OIG Medicare Telehealth Data Brief Demonstrates Continued Focus on Data Analytics in Program Integrity Efforts

Seven OIG Program Integrity Measures

OIG identified seven measures that it views as posing high risk for fraud, waste and abuse. These measures were developed in collaboration with OIG investigators. Such integrity measures are related to, but different from, the seven measures OIG identified in a special fraud alert released in July 2022 with respect to provider arrangements with telehealth companies. The seven measures identified in the data brief are as follows:

• Billing for both a telehealth service and a facility fee for most visits (672 providers identified)
• Always billing telehealth services at the highest, most expensive level (365 providers identified)
• Billing telehealth services for more than 300 days of the year (328 providers identified)
• Billing both Medicare fee-for-service and a Medicare Advantage plan for the same service for a high proportion of services (138 providers identified)
• Billing more than two hours of telehealth services per visit (86 providers identified)
• Billing telehealth services for at least 2,000 beneficiaries in a year (76 providers identified)
• Billing for a telehealth service and ordering medical equipment for at least half of beneficiaries (67 providers identified).

OIG’s data analysis found that 1,696 of the providers with concerning billing practices were identified as having one of the seven measures present in their billing practices, while 18 had two measures present. OIG noted that the presence of any of the measures in a provider’s billing may indicate that the provider is billing for services that are not medically necessary or were never actually provided to the patient. OIG also expressed quality of care concerns for such providers. Of the providers identified as having billing practices that may present high risk of fraud, waste and abuse, more than half (991) were part of a medical practice where at least one other provider was likewise identified as high risk. OIG noted that this may indicate that certain practices encourage problematic billing practices among their providers. Of the providers that had concerning billing practices, OIG specifically identified 41 as being associated with telehealth companies.

OIG Program Integrity Recommendations

Based on its findings, OIG recommended five steps that the Centers for Medicare & Medicaid Services (CMS) should take to guard against fraud, waste and abuse in the Medicare program related to telehealth services. OIG recommended that CMS take the following actions:

• Strengthen monitoring and targeted oversight of telehealth services
• Provide additional education to providers on appropriate billing for telehealth services
• Improve the transparency of “incident to” services when clinical staff primarily delivered the telehealth service
• Identify companies that bill Medicare
• Follow up on the providers identified in the OIG data brief.

In its response to the draft data brief, CMS explicitly concurred with the OIG’s recommendation to follow up with providers specifically identified in the data brief, but did not commit to implementing the remaining recommendations. Two of these recommendations include specific action items to change or modify claims or enrollment materials to better identify telehealth service providers.

Concerns Raised Regarding “Incident-to” Billing

While OIG noted certain challenges in analyzing the data available to it from an oversight perspective, OIG called particular attention to the challenge that incident-to billing presents for such enforcement efforts. According to OIG, incident-to billing presents a challenge because it allows services provided by clinical staff that are directly supervised by a different physician to be billed under the supervising physician’s identification number. Therefore, it is more difficult for OIG to determine who performed services billed on an incident-to basis. OIG further cited previous work that uncovered other concerns with incident-to billing, namely that certain incident-to services were being provided in-person by providers that did not possess the proper licenses, certification, credentials or training necessary to provide such services.

To remedy this challenge, OIG recommended that CMS create and require the use of a modifier to indicate incident-to telehealth services performed by clinical staff under the supervision of the billing physician. OIG also recommended that CMS create a pathway to report the identification numbers of the clinical staff that perform the incident-to services. OIG recommended that CMS work with the designated standards development organization and National Uniform Claim Committee to implement this change on the claims form.

In its response to OIG dated July 29, 2022, CMS acknowledged that increasing the transparency of incident-to services may aid in program integrity efforts but noted that the ability to change the required form lies outside of CMS’s power. CMS noted that the claims form is the responsibility of the designated standards maintenance organization and changing the form could be a “significant undertaking and require extensive system changes that impact the entire health system.” CMS also questioned whether a new modifier would be sufficient to address OIG’s concerns without a simultaneous change to the claims form that would identify the individual that primarily delivered the telehealth service.

Identification of Telehealth Companies

OIG also expressed a desire to identify telehealth companies that are providing services. OIG noted that currently there is no systemic way to identify telehealth companies in Medicare data. OIG recommended that CMS update the Medicare enrollment application, including the CMS-855B, to identify telehealth companies that enroll in the Medicare program. OIG alternatively suggested that a new taxonomy code be created for telehealth companies in collaboration with the National Uniform Claim Committee.

CMS’s response to this suggestion stated that the risk specifically associated with telehealth companies is “unclear.” CMS stated that it would review the providers identified by the data brief as potentially posing a high risk against telehealth providers already identified by CMS. CMS would then determine whether additional information is necessary to identify telehealth companies, and would evaluate the feasibility of updating the Medicare provider application or taxonomy codes at that point.

Key Takeaways

• The data brief is the latest OIG effort demonstrating OIG’s use of data analytics to determine which providers are billing outside of OIG-expected standards, and could be translated into further enforcement action.
• Providers should continue to ensure that telehealth services are properly billed in accordance with applicable billing policies.
• As the COVID-19 public health emergency continues to evolve, providers should be aware of flexibilities that may be modified or cease to exist, and should update their billing practices accordingly.
• OIG, CMS and other agencies may explore ways to improve the data already available to them, which may further enhance enforcement agencies’ ability to target and refine program integrity efforts.