The United States Government Accountability Office (GAO) has recently called for the Department of Health and Human Services (HHS) to strengthen their oversight and assist medicare telehealth providers to educate patients on Privacy and Security Risks. Due to the nature of the COVID-19 pandemic, Medicare temporarily waived restrictions on telehealth services to help patients access care without risk of exposure. As a result, the number of telehealth visits grew exponentially to over 53 million between April and December 2020. The unprecedented use of telehealth services has raised many concerns regarding the quality of care patients received and the lack of data to support its use.
The GAO was asked to conduct a review of telehealth services under the pandemic waivers. In the review the GAO sought to assess number of issues, particularly the utilization of telehealth services, CMS efforts to identify and monitor risks posed by Medicare telehealth waivers, and a change OCR made to its enforcement of regulations governing patients’ protected health information during the COVID-19 public health emergency. To do this, the GAO examined Medicare claims data between 2019 and 2020, federal statutes, CMS documents, OCR guidance, and interviewed agency officials.
The GAO found that following the waiver, there was a 14 percent decrease in the overall usage of all Medicare services, with a 25 percent decrease in in-person treatment use. In addition, the GAO discovered that after the waiver, telehealth services expanded throughout all provider specializations and that 5 percent of providers provided over 40 percent of services. In comparison to rural providers, urban providers provided a higher proportion of their services via telehealth; the most frequent services were office visits and psychotherapy. Furthermore, the GAO found that while the OCR urged covered providers to inform patients of possible privacy and security concerns related to telehealth services, they failed to advise providers with direction and the appropriate language to use when detailing those risks. The GAO has made 3 recommendations for the CMS to strengthen its oversight of telehealth services. These include providing clarity in its guidance relating to billing of audio-only office visits, requiring providers to use available sites of service codes, and assessing the quality of Medicare services comprehensively. For the OCR, the GAO recommends additional education, outreach, or assistance to providers.