On October 2, 2020, Health and Human Services (HHS) Secretary, Alex M. Azar II, announced the renewal of the public health emergency declaration due to the continued consequences of the COVID-19 pandemic. The 90-day renewal is effective October 23, 2020, and extends until January 20, 2021.
The renewal impacts a number of regulatory flexibilities and temporary rules applicable to health care providers including, but not limited to, 1135 Waivers, HIPAA enforcement discretion, and fraud and abuse enforcement discretion – all of which are effective only for the duration of the public health emergency.
Section 1135 of the Social Security Act grants HHS the power to waive and/or modify certain federal healthcare requirements during a federal emergency to (i) ensure individuals enrolled in Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP) have sufficient access to health care items and services and (ii) protect health care providers furnishing such items and services in good faith during emergency conditions against penalties for noncompliance.
Presently, HHS and the Centers for Medicare and Medicaid Services (CMS) have issued numerous “blanket” waivers and state-specific Medicaid waivers in connection with the COVID-19 public health emergency (including waiversrelated to sanctions under the physician self-referral law (Stark Law) for COVID-19 purposes).
These waivers afford health care providers enhanced flexibility with regard to Medicare telehealth services, waive certain physician hospital privilege requirements/credentialing process requirements, and suspend many reporting requirements.
HIPAA Enforcement Discretion
The HHS Office of Inspector General (OIG) has issued various guidanceproviding for OIG enforcement discretion with regard to certain provisions of HIPAA (e.g., privacy, security, and breach notification rules) as it relates to permissible telehealth practices, business associates making disclosures for public health purposes, and community-based testing sites (CBTSs).
Note that in conjunction with the relaxation of certain federal HIPAA privacy and security rules during the public health emergency, health care providers should continue to be cognizant of compliance with other applicable state privacy laws to the extent they are still in effect.
Fraud and Abuse Enforcement Discretion
In connection with applicable HHS waivers, the HHS Office of Inspector General (OIG) has issued guidance relaxing the imposition of administrative sanctions under the Anti-Kickback Statute and Stark Law for certain COVID-19 response activities (see also this OIG Policy Statement regarding physicians and other practitioners that reduce or waive amounts owed by federal health care program beneficiaries for telehealth services during the public health emergency).
Note that HHS retains the discretion to terminate the public health emergency at any timeand is not required and/or obligated to extend the present declaration beyond its January 20, 2021 expiration. Accordingly, health care providers should be mindful of termination, expiration, and renewal timelines applicable to COVID-19 related emergency measures, which could immediately eliminate current regulatory flexibilities (such as the ones discussed herein).