O’Neil Cannon has been ranked in the 2021 U.S. News – Best Lawyers® “Best Law Firms” list in 16 practice areas:

• Bankruptcy and Creditor Debtor Rights / Insolvency and Reorganization Law
• Business Organizations (including LLCs and Partnerships)
• Commercial Litigation
• Construction Law
• Corporate Law
• Family Law
• Litigation – Bankruptcy
• Litigation – Insurance
• Litigation – Labor and Employment
• Mergers and Acquisitions Law
• Personal Injury Litigation – Plaintiffs
• Product Liability Litigation – Defendants
• Real Estate Law
• Securities / Capital Markets Law
• Tax Law
• Trusts and Estates Law

Firms included in the 2021 “Best Law Firms” list are recognized for professional excellence with persistently impressive ratings from clients and peers. Achieving a tiered ranking signals a unique combination of quality law practice and breadth of legal expertise.

During the estate planning process, it is important to consider what types of assets make up your estate. Specifically, you should understand the difference between your “probate” and “non-probate” assets. As you might imagine, your probate assets are the ones that must go through probate, a time-consuming and costly process which we previously discussed here.

Contrary to popular belief, a Last Will and Testament will not, on its own, help your estate avoid probate. Whether or not your estate is subject to probate depends on whether your estate consists of probate assets.

Probate assets are those that are owned solely by the decedent, without any beneficiary designations, transfer-on-death designations, payable-on-death designations, or joint ownership with rights of survivorship. Assets titled solely in the name of the decedent must go through probate—a court-supervised process—to be transferred or distributed to your loved ones. The probate process is necessary for these types of assets because only a court can legally transfer title after a person’s death.

Non-probate assets are those with beneficiary designations, transfer-on-death designations, or payable-on-death designations. They also include assets that are titled in the name of a trust or titled as joint tenants with rights of survivorship. Unlike probate assets, non-probate assets will be transferred directly to your beneficiaries upon your death without any court supervision.

Many people seek an estate plan to avoid or minimize the probate process. Probate avoidance strategies can be personalized to your unique circumstances. If you would like more information on estate planning options to avoid probate, please contact attorney Kelly M. Spott.

As we have mentioned previously, there is no overarching federal data privacy law in the United States. By contrast, the European Union’s General Data Protection Regulation (GDPR) regulates data privacy, including consumer data, in all sectors. Although there is no overarching federal data privacy law in the United States, there are a few sector-specific laws. In health care, for example, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) govern many aspects of privacy. Also, the Telecommunications Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) touch on privacy issues in marketing. Still, there is no federal law specifically regulating the use of consumer data.

Despite the lack of consumer privacy statutes in the United States, the Federal Trade Commission (FTC) has been active for years in protecting American consumers against certain unfair and deceptive practices involving data privacy. The Federal Trade Commission Act (FTC Act) includes an extremely brief section that serves as perhaps the most important provision in U.S. privacy law. Section 5 of the FTC Act states simply: “unfair or deceptive acts or practices in or affecting commerce . . . are . . . declared unlawful.” This single line, which does not specifically mention privacy, has been used by the FTC and Congress to make the FTC the de facto privacy enforcement agency of the federal government.

The FTC defines “Unfair Trade Practices” as any practice that results in a substantial injury, that lacks offsetting benefits, and cannot be easily avoided by consumers. In the privacy context, the FTC often looks at practices that unreasonably leave consumers’ data vulnerable to hacking or theft. Should a company collect the personal data of an individual in connection with a product or services and make inadequate efforts to protect that data, the FTC may seek enforcement for violation of Section 5 of the FTC Act. Conversely, “Deceptive Trade Practices” involve material statements or omissions that are likely to mislead consumers who are otherwise acting reasonably. Deceptive practices can include false representations or false promises. Importantly, the FTC has taken the position that failure to adhere to the steps, standards, and promises contained in a privacy notice is a deceptive trade practice. Thus, for example, should a company state in its privacy notice that it will not transfer a consumer’s data to a third party, any subsequent transfer of data to third parties is likely to be considered a deceptive trade practice.

The financial penalties for unfair or deceptive trade practices can be enormous. These financial penalties can be imposed through a consent decree or through fines imposed by the FTC and approved by the courts. In many instances, the FTC will seek a consent decree with the company through which the company agrees, without admitting guilt, to pay certain fines, stop the alleged practices, or implement new or improved privacy policies and practices. Alternatively, if the company refuses to enter a consent decree, the FTC can seek judgment through an administrative law judge. Should the company refuse to adhere to the FTC ruling, it may be fined up to $43,280 per violation and be liable for any damages caused by the alleged acts. Importantly, each instance of the alleged privacy violation constitutes a unique violation for the purposes of such penalties, leading to potentially substantial fines.

Over the past several years, the FTC has been increasingly active in enforcing unfair and deceptive trade practices that concern consumer data privacy. In 2019 alone, the FTC brought 130 spyware and spam cases as well as 80 general privacy lawsuits. The biggest privacy case of 2019 was In the Matter of Facebook, in which the FTC and the social media giant agreed to a consent decree requiring Facebook to pay a five billion dollar fine and institute a broad and privacy-related corporate restructuring. This year, the FTC has commenced 102 actions related to privacy, including cases against Zoom Video Communications, Inc., Williams Sonoma, Inc., and the Western Union Company.

The ability of the FTC to impose substantial penalties on companies who willingly or unwillingly deviate from the practices described in their privacy notices makes it extremely important to routinely review and update your company’s privacy notice to ensure that it accurately depicts your company’s privacy practices.

In general, states are considered either “common law property” or “community property” states. Wisconsin, along with a few other states, is a community property state (community property is referred to as “marital property” in Wisconsin). It is important to understand the difference between these two systems for purposes of wealth management planning, estate planning, and divorce.

Under the common law property system, assets and debts earned or acquired by one spouse during the marriage belong only to that spouse. With this type of system, only assets and debts that are titled under the name of both spouses are owned by both spouses. Under Wisconsin’s marital property system, all assets and debts acquired or earned during a marriage belong to both spouses, regardless of whose name the assets and debts are titled under. It is important to emphasize that this general rule applies only to assets or debts acquired during the marriage—assets and debts acquired before the marriage remain the individual property of whichever spouse brought the assets or debts to the marriage. There are, however, some exceptions to this general rule, such as assets acquired as a gift or through inheritance. Also, non-marital property that is comingled with marital property may be unintentionally reclassified as marital property. Income and appreciation incurred on a non-marital asset may also be deemed marital property.

Spouses living in Wisconsin may wish to enter into a marital property agreement to define and clarify ownership of their assets and debts. Because classifying and defining assets and debts may be difficult, as the above-paragraph outlines, some spouses may wish to enter into a marital property agreement “opting into” Wisconsin’s marital property system. By doing so, the spouses can be certain that their property will be classified as marital property, which may have certain tax and estate planning advantages. On the other hand, some spouses may want their property to be subject to a common law property system to protect assets for their children from a prior marriage or shield assets in a potential divorce. These spouses should consider entering into an agreement “opting out” of Wisconsin’s marital property system.

Overall, understanding the distinction between common law property systems and community property systems is important for wealth management planning, estate planning, and divorce. Whether it makes sense for spouses living in Wisconsin to opt out of or opt into Wisconsin’s marital property system depends on a variety of factors that you should discuss with your estate planning attorney.

If you would like to learn more about Wisconsin’s marital property laws and how they affect your estate plan, please contact attorney Kelly M. Spott.

Newsletter Article Highlights:

• Don’t Be Caught Off Guard by the Tax and Legal Consequences of Your New Quarantine Hobby
• Overview of Data Protection Laws in Wisconsin
• Strike While the Giving is Good—Historically High Estate and Gift Tax Exemptions May Be Reduced or Eliminated as Early as January 1, 2021
• DOL Updates FFCRA Leave Regulations
• Videoconferencing Considerations for Health Care Litigators

Firm News:

• John Gehringer Named “Lawyer of the Year”
• Attorney Joseph Gumina Featured in Merit Shop Contractor
• 20 OCHDL Lawyers Selected as 2021 Best Lawyers®; Another 5 Named Best Lawyers: Ones to Watch

Click the image below to read more.

Medical Malpractice Risk and Telemedicine Policies

This article is the second of a two-part series on telehealth in Wisconsin. The first article of this series, available here, highlighted basic standards for regulatory compliance in the design of internal telehealth policies. This second article addresses the practitioner’s obligation to minimize patient harm (and thus practitioner liability) with attention to the medical standard of care when assessing when and how telehealth is appropriate for each patient.

A. Maintaining Medical Standard of Care in Telemedicine

Wisconsin medical providers must critically evaluate whether their use of a telemedicine platform would permit their evaluation and treatment of each patient in compliance with “the standard of minimally competent medical practice.”[i]  Standards of practice and conduct required for in-person visits, including standards relating to patient confidentiality and recordkeeping, must be observed in the telehealth context.[ii]

In view of these standards articulated by the Wisconsin medical examining board, internal telemedicine policies and procedures must preserve the same degree of quality and safety achieved during in person appointments. Clinical leadership must assess whether quality of patient care can be maintained via telehealth, an evaluation which is dependent upon the provider’s area of specialty, the patient’s condition, and other factors.  For example, the use of telemedicine is not suitable for conditions where physical examinations are necessary, because of extreme symptoms, forceful interventions, or in the case of medical procedures for which certain protocols need to be followed.[iii]

Clinical guidelines specific to telemedicine can serve as important indicators as to whether your practice should incorporate telemedicine for specific patient encounters or diagnostic evaluations.[iv]  However, guideline compliance does not guarantee accurate diagnosis or safe and effective medical care meeting the standard of care.  Local circumstances must be considered, and the practitioner is ultimately responsible for all decisions regarding the appropriateness of a specific course of action.[v] Published guidelines for every clinical scenario and application simply do not exist and so by necessity may need to be developed in-house.[vi]  The policies of each medical practice should delineate between circumstances in which various telehealth platforms can, and cannot, preserve the quality of care for patients. Providing treatment recommendations, including issuing a prescription, based only on a static electronic questionnaire does not meet the standard of minimally competent medical practice.[vii]

Sometimes the proper standard of care is reflected in government reimbursement decisions. For example, the Wisconsin Department of Health Services’ (“DHS”) expansion of telehealth coverage will exclude comprehensive assessment and care planning for children with complexities, since this requires an in-person assessment. However, case management for children with complex medical needs will be covered. Certain, but not all, dental evaluations will be covered. Certain therapy services will be covered.[viii]

Where clinical leadership determines that telehealth is appropriate, workflow must be re-evaluated in the telehealth context to maintain the standard of care. For example, staff responsibilities may require adjustment for telehealth encounters to ensure that updates to the medical record, physician orders and the “after visit summary” are properly recorded in connection with each telehealth encounter. Providers may consider requiring immediate scheduling of patients who express symptoms that require in-person evaluation during a telemedicine visit to promote patient safety and minimize liability. Providers might also consider whether patient/family coaching regarding medication administration is properly handled in the telehealth context.

B.  Telephone and Texting:  Risk Mitigation

While the use of synchronous audio and video visits has exploded in the wake of the COVID-19 pandemic, physicians have provided routine medical advice by phone for decades, responding to patient calls reporting a change in condition and advising medication changes by phone communications. Surveys of patients since the COVID-19 pandemic indicates that texting is a preferred method of communication over phone calls.[ix] In addition to health care privacy and security issues (outside of the scope of this article), what are some of the legal considerations for such telephone and texting encounters?

First, practitioners must observe the criteria for government and private insurer reimbursement of telehealth, unless their practice is limited to self-pay. In the case of Medicaid reimbursement, the Wisconsin Medical Assistance Program generally covers consultations through “interactive telehealth” and certain asynchronous telehealth services and remote patient monitoring.[x] The Wisconsin Statutes delegate authority to DHS to determine whether to include telephone encounters within the definition of “telehealth.”[xi] DHS is temporarily providing coverage for certain telephone visits during COVID-19 pandemic, and the agency may ultimately decide to continue coverage of certain telephone communications as part of its permanent policy.[xii] Audio-only telephone communications must be delivered with the functional equivalency of a face-to-face encounter in order to be covered by Wisconsin Medicaid during the COVID-19 pandemic.[xiii]

If the patient will be located out-of-state, the provider must assess whether the applicable state’s criteria for Medicaid telehealth reimbursement differs from the requirements imposed by Wisconsin Medicaid.[xiv] If federal Medicare will instead serve as payor, the Centers for Medicare and Medicaid Services (“CMS”) will reimburse certain audio-only phone visits during the COVID-19 public health emergency.  For reimbursement purposes, CMS distinguishes “telephone visits” from “services that “would normally occur in person.” Telephone visits are “not paid as though the service occurred in person,” and reimbursement may be bundled into a pre- or post-service if the phone encounter falls within the previous seven days of a prior visit or leads to a subsequent evaluation/management service.[xv]

Because audio-only telephone and texting encounters are inherently more limited with respect to patient evaluation capabilities, providers should exercise caution when using these modes of telehealth in circumstances that would usually or could warrant a physical evaluation of the patient based upon medical history or the symptoms described when scheduling an appointment. In addition to introducing risk of medical malpractice claims, providers risk non-compliance with criteria for reimbursement, such the standard of “functional equivalency to the face-to-face service” required by state Medicaid for reimbursement. The “functional equivalency standard” applicable to state government reimbursement is higher than the “the standard of minimally competent medical practice” generally applicable to the practice of telemedicine in the state.[xvi]

C. Updates to Telehealth Policies and Procedures

Irrespective of whether government reimbursement is in play, your medical practice policies and procedures should be updated to mitigate risk to patient care and safety in the telehealth context. Your internal policies and procedures should delineate between when telemedicine is (and is not) appropriate based upon a critical assessment of each of the several evaluative and diagnostic services provided by your practice. Staff, including schedulers and nurses, should be trained as to when scheduling a telemedicine appointment poses risk to your patients and your practice. Your policies should incorporate customized procedures designed to preserve the standard of care and the medical recordkeeping requirements imposed by the Wisconsin medical examining board for the practice of telemedicine. In addition, physicians practicing telemedicine should confirm that their medical malpractice insurance coverage applies outside of the traditional health care facility settings.

OCHDL’s health care practice group will continue to monitor telehealth regulations and related guidance as the standard of care for telemedicine evolves. For more information on this topic, contact Marguerite Hammes at 414-276-5000 or marguerite.hammes@wilaw.com.

[i] See WIS. ADMIN. CODE § MED 24.06.

[ii] See WIS. ADMIN. CODE § MED 24.05. (requiring the same standard of practice and conduct regardless of whether health care services are provided in person or by telemedicine). The standard of care that is required of all Wisconsin health care providers is defined as the degree of skill, care, and judgment which reasonable health care providers who practice the same specialty would exercise in the same or similar circumstances, having due regard for the state of medical science at the time. Nowatske v. Osterloh, 198 Wis.2d 419, 543 N.W.2d 25 (1996), abrogated on other ground by Nommensen v. American Continental Ins. Co., 246 Wis.2nd 132, 629 N.W.2d 132 (2001); Wis. J.I. Civil No. 1023.

[iii] Secure Medical, Best Telemedicine Clinical Guidelines (April 13, 2018), available at https://www.securemedical.com/telemedicine/best-telemedicine-clinical-guidelines/

[iv] E.g., American Telemedicine Association, Practice Guidelines Archives, available at https://www.americantelemed.org/resource_categories/practice-guidelines/ ; Pantanowitz, Liron et al. “American Telemedicine Association clinical guidelines for telepathology.” Journal of pathology informatics vol. 5,1 39. 21 Oct. 2014, doi:10.4103/2153-3539.143329; Krupinski, Elizabeth A, and Jordana Bernard. “Standards and Guidelines in Telemedicine and Telehealth.” Healthcare (Basel, Switzerland) vol. 2,1 74-93. 12 Feb. 2014, doi:10.3390/healthcare2010074.

[v] Elizabeth A. Krupinski and Jordana Bernard, Standards and Guidelines in Telemedicine and Telehealth, Healthcare 2014, 2, 74-93; doi:  10.3390/healthcare2010074, at 81.

[vi] See Standards and Guidelines in Telemedicine and Telehealth, Healthcare, supra note 5, at 81.

[vii] See WIS. ADMIN. CODE § MED 24.07 (2).

[viii] See Brook Anderson, Wisconsin DHS Benefits Policy Section Chief, Telehealth Expansion: Acute and Primary Services, available at https://www.dhs.wisconsin.gov/telehealth/telehealth-expansion-all-provider.pdf (revised July 30, 2020).

[ix] SR Heath, Patient Communication Preferences:  the COVID-19 Impact, July 30, 2020, available at https://mhealthintelligence.com/resources/white-papers/patient-communication-preferences-the-covid-19-impact eid=CXTEL000000554482&elqCampaignId=16139&utm_source=ded&utm_medium=email&utm_campaign=dedicated&elqTrackId=607a1670c3c349349ac195f03c60cba2&elq=362f09f490fe41169f2fc16dbcab5410&elqaid=16904&elqat=1&elqCampaignId=16139

[x] See WIS. STAT. § 49.46(2)(b)(21)-(22).

[xi] See WIS. STAT. § 49.45(61)(a)(4); §49.46(2)(b)(23).

[xii] See ForwardHealth Update 2020-12, “Temporary Changes to Telehealth Policy and Clarifications for Behavioral Health and Targeted Case Management Providers” (revised May 8, 2020), available at https://www.forwardhealth.wi.gov/kw/pdf/2020-12.pdf

[xiii] See id.

[xiv] See Center For Connected Health Policy, State Telehealth Laws and Reimbursement Policies (Fall 2020), available at https://www.cchpca.org/sites/default/files/2020-10/CCHP%2050%20STATE%20REPORT%20FALL%202020%20FINAL.pdf

[xv] See, e.g., Centers for Medicare and Medicaid Services, COVID-19 Frequently Asked Questions (FAQs) on Medicare Fee-For-Service (FFS) Billing (revised October 20, 2020), at 63-79, available at https://www.cms.gov/files/document/03092020-covid-19-faqs-508.pdf

[xvi] Compare Wisconsin ForwardHealth Telehealth Expansion and Related Resources for Providers, available at https://www.forwardhealth.wi.gov/WIPortal/content/html/news/telehealth_resources.html.spage , with WIS. ADMIN. CODE § MED 24.06.

There has been a trend recently in the state of Wisconsin, and elsewhere, for attorneys to file lawsuits against hotel owners alleging that their websites are in violation of the Americans with Disabilities Act (“ADA”) because they are not accessible to disabled individuals. Specifically, the complaints allege that the hotel websites are in violation of the ADA because they fail to identify accessibility features, do not allow for booking of accessible rooms, and do not provide sufficient information regarding accessible rooms and amenities at the hotel.

Frequently, the attorneys bringing the lawsuits against the hotel owners will represent the same disabled party (often referred to as a “tester”), use a stock, form set of allegations against several hotel owners, and file more than one lawsuit at a time. Based on the sheer volume of these cases in recent weeks, it is unlikely these lawsuits will cease any time soon.

The parties filing the lawsuits typically assert that hotel owners must ensure that their website (and the third-party booking websites used to reserve their rooms) meet certain requirements. For example, the plaintiffs assert that hotel websites must:

• identify and describe accessible features in the hotels and guest rooms offered through their reservation service in enough detail to reasonably permit individuals with disabilities to assess independently whether a given hotel or guest room meets their accessibility needs;
• ensure that assessible guest rooms are held for use by individuals with disabilities until all other guest rooms of that type have been rented and the accessible room requested is the only remaining room of that type; and
• reserve, upon request, accessible guest rooms or specific types of guest rooms and ensure that the guest rooms requested are blocked and removed from all reservations systems.

If you or your business receives a demand letter threatening legal action or are served with a lawsuit, you should promptly contact an attorney to discuss your options.

A proper estate plan covers not only what should happen upon your death, but also what should happen if you lose your decision-making skills. While planning for incapacity may be as unpleasant as planning for death, it is an important step in the estate planning process. Planning for incapacity ensures that someone you specifically choose and trust can act on your behalf while you are unable to do so for yourself. In another article, we discussed the importance of a Durable Financial Power of Attorney. Here, we discuss why a Power of Attorney for Health Care is equally as important.

A Power of Attorney for Health Care is a document that allows you to appoint someone, your “health care agent,” to make medical decisions for you in the event you are unable to do so for yourself. This document allows your health care agent to communicate with your health care providers regarding what treatments you do and do not want.

You will still receive medical care if you do not execute a Power of Attorney for Health Care, but you risk not having the right person speak for you on your behalf and not receiving the type of care or treatment you would want. For example, your physician may ask the court to appoint someone to act on your behalf, and your court-appointed agent could subject you to a medical treatment you did not want. Additionally, the appointment process can be expensive, public, and time consuming.

While a Power of Attorney for Health Care is an important part of your estate plan, it applies only to medical decision-making. For this reason, this document is often drafted as part of a larger estate plan.

The attorneys at O’Neil Cannon have experience in drafting various estate plans, both simple and complex, and would be happy to discuss the estate planning process with you. If you are interested in learning more about estate planning, please contact attorney Kelly M. Spott.

As we have previously covered, Wisconsin businesses may be subject to the requirements of the European Union General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Additionally, many states, including Wisconsin, and the federal government are considering similar data protection bills that may impact Wisconsin businesses. With overlapping obligations, compliance with data protection laws is an increasingly tricky business for most companies. To ensure that your company doesn’t inadvertently violate any current or future laws, consider the following six steps:

Step 1: Consider the Applicability of Data Privacy Laws

Companies should determine whether existing consumer data privacy laws apply to them. The GDPR applies to companies (1) established in the EU and conducting data processing in the context of that business’s activities; or (2) either: (a) offering goods or services, for free or for a fee, to individuals in the EU or (b) monitoring the behavior of individuals within the EU.

Wisconsin companies with a physical presence in the EU will almost certainly be subject to the GDPR. Without a physical presence, a Wisconsin company will nonetheless likely fall within the GDPR’s scope if it offers products or services to EU individuals or businesses or if it monitors the online behavior of EU individuals or businesses.

On the other hand, the CCPA will apply to your business if it is a for-profit business that does business in the state of California and collects California consumers’ personal information (or such information is collected on its behalf) and determines the purposes and means of processing California consumers’ personal information, AND if it meets one of the following criteria:

• It has at least $25 million in annual gross revenues;
• It buys, sells, shares, or receives the personal information of at least 50,000 California consumers, households, or devices per year; or
• It derives at least 50 percent of its annual revenue from selling California consumers’ personal information.

Most companies should be able to determine whether they meet the above criteria. Some businesses may struggle to determine whether or not they buy, sell, share, or receive the personal information of at least 50,000 California consumers, households, or devices per year. Still, companies with even a small or moderate online presence will likely meet this threshold due to the broad scope of the CCPA’s definition of personally identifiable information (PII).

Once you have determined that the GDPR or CCPA applies, take affirmative steps to ensure that you are in compliance.

Step 2: Map Your Company’s Data

Once you have determined that the GDPR or the CCPA applies to your company, you must map the data that your company collects. Mapping will include knowing the type of data you are collecting, its source, and what happens to the data after it has been collected. You should also identify where the data is kept, what encryption or other security your company uses to protect that data, who has access to the data, and whether there are any security risks.

This step is necessary and must be taken to understand what data your company collects and where and how it is stored so that you can take appropriate steps to ensure efficient compliance with applicable data protection rules.

Step 3: Clean Up Your Company’s Data

Companies should be disciplined and strict about data collection. Determine what information is necessary and what information is superfluous. Moreover, think about why certain PII is retained, rather than deleted, in view of the company’s data collection goals. You may find a greater financial gain in deleting troves of PII as opposed to investing in storage and encryption. Moreover, deleting unnecessary files can help reduce the risk of inadvertently committing data protection violations.

This step will not only help ensure compliance, but it will also allow you to develop an effective and potentially financially valuable strategy for data collection.

Step 4: Create Privacy Protection Procedures and Policy

To ensure that consumers may exercise the rights to their PII granted to them under the GDPR and the CCPA, your company must have efficient processes. In crafting a privacy protection policy, consider:

• how individuals can give consent for data collection and transfer;
• the process for a consumer to request data deletion or to opt-out of data collection;
• how the company can ensure complete, effective data deletion or tagging across all platforms;
• the process for responding to a hypothetical data breach; and
• how the company can ensure that minors give proper consent.

When creating privacy procedures and policies for your company, it is important to understand that the relevant consumer data privacy laws require transparency in matters concerning PII. Therefore, your company’s privacy procedures and policies must be drafted carefully and with the complex obligations of the GDPR or the CCPA in mind.

Step 5: Update Your Company’s Online Privacy Policy

Under the GDPR or the CCPA, your company must have an easily accessible and understandable privacy policy. To ensure that your company’s privacy policies comply with the GDPR and the CCPA, you must ensure that it contains the following:

• A statement to residents of California or the EU that they have the right to opt-out of the sale of their data;
• An explanation that indicates how the company will inform consumers of future privacy policy updates; and
• A description of how the consumer’s data will be used, including all possible uses that involve a transfer of that data.

Furthermore, you must update your company’s privacy policy at least once every 12 months and notify consumers of each such update. As discussed, every privacy policy must be easily accessible and transparent. Even unintentionally complex policies may expose your company to liability.

Step 6: Update Your Company’s Website

Finally, to comply with the GDPR and the CCPA, a company must include a link on its website that says “Do Not Sell My Personal Information.” The link must use that specific phrasing and bring users to a page that allows them to opt-out of any sale of their data. This link must be separate from the general privacy agreement and cannot require the consumer to create a profile or account to access the opt-out. The CCPA also requires companies to create a toll-free number for consumers wanting to opt-out of the sale of their data.

After a consumer opts out, a company has two options under the CCPA:  (1) it can retain the consumer’s PII but exclude that PII from any sale, or (2) it can delete the consumer’s data entirely. However, the GDPR requires the company to delete the consumer’s data entirely. Thus, it is very important to understand whether the CCPA or GDPR (or both) applies and to have specific procedures in place to respond to a consumer’s request to opt out.

What to Expect in Wisconsin

Because the GDPR and the CCPA are intentionally extraterritorial, their obligations may easily reach Wisconsin businesses. Furthermore, because of the steep fines for violating these data protection laws, Wisconsin businesses must either confirm that they are not subject to these strict requirements or take proactive steps to ensure compliance.

Even if the GDPR and the CCPA currently do not  apply to your company, it may not be long until Wisconsin or the federal government implements a consumer data protection law that does. Consequently, regardless of whether you do business in the European Union or in California, beginning to implement better data collection practices now may help your companies online reputation and reduce future risks.

O’Neil, Cannon, Hollman, DeJong and Laing remains open and ready to help you.

I. Expansion of Telehealth to Meet Clinical Need

Federal and state governments have resolved traditional barriers to telehealth – including  complexity of billing, lower reimbursement and privacy and security concerns – to facilitate the safe provision of medical services during the COVID-19 pandemic.[i]  The first article in this two-part series highlights basic standards for regulatory compliance in the design of telehealth policies.  The second article will address the practitioner’s obligation to minimize patient harm (and thus practitioner liability) with attention to the medical standard of care when assessing when and how telehealth is appropriate for each patient.

II. Mechanics of Telehealth Compliance

A. Minimum Standards for Telehealth Practice

A Wisconsin physician planning to provide treatment recommendations (including a prescription) by use of a website-based platform must observe requirements promulgated by the Wisconsin medical examining board to comply with state law and (when applicable) to receive payment from Wisconsin Medicaid.[ii]  While the requirement that the physician be licensed to practice medicine in the state has been suspended during the COVID-19 emergency,[iii]  the following formalities must still be observed during the pandemic to protect the integrity of the telemedicine encounter:

1. Physician’s name and contact information must be made available to the patient;
2. Informed consent must be obtained;[iv]
3. A documented evaluation (including a medical history) must be performed. If needed to satisfy standards of minimally competent medical practice, an examination, evaluation, and/or diagnostic tests are also required.
4. A patient health care record must be prepared and maintained.[v]

Under permanent Wisconsin telemedicine regulations, a physician-patient relationship may be initially established by use of two-way electronic communications, but not by use of audio-only telephone, email messages or text messages.[vi]  Conditioning treatment of a patient upon the use of telehealth is expressly prohibited.[vii]

B. Reimbursable Telehealth Services

1. Wisconsin Medicaid and Telehealth

Wisconsin lawmakers began expanding the services and communications that may be provided by telehealth prior to the COVID-19 pandemic. The Wisconsin Department of Health Services (“DHS”) continues to broaden the range of medical services covered by the state’s medical assistance program when delivered remotely, both during the public health emergency and beyond.[viii]  DHS is adding Medicaid coverage for currently covered services when provided using a telehealth platform if functionally equivalent to an in-person visit (interactive synchronous technology).[ix]  DHS’s criteria for “face-to-face equivalence” for interactive telehealth services includes the use of “audio, video, or telecommunication technology,” but only if there is “no reduction in quality, safety, or effectiveness.”[x]  Audio-only phone communication that can be delivered with a functional equivalency to face-to-face service will be covered during the COVID-19 pandemic.[xi]  DHS emphasizes that documentation must support the service rendered.[xii]  For further explanation of these policies, visit ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers.[xiii]

Telehealth coverage expansion applies to all services currently indicated in topic (#510) of the FowardHealth Online Handbook (permanent policy), and additional services temporarily allowed for telehealth are published in ForwardHealth Updates.[xiv]  For example, ForwardHealth is expanding coverage to include certain synchronous (real-time) and asynchronous (not real-time) services such as remote patient monitoring and provider-to-provider consultations.  DHS also plans to roll out expansion updates particular to specific services areas, such as therapy and behavioral health.  DHS will use a phased approach to its expansion of telehealth services, keeping providers informed of expansion of coverage via the ForwardHealth website described above.

In addition to coverage criteria relating to the mode of telehealth services, a provider must be mindful of rules governing the logistics of telehealth visits.  Wisconsin Medical Assistance (Medicaid) places no restriction on the location of the provider (permanent policy), which may include physicians, nurse practitioners, Ph.D. psychologists, psychiatrists and others.[xv]  Beginning in March 2020, ForwardHealth began allowing coverage irrespective of the location of the patient (permanent policy).[xvi]  However, only the following sites are currently eligible for a facility fee:  hospitals, including emergency departments, office/clinics, and skilled nursing facilities.[xvii]

2. Federal Medicare and Telehealth

The Centers for Medicare and Medicaid Services (“CMS”) greatly expanded access to Medicare telehealth services based upon the regulatory flexibilities granted under Social Security Act § 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act.  Currently, Medicare will reimburse both synchronous video visits and also brief communication technology-based services (“CTBS”) for responses to Medicare Part B beneficiaries by telephone, audio/video, secure text messaging or by use of a patient portal.[xviii]  Reimbursement for CTBS is limited to patients with an established (or exiting) relationship with a physician or certain practitioners.  The billing codes for CTBS represent brief, patient-initiated communication services and do not replace full evaluation and treatment services covered under the Medicare benefit and described by existing CPT codes.  To meet the criteria for medical necessity, CTBS must require clinical decision-making and not be for administrative or scheduling purposes.  The patient must verbally consent to these types of services at least annually.

To be covered by Medicare, the CTBS must not be related to a medical visit within the previous seven (7) days and cannot lead to a medical visit within the next twenty-four (24) hours (or soonest appointment available).[xix]  For Medicare reimbursement, providers must confirm that the particular diagnostic benefit falls within the description of CTBS codes.  For example, CTBS codes do not include the audiology diagnostic benefit category.[xx]  DHS applies similar requirements to billing for “telephone evaluation and management services” covered under Wisconsin Medicare.[xxi]

During the COVID-19 pandemic, Medicare will reimburse telehealth services at the same rate as regular, in-person visits.  The level of reimbursement that is approved following the public health emergency will impact the availability of telehealth services.

C. Documentation Requirements

DHS policy (published via ForwardHealth updates available online) is to require that all services provided via telehealth be thoroughly documented in the member’s medical record in the same manner as services provided face-to-face.[xxii]  Providers must develop and implement their own methods of informed consent to confirm that a member agrees to receive services via telehealth.  ForwardHealth considers verbal consent to receiving services via telehealth an acceptable method of informed consent when it is documented in the member’s medical record.[xxiii]  Documentation for originating sites (patient location) must support the member’s presence in order to submit a claim for the originating site facility fee.  In addition, if the originating site provides and bills for services and also the originating site facility fee, documentation in the member’s medical record should distinguish between the unique services provided.[xxiv]

DHS is temporarily allowing supervision requirements for paraprofessional providers to be met via telehealth.  Supervision must be documented according to existing benefit policy.[xxv]

III. Additional Considerations for Telehealth

E-Prescribing – Many states limit the prescribing of controlled substances based solely on telehealth examination.  Generally speaking, the U.S. Drug Enforcement Administration (“DEA”) requires a telemedicine provider to have an in-person medical evaluation of a patient prior to prescribing a controlled substance for the patient, absent an exception.  However, the DEA issued notice in March 2020 that this requirement is waived for the duration of the COVID-19 public health emergency.[xxvi]

Privacy and Security – The Office for Civil Rights announced on March 17, 2020 that they will not impose penalties for noncompliance with the Health Insurance Portability and Accountability Act of 1996 regulatory requirements for remote communications technologies in connection with the good faith provision of telehealth during the national COVID-19 public health emergency.  DHS has issued an update clarifying guidance regarding federal enforcement of the Health Insurance Portability and Accountability Act of 1996 regulatory requirements during the COVID-19 pandemic.[xxvii]

Practicing Telehealth Across State Lines – Wisconsin has adopted the Federation of State Medical Boards’ Interstate Licensure Compact, which aims to expediate physician licenses for uses like telemedicine in states that adopt the compact.  Wisconsin providers serving patients in other states must consult local state laws governing the physician-patient relationship and the use of telemedicine.

When a Wisconsin provider provides telemedicine services to a patient located outside of the state, legal review for choice of law and choice of forum should be undertaken.  For example, the laws of the state in which each patient is located should be evaluated for: (1) statute of limitations; (2) standard of care; (3) limitations of liability; and (4) unique provisions governing the establishment or termination of the physician/patient relationship.  To manage these challenges in a large telemedicine practice, a provider may need to consider establishing different legal entities for the practice of medicine in different states.

OCHDL will continue to monitor changes in regulations and policy impacting telemedicine. Our next blog post will address medical malpractice risk and telemedicine policies. For more information on these topics, contact Marguerite Hammes at 414-276-5000 or marguerite.hammes@wilaw.com.

[i] SR Health, A Complete Guide to Seeing Patients Virtually and Getting Paid for It, available at https://www.srhealth.com/resources/telemedicine-guide

[ii] See WIS. ADMIN. CODE § MED 24.07 (1).

[iii] In the ordinary course, a physician practicing telemedicine in Wisconsin must be licensed to practice medicine and surgery by the medical examining board as required by Wis. Admin. Code § MED 24.04.  See Wis. Admin. Code § MED 24.07 (1). However, Wis. Admin. Code § MED 24.04 (requiring a physician practicing medicine in Wisconsin to be licensed by the medical examining board) and 24.07(1)(a) (applying licensing requirements to medical practice by telemedicine in the state) have been suspended during the COVID-19 emergency.  See Governor Tony Evers Emergency Order #16 Related to Certain Health Care Providers and the Department of Safety and Professional Services Credentialing, dated March 27, 2020.

[iv] WIS. ADMIN. CODE § MED 24.07 (1) (citing WIS. STAT. § 448.30 and Ch. MED. 18).

[v] WIS. ADMIN. CODE § MED 24.07(1) (citing ch. MED. 21).

[vi] See id. § MED 24.03.

[vii] ForwardHealth Update No. 2020-09, “Changes to ForwardHealth Telehealth Policies for Covered Services, Originating Sites, and Federally Qualified Health Centers” (March 18, 2020).

[viii] See WIS. STAT. § 49.45(61)(b); § 49.46(2)(b)(21)-(23).  DHS is expanding the permanent definition of telehealth to encompass the “practice of health care delivery, diagnosis, consultation, treatment, or transfer of medically relevant data by means of audio, video, or data communications that are used either during a patient visit or consultation or are used to transfer medically relevant data about a patient.”  See ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, available at https://www.forwardhealth.wi.gov/WIPortal/content/html/news/telehealth_resources.html.spage  See also Letter to ForwardHealth Providers from Jim Jones, State Medicaid Director, re: Wisconsin Medicaid Response to the COVID-19 Outbreak; FowardHealth #510.

[ix] See ForwardHealth Update 2020-09, supra note vii (permanent policy); ForwardHealth Update 2020-12, “Temporary Changes to Telehealth Policy and Clarifications for Behavioral Health and Targeted Case Management Providers” (Revised May 8, 2020); ForwardHealth Update 2020-15, “Additional Services to be Provided Via Telehealth” (Revised May 8, 2020) (temporary expansion policy).  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, available at https://www.dhs.wisconsin.gov/telehealth/telehealth-expansion-all-provider.pdf

[x] See ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, supra note ix.

[xi] ForwardHealth Update 2020-12, supra note ix.

[xii] ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.

[xiii] For further explanation of these policies, visit ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, supra note ix.

[xiv] ForwardHealth Update 2020-15, supra note ix.

[xv] ForwardHealth Update 2020-12, supra note ix (permanent policy with respect to provider location but temporary with respect to other policy changes).

[xvi] ForwardHealth Update 2020-09, supra note ix (permanent policy changes).

[xvii] ForwardHealth, Topic 510, Telehealth, available at https://www.forwardhealth.wi.gov/WIPortal/Subsystem/KW/Print.aspx?ia=1&p=1&sa=1&s=2&c=61&nt=Telehealth

[xviii] Centers for Medicare and Medicaid Services, Medicare Telemedicine Health Care Provider Fact Sheet, available at https://www.cms.gov/newsroom/fact-sheets/medicare-telemedicine-health-care-provider-fact-sheet

[xix] See id.

[xx] American Speech-Language-Hearing Association, Use of Communication Technology-Based Services During Caronavirus/COVID-19 (June 6, 2020), available at https://www.asha.org/Practice/reimbursement/medicare/Use-of-E-Visit-Codes-for-Medicare-Part-B-Services-During-Coronavirus/

[xxi] ForwardHealth Update 2020-09, supra note vii.

[xxii] ForwardHealth Update 2020-12, supra note ix (citing Wis. Admin. Code § DHS 106.02(9); ForwardHealth Online Handbook #201 (Financial Records), #202 (Medical Records); #203 (Preparation and Maintenance of Records); #204 (Records Retention); #1640 (Availability of Records to Authorized Personnel)).

[xxiii] See ForwardHealth Update 2020-15, supra note ix.

[xxiv] See ForwardHealth Update 2020-12, supra note ix.

[xxv] See id.

[xxvi] DEA Press Release, DEA’s Response to COVID-19 (March 20, 2020), available at https://www.dea.gov/press-releases/2020/03/20/deas-response-covid-19

[xxvii] See ForwardHealth Update 2020-12, supra note ix.