Office of Management and Budget (OMB) announced changes in designations for Metropolitan Statistical Areas (MSAs).

MSAs are geographic entities OMB delineates for use by Federal statistical agencies in collecting, tabulating, and publishing Federal statistics.

These MSA changes were announced on February 28, 2013.

According to the Centers for Medicare & Medicaid Services (CMS), these changes in MSA designations were effective immediately upon announcement on February 28th.

This February 28th date is important for telemedicine reimbursement.  One CMS requirement in Federal law uses the MSA designation to determine whether an originating site is eligible for reimbursement.  Thus, determining whether your originating site is outside a MSA is very important.

You can learn more about how to determine your originating site’s eligibility by visiting “How To Determine If Your Site Is Rural”.

Question of the Week:    Is A Business Associate Agreement Required?

Question:  We are a reseller of telemedicine technology and services to health care providers that are covered entities under the requirements of the Health Insurance Portability and Accountability Act (HIPAA).  We provide various components of telemedicine equipment, including video conferencing/telemedicine carts with peripherals and scopes.  We also will provide an 800 number help desk to provide technical support for the video conferencing system.  We will provide onsite replacement for damaged or non-functioning devices.  Training will be provided by vendors supplying the equipment.

Because the installation, testing, and training of the equipment and software will not involve an actual patient or any patient information, we will not have any access to Protected Health Information.

With this particular arrangement, are we considered to be a Business Associate for purposes of HIPAA, and thus required to enter into a BA agreement with the health care provider?

Answer:  The HIPAA Privacy and Security Rules apply only to “covered entities”, such as health plans, health care clearinghouses, and certain health care providers.  Because most health care providers and health plans do not carry out all of their health care activities and functions by themselves, the services of a variety of other persons or businesses are utilized—some of whom may qualify as Business Associates depending on a variety of factors.  In this case, the health care provider is securing telemedicine technology and ongoing support from this reseller.  The question is, “Is the reseller a Business Associate and therefore, required to enter into a Business Associate Agreement (BAA) with the health care provider?”

By way of quick review, covered entities are allowed to disclose protected health information to these “business associates” if the providers or plans obtain satisfactory assurances, through a BAA, that the business associate will use the information only for “the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule.”

There are, however, a number of stated exceptions to the BAA requirement under HIPAA where a BAA agreement is not required.  In this case, because the reseller states its activity will not involve any access to Protected Health Information (PHI), the following is an exception taken directly from the Department of Health and Human Service’s guidance:  “With persons or organizations (e.g., janitorial service or electrician) whose functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all.”

The key here is access to PHI.  If the reseller does not any have access to PHI, it will not be a Business Associate under HIPAA, and, therefore, a BAA agreement between the reseller and the health care providers is not required as part of a covered entity’s HIPAA Privacy Rule responsibilities.


May 29, 2012

Rene Quashie
CTeL Legal Resource Team Member
Epstein Becker & Green PC
Washington, DC

Question:  The primary care physician seeing the patient through telehealth is under contract with the critical access hospital (CAH).  This physician does not bill Medicare for the encounter.  The patient is being seen at a CAH’s outpatient clinic.  The patient is being presented by a registered nurse to the primary care physician.

Can the CAH bill for the telehealth originating site fee?  Can the CAH bill Medicare for the primary care physician’s telehealth encounter?

Answer:  According to an email received by The Robert J. Waters Center for Telehealth and e-Health Law (CTeL) from the Centers for Medicare & Medicaid Services, “a CAH could bill for both the primary care physician visit and the telehealth originating site fee, provided that the physician/practitioner reassigns his/her billing rights to the CAH (this is referred to as the method II or optional method election) and all telehealth eligibility and other rules are met.”

Question:  What steps can organizations take to detect potential malpractice by providers aligned with their programs?

Answer:   That depends on how serious the problem seems to be, and what resources are available to address it.  Remember that many telemedicine interactions are recorded; those that are not, can be.   Such recordings are two-edged swords.

If cost-justifiable, a peer reviewer, volunteer or hired, could check out each such interaction, or, more realistically, some sample of same.  Less costly, though also less sensitive: the host institution could regularly poll patients, to assess their satisfaction levels.

That Dr. X gets more than his share of complaints certainly does not prove he is breaching the standard of care, but a) it could be a clue, at least in some instances; and b) those who provoke patients tend to be more frequent targets of claims, justified or not.  The sponsoring organization could require, as a condition of participation, that each provider notify it within, say, five business days of a) any complaints, or b) any requests for records from either the patient, his family, or his legal representative.

In this era of social media, the organization can monitor what is said about it on blogs, Facebook, etc. (It’s a good idea for it to Google itself from time to time anyway, not just for potential medical malpractice allegations but just to keep tabs generally on who is saying what about it.)  The sponsoring facility might also be able to work with its malpractice carrier to identify “problem child” providers.

Joseph P. McMenamin MD, JD
CTeL Legal Resource Team
Partner, McGuireWoods LLP
Richmond, Virginia
jmcmenamin at

Question:  A physician is licensed in State A.  However, she lives part time in State B.   She is not licensed to practice medicine in State B.   While living in State B, can she practice telemedicine for a patient physically located in State A (where she is licensed), even though she is not licensed in State B?

Answer:  To answer this question, CTeL starts with the necessary qualifiers.  Because we must answer this question through the view of 50 states and 50 state laws and regulations, there could be specific states where this doesn’t hold.

If the doctor is seeing patients via telemedicine in only that state where she is licensed (State A), there should be no need to become licensed in the state of her temporary residence (State B).  In this hypothetical (and again, without researching specific state law), no license should be necessary in the state of temporary residence (State B).  After all, if she phoned in a script from one state to another, she wouldn’t need a license to do that.  We would see this in similar terms.

CTeL’s members-only library contains 50 state surveys on information related to physician licensure and internet/telemedicine prescribing.   Contact CTeL for more information on CTeL membership and how you can obtain access to these 50 state legal and regulatory surveys.

Question:  Is a Certified Diabetes Educator (CDE) an eligible provider for Medicare reimbursement?

Answer: According to the Centers for Medicare & Medicaid Services, the certification for diabetes education alone doesn’t make one an eligible Medicare practitioner.  A CDE would also have to qualify as one of the other distant site practitioner types, for example, a nutritional professional, in order to be eligible to be an eligible, distant site practitioner.

Question:  Regarding the new credentialing and privileging procedures for telemedicine entities, local practices, and hospitals, what is CMS policy if 1) the contract for telemedicine services is between the local practice and the Telemedicine Entity and 2) the written credentialing agreement is between hospital and telemedicine entity and establishes that the Telemedicine Entity will perform its credentialing and privileging activity in a manner that enables the hospital to comply with the CoPs?

Answer:  CMS has provided clarification on this issue by stating that “as long as the hospital using the telemedicine services of the telemedicine entity (whether that is directly or through a local practice with which the hospital has a separate agreement), has a written agreement with the telemedicine entity in which the telemedicine entity ensures that it will enable the hospital to comply with the CoPs, then the hospital is in compliance with these new requirements.  This means that the telemedicine entity enables the hospital to meet all applicable CoPs, including those pertaining to credentialing and privileging of its practitioners.”

Please contact CTeL at or call 202-499-6970 should you have questions about this aspect of the telemedicine credentialing process.

Question:  When the local hospital or critical access hospital signs the contract and receives the list of practitioners from the hub site-what then?  Does the local hospital/CAH get to pick and choose who they want out of the list?  Do they have to accept everyone on the list?

Answer:  To put this question into perspective, it’s important to note that the credentialing and privileging process put in place by the Centers for Medicare & Medicaid Services is totally voluntary on the part of either hospital or entity.   According to the CMS rule, the medical staff of the originating site hospital may rely up on the credentialing and privileging decisions of the distant site in making their internal credentialing and privileging recommendations to the originating site’s governing body.  As a result, the originating site makes the final decision on who is credentialed in that facility and what privileges are granted.   By holding this responsibility, the originating site hospital is not required to automatically accept each credentialed practitioner, nor each specific privilege that practitioner may have from the distant site.

Question: What prescribing and dispensing regulations govern telepharmacy practice in the state of Arizona?

Answer:  After consulting The Arizona State Board of Pharmacy, CTeL learned that providers may practice pharmacy using telecommunications technology provided that they comply with the state  “double check” regulations.  This provision requires an independent double-check procedure in which two pharmacists, alone and apart from each other, separately check each component of dispensing and verify the medication particulars, then compare results before giving it to the patient to self-administer.

Both The Joint Commission and the Physician Insurers Association of America suggest the following details be double checked in order to ensure the fewest number of prescription errors:

  • Medication dosage, route, and form
  • Generic and trade names
  • Confirm appropriate reason for use
  • Check for known allergies

The Shared Services regulation [Ariz. Admin. Code § R4-23-621] does not prohibit this function from being performed telemedically.  There are two stipulations the Arizona Board of Pharmacy places on the practice of telepharmacy:

An individual pharmacist licensed in Arizona, who is an employee of or under contract with a pharmacy, or an Arizona-licensed graduate intern, pharmacy intern, pharmacy technician, or pharmacy technician trainee, working under the supervision of the pharmacist may access[ ] th[e] pharmacy’s electronic database from inside or outside the pharmacy and perform[ ] the order processing functions permitted by the pharmacy act, if

1. The pharmacy … establishes controls to protect the confidentiality and integrity of patient information; and

2. None of the database is duplicated, downloaded, or removed from the pharmacy’s electronic database.

[Ariz. Admin. Code § R4-23-621(f)]

For a full disclosure of the Shared Services regulatory provision, visit The Arizona State Board of Pharmacy’s website.

Posted Jul 25 2011 by Alexandra Gadzichowski in CTeL News

Question: The FDA has announced a final rule that classifies Medical Device Data Systems (MDDS) as “class one”  — eliminating premarket approval by the agency prior to marketing.  How does this impact the telehealth community?

Answer: Many devices commonly used in telemedicine, for non-active patient monitoring, may be included in this category.

Posted Feb 25 2011 by Greg Billings in CTeL News

When is CMS expected to issue their final rule on credentialing and privileging of telehealth providers? How soon will it be enforced once it’s implemented?

Officials from the Centers for Medicare and Medicaid Services (CMS) report they are pressing hard to meet a March 1st deadline to issue the final rule on credentialing and privileging of telehealth providers.  This is in follow up to the proposed rule that was issued on  May 26, 2010.  The comment period closed on  July 26, 2010.

The CMS officials cautioned that a rule must pass through many steps within the Executive Branch once it leaves CMS (for example, approval by the Department of Health and Human Services and the Office of Management and Budget).  CMS can’t guarantee a March 1st publication, but that’s their goal.

Because of the importance and interest in the telehealth community, we sought guidance from CMS on how enforcement will be handled once the final rule has been published.   CMS officials indicate there will be some time before the rule and it’s requirements are phased into effect, in a practical sense.  CMS survey staff will need to be trained on the new rule.  In addition, CMS will need to make certain that outside accreditation organizations are trained in the new rule as well.  This won’t be an overnight process.    While a final rule’s effective date could be the date of publication, more typically final rules include a 30-60 effective date.

CTeL will be working to present an informational webinar on this credentialing and privileging rule in mid-March, once the rule has been issued and we have the time to analyze it.   Should CTeL learn anything further, we’ll let you know.  Stay tuned for further details.

Posted Feb 8 2011 by Greg Billings in CMS, Credentialing and Privileging, Medicare

CTeL has created a “Question of the Week” section and is interested in hearing from you – feel free to leave your comments below:

QUESTION: Are physicians permitted to order lab tests (i.e. blood tests, mammograms, etc) before establishing a physician-patient relationships and/or administering a physical examination?

ANSWER: CTeL has conducted preliminary research on this topic.  The majority of states do NOT require an established physician-patient relationship before lab work is ordered.  However, CTeL did find that New Jersey does require an established physician-patient relationship.  CTeL will keep you posted as our research progresses.

Posted Dec 10 2010 by Christa Natoli in News