by Jaymi Thibault

Nineteen million Americans lack high-speed internet access in 2020. Policymakers must ensure that these people have access to the same resources and opportunities as those who have internet, particularly in an increasingly digitized society. One way to promote equity and help those without high-speed internet access is to allow providers to conduct telehealth services over the phone.

Video conferencing has long been the most common application of telehealth, with providers being able to see and hear patients in real-time. However, video conferencing requires a camera and reliable high-speed internet. Even those who can access this technology may not know how to use it. 

Despite the fact that nearly everyone has a phone, providers have traditionally avoided audio-only telehealth. Many audio-only services were not reimbursable through Medicare or Medicaid before COVID-19. The few audio-only services that were reimbursable were assigned a lower payment rate, meaning a provider could earn more money from a similar in-person or video visit.

If providers chose to use audio-only telehealth before COVID-19, it was only as a tool to help determine the appropriate level of care for a patient. For example, TRICARE (the health care plan for U.S. military personnel and their dependents) offers a Nurse Advice Line. This service is intended to help patients determine if an urgent care or hospital visit is necessary. 

The COVID-19 outbreak catalyzed a mass shift from in-person to remote care. Policymakers urged providers to deliver virtual care whenever possible. However, officials recognized the need to accommodate patients without video technology as well as providers who lacked existing telehealth infrastructure.

Facilitating the widespread use of audio-only telehealth required swift action from both federal and state agencies. The Centers for Medicare & Medicaid Services (CMS) regulates Medicare at the Federal level. Medicaid and private insurance carriers, however, fall under state jurisdiction.

CMS issued an interim rule on March 30th allowing Medicare beneficiaries to receive certain services over the phone. These services include evaluation and management, therapy, and counseling sessions. On April 30th, CMS issued a second rule expanding audio-only coverage to a broader set of services such as behavioral health and patient education visits. CMS also increased reimbursement rates for audio-only services to match those for in-person visits.

All 50 states and Washington, D.C. have followed suit to varying degrees. Alabama, Rhode Island, and Wisconsin are just some of the states that have authorized a temporary waiver through the state’s Medicaid agency. Others, such as Arizona and Hawaii, used an executive order to extend policy changes to both Medicaid as well as private insurers. Most states included conditional language that providers should only use audio-only services when video conferencing is not possible.

Preliminary CMS data show that many patients are taking advantage of the new rules. Over three million Medicare beneficiaries have received telehealth services via telephone since the pandemic began. That is nearly one-third of all beneficiaries who received telehealth services.

With so many patients now using audio-only telehealth, various organizations are urging policymakers to extend these changes beyond the pandemic. The American College of Obstetricians and Gynecologists, the American College of Physicians, and the American Academy of Family Physicians have voiced support for permanent coverage of audio-only telehealth. Elected officials are beginning to respond; in June, New York added “audio-only telephone communication” to its permanent list of services covered by Medicaid. Senator Portman (R-OH) recently introduced a bill that would allow providers to bill Medicare for audio-only services after the public health emergency.

Audio-only telehealth likely has a future in U.S. health care beyond the pandemic. Its ability to help those without a stable internet connection is undeniable. However, policymakers and providers must acknowledge the privacy risks associated with it.

Providers will have a more difficult time verifying that patients are who they say they are. Providers typically ask a patient for two pieces of identifying information at the start of a telehealth visit. Some of this information, such as full name and date of birth, is relatively easy for others to acquire. However, being able to see the patient through video provides an additional identification measure. When providing telehealth over the phone, practitioners are at greater risk of disclosing confidential information to fraudulent actors.

Healthcare providers must also ensure that their patients are in a private location – a task made more difficult by audio-only telehealth visits. Under certain circumstances, such as interpersonal violence, patients may feel pressured into dishonesty. Without a private space to conduct their visit, patients may also feel concerned about someone overhearing. This lack of privacy could discourage patients from being open with their provider about certain symptoms or problems, negatively impacting the provider’s ability to deliver appropriate care.

Providers can take action to mitigate these risks. Several organizations, such as the Better Identity Coalition and the CARIN Alliance, have developed best practices for identification that can be applied to telehealth. The Better Identity Coalition, for example, encourages the collection of identifiers other than Social Security numbers whenever possible. Social Security numbers are not secrets, so they have no security value.

Ensuring the patient is in a private location will remain a challenge, but Futures Without Violence has published a question guide for patients intended to support privacy and safety during telehealth visits. The question guide is written for patients who have experienced interpersonal violence but could be used for the general public.

If audio-only telehealth continues to be permitted, new identification technology could become standard within the health sector. For example, Prove (formerly Payfone) already offers a mobile identification service that uses longitudinal phone data to verify an identity.

Audio-only telehealth is relatively safe in terms of broader scale security. According to Jeremy Grant, coordinator of the Better Identity Coalition, audio-only telehealth visits are far less susceptible to large, coordinated security attacks, mainly due to their low reward. “It’s going to be less valuable for attackers to try to steal a health service than to steal money,” said Grant.

While audio-only telehealth poses several risks to patient privacy, the pandemic has shown that it is valuable to Americans. As telehealth grows in popularity, policymakers must recognize that video conferencing is not always a feasible option. If we truly want to help those without stable internet access, coverage for audio-only telehealth should be extended permanently. So long as providers acknowledge the risks and take steps to ensure their patients’ privacy, audio-only telehealth will remain a safe and viable option for remote care delivery.

Jaymi Thibault is a second-year MPP student interested in the intersection of technology and health policy. She spent the summer working as an intern for the Triangle Privacy Research Hub. After Sanford, Thibault intends to pursue a career where she can advocate for consumer privacy and cybersecurity.