Home  /  About  /  Contact Us  /  Shopping Cart  

Preview / Hot News

► CARES Act Includes Changes To Health Coverage, Privacy Laws

The Coronavirus Aid, Relief, and Economic Security (CARES) Act, the massive relief and stimulus package signed March 27, includes several health coverage provisions designed largely to facilitate testing and treatment for COVID-19, along with encouraging alternatives to health care in the traditional in-person setting.

The CARES Act expands on the Families First Coronavirus Response Act’s (FFCRA) requirement to cover COVID-19 testing on a first-dollar basis. It clarifies that testing at out-of-network as well as in-network healthcare providers must be covered, and sets forth criteria for determining a reimbursement rate. Tests subject to this mandate now include, in certain circumstances, those not yet approved by the Food and Drug Administration.

If a health plan or insurer did not previously have a negotiated rate with a testing provider, it must pay the provider’s cash price, as listed on a public website, unless a lower rate can be negotiated.

Also, a COVID-19 vaccine or other “qualifying coronavirus preventive service” must be covered without cost-sharing when it becomes available, within 15 days after the designated advisory body recommends it. The act does not actually require COVID-19 treatment to be covered on a first-dollar basis, but many insurers are doing so voluntarily.

The CARES Act also builds on recent IRS guidance on health savings accounts (HSAs), which stated that first-dollar coverage of COVID-19 testing or treatment would not jeopardize the HSA-compatibility of a high-deductible health plan (HDHP). Section 3701 of the act adds a temporary safe harbor for HDHPs to waive or limit cost-sharing for “telehealth and other remote care” services.

“While Section 3701 is broad, it is still somewhat vague with respect to just how broadly employers may interpret this provision,” Snell & Wilmer attorney Allison Bans observed in a blog post. “For example, clearly employers can waive all deductibles for traditional telehealth visits, but it is unclear whether it applies to providers outside of the telehealth plan and network who have decided to begin offering remote care services in response to the COVID-19 pandemic. Arguably, it does.”

Also relevant to HSAs, as well as health flexible spending accounts and health reimbursement arrangements, the CARES Act once more makes over-the-counter medications reimbursable without a prescription, repealing a controversial restriction originally imposed by the Affordable Care Act. Section 3702 also resolves an ongoing ambiguity by clarifying that menstrual care products are reimbursable. Plan sponsors wishing to adopt these changes may need to amend the plan documents.

Privacy Provisions

Of interest to health plan sponsors as well as healthcare providers, Section 3221 of the CARES Act amends the privacy requirements for federally funded substance abuse treatment to conform more closely to the Health Insurance Portability and Accountability Act’s (HIPAA) privacy provisions.

The so-called “Part 2” rules, which actually predate HIPAA, have long been a problem area for treatment providers and all parties that need access to treatment records, including health plans and their service providers.

Under the CARES Act, a written consent is still required for the initial disclosure of Part 2 records, but thereafter this information can be redisclosed for “treatment, payment, and healthcare operations” (TPO) purposes without the need for a new consent.

A patient now may issue a “blanket” consent for health plans or other covered entities to disclose and redisclose their treatment information, as long as HIPAA is followed. Unlike HIPAA, however, patients still may stop the TPO use of this information at any time by revoking that consent.

At the same, the CARES Act added some HIPAA-type provisions that were not in the original Part 2 rules, such as breach notification and a prohibition on employment-related use of the information. Part 2 programs, if they were not already, are now subject to HIPAA’s privacy notice requirements and possible civil and criminal penalties for violations.

Another privacy provision is Section 3224, which calls for the U.S. Department of Health and Human Services to issue guidance within 180 days on sharing HIPAA protected health information during the public health emergency involving COVID-19.


< Back


Be Bound By