The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) published a report last month assessing the program integrity risks associated with Medicare telehealth services. After analyzing Medicare claims data from the first year of the COVID-19 pandemic, OIG developed and recommended seven measures to identify fraudulent claims and recommended additional oversight.
OIG Report Overview
The OIG report, released on September 2, was based on a comprehensive analysis of Medicare claims data from providers who billed for telehealth services in 2020. Using input from OIG investigators, the researchers identified seven measures to identify billing for telehealth services that may indicate fraud, waste, or abuse.
Of the 742,000 providers whose claims data was examined, 1,714 providers were identified as high risk using one or more of the seven measures. Although these high-risk providers are only a small portion of the providers analyzed, the OIG believes their findings demonstrate the importance of strong oversight.
The OIG made five recommendations to the Centers for Medicare & Medicaid Services (CMS) to ensure the benefits of telehealth services are preserved while minimizing the risk of abuse:
- Strengthen monitoring and targeted oversight of telehealth services using the seven measures identified as indicative of high-risk billing practices;
- Provide additional education to providers on appropriate billing for telehealth services, including one-on-one training to providers with high incidences of inappropriate billing;
- Improve the transparency of “incident to” services when clinical staff primarily delivered the telehealth service;
- Identify telehealth companies that bill Medicare; and
- Follow up on the providers identified in this report.
Currently, CMS is reviewing each of the recommendations and considering how to incorporate the OIG’s findings into its own program integrity strategy.
OIG’s Seven Measures for Identifying Medicare Telehealth Fraud
The OIG provided CMS with a list of seven measures to identify high-risk telehealth providers:
- Billing for Both Telehealth Service and a Facility Fee. A provider should never bill both a facility fee – known as the originating site fee – and a telehealth service for the same visit. Obviously, the patient cannot both be at the office and at home calling in for telehealth services. Billing for both may be in error for some, while other providers may be using this practice to increase their Medicare payments. Intentional or no, the practice is inappropriate and exposes the provider to audits, investigations, recoupments, and other penalties.
- Billing at the Highest, Most Expensive Level Every Time. A second indicator of fraudulent billing is when telehealth services are charged at the most expensive level each session, a practice often referred to as “upcoding”. Billing for the highest level of complexity or duration can increase payments by two to eight times, and is used by unscrupulous providers to inflate their Medicare reimbursements.
- Billing Telehealth Services for a High Number of Days. Most providersbilled Medicare for telehealth services for 26 days during the first year of COVID-19. A few outliers were billing for more than 300 days in a year, averaging out to more than 25 days a month for each provider. This strongly indicates that the provider may not be providing the services they claimed.
- Double Billing Medicare Plans. Fee-for-Service, or Original Medicare, pays providers for each service billed, based on claims submitted. Medicare Advantage allows patients to enroll in private Medicare plans. These private plans negotiate their own rates with providers and, in turn, receive a monthly lump sum for each Medicare beneficiary enrolled. Some providers were caught submitting duplicate claims to both Medicare and a private Medicare Advantage plan for the same telehealth service to the same beneficiary – a strong indication of fraud, waste, or abuse.
- Billing High Average Hours Per Visit. The median session length for telehealth services was 21 minutes per visit, according to the 2020 data examined by the OIG. Billing for a higher number of minutes or hours is a red flag. Mental and physical therapists should be extra vigilant about billing for accurate session durations.
- Billing for a High Number of Beneficiaries. The OIG’s analysis found that at least 76 providers billed for approximately 2,000 beneficiaries per year far exceeding the median of 21. It is improbable that one provider was able to provide, or supervise, telehealth services to so many beneficiaries. Either the provider was billing for services not rendered or it raises serious concerns about the quality of care. Regardless, billing for a statistically high number of beneficiaries will likely attract an auditor’s attention.
- Billing for Telehealth and then Ordering DME. Researchers found that over 65 providers billed for telehealth services and then ordered durable medical equipment or supplies for at least half of their patients. Billing medical equipment and supplies for a high number of beneficiaries has been linked to a common and well-known fraud scheme involving kickbacks to suppliers. The practice should be avoided unless the supplies are medically necessary, and an established patient relationship exists.
A Warning for Telehealth Companies that Bill Medicare
Some of the providers identified as high-risk during this study appear to be associated with telehealth companies. To improve oversight, OIG recommends that CMS identify the telehealth companies that bill Medicare and use this information to monitor the providers associated with them. CMS responded that its program integrity strategy has already developed ways to identify telehealth companies and the providers associated with them. It will review its list against the providers identified as high risk by the OIG.
What is a “telehealth company”? Typically, it’s a company that hosts a technology platform for telehealth services and uses marketing to connect patients with physicians. In 2021 and 2022, OIG and other law enforcement partners uncovered alleged kickback schemes that involved telehealth companies partnering with durable medical equipment companies to commit Medicare fraud.
Legal Guidance for Telehealth Providers
Compliance with CMS telehealth guidelines is difficult in the face of evolving flexibilities and waivers introduced in response to COVID-19. In addition, providers must consider overlapping state and federal regulations, interstate licensing requirements that vary by state, HIPAA requirements, and challenges with remote prescribing.
Hendershot Cowart P.C. regularly assists providers with telehealth practice set-up, contracts, and compliance. Our team of skilled health care lawyers is dedicated to comprehensive, proactive, and innovative counsel to help our clients achieve their goals.
Contact our Houston legal team today for more information.