Mid-week roundup: DEA extends telehealth prescribing waiver to November; telehealth usage continues to erode; NextGen EHR hacked, 1M records breached

The answer: 11 November. The question: how long was the Drug Enforcement Administration (DEA) planning to extend their telehealth waiver of in-person prescribing requirements on Schedule II and higher controlled substances?  Both the DEA and the Substance Abuse and Mental Health Services Administration (SAMHSA) issued the “Temporary Extension of COVID-19 Telemedicine Flexibilities for Prescription of Controlled Medications”rule on 9 May before the Public Health Emergency (PHE) expired on 11 May. It’s a six-month reprieve for the beleaguered telemental health providers/prescribers and their patients–and sure to be hotly debated over the next few months as a final rule must replace the temporary extension rule and the Ryan-Haight Act isn’t going away. DEA release, TTA 4 May

FAIR Health’s tracking of telehealth medical claims has languished in the Fives–as in 5%–since last year. February is the latest month of tracking and it declined from 5.9% in January to 5.5% in February. Again, the vast majority of claims are for mental health codes (66.7%) far ahead of diagnosis #2, acute respiratory diseases and infections, where Covid-19 once resided. However, the latter accounted for 25.6% of asynchronous (store and forward) telehealth diagnoses. A new metric on the report is audio-only telehealth, which is only slightly more popular in rural versus urban areas. The greatest difference from the national norm is in the West, where February telehealth claims were 7.6%. Monthly national summary, FAIR Health main page for monthly and regional summaries.

NextGen’s EHR/practice management system hacked, 1.05 million patient records breached. Information stolen included patient name, dates of birth, addresses, and Social Security numbers. This was revealed in a filing with the Maine attorney general’s office since it included over 4,000 Maine residents. The hack of the NextGen Office system took place between 29 March and 14 April 2023. It’s been a bad year for NextGen’s IT and security teams, as it also experienced a short-term ransomware attack in January by AlphV/BlackCat. (The two couldn’t be related…could they?) No word yet on class action lawsuits or Federal penalties.  TechCrunch

Categories: Latest News and Opinion.