Search
By Sandra Desautels, Alex Shea
During the COVID-19 Public Health Emergency (PHE), the Centers for Medicare & Medicaid Services (CMS) increased the allowable types of telehealth services from 118 to 264, and private health plans experienced substantial growth in telehealth—now considered a convenient, cost-efficient means to provide needed services that patients and providers alike generally support (with some caveats). While research1 is still evolving on telehealth’s impact, there’s evidence that its use can lead to fewer ER visits, lower healthcare costs for vulnerable populations, better access to behavioral healthcare, and increased health equity in long-term care.2
Now that many CMS-issued temporary waivers expanding access to medical care through telehealth have been made permanent, or left in place until at least December 2024, treatment through telehealth is expected to not only persist in a post-pandemic world but to increase.
Without necessary safeguards in place, though, the promise of telehealth can turn into a liability. The flexibilities afforded by pandemic-era accommodations—including waivers for selected Health Insurance Portability and Accountability Act guidelines and out-of-state provider limitations—have helped increase care access and public safety.
They’ve also left the door open for bad actors to exploit existing or new weaknesses in healthcare delivery generally and telehealth specifically. Criminals continue to take advantage of the growing acceptance of telehealth to expand the scope and reach of historic fraud, waste, and abuse (FWA) schemes and to create new ones.
CMS has prioritized investigating telehealth fraud and is monitoring claims data to detect and respond to potential emerging FWA schemes. Similarly, the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) and the U.S. Department of Justice (DOJ) have been increasing scrutiny of telehealth providers and pursuing nationwide enforcement actions.
If you’re a hospital general counsel, health system compliance officer, or legal counsel to provider enterprises, you know that regulatory agencies have already discovered billions of dollars in questionable or fraudulent billings for telehealth services paid for by Medicare and private insurers. For example, the DOJ brought criminal charges3 in June 2023 against defendants alleged to have participated in one of the nation’s largest telehealth fraud schemes, involving more than $2 billion in phony claims.
Indeed, the DOJ has concentrated its efforts on investigating situations in which defendants appear to place profits above patient care. Some of the recent telehealth enforcement operations focused on unnecessary and fraudulent service charges against defendants involving genetic testing, durable medical equipment, and overutilization. The penalty for telehealth fraud has included multimillion-dollar fines, incarceration, and/or exclusion from Medicare and Medicaid programs.
What if you’re responsible for building or transforming a health system or provider telehealth delivery offering? What should you be doing to mitigate telehealth fraud risks?
To help facilitate telehealth’s potential for driving down costs and improving equity and access, you’ll need to develop or adapt your telehealth approaches with fraud tools and regulatory compliance as top priorities. The following information may help you understand and identify relevant risks.
Understanding the most prevalent schemes in telehealth fraud is essential to its analysis, detection, and prevention. In many cases, bad actors have been repurposing common fraud schemes in traditional healthcare delivery and applying them to telehealth services. Here are some examples of common schemes and their accompanying red flags, which are helpful to consider when configuring systems to trigger internal investigations when they arise.
Telemarketing companies using deceptive practices to overbill
While there’s nothing inherently suspect about providers hiring telemarketers to expand their patient populations, regulators have focused their enforcement efforts on telemarketing companies that use deceptive marketing practices to obtain new patients for the purpose of overbilling healthcare programs.
Some marketing companies offer free services to patients in exchange for personal information, then those patients are subject to excessive, unnecessary submission of claims. Some genetic testing labs and durable medical equipment companies have commonly been associated with this scheme as well, offering kickbacks for the referral of services.
Red flags include:
Billing for telemedicine services that should be in-office
Physicians must use caution when billing for services that are not typically provided through telehealth. Certain codes should not be billed through telehealth because a doctor would not be able to properly assess a patient’s condition remotely or because it’s not approved as a telehealth service by CMS.
Red flags include:
Billing telehealth for a high number of beneficiaries, services, and days
Healthcare providers who bill for significantly high volumes of telehealth services likely trigger CMS’s attention. Similarly, this would also apply to patients who receive an unusually large volume of telehealth services. In both scenarios, the identified outliers could be an indicator of fraud that would require further investigation.
Red flags include:
As part of your Governance & Integrity program strategy, conduct regular fraud risks and program assessments that allow you to identify and prioritize relevant risks. Ongoing risk identification activities also help create a culture of compliance to monitor your internal controls to prevent improper claims submissions.
The best practice in mitigating your known telehealth risks, including the schemes previously mentioned, is implementing controls that can analyze large amounts of claims data and proactively detect potential anomalies before claims are approved or money goes out the door. By establishing an effective system with controls that are regularly reviewed and tested, you lower the risk of potential fraud, ensure the integrity of healthcare systems, and provide a defensible argument if faced with government scrutiny.
Conducting a fraud technology controls review will help determine if your current claims analytics tools need tuning or if new tools are needed. We have found that organizations often have the right tools but are not optimizing them. These tools often include:
CMS, DOJ, and OIG acknowledge emerging fraud trends in telehealth services and the need to provide guidance to combat them. Together, they emphasize the importance of creating and implementing systems and proactive data analytics to detect telehealth FWA schemes. OIG has reinforced the need to strengthen monitoring and oversight of telehealth services by developing the “Analyzing Telehealth Claims to Assess Program Integrity Risks” toolkit.4
This toolkit provides a uniform approach to analyzing telehealth claims data and identifying areas where additional safeguards may be necessary. The analyses can also help spotlight billings that might pose a FWA risk and warrant further scrutiny. The toolkit includes detailed descriptions of seven data analysis measures that can be applied to your own data. You can also modify the measures to meet your organization’s individual needs, such as identifying providers at varying levels of FWA risk.
CMS stresses the importance of creating robust awareness programs for patients and healthcare providers alike about potential telehealth FWA schemes. It is important to provide an effective communication system and workflow that encourages, investigates, and responds to patient and provider questions, feedback, and tips regarding knowledge or inquiries surrounding possible schemes. To be effective, such communication programs should be implemented through multiple channels and could include an acknowledgment component on certain electronic forms, or prominent whistleblower hotline details.
It is equally important to align such communications in your compliance program to ensure there is swift action to minimize the impact. For instance, ensuring whistleblower allegations of FWA are directed to a responsible person for action and review.
While the PHE accelerated the use and acceptance of telehealth, it also contributed to its use by bad actors to commit fraud. As we transition to a post-pandemic era, it’s now more important than ever for health systems and providers to adapt their risk profiles and implement appropriate controls to mitigate the evolving and growing fraud risks related to telehealth services. Guidehouse will help you develop a framework that combines governance, assessment, fraud prevention and detection, as well as monitoring and reporting.
Guidehouse’s Financial Crime, Fraud, & Investigative Services (FFI) practice is composed of experienced professionals including former regulators, federal prosecutors, attorneys, compliance professionals, and law enforcement officers responsible for preventing, detecting, and remediating fraud risks, enhancing controls, assessing compliance programs, and helping address anti-bribery, and anti-corruption matters. Our team members have substantive data analytics experience and IT skills to assist clients in responding to regulatory enforcement actions, audits, inquiries, and investigations.
Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.