Telehealth: The Latest Front in Fraud, Waste, and Abuse

Beginning on March 13, 2020, to address the challenges of delivering healthcare during the ongoing and rapidly evolving COVID-19 public health emergency, the administration and the Centers for Medicare & Medicaid Services (CMS) issued blanket waivers under section 1135 of the Social Security Act. These waivers increased the authorized broader use of telehealth services, allowing reimbursement for the maintenance of chronic non-emergency conditions, basic wellness visits, and access to health and mental health services without requiring patients to visit providers in person, absent of any finding of fraud and abuse.  

According to a report from the American Journal of Preventive Medicine supported by the National Institute on Aging and the Robert Wood Johnson Foundation, this expansion of telehealth authority substantially increased the availability and use of remote, out-of-office, and long-distance healthcare services. Data on more than 6 million employer-based health plan beneficiaries in 2019 and 2020 showed an over 20-fold increase in the incidences of telemedicine utilization as of March 2020, especially by adults in urban, higher-income communities.  

However, exploitation accompanied this expansion, triggering nationwide criminal and civil prosecution of fraud, waste, and abuse (FWA) schemes. In February 2021, the Department of Justice (DOJ) announced a False Claims Act (FCA) settlement of over $20 million and, in August 2021, the U.S. Department of Health & Human Services (HHS) and the Office of Inspector General (OIG) announced a joint FCA-criminal “Happy Clickers” prosecution initiative targeting providers who order medically unnecessary services resulting from purported telemedicine visits. In September 2021, the DOJ announced criminal charges against 138 defendants in 31 federal districts across the United States for alleged telehealth-related fraud schemes totaling $1.4 billion. The charges in these cases—submitting fraudulent claims for appointments, medical equipment, and tests that were not performed or provided or that were unnecessary—illustrate common telehealth-billing schemes.  

Combating Overuse of Telehealth 

Tim Carrico, senior health consultant at LMI, notes that telehealth is prone to less nefarious but, nevertheless, wasteful practices. Policymakers and payers like Medicare and Medicaid haven't had the time to create and test demonstrations and systems to manage these new technologies—tracking the use of telehealth is the fundamental challenge of insuring these services. "It doesn't always have to be massive overbilling or over-ordering; waste and fraud can seep into the system in smaller ways," Carrico explains. "If you and your doctor speak for 15 minutes about a routine matter and then your doctor calls back and talks to you for 5 more minutes, can your insurance be billed for two visits? Right now, probably. We're still so early into the use of this technology that we haven't had time to parse out what really counts and what doesn't." 

One way to combat overuse is to improve patient data sharing among providers and in the government. Limits on data sharing increase difficulty for transparency in how services like telehealth are used and what they are used for. Patient portals can geolocate patients and record that a call has occurred but rules around sharing patient data as well as the sheer amount of unstructured data in healthcare in general shield all but the most egregious offenders.  

For unstructured data, the difficulty arises because the information first must be parsed and put into a workable format. That process can surface deeper issues like incomplete, incorrect, or unclear information. If these issues happen at a large enough scale, a data set can be useless for analysis—or, at a minimum, will require effort to acquire the correct information, creating a lag before data can be used as well as other follow-on effects. If patients have a telehealth appointment with one provider and an in-person appointment with another, they may secure duplicate prescriptions because the two providers do not always know that another appointment has occurred due to patient privacy rules or a lack of clear appointment data. As a result, issues like opioid dependence are more difficult to control.  

Jordan Leach, a consultant at LMI, notes that synthetic data sets give policymakers visibility into how these systems are used and enable the creation of faster and more accurate guidance. Modeling impact assessments with synthetically generated data do not run afoul of patient privacy rules and they offer a baseline estimate from which to test new programs in new areas. Synthetic data is cleaner and easier to use than the unstructured, and sometimes incomplete, data from the wide variety of providers. This approach enables policymakers to assess potential policy changes or understand more about system demand and spot beneficiaries who overutilize services or providers that submit a higher rate of telehealth services than the synthetic average. 

"The reality is that we're looking at many disparate issues,” says Leach. “If you're taking video of a patient call, for example, who can access that? How is it stored? How do you code that in the claims system? How do you integrate that video call data into a health outcomes assessment? Understanding these issues requires a technological and policy revolution with a lot of time and study. With synthetic data, we can begin working through these issues now instead of waiting for more data." 

Leveraging Interagency and Industry Collaboration  

The cases brought in the September DOJ action resulted from joint efforts within the DOJ, HHS, OIG, and CMS. Interagency coordination is critical to any anti-fraud efforts going forward. As technology plays a larger role in healthcare, more opportunities for fraud exist. Having a consortium of agencies on the lookout will ease detection of anomalies indicative of FWA. 

Agencies must be sufficiently resourced to support interagency FWA detection, investigation, and enforcement. This resourcing means investing in the people, skills, and technologies—like artificial intelligence and machine learning—to support timely discovery of wrongdoing or waste. "Organizations like HHS and OIG have significant expertise in how to combat fraud, waste, and abuse," Carrico explains. "But they are often underfunded. Putting more resources into organizations that already know what to look for and empowering them to share that information with rule makers and policymakers will streamline the creation of guardrails." 

Efforts to improve data sharing between agencies—and between government and industry—will pay big dividends in uncovering and stopping fraud. Carrico notes that groups like the National Health Care Anti-Fraud Association (NHCAA) can combat FWA. NHCAA is a private-public partnership with representatives from the private insurance industry and state and federal government. As a core part of its not-for-profit mission, NHCAA supplies opportunities and venues for these organizations to share anti-fraud information and best practices. This data sharing can help with coordination efforts, as states are tasked with medical licensing and insurance regulation, and play a significant role in managing programs like Medicare and Medicaid.  

Many of the telehealth waivers expire in 2023, but considerable pressure exists to make the expansion permanent. Patients who switched to telehealth may not want to return to in-person visits. Other patients in rural areas may not be able to switch because of their distance from in-person providers. Expanded access to healthcare through telehealth services could be a key tool in the Biden Administration’s drive for greater health equity. But stakeholders must tackle fraud. Using the next year to establish effective interagency and private-public data-sharing agreements and practices and analyzing the system through synthetic data and other pattern-detection methods could mitigate fraud in the future and create a robust system that works well for patients, payers, and providers.