by Wyn Staheli, Director of Research
March 25th, 2020
Your inbox is probably like mine with all sorts of announcements about COVID-19. Here are just a few reminders of things we felt should be passed along.
Malware, Phishing, and Other Scams
We have heard of several cases of cybercrime related to this outbreak. For example, there was a coronavirus map which loads malware onto your computer (CLICK HERE for information about that). There was even a map that locked a cell phone demanding a ransom. According to ZDNet, “...cybercriminals are now creating and putting out thousands of coronavirus-related websites on a daily basis.” Be sure you have updated your malware software and run the appropriate scans. Warn all staff to beware of clicking on links in emails. As more and more individuals are working from home, this becomes more critical. Be sure you are obtaining information and updates from reliable sources.
Be aware of phishing attack attempts by doing the following:
- Hover: Before clicking on a link, hover over it and see if the domain address looks good
- URL: Look for typos in the domain/URL address which usually means that it’s fraudulent. In fact, any typos anywhere in the email could also be a red-flag.
- Sender: Look at the sender's email address and make sure that it matches the actual address you have in your contact list
- Ask: Before you click on something that looks questionable, ask a coworker or someone else you trust if it looks ok to them.
In regards to scams, the OIG just announced they are alerting the public about different types of fraudulent activities aimed at Medicare beneficiaries. These include“marketing fake COVID-19 test kits and unapproved treatments through telemarketing calls, social media platforms, and door-to-door visits.” You may wish to pass along that information to your patients.
Medicare and many other payers are waiving many of the telehealth requirements. But, this doesn’t mean that it’s a free-for-all. While Medicare has stated that healthcare providers can temporarily ‘see’ patients out-of-state or use non-HIPAA compliant services (e.g., Skype), it doesn’t change scope of practice. We all know that Medicare doesn’t pay for E/M services rendered by a chiropractor and that rule didn't change. BUT there are other payers who do.
Please note that the OCR didn’t say that HIPAA doesn’t apply for telehealth, they only said that they would “waive potential penalties for HIPAA violations against providers who serve patients through everyday communication technologies during the COVID-19 public health emergency.” That doesn’t say that HIPAA doesn’t apply — only that they will waive those HIPAA penalties. You could still be audited down the road.
Do NOT assume that just because Medicare is allowing changes to their telehealth policies that all payers will be doing the same thing. We have heard of differences between payers so you need to check and see what is allowed and what is NOT allowed on a payer-by-payer basis.
For more information about HIPAA and COVID-19 CLICK HERE. There are some professionals that are quite concerned about the long-term ramifications of this loosening of requirements.
Webinar: We will be hosting a webinar on Tuesday, March 31 at 11:30 am MST on this subject. Please see your email for registration information.
New codes have been released (ICD, CPT, and HCPCS) during this pandemic. If you are legally allowed to provide E/M services and are billing those services, you may wish to read this comprehensive article about the codes to use for billing these services: Understand the New Codes for Testing & Reporting the COVID-19 Coronavirus (SARS-CoV-2)