On December 1, 2022, the Pandemic Response Accountability Committee (PRAC) Health Care Subgroup issued its report on fraud, waste and abuse risks that arose as a result of the dramatic increase in telehealth services provided during the COVID-19 pandemic. The PRAC was created under the CARES Act to oversee the historic spending that was part of the federal government’s response to the COVID-19 pandemic. The PRAC Health Care Subgroup comprises the offices of the inspector general (OIGs) for six federal agencies:
The US Department of Health and Human Services (HHS)
The US Department of Defense (DoD)
The Office of Personnel Management (OPM)
The US Department of Veterans Affairs (VA)
The US Department of Labor (DOL)
The US Department of Justice (DOJ).
Each OIG oversees an agency that administers a federal program connected to using or paying for telehealth services.
The report highlights the increased access to services that telehealth facilitated during the pandemic and notes key focus areas with respect to program integrity and preventing fraud and abuse. The report is a resource intended to be used by stakeholders across the healthcare industry, including congressional lawmakers, federal and state agencies, and healthcare organizations. The report aims to raise awareness of the importance of safeguarding expanded telehealth services against fraud, waste and abuse.
Program Integrity Risks
The OIGs identified several program integrity risks in the report, including concerns about billing practices and medical necessity. While the report focuses on telehealth services, the OIGs reminded providers that program integrity risks are prevalent in in-person services as well.
Upcoding: The HHS, OPM and DOL OIGs identified providers that billed at the highest possible level for a significant proportion of the total telehealth services they billed. The HHS OIG specifically identified more than 300 Medicare providers who billed for the highest, most expensive level on each claim submitted for payment, totaling approximately $5.2 million.
Duplicate Claims: The OIGs also identified concerns about providers billing multiple payors for the same service. The report notes that such billing may indicate that providers are intentionally submitting duplicate claims to increase payments. Intentionally submitting false or fraudulent claims to the government raises heightened fraud and abuse concerns and may expose providers to criminal liability in the context of kickback schemes. HHS identified 138 providers that repeatedly billed both traditional Medicare fee-for-service and Medicare Advantage. The VA and DoD OIGs also identified duplicate claims as risks.
High-Volume Billing: The HHS, OPM and VA OIGs each identified instances of providers billing for telehealth services at an “unusually high” number of hours per visit per day. The HHS OIG identified 86 providers who billed for a high number of hours of telehealth services per visit. The OIGs also identified providers who billed telehealth services for an unusually high number of individuals.
Inappropriate or Ineligible Services: The report cites many examples of inappropriate billing, including providers who billed for both telehealth services and facility fees (indicating that the patient was in the same location as the provider during the telehealth visit), a provider who billed for wound debridement via telehealth (which requires in-person services to remove skin from a wound) and a provider who submitted a telehealth claim for anesthesia services. The report flagged these examples as concerning because they may indicate that providers are billing for services that either are not provided appropriately or are never performed at all, in order to maximize payments for each telehealth visit.
Durable Medical Equipment and Lab Tests: The report cross-references prior telefraud investigations in the delivery of lab services and ordering of durable medical equipment (DME), including kickback schemes. Independent of the prior investigations and in connection with an evaluation, the HHS OIG identified 67 providers that ordered DME for a “large portion” of their Medicare patients after billing for telehealth services. According to the HHS OIG, such activity raised concerns of an underlying kickback scheme with DME suppliers to order DME after billing for telehealth services, regardless of whether the patient was ever contacted.
Existing and Proposed Safeguards to Protect Program Integrity
Each of the OIGs contributing to the report identified existing program integrity measures and protocols within agencies’ toolkits to address fraud and abuse concerns, including data analysis, claims edits, medical reviews and audits. These tools are often used in both the telehealth and in-person contexts, and they underscore the interdependent relationships of the agencies and OIGs in addressing potential fraud, waste and abuse in federal healthcare programs. Data analysis is used to identify key billing patterns and can identify outliers that may warrant further scrutiny or enforcement action. Claims edits, post-payment reviews and audits are all used to ensure that program requirements are met, billed and paid appropriately.
Specific to telehealth services, the OIGs recommended the following additional program integrity measures to enhance their existing toolkits.
Additional and Ongoing Monitoring: Recognizing that some telehealth monitoring already exists, the OIGs suggested creating further data analysis measures focusing on program integrity risks. The HHS OIG suggested that Medicare could closely monitor telehealth services to identify providers that pose a risk to the program based on their billing habits and conduct targeted reviews of such providers. The Centers for Medicare and Medicaid Services could then use these reviews to pursue overpayment recoveries, identify pre-payment reviews and conduct fraud investigations of other claims issues.
Additional Billing Controls: The report suggests that the federal healthcare programs could add billing controls, such as pre-payment edits, to make sure inappropriate payments for telehealth are not issued.
Provider Education: The report recommends that each federal healthcare program provide more education to both providers and patients. Such education tools could help providers understand how to properly bill for telehealth services, and help individuals be aware of telehealth policies and how to report suspicious billing concerns.
Further Data Collection and Analysis: The report highlights several areas where the OIGs believe additional data points are necessary to properly guard against fraud, waste and abuse. For example, the HHS OIG recommended collecting data for audio-only telehealth visits and data on services that are billed “incident to,” with the goal of improving oversight and understanding how services are being provided.
Quality of Care Data: The report notes a dearth of information on how telehealth services impact the quality of care received by patients.
Evaluate Billing and Coding Training and Compliance Programs: The OIGs note that providers should accurately bill for only the services performed and make sure such services are compatible with a telehealth environment. They suggest that this may require additional training and education for billing staff, and routine updates and tracking of enforcement activity to ensure that providers submitting claims are aware of the latest areas of focus by regulators.
Perform Routine Internal Audits: The OIGs recommend that providers and staff who handle billing and claims submission on their behalf perform routine internal audits to monitor for billing compliance, including efforts to detect upcoding, medical necessity issues and other areas where enhanced documentation efforts may be necessary to ensure that patient medical records match the services being billed to payors.
Monitor Updates and Changes to Telehealth Policies: The OIGs noted that telehealth providers should monitor changes, waivers and flexibilities made to policies for the provision and billing of telehealth services. Certain policies recently were extended as part of the Consolidated Appropriations Act (CAA), 2023, including extension of Medicare’s telehealth flexibilities until 2024 regardless of public health emergency status. The CAA 2023 also extended the safe harbor for high-deductible health plans to cover telehealth services until December 31, 2024. For an in-depth discussion of the CAA 2023’s telehealth policy provisions, click here.
The PRAC report reflects a continued focus on program integrity and telehealth. Policymakers and regulators may use the report to identify areas that should be regulated or further scrutinized when determining the future of telehealth policy.