Examining post-pandemic telehealth fraud risks

Jolie Apicella
_{Wiggin and Dana}

Telemedicine services and telemedicine fraud schemes both surged during the global pandemic. The U.S. Department of Justice (DOJ) remains committed to combating telemedicine fraud as not only a pre-pandemic focus area, but as part of its ongoing initiative to prosecute fraud in connection with COVID-19 and various pandemic relief programs.

During the public health emergency (PHE), Congress enacted telehealth waiver rules, relaxing Medicare coverage requirements and expanding the population eligible to receive telehealth services. Regulatory efforts to increase telehealth services also included the U.S. Food and Drug Administration’s exercise of enforcement discretion over various telehealth devices. In addition, the U.S. Centers for Medicare & Medicaid Services (CMS) and many states deliberately relaxed licensure requirements to encourage greater use of telehealth in the federal health care programs, which enabled doctors to render telehealth services across state lines with minimal delays. Telehealth flexibilities and e-prescribing waivers that enabled providers to care for patients during the pandemic greatly expanded access to care. CMS increased the types of services that beneficiaries could receive via telehealth from 118 to 264 services. Telehealth practitioners can include occupational therapists, physical therapists, speech pathologists, and audiologists. There is currently no in-person requirement in the first six months of mental health services.

As the pandemic stretched on, Congress passed the Consolidated Appropriations Act, 2022, which extended telehealth leniencies for 151 days after the expiration of the PHE. While the PHE expires on Jan. 11, 2023, the government stated that it will provide notice 60 days before the PHE ends. Because notice has not yet been given, many expect the president will soon extend the PHE (yet again) until April 2023. In any event, in July the House passed Advancing Telehealth Beyond COVID-19 Act of 2021, which will extend Medicare coverage of telehealth services until Dec. 31, 2024. And last month President Biden signed the $1.7 trillion spending bill, which prolonged telehealth pandemic-era flexibilities enacted as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act until Dec. 31, 2024. For the time being, at least, Medicare providers can continue to provide telehealth at home.

But regardless of the temporary waivers of restrictions and relaxed enforcement of certain telehealth provisions, telehealth remains a key area of potential False Claims Act (FCA) liability, particularly in the post-COVID-19 era. On July 20, 2022, DOJ announced a nationwide coordinated law enforcement action to combat telemedicine, laboratory, and durable medical equipment (DME) fraud. DOJ charged 36 defendants in 13 federal districts across the United States with more than $1.2 billion in alleged fraudulent telemedicine, genetic testing, and DME schemes, including criminal charges against a telemedicine company executive. That same day, the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) issued a Special Fraud Alert to warn practitioners about potentially suspect arrangements with purported telemedicine companies that could implicate Anti-kickback Statute (AKS) violations. Since that time, DOJ has held numerous doctors accountable for their roles in telemedicine fraud schemes.

In September 2022, HHS-OIG published a report after analyzing data from the first year of the pandemic and identifying 1,714 high-risk providers with fraudulent billing for telehealth services to the tune of $127.7 million in Medicare fee-for-service payments. While for many the takeaway of the OIG report was that Medicare telehealth fraud was overall proportionally rare, the OIG set a high threshold and identified these “high risk” providers to reduce fraudulent billing practices. With this aim, HHS-OIG recommended that CMS reduce the risk of fraud, waste, and abuse in telehealth by:

• Strengthening oversight of telehealth services
• Educating providers on appropriate billing for telehealth services
• Improving the transparency of “incident to” services when clinical staff primarily deliver the telehealth service
• Identifying telehealth companies that bill Medicare
• Following up on the high-risk providers identified in the report.

Explicitly concurring the last recommendation, CMS will be following up with the identified high-risk providers. On Nov. 1, 2022, CMS released its final 2023 Medicare Physician Fee Schedule, which makes changes to reimbursements that will kick in 151 days after the PHE expires. For example, Medicare will no longer reimburse for audio-only evaluation and management services, save for mental health services, reverting to the pre-pandemic bundled and not separately reimbursable status. Reimbursement for telehealth provided by physical therapists, occupational therapists, speech language pathologies, and audiologists will no longer be allowed.

The government’s continued focus on COVID-19 fraud enforcement also means providers that received federal relief money will be scrutinized for health care and Paycheck Protection Program (PPP) fraud. For example, in April 2022, DOJ announced a settlement resolving four separate qui tam actions of claims that a medical provider network company billed for unnecessary telehealth visits and instructed physicians to order certain medical tests without assessing for medical necessity. The U.S. also alleged that the company submitted false statements in a PPP loan application, by representing that the company was not engaged in unlawful activity. Notably, the filing of all four qui tam actions predated the creation of the PPP program under the CARES Act. So, while the whistleblowers originally alleged telemedicine fraud, the government also investigated the company’s false statements made to the U.S. Small Business Administration to secure millions in loans.

Providers should be aware of FCA and AKS legal risks

There are several ways that providers can guard against becoming involved in conduct that may be considered fraudulent or violative of the FCA or AKS. Telehealth arrangements commonly involve coordination and potential referrals among multiple parties and by their nature present a degree of inherent risk. Seeking federal reimbursement for telehealth services may subject a provider to FCA if done in violation of legal restrictions. For example, before the pandemic, telehealth providers generally could not assess patients by telephone and instead used real-time audio-visual communication at specific qualifying sites. Currently, Medicare covers audio-only telehealth under temporary waivers that will remain for 151 days after the PHE ends. But audio-only billing can still present red flag for fraud. Billing primarily for audio-only telehealth services can be an indication that providers are cold calling beneficiaries to increase billings for DME and other services. After they disclosed conduct to HHS-OIG pursuant to their corporate integrity agreement, one medical system entered into a settlement agreement in which OIG alleged that they submitted claims to federal health care programs for telemedicine services provided by a physician that did not involve interactive two-way video and audio as required. Other requirements were also allegedly not met: Telemedicine appointments were scheduled for times when the physician was out of the country and without access to the telemedicine platform. In addition, the submitted claims purported to be for multiple family members when the physician had only spoken to one person.

Telehealth arrangements are also susceptible to AKS violations. For example, a telehealth company may refer potential payments or provide equipment or space to a provider to facilitate the provision of telehealth services while the provider may, even if not required to, refer patients back to the telehealth company. Depending on how this arrangement is structured, it could either implicate the AKS or fall under one of the AKS’ safe harbors. Other potentials for remuneration or inducements under the AKS reach beyond payments and include advertising for, or referrals to, telehealth companies; opportunities to earn telehealth per-visit fees and other reimbursement; referrals to specialists or labs; patient pricing arrangements and other situations that may be seen as arranging for furnishment of health care items or services. HHS-OIG’s advisory opinions continue to warn of inducements for referrals. A lab owner was recently convicted of numerous counts of health care fraud and illegal kickbacks for paying bribes to patient brokers to obtain signed doctors’ orders authorizing $187 million of medically unnecessary genetic tests from telemedicine companies. Telehealth situations should be evaluated for investigation risks including patient steering, intrusion on independent clinical decision-making, likelihood of increasing inappropriate utilization or costs, and analyses of a company’s return on investments.

Risk mitigation: Several safe harbors and good practices may permit appropriate relationships

The safe harbor for leases for space or equipment may permit certain arrangements under which one party provides telemedicine equipment or space to the second party that provides telehealth services to patients. Likewise, the safe harbor for personal services and management contracts may permit certain arrangements under which physicians receive money from an entity, and use equipment provided by the entity, to provide telehealth services to the entity’s customers. According to HHS-OIG, such arrangements may be permissible even where physicians refer patients back to the entity, as long as such referrals are not required under the terms of the contract. Finally, arrangements that promote access to care and pose a low risk of harm to patients and federal health care programs may be permitted if they “improve a particular beneficiary’s ability to obtain” care by providing tools or resources necessary to remove “socioeconomic, educational, geographic, mobility, or other barriers” to care, pursuant to 81 Fed. Reg. at 88,392-94.

With COVID-19 not yet in the rearview mirror, demand for virtual visits is firmly cemented in the health care market. Reversion back to reimbursement models for services that only support in-person care seems unlikely. The inevitable end of the PHE poses questions about what will happen to telehealth benefits. Given extensive support for making changes that have launched telehealth and provided the opportunity to serve more patients, it is possible that Congress could permanently extend many pandemic telehealth waiver rules. Even with the implementation of additional guardrails and oversight to maintain telehealth program integrity, enforcement of telehealth fraud will likely remain a government priority for the foreseeable future.

Jolie Apicella, JD, is a partner at Wiggin and Dana law firm in New York. Before joining Wiggin and Dana, she was an Assistant United States Attorney in the Eastern District of New York, where she also served as chief of health care fraud.