Newsletter Article Highlights:

• Don’t Be Caught Off Guard by the Tax and Legal Consequences of Your New Quarantine Hobby
• Overview of Data Protection Laws in Wisconsin
• Strike While the Giving is Good—Historically High Estate and Gift Tax Exemptions May Be Reduced or Eliminated as Early as January 1, 2021
• DOL Updates FFCRA Leave Regulations
• Videoconferencing Considerations for Health Care Litigators

Firm News:

• John Gehringer Named “Lawyer of the Year”
• Attorney Joseph Gumina Featured in Merit Shop Contractor
• 20 OCHDL Lawyers Selected as 2021 Best Lawyers®; Another 5 Named Best Lawyers: Ones to Watch

Click the image below to read more.

Medical Malpractice Risk and Telemedicine Policies

This article is the second of a two-part series on telehealth in Wisconsin. The first article of this series, available here, highlighted basic standards for regulatory compliance in the design of internal telehealth policies. This second article addresses the practitioner’s obligation to minimize patient harm (and thus practitioner liability) with attention to the medical standard of care when assessing when and how telehealth is appropriate for each patient.

A. Maintaining Medical Standard of Care in Telemedicine

Wisconsin medical providers must critically evaluate whether their use of a telemedicine platform would permit their evaluation and treatment of each patient in compliance with “the standard of minimally competent medical practice.”[i]  Standards of practice and conduct required for in-person visits, including standards relating to patient confidentiality and recordkeeping, must be observed in the telehealth context.[ii]

In view of these standards articulated by the Wisconsin medical examining board, internal telemedicine policies and procedures must preserve the same degree of quality and safety achieved during in person appointments. Clinical leadership must assess whether quality of patient care can be maintained via telehealth, an evaluation which is dependent upon the provider’s area of specialty, the patient’s condition, and other factors.  For example, the use of telemedicine is not suitable for conditions where physical examinations are necessary, because of extreme symptoms, forceful interventions, or in the case of medical procedures for which certain protocols need to be followed.[iii]

Clinical guidelines specific to telemedicine can serve as important indicators as to whether your practice should incorporate telemedicine for specific patient encounters or diagnostic evaluations.[iv]  However, guideline compliance does not guarantee accurate diagnosis or safe and effective medical care meeting the standard of care.  Local circumstances must be considered, and the practitioner is ultimately responsible for all decisions regarding the appropriateness of a specific course of action.[v] Published guidelines for every clinical scenario and application simply do not exist and so by necessity may need to be developed in-house.[vi]  The policies of each medical practice should delineate between circumstances in which various telehealth platforms can, and cannot, preserve the quality of care for patients. Providing treatment recommendations, including issuing a prescription, based only on a static electronic questionnaire does not meet the standard of minimally competent medical practice.[vii]

Sometimes the proper standard of care is reflected in government reimbursement decisions. For example, the Wisconsin Department of Health Services’ (“DHS”) expansion of telehealth coverage will exclude comprehensive assessment and care planning for children with complexities, since this requires an in-person assessment. However, case management for children with complex medical needs will be covered. Certain, but not all, dental evaluations will be covered. Certain therapy services will be covered.[viii]

Where clinical leadership determines that telehealth is appropriate, workflow must be re-evaluated in the telehealth context to maintain the standard of care. For example, staff responsibilities may require adjustment for telehealth encounters to ensure that updates to the medical record, physician orders and the “after visit summary” are properly recorded in connection with each telehealth encounter. Providers may consider requiring immediate scheduling of patients who express symptoms that require in-person evaluation during a telemedicine visit to promote patient safety and minimize liability. Providers might also consider whether patient/family coaching regarding medication administration is properly handled in the telehealth context.

B.  Telephone and Texting:  Risk Mitigation

While the use of synchronous audio and video visits has exploded in the wake of the COVID-19 pandemic, physicians have provided routine medical advice by phone for decades, responding to patient calls reporting a change in condition and advising medication changes by phone communications. Surveys of patients since the COVID-19 pandemic indicates that texting is a preferred method of communication over phone calls.[ix] In addition to health care privacy and security issues (outside of the scope of this article), what are some of the legal considerations for such telephone and texting encounters?

First, practitioners must observe the criteria for government and private insurer reimbursement of telehealth, unless their practice is limited to self-pay. In the case of Medicaid reimbursement, the Wisconsin Medical Assistance Program generally covers consultations through “interactive telehealth” and certain asynchronous telehealth services and remote patient monitoring.[x] The Wisconsin Statutes delegate authority to DHS to determine whether to include telephone encounters within the definition of “telehealth.”[xi] DHS is temporarily providing coverage for certain telephone visits during COVID-19 pandemic, and the agency may ultimately decide to continue coverage of certain telephone communications as part of its permanent policy.[xii] Audio-only telephone communications must be delivered with the functional equivalency of a face-to-face encounter in order to be covered by Wisconsin Medicaid during the COVID-19 pandemic.[xiii]

If the patient will be located out-of-state, the provider must assess whether the applicable state’s criteria for Medicaid telehealth reimbursement differs from the requirements imposed by Wisconsin Medicaid.[xiv] If federal Medicare will instead serve as payor, the Centers for Medicare and Medicaid Services (“CMS”) will reimburse certain audio-only phone visits during the COVID-19 public health emergency.  For reimbursement purposes, CMS distinguishes “telephone visits” from “services that “would normally occur in person.” Telephone visits are “not paid as though the service occurred in person,” and reimbursement may be bundled into a pre- or post-service if the phone encounter falls within the previous seven days of a prior visit or leads to a subsequent evaluation/management service.[xv]

Because audio-only telephone and texting encounters are inherently more limited with respect to patient evaluation capabilities, providers should exercise caution when using these modes of telehealth in circumstances that would usually or could warrant a physical evaluation of the patient based upon medical history or the symptoms described when scheduling an appointment. In addition to introducing risk of medical malpractice claims, providers risk non-compliance with criteria for reimbursement, such the standard of “functional equivalency to the face-to-face service” required by state Medicaid for reimbursement. The “functional equivalency standard” applicable to state government reimbursement is higher than the “the standard of minimally competent medical practice” generally applicable to the practice of telemedicine in the state.[xvi]

C. Updates to Telehealth Policies and Procedures

Irrespective of whether government reimbursement is in play, your medical practice policies and procedures should be updated to mitigate risk to patient care and safety in the telehealth context. Your internal policies and procedures should delineate between when telemedicine is (and is not) appropriate based upon a critical assessment of each of the several evaluative and diagnostic services provided by your practice. Staff, including schedulers and nurses, should be trained as to when scheduling a telemedicine appointment poses risk to your patients and your practice. Your policies should incorporate customized procedures designed to preserve the standard of care and the medical recordkeeping requirements imposed by the Wisconsin medical examining board for the practice of telemedicine. In addition, physicians practicing telemedicine should confirm that their medical malpractice insurance coverage applies outside of the traditional health care facility settings.

OCHDL’s health care practice group will continue to monitor telehealth regulations and related guidance as the standard of care for telemedicine evolves. For more information on this topic, contact Marguerite Hammes at 414-276-5000 or marguerite.hammes@wilaw.com.

[i] See WIS. ADMIN. CODE § MED 24.06.

[ii] See WIS. ADMIN. CODE § MED 24.05. (requiring the same standard of practice and conduct regardless of whether health care services are provided in person or by telemedicine). The standard of care that is required of all Wisconsin health care providers is defined as the degree of skill, care, and judgment which reasonable health care providers who practice the same specialty would exercise in the same or similar circumstances, having due regard for the state of medical science at the time. Nowatske v. Osterloh, 198 Wis.2d 419, 543 N.W.2d 25 (1996), abrogated on other ground by Nommensen v. American Continental Ins. Co., 246 Wis.2nd 132, 629 N.W.2d 132 (2001); Wis. J.I. Civil No. 1023.

[iii] Secure Medical, Best Telemedicine Clinical Guidelines (April 13, 2018), available at https://www.securemedical.com/telemedicine/best-telemedicine-clinical-guidelines/

[iv] E.g., American Telemedicine Association, Practice Guidelines Archives, available at https://www.americantelemed.org/resource_categories/practice-guidelines/ ; Pantanowitz, Liron et al. “American Telemedicine Association clinical guidelines for telepathology.” Journal of pathology informatics vol. 5,1 39. 21 Oct. 2014, doi:10.4103/2153-3539.143329; Krupinski, Elizabeth A, and Jordana Bernard. “Standards and Guidelines in Telemedicine and Telehealth.” Healthcare (Basel, Switzerland) vol. 2,1 74-93. 12 Feb. 2014, doi:10.3390/healthcare2010074.

[v] Elizabeth A. Krupinski and Jordana Bernard, Standards and Guidelines in Telemedicine and Telehealth, Healthcare 2014, 2, 74-93; doi:  10.3390/healthcare2010074, at 81.

[vi] See Standards and Guidelines in Telemedicine and Telehealth, Healthcare, supra note 5, at 81.

[vii] See WIS. ADMIN. CODE § MED 24.07 (2).

[viii] See Brook Anderson, Wisconsin DHS Benefits Policy Section Chief, Telehealth Expansion: Acute and Primary Services, available at https://www.dhs.wisconsin.gov/telehealth/telehealth-expansion-all-provider.pdf (revised July 30, 2020).

[ix] SR Heath, Patient Communication Preferences:  the COVID-19 Impact, July 30, 2020, available at https://mhealthintelligence.com/resources/white-papers/patient-communication-preferences-the-covid-19-impact eid=CXTEL000000554482&elqCampaignId=16139&utm_source=ded&utm_medium=email&utm_campaign=dedicated&elqTrackId=607a1670c3c349349ac195f03c60cba2&elq=362f09f490fe41169f2fc16dbcab5410&elqaid=16904&elqat=1&elqCampaignId=16139

[x] See WIS. STAT. § 49.46(2)(b)(21)-(22).

[xi] See WIS. STAT. § 49.45(61)(a)(4); §49.46(2)(b)(23).

[xii] See ForwardHealth Update 2020-12, “Temporary Changes to Telehealth Policy and Clarifications for Behavioral Health and Targeted Case Management Providers” (revised May 8, 2020), available at https://www.forwardhealth.wi.gov/kw/pdf/2020-12.pdf

[xiii] See id.

[xiv] See Center For Connected Health Policy, State Telehealth Laws and Reimbursement Policies (Fall 2020), available at https://www.cchpca.org/sites/default/files/2020-10/CCHP%2050%20STATE%20REPORT%20FALL%202020%20FINAL.pdf

[xv] See, e.g., Centers for Medicare and Medicaid Services, COVID-19 Frequently Asked Questions (FAQs) on Medicare Fee-For-Service (FFS) Billing (revised October 20, 2020), at 63-79, available at https://www.cms.gov/files/document/03092020-covid-19-faqs-508.pdf

[xvi] Compare Wisconsin ForwardHealth Telehealth Expansion and Related Resources for Providers, available at https://www.forwardhealth.wi.gov/WIPortal/content/html/news/telehealth_resources.html.spage , with WIS. ADMIN. CODE § MED 24.06.

There has been a trend recently in the state of Wisconsin, and elsewhere, for attorneys to file lawsuits against hotel owners alleging that their websites are in violation of the Americans with Disabilities Act (“ADA”) because they are not accessible to disabled individuals. Specifically, the complaints allege that the hotel websites are in violation of the ADA because they fail to identify accessibility features, do not allow for booking of accessible rooms, and do not provide sufficient information regarding accessible rooms and amenities at the hotel.

Frequently, the attorneys bringing the lawsuits against the hotel owners will represent the same disabled party (often referred to as a “tester”), use a stock, form set of allegations against several hotel owners, and file more than one lawsuit at a time. Based on the sheer volume of these cases in recent weeks, it is unlikely these lawsuits will cease any time soon.

The parties filing the lawsuits typically assert that hotel owners must ensure that their website (and the third-party booking websites used to reserve their rooms) meet certain requirements. For example, the plaintiffs assert that hotel websites must:

• identify and describe accessible features in the hotels and guest rooms offered through their reservation service in enough detail to reasonably permit individuals with disabilities to assess independently whether a given hotel or guest room meets their accessibility needs;
• ensure that assessible guest rooms are held for use by individuals with disabilities until all other guest rooms of that type have been rented and the accessible room requested is the only remaining room of that type; and
• reserve, upon request, accessible guest rooms or specific types of guest rooms and ensure that the guest rooms requested are blocked and removed from all reservations systems.

If you or your business receives a demand letter threatening legal action or are served with a lawsuit, you should promptly contact an attorney to discuss your options.

A proper estate plan covers not only what should happen upon your death, but also what should happen if you lose your decision-making skills. While planning for incapacity may be as unpleasant as planning for death, it is an important step in the estate planning process. Planning for incapacity ensures that someone you specifically choose and trust can act on your behalf while you are unable to do so for yourself. In another article, we discussed the importance of a Durable Financial Power of Attorney. Here, we discuss why a Power of Attorney for Health Care is equally as important.

A Power of Attorney for Health Care is a document that allows you to appoint someone, your “health care agent,” to make medical decisions for you in the event you are unable to do so for yourself. This document allows your health care agent to communicate with your health care providers regarding what treatments you do and do not want.

You will still receive medical care if you do not execute a Power of Attorney for Health Care, but you risk not having the right person speak for you on your behalf and not receiving the type of care or treatment you would want. For example, your physician may ask the court to appoint someone to act on your behalf, and your court-appointed agent could subject you to a medical treatment you did not want. Additionally, the appointment process can be expensive, public, and time consuming.

While a Power of Attorney for Health Care is an important part of your estate plan, it applies only to medical decision-making. For this reason, this document is often drafted as part of a larger estate plan.

The attorneys at O’Neil Cannon have experience in drafting various estate plans, both simple and complex, and would be happy to discuss the estate planning process with you. If you are interested in learning more about estate planning, please contact attorney Kelly M. Spott.

As we have previously covered, Wisconsin businesses may be subject to the requirements of the European Union General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Additionally, many states, including Wisconsin, and the federal government are considering similar data protection bills that may impact Wisconsin businesses. With overlapping obligations, compliance with data protection laws is an increasingly tricky business for most companies. To ensure that your company doesn’t inadvertently violate any current or future laws, consider the following six steps:

Step 1: Consider the Applicability of Data Privacy Laws

Companies should determine whether existing consumer data privacy laws apply to them. The GDPR applies to companies (1) established in the EU and conducting data processing in the context of that business’s activities; or (2) either: (a) offering goods or services, for free or for a fee, to individuals in the EU or (b) monitoring the behavior of individuals within the EU.

Wisconsin companies with a physical presence in the EU will almost certainly be subject to the GDPR. Without a physical presence, a Wisconsin company will nonetheless likely fall within the GDPR’s scope if it offers products or services to EU individuals or businesses or if it monitors the online behavior of EU individuals or businesses.

On the other hand, the CCPA will apply to your business if it is a for-profit business that does business in the state of California and collects California consumers’ personal information (or such information is collected on its behalf) and determines the purposes and means of processing California consumers’ personal information, AND if it meets one of the following criteria:

• It has at least $25 million in annual gross revenues;
• It buys, sells, shares, or receives the personal information of at least 50,000 California consumers, households, or devices per year; or
• It derives at least 50 percent of its annual revenue from selling California consumers’ personal information.

Most companies should be able to determine whether they meet the above criteria. Some businesses may struggle to determine whether or not they buy, sell, share, or receive the personal information of at least 50,000 California consumers, households, or devices per year. Still, companies with even a small or moderate online presence will likely meet this threshold due to the broad scope of the CCPA’s definition of personally identifiable information (PII).

Once you have determined that the GDPR or CCPA applies, take affirmative steps to ensure that you are in compliance.

Step 2: Map Your Company’s Data

Once you have determined that the GDPR or the CCPA applies to your company, you must map the data that your company collects. Mapping will include knowing the type of data you are collecting, its source, and what happens to the data after it has been collected. You should also identify where the data is kept, what encryption or other security your company uses to protect that data, who has access to the data, and whether there are any security risks.

This step is necessary and must be taken to understand what data your company collects and where and how it is stored so that you can take appropriate steps to ensure efficient compliance with applicable data protection rules.

Step 3: Clean Up Your Company’s Data

Companies should be disciplined and strict about data collection. Determine what information is necessary and what information is superfluous. Moreover, think about why certain PII is retained, rather than deleted, in view of the company’s data collection goals. You may find a greater financial gain in deleting troves of PII as opposed to investing in storage and encryption. Moreover, deleting unnecessary files can help reduce the risk of inadvertently committing data protection violations.

This step will not only help ensure compliance, but it will also allow you to develop an effective and potentially financially valuable strategy for data collection.

Step 4: Create Privacy Protection Procedures and Policy

To ensure that consumers may exercise the rights to their PII granted to them under the GDPR and the CCPA, your company must have efficient processes. In crafting a privacy protection policy, consider:

• how individuals can give consent for data collection and transfer;
• the process for a consumer to request data deletion or to opt-out of data collection;
• how the company can ensure complete, effective data deletion or tagging across all platforms;
• the process for responding to a hypothetical data breach; and
• how the company can ensure that minors give proper consent.

When creating privacy procedures and policies for your company, it is important to understand that the relevant consumer data privacy laws require transparency in matters concerning PII. Therefore, your company’s privacy procedures and policies must be drafted carefully and with the complex obligations of the GDPR or the CCPA in mind.

Step 5: Update Your Company’s Online Privacy Policy

Under the GDPR or the CCPA, your company must have an easily accessible and understandable privacy policy. To ensure that your company’s privacy policies comply with the GDPR and the CCPA, you must ensure that it contains the following:

• A statement to residents of California or the EU that they have the right to opt-out of the sale of their data;
• An explanation that indicates how the company will inform consumers of future privacy policy updates; and
• A description of how the consumer’s data will be used, including all possible uses that involve a transfer of that data.

Furthermore, you must update your company’s privacy policy at least once every 12 months and notify consumers of each such update. As discussed, every privacy policy must be easily accessible and transparent. Even unintentionally complex policies may expose your company to liability.

Step 6: Update Your Company’s Website

Finally, to comply with the GDPR and the CCPA, a company must include a link on its website that says “Do Not Sell My Personal Information.” The link must use that specific phrasing and bring users to a page that allows them to opt-out of any sale of their data. This link must be separate from the general privacy agreement and cannot require the consumer to create a profile or account to access the opt-out. The CCPA also requires companies to create a toll-free number for consumers wanting to opt-out of the sale of their data.

After a consumer opts out, a company has two options under the CCPA:  (1) it can retain the consumer’s PII but exclude that PII from any sale, or (2) it can delete the consumer’s data entirely. However, the GDPR requires the company to delete the consumer’s data entirely. Thus, it is very important to understand whether the CCPA or GDPR (or both) applies and to have specific procedures in place to respond to a consumer’s request to opt out.

What to Expect in Wisconsin

Because the GDPR and the CCPA are intentionally extraterritorial, their obligations may easily reach Wisconsin businesses. Furthermore, because of the steep fines for violating these data protection laws, Wisconsin businesses must either confirm that they are not subject to these strict requirements or take proactive steps to ensure compliance.

Even if the GDPR and the CCPA currently do not  apply to your company, it may not be long until Wisconsin or the federal government implements a consumer data protection law that does. Consequently, regardless of whether you do business in the European Union or in California, beginning to implement better data collection practices now may help your companies online reputation and reduce future risks.

O’Neil, Cannon, Hollman, DeJong and Laing remains open and ready to help you.

Late last week, the Department of Treasury and Small Business Administration (SBA) jointly released a new loan forgiveness application for Paycheck Protection Program loans of $50,000 or less. This new streamlined application removes calculations required on prior forms and simplifies documentation requirements, relieving both borrowers and lenders of the prior compliance burdens present in the older form.

Pursuant to an interim final rule, the simper one-page application form, SBA Form 3508S, does not require borrowers to reduce their forgiveness amount for any reductions in full-time equivalent (FTE) employees or in salaries or wages. Additionally, the new form does not require borrowers to show calculations used to determine their loan forgiveness amount. With that said, the SBA could request additional information and documents as part of its loan review process.

While simpler overall, the application still requires the borrower to make certain certifications regarding the accuracy of the information reported. Further, the application requires the borrower to submit documentation supporting the fact that the use of the loan proceeds was for eligible costs. Borrowers who, together with their affiliates (as determined under SBA rules), received loans of $2 million or more are ineligible to use the new streamlined application. For example, if an entity has a loan of $50,000 and its parent corporation has a loan of $1.95 million, the former would not be able to use Form 3508S to apply for loan forgiveness.

Form 3508S and its accompanying instructions are posted on the SBA’s website.

O’Neil, Cannon, Hollman, DeJong and Laing remains open and ready to help you. For questions or further information relating to the new streamlined application for PPP loans under $50,000, please contact the author of this article, Attorney Britany E. Morrison.

I. Expansion of Telehealth to Meet Clinical Need

Federal and state governments have resolved traditional barriers to telehealth – including  complexity of billing, lower reimbursement and privacy and security concerns – to facilitate the safe provision of medical services during the COVID-19 pandemic.[i]  The first article in this two-part series highlights basic standards for regulatory compliance in the design of telehealth policies.  The second article will address the practitioner’s obligation to minimize patient harm (and thus practitioner liability) with attention to the medical standard of care when assessing when and how telehealth is appropriate for each patient.

II. Mechanics of Telehealth Compliance

A. Minimum Standards for Telehealth Practice

A Wisconsin physician planning to provide treatment recommendations (including a prescription) by use of a website-based platform must observe requirements promulgated by the Wisconsin medical examining board to comply with state law and (when applicable) to receive payment from Wisconsin Medicaid.[ii]  While the requirement that the physician be licensed to practice medicine in the state has been suspended during the COVID-19 emergency,[iii]  the following formalities must still be observed during the pandemic to protect the integrity of the telemedicine encounter:

1. Physician’s name and contact information must be made available to the patient;
2. Informed consent must be obtained;[iv]
3. A documented evaluation (including a medical history) must be performed. If needed to satisfy standards of minimally competent medical practice, an examination, evaluation, and/or diagnostic tests are also required.
4. A patient health care record must be prepared and maintained.[v]

Under permanent Wisconsin telemedicine regulations, a physician-patient relationship may be initially established by use of two-way electronic communications, but not by use of audio-only telephone, email messages or text messages.[vi]  Conditioning treatment of a patient upon the use of telehealth is expressly prohibited.[vii]

B. Reimbursable Telehealth Services

1. Wisconsin Medicaid and Telehealth

Wisconsin lawmakers began expanding the services and communications that may be provided by telehealth prior to the COVID-19 pandemic. The Wisconsin Department of Health Services (“DHS”) continues to broaden the range of medical services covered by the state’s medical assistance program when delivered remotely, both during the public health emergency and beyond.[viii]  DHS is adding Medicaid coverage for currently covered services when provided using a telehealth platform if functionally equivalent to an in-person visit (interactive synchronous technology).[ix]  DHS’s criteria for “face-to-face equivalence” for interactive telehealth services includes the use of “audio, video, or telecommunication technology,” but only if there is “no reduction in quality, safety, or effectiveness.”[x]  Audio-only phone communication that can be delivered with a functional equivalency to face-to-face service will be covered during the COVID-19 pandemic.[xi]  DHS emphasizes that documentation must support the service rendered.[xii]  For further explanation of these policies, visit ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers.[xiii]

Telehealth coverage expansion applies to all services currently indicated in topic (#510) of the FowardHealth Online Handbook (permanent policy), and additional services temporarily allowed for telehealth are published in ForwardHealth Updates.[xiv]  For example, ForwardHealth is expanding coverage to include certain synchronous (real-time) and asynchronous (not real-time) services such as remote patient monitoring and provider-to-provider consultations.  DHS also plans to roll out expansion updates particular to specific services areas, such as therapy and behavioral health.  DHS will use a phased approach to its expansion of telehealth services, keeping providers informed of expansion of coverage via the ForwardHealth website described above.

In addition to coverage criteria relating to the mode of telehealth services, a provider must be mindful of rules governing the logistics of telehealth visits.  Wisconsin Medical Assistance (Medicaid) places no restriction on the location of the provider (permanent policy), which may include physicians, nurse practitioners, Ph.D. psychologists, psychiatrists and others.[xv]  Beginning in March 2020, ForwardHealth began allowing coverage irrespective of the location of the patient (permanent policy).[xvi]  However, only the following sites are currently eligible for a facility fee:  hospitals, including emergency departments, office/clinics, and skilled nursing facilities.[xvii]

2. Federal Medicare and Telehealth

The Centers for Medicare and Medicaid Services (“CMS”) greatly expanded access to Medicare telehealth services based upon the regulatory flexibilities granted under Social Security Act § 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act.  Currently, Medicare will reimburse both synchronous video visits and also brief communication technology-based services (“CTBS”) for responses to Medicare Part B beneficiaries by telephone, audio/video, secure text messaging or by use of a patient portal.[xviii]  Reimbursement for CTBS is limited to patients with an established (or exiting) relationship with a physician or certain practitioners.  The billing codes for CTBS represent brief, patient-initiated communication services and do not replace full evaluation and treatment services covered under the Medicare benefit and described by existing CPT codes.  To meet the criteria for medical necessity, CTBS must require clinical decision-making and not be for administrative or scheduling purposes.  The patient must verbally consent to these types of services at least annually.

To be covered by Medicare, the CTBS must not be related to a medical visit within the previous seven (7) days and cannot lead to a medical visit within the next twenty-four (24) hours (or soonest appointment available).[xix]  For Medicare reimbursement, providers must confirm that the particular diagnostic benefit falls within the description of CTBS codes.  For example, CTBS codes do not include the audiology diagnostic benefit category.[xx]  DHS applies similar requirements to billing for “telephone evaluation and management services” covered under Wisconsin Medicare.[xxi]

During the COVID-19 pandemic, Medicare will reimburse telehealth services at the same rate as regular, in-person visits.  The level of reimbursement that is approved following the public health emergency will impact the availability of telehealth services.

C. Documentation Requirements

DHS policy (published via ForwardHealth updates available online) is to require that all services provided via telehealth be thoroughly documented in the member’s medical record in the same manner as services provided face-to-face.[xxii]  Providers must develop and implement their own methods of informed consent to confirm that a member agrees to receive services via telehealth.  ForwardHealth considers verbal consent to receiving services via telehealth an acceptable method of informed consent when it is documented in the member’s medical record.[xxiii]  Documentation for originating sites (patient location) must support the member’s presence in order to submit a claim for the originating site facility fee.  In addition, if the originating site provides and bills for services and also the originating site facility fee, documentation in the member’s medical record should distinguish between the unique services provided.[xxiv]

DHS is temporarily allowing supervision requirements for paraprofessional providers to be met via telehealth.  Supervision must be documented according to existing benefit policy.[xxv]

III. Additional Considerations for Telehealth

E-Prescribing – Many states limit the prescribing of controlled substances based solely on telehealth examination.  Generally speaking, the U.S. Drug Enforcement Administration (“DEA”) requires a telemedicine provider to have an in-person medical evaluation of a patient prior to prescribing a controlled substance for the patient, absent an exception.  However, the DEA issued notice in March 2020 that this requirement is waived for the duration of the COVID-19 public health emergency.[xxvi]

Privacy and Security – The Office for Civil Rights announced on March 17, 2020 that they will not impose penalties for noncompliance with the Health Insurance Portability and Accountability Act of 1996 regulatory requirements for remote communications technologies in connection with the good faith provision of telehealth during the national COVID-19 public health emergency.  DHS has issued an update clarifying guidance regarding federal enforcement of the Health Insurance Portability and Accountability Act of 1996 regulatory requirements during the COVID-19 pandemic.[xxvii]

Practicing Telehealth Across State Lines – Wisconsin has adopted the Federation of State Medical Boards’ Interstate Licensure Compact, which aims to expediate physician licenses for uses like telemedicine in states that adopt the compact.  Wisconsin providers serving patients in other states must consult local state laws governing the physician-patient relationship and the use of telemedicine.

When a Wisconsin provider provides telemedicine services to a patient located outside of the state, legal review for choice of law and choice of forum should be undertaken.  For example, the laws of the state in which each patient is located should be evaluated for: (1) statute of limitations; (2) standard of care; (3) limitations of liability; and (4) unique provisions governing the establishment or termination of the physician/patient relationship.  To manage these challenges in a large telemedicine practice, a provider may need to consider establishing different legal entities for the practice of medicine in different states.

OCHDL will continue to monitor changes in regulations and policy impacting telemedicine. Our next blog post will address medical malpractice risk and telemedicine policies. For more information on these topics, contact Marguerite Hammes at 414-276-5000 or marguerite.hammes@wilaw.com.

[i] SR Health, A Complete Guide to Seeing Patients Virtually and Getting Paid for It, available at https://www.srhealth.com/resources/telemedicine-guide

[ii] See WIS. ADMIN. CODE § MED 24.07 (1).

[iii] In the ordinary course, a physician practicing telemedicine in Wisconsin must be licensed to practice medicine and surgery by the medical examining board as required by Wis. Admin. Code § MED 24.04.  See Wis. Admin. Code § MED 24.07 (1). However, Wis. Admin. Code § MED 24.04 (requiring a physician practicing medicine in Wisconsin to be licensed by the medical examining board) and 24.07(1)(a) (applying licensing requirements to medical practice by telemedicine in the state) have been suspended during the COVID-19 emergency.  See Governor Tony Evers Emergency Order #16 Related to Certain Health Care Providers and the Department of Safety and Professional Services Credentialing, dated March 27, 2020.

[iv] WIS. ADMIN. CODE § MED 24.07 (1) (citing WIS. STAT. § 448.30 and Ch. MED. 18).

[v] WIS. ADMIN. CODE § MED 24.07(1) (citing ch. MED. 21).

[vi] See id. § MED 24.03.

[vii] ForwardHealth Update No. 2020-09, “Changes to ForwardHealth Telehealth Policies for Covered Services, Originating Sites, and Federally Qualified Health Centers” (March 18, 2020).

[viii] See WIS. STAT. § 49.45(61)(b); § 49.46(2)(b)(21)-(23).  DHS is expanding the permanent definition of telehealth to encompass the “practice of health care delivery, diagnosis, consultation, treatment, or transfer of medically relevant data by means of audio, video, or data communications that are used either during a patient visit or consultation or are used to transfer medically relevant data about a patient.”  See ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, available at https://www.forwardhealth.wi.gov/WIPortal/content/html/news/telehealth_resources.html.spage  See also Letter to ForwardHealth Providers from Jim Jones, State Medicaid Director, re: Wisconsin Medicaid Response to the COVID-19 Outbreak; FowardHealth #510.

[ix] See ForwardHealth Update 2020-09, supra note vii (permanent policy); ForwardHealth Update 2020-12, “Temporary Changes to Telehealth Policy and Clarifications for Behavioral Health and Targeted Case Management Providers” (Revised May 8, 2020); ForwardHealth Update 2020-15, “Additional Services to be Provided Via Telehealth” (Revised May 8, 2020) (temporary expansion policy).  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, available at https://www.dhs.wisconsin.gov/telehealth/telehealth-expansion-all-provider.pdf

[x] See ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, supra note ix.

[xi] ForwardHealth Update 2020-12, supra note ix.

[xii] ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.

[xiii] For further explanation of these policies, visit ForwardHealth, Telehealth, Telehealth Expansion and Related Resources for Providers, supra note viii.  See also Brooke Anderson, Benefits Policy Section Chief, Telehealth Expansion:  Acute and Primary Services, supra note ix.

[xiv] ForwardHealth Update 2020-15, supra note ix.

[xv] ForwardHealth Update 2020-12, supra note ix (permanent policy with respect to provider location but temporary with respect to other policy changes).

[xvi] ForwardHealth Update 2020-09, supra note ix (permanent policy changes).

[xvii] ForwardHealth, Topic 510, Telehealth, available at https://www.forwardhealth.wi.gov/WIPortal/Subsystem/KW/Print.aspx?ia=1&p=1&sa=1&s=2&c=61&nt=Telehealth

[xviii] Centers for Medicare and Medicaid Services, Medicare Telemedicine Health Care Provider Fact Sheet, available at https://www.cms.gov/newsroom/fact-sheets/medicare-telemedicine-health-care-provider-fact-sheet

[xix] See id.

[xx] American Speech-Language-Hearing Association, Use of Communication Technology-Based Services During Caronavirus/COVID-19 (June 6, 2020), available at https://www.asha.org/Practice/reimbursement/medicare/Use-of-E-Visit-Codes-for-Medicare-Part-B-Services-During-Coronavirus/

[xxi] ForwardHealth Update 2020-09, supra note vii.

[xxii] ForwardHealth Update 2020-12, supra note ix (citing Wis. Admin. Code § DHS 106.02(9); ForwardHealth Online Handbook #201 (Financial Records), #202 (Medical Records); #203 (Preparation and Maintenance of Records); #204 (Records Retention); #1640 (Availability of Records to Authorized Personnel)).

[xxiii] See ForwardHealth Update 2020-15, supra note ix.

[xxiv] See ForwardHealth Update 2020-12, supra note ix.

[xxv] See id.

[xxvi] DEA Press Release, DEA’s Response to COVID-19 (March 20, 2020), available at https://www.dea.gov/press-releases/2020/03/20/deas-response-covid-19

[xxvii] See ForwardHealth Update 2020-12, supra note ix.

The IRS has reminded taxpayers who filed an extension that the October 15, 2020 due date to file their 2019 tax return is near. Taxpayers should file their tax returns on or before the October 15, 2020 deadline. Moreover, taxpayers with tax due should pay as soon as possible to reduce any penalties and interest. However, certain taxpayers may have more time to file and pay. Taxpayers with more time to file or pay include the following:

• service members and others serving in a combat zone who typically have 180 days after they leave the combat zone to file returns and pay any taxes due; and
• taxpayers in federally declared disaster areas who already had valid extensions.

Further, taxpayers can make their federal tax payments online through various methods such as a bank account withdrawal or via debit card or credit card. Additionally, taxpayers unable to make full payments can meet their tax obligations in monthly installments by applying for a payment plan. Alternatively, taxpayers can find out if they qualify for an offer in compromise—a way to settle tax debt for less than the full amount or even request a temporary delay on collection until their financial situation improves.

The IRS also reminded those with little or no income who are not required to file a tax return (non-filers) that they could be eligible to receive an Economic Impact Payment.

O’Neil, Cannon, Hollman, DeJong and Laing remains open and will continue to monitor federal and state tax filing deadlines. For questions or further information relating to the upcoming October 15, 2020 deadline, please contact Attorney Britany E. Morrison.

Various estate planning documents require you to appoint someone to act on your behalf. These appointees are your “fiduciaries” and include your personal representative, guardian for minor children, trustee, attorney-in-fact, and health care agent.

Often times, people name certain individuals for these roles without much consideration, or they may consider the wrong criteria. Below is a general description of each fiduciary role and a few suggestions on what to consider when deciding who to appoint to those roles. In general, you should carefully consider the skillset each role requires and whether the person you would like to appoint possesses those skills.

Personal Representative

You name your personal representative in your Last Will and Testament. Your personal representative will be responsible for overseeing the administration of your estate during the probate process. Consider naming someone who lives nearby so they can administer your estate and someone who will have the time to file all the necessary paperwork.

Guardian

You name a guardian for your minor children in your Last Will and Testament as well. This person will be responsible for taking care of your minor children. Consider naming someone who lives close by so your children won’t have to move (or move very far), has similar values as you and will raise your children similar to how you would, and will have the energy to raise young children or children who require extra care and attention.

Trustee

You appoint your trustee in your trust agreement. Your trustee will administer the trust agreement pursuant to its terms, manage and invest the trust assets, and make distributions to your beneficiaries (sometimes at their own discretion). Consider naming someone who will be able to understand the document and its terms, has a financial background and can manage your assets effectively, and will not be placed in an uncomfortable situation if they decide to refuse a beneficiary’s request for a distribution. If you cannot think of someone with the requisite skillset, or if you have complex assets that will need to be managed, consider naming a professional fiduciary.

Attorney-in-Fact

You name your attorney-in-fact in your Financial Power of Attorney. This person will manage your financial affairs in the event you become incapacitated. Consider naming someone who has a financial background, lives nearby and can easily manage your financial affairs, and who is familiar with your financial affairs. If you cannot think of someone with the requisite skillset or someone you completely trust to have these broad powers, consider naming a professional fiduciary.

Health Care Agent

You name your health care agent in your Power of Attorney for Health Care. This person will make medical decisions for you in the event you become incapacitated. Consider naming someone who has a medical background or who will be capable of understanding your medical situation, will respect your wishes regarding medical treatment, and will be able to carry out your wishes regarding medical treatment even if others disagree.

As you can see, there are several things to consider when selecting a fiduciary. If you would like more information on these fiduciary roles, or if you would like to create or update an estate plan, please contact attorney Kelly M. Spott.

Almost every organization in the world collects personal data from individuals, in one form or another. Indeed, most websites collect consumer information automatically. For this reason, every business must become familiar with relevant data protection laws and understand how to collect, store, use, and share data in compliance with these laws. Organizations that fail to comply with data privacy laws could incur substantial fines and other damaging consequences.

This blog post intends to give Wisconsin organizations a basic overview of consumer data privacy laws, their significance, and how such laws may apply to them.

What is Privacy Law?

“Privacy law” refers to laws governing the regulation, storage, sharing, and use of personally identifiable information, personal healthcare information, financial information, and other types of personal information. While both state and federal governments have various laws governing certain types of information privacy, as of now, no federal law exists to protect consumer data.

Given the absence of federal protection and the number of internet companies collecting—and often misusing—consumer data, several states, including Wisconsin, have developed or are beginning to develop state statutes designed to protect residents from data misuse online. Together with international data protection regulations, these state laws create an increasingly complex web of obligations for any organization collecting personal data.

What is Personally Identifiable Information?

The key to understanding and properly complying with consumer data privacy laws is understanding the term “Personally Identifiable Information” (PII). In general, PII is any information that may be used to identify an individual. Such information may include not only names, addresses, and government IDs, but also internet protocol (IP) addresses, cookie identifiers, and other automated identifiers.

Despite their many commonalities, international and domestic privacy laws have subtle differences in their categorization of PII. For example, some privacy laws allow pseudonymized or anonymized data to be excluded from PII. Pseudonymization is a reversible process that substitutes the original personal information with an alias or pseudonym such that additional information is required to re-identify the data subject. In contrast, anonymization irreversibly eliminates all ways of identifying the data subject. Similarly, IP addresses may be either static (i.e., specific to a particular computing device) or dynamic (i.e., the IP address changes over time). Static IP addresses are likely to be considered PII whereas dynamic IP addresses may not, depending on the applicable law.

An Overview of Key Data Protection Laws

Modern consumer data protection laws generally articulate both consumers’ rights to data privacy and the responsibilities of entities that collect and process personal data.

Concerning consumers, most consumer data privacy laws establish that consumers have any combination of five fundamental rights, including the right to:

• be informed that data is being collected;
• access collected data;
• rectify incorrect data;
• erase collected data; and
• object to certain uses of that data.

While these diverse privacy regimes have many similarities, they often have substantial differences, including varying definitions, scope, punishment for violations, and jurisdiction. Therefore, it’s critical to determine which laws apply to you and to thoroughly review those laws to understand your organization’s compliance obligations.

a. The European Union–General Data Protection Regulation (GDPR)

The European Union’s (EU) data protection regulation, known as the GDPR, is the world’s first comprehensive data protection law. Having gone into effect in 2018, the GDPR interprets PII extremely broadly and takes substantial steps to protect such PII. It covers not only IP addresses and cookies but also certain forms of pseudonymized data and metadata. The law is revolutionary in that it applies to all entities possessing or processing the personal data of EU residents, regardless of an entity’s nationality. Therefore, U.S. companies who deal with EU citizens as customers, users, or clients are likely to be subject to GDPR rules and regulations.

It is crucial to determine whether your organization is subject to GDPR rules. Should EU regulators determine that a company subject to the GDPR has violated any of the GDPR articles, the company may be subject to fines for as much as €20 million or 4% of the company’s global turnover, whichever is higher.

b. The California Consumer Privacy Act (CCPA)

Effective as of January 1, 2020, the CCPA is the first significant consumer data protection act in the United States. Like the GDPR, the CCPA defines PII to include any information that could, directly or indirectly, lead to the identification of any user or household.

Also similar to the GDPR, the CCPA is applied broadly to businesses globally should they do business in California. The CCPA includes specific language defining what businesses are subject to the CCPA. The CCPA applies to any for-profit business that collects, possesses, or otherwise handles the PII of California residents AND that meets any of the following criteria:

1) has annual revenues over $25 million;

2) possesses the personal information of 50,000 or more California consumers, households, or devices in any calendar year; OR

3) earns more than half of its annual revenue from selling consumers’ PII.

This statute is intended to be broadly applied to commercial enterprises, regardless of geographical location and whether they explicitly target California residents. Because most businesses operate websites that automatically collect PII, such as cookies or IP addresses, even small non-California businesses risk falling under the CCPA by having a passive online presence.

The California Attorney General may fine companies up to $2,500 per non-willful violation and up to $7,500 per willful violation—amounts that add up quickly if a violation affects thousands (or millions) of users.

c. Other Relevant Consumer Data Protection Laws

Apart from California, 43 other states have made or are in the process of introducing forms of consumer data privacy bills. Wisconsin introduced three separate bills at the beginning of 2020 that would create rights and obligations concerning consumer data privacy similar to those created by the CCPA and the GDPR.

Currently, Maine and Nevada are the only two other states to have signed consumer data privacy protection bills into laws. The Maine privacy law applies only to internet service providers and not to independent businesses that may possess PII of users. The Nevada law is similar to CCPA in many ways, but it doesn’t apply to non-resident companies that do not actively do business in the state.

Additionally, in March 2020 Senator Jerry Moran (R-Kan.), introduced the Consumer Data Privacy and Security Act; however, the federal Congress has yet to take action on the proposed bill. If passed, this federal legislation would create a clear federal standard for consumer data protection and create specific rights of consumers to access, correct, and delete personal information. The proposed bill would also create substantial obligations for businesses, including those in Wisconsin, that use, collect, or otherwise possess PII. Finally, the proposed bill would provide the Federal Trade Commission (FTC) with the specific authority to enforce these rights and obligations.

In conclusion, while there are currently no Wisconsin or federal laws directly governing the regulation, storage, sharing, and use of personally identifiable information, Wisconsin businesses could be subject to the requirements of the CCPA or the GDPR. Additionally, it seems likely that in the near future, either Wisconsin or the federal government will pass a law that directly impacts Wisconsin businesses. Moving forward, it will be very important to understand how your company’s collection of personal data may be impacted.

O’Neil, Cannon, Hollman, DeJong and Laing remains open and ready to help you.