OIG Telehealth report highlights issues from first year of the pandemic

Since the onset of the COVID-19 pandemic, patient telehealth visits (i.e., remotely provided healthcare services) have increased dramatically. According to the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”), data from the first year of the pandemic (i.e., March 1, 2020 to February 28, 2021) shows that “[m]ore than 28 million Medicare beneficiaries—about 2 in 5—used telehealth services that first year.”[1] Additionally, “beneficiaries used 88 times more telehealth services during the first year of the pandemic than they did in the prior year.”[2] Meanwhile, during this same time period, HHS both expanded telehealth access for Medicare beneficiaries, and Centers for Medicare & Medicaid Services (“CMS”) “temporarily paused several program integrity activities, including medical reviews of claims.”[3]

Unsurprisingly, this all coincided with increased risk of fraud and abuse. In a report published this month, the HHS-OIG shares findings from its review of potential fraud, waste, and abuse in Medicare billing for telehealth visits in the first year of the pandemic. Notably, this report, entitled, “Medicare Telehealth Services During the First Year of the Pandemic: Program Integrity Risks” (the “Telehealth Report” here), reveals that for 1,714 providers (out of 742,000) their billing practices posed a “high risk” to Medicare, and on at least one of seven metrics HHS-OIG used, these providers demonstrated “concerning billing” potentially indicative of “billing for telehealth services that are not medically necessary or were never provided.”[4] (This Report follows an HHS-OIG “Special Fraud” alert relating to telemedicine fraud risk released this summer, which we wrote about here.)

In light of these findings, HHS-OIG makes a number of recommendations to CMS that are discussed below. Most notably, HHS-OIG recommends—and CMS has agreed—that further investigation of the identified providers is warranted.[5] The Telehealth Report’s findings and recommendations present an opportunity for healthcare providers—including physician practices and hospitals—to ensure appropriate billing for telehealth services for Medicare beneficiaries (as well as all other payors) and to carefully and regularly monitor reimbursement and policy changes that may impact delivery of care.

Telehealth integrity measures and investigation results

HHS-OIG used the following seven measures that they believe could suggest fraudulent, wasteful, or abusive Medicare telehealth practices:

1. Billing for both facility fees and telehealth services in the same visit. By definition, telehealth providers cannot deliver a telehealth service remotely if a patient is physically present. Thus, billing for both a facility fee and telehealth service for the same visit is a clear red flag. In the data HHS-OIG analyzed, 672 providers billed in this way, accounting for $14.3M in facility fees and telehealth services.[6]
2. “Upcoding,” including always billing a telehealth visit at the highest, most expensive reimbursement level. The consistent use of the most expensive coding has long been a reliable red flag for HHS-OIG investigators. In the data HHS-OIG analyzed, as many as 170 providers always billed telehealth office visits at the highest possible coding level (whereas most providers never billed at this highest possible coding level).[7]
3. Billing for telehealth services for a “high” number of days in a year. HHS-OIG noted that two family medicine providers billed for telehealth services every single day in the first year of the pandemic, including nearly 18,600 services for slightly more than 1,800 beneficiaries.[8] By contrast, the median for all providers was to provide telehealth services just 26 days per year.[9]
4. Billing both Medicare fee-for-service and Medicare Advantage for the same telehealth service. HHS-OIG also noted that “138 providers billed both Medicare fee-for-service and a Medicare Advantage plan for the same telehealth service for more than 20 percent of their telehealth services,” or “for more than 9,000 telehealth services.”[10] In particular, three of these providers billed both programs for 90 percent of their telehealth claims.[11]
5. Billing for a high average number of hours of telehealth services per visit. The Telehealth Report notes that 86 providers billed, on average, more than two hours of telehealth services per visit, compared to a median of just 21 minutes per visit for all providers.[12]
6. Billing for telehealth services for a high number of beneficiaries.The Telehealth Report also notes that 76 providers “billed for telehealth services for at least 2,000 beneficiaries” in the first year of the pandemic, compared to a median of 21 beneficiaries per year for all providers.[13] For example, “[o]ne of these providers billed for more than 27,400 beneficiaries—an average of 75 beneficiaries a day if the provider rendered services every single day for a year.”[14]
7. Billing for telehealth services and then ordering medical equipment and supplies for the Medicare beneficiary. As the OIG explained, “[b]illing medical equipment and supplies for a high percentage of beneficiaries raises concern, as this practice has been linked to known fraud schemes,” including kickback schemes with suppliers[15]

Practical tips for proper telehealth billing

The HHS-OIG integrity measures and findings provide useful guidance for provider compliance, including the following:

1. There is no reason for a provider to bill for a telehealth service and facility fee during the same patient encounter. The coincidence of such coding is an easily identifiable “red flag” that should be remedied promptly.
2. As is the case with any billing (in the telehealth context or otherwise), providers and compliance officers should ensure submitted billing codes are supported by fulsome and accurate medical record documentation.
3. Only a telehealth service should be billed for telehealth services (i.e., not an in-person visit).
4. Medicare—whether fee-for-service, or a Medicare Advantage plan—should only be billed according to the beneficiary’s coverage.
5. A provider should only bill for telehealth services to beneficiaries whom the provider treated or provided the required supervision.
6. Any durable medical equipment (“DME”) and supplies prescribed for beneficiaries must be medically necessary and appropriate.
7. It is incumbent upon every medical practice and hospital to ensure that each provider who engages in telehealth knows and follows state rules and third party payor requirements.

Potential changes in telehealth policies

As the pandemic becomes an endemic and as technology continues to improve, it is likely that patients and providers will demand that telehealth services remain an integral part of the health care delivery system. Meanwhile, federal and state governments and payors will continue to seek opportunities to control costs and ensure all telehealth services are medically necessary and well documented. The Telehealth Report provides important guardrails for providers to ensure the appropriateness of telehealth services and may also incentivize policymakers in the public and private sectors to implement additional protections with respect to telehealth services.

Saul Ewing’s health care and white collar defense lawyers are available to assist in addressing these and other reimbursement and compliance issues confronting providers, hospitals, and practices.

Bruce D. Armon, a Partner and Chair in the Healthcare Practice at Saul Ewing, counsels clients on how federal and state health care laws affect health care providers and businesses.

Justin C. Danilewitz, a Partner in the White Collar and Government Enforcement Practice at Saul Ewing, is a former Assistant U.S. Attorney who represents physicians and practice groups in government investigations.

Virginia E. Hansen is an Associate in the Litigation Department at Saul Ewing.

[1]See U.S. Department of Health and Human Services, Office of Inspector General, Data Brief:Medicare Telehealth Services During the First Year of the Pandemic: Program Integrity Risks, OEI-02-20-00720 (Sept. 2022) (hereafter, the “Telehealth Report”) at 1, available at https://oig.hhs.gov/oei/reports/OEI-02-20-00720.pdf.

[2]See id.

[3]See id.

[4]See id. at 1-2.

[5] The Report notes that “[t]he vast majority (1,696) of the providers we identified had concerning billing on 1 of the 7 measures, while 18 providers had concerning billing on 2 measures. Each of these 1,714 providers warrant further scrutiny.”See id. at 5.Based upon our experience, the likelihood of the 18 providers receiving close attention by HHS-OIG is very high.

[6]Id. at 6.

[7]Id. at 7.

[8]Id.

[9]Id. at 8.

[10]Id. at 9.

[11]Id.

[12]Id.

[13]Id. at 10.

[14]Id.

[15]Id. at 11.