Relaxation of Telemedicine Rules Post-COVID-19 Opens Door to Fraud

Over the past five months, the COVID-19 pandemic has impacted just about every facet of our lives, perhaps none more profound than in the delivery of healthcare services. To characterize the advances in telemedicine and other healthcare services utilizing telehealth technology as “rapid” is an understatement: The Mayo Clinic reports ten years of telemedicine progress condensed in six to eight weeks.

Unquestionably, the delivery of healthcare services has undergone a tremendous paradigm change, which has left payers flat-footed with respect to how services are billed and how they are reimbursed.

So we’re clear, the terms “telehealth” and “telemedicine” are considered interchangeable today. Telehealth is the use of electronic communication technologies to provide clinical services to patients, with the goal of improving the patient’s health status.

While conferring innumerable benefits for patients and providers alike, foremost of which is greater access to healthcare, the rapid paradigm shift leaves behind a wake of chaos and confusion for payers, particularly workers’ compensation, automobile and health and disability carriers. This also leaves confusion for ERISA health and welfare plans and taxpayer-funded programs such as Medicare, Medicaid and Tricare.

For opportunistic fraudsters and medical predators, the relaxation, suspension or outright elimination of restrictions on the use of telehealth technology presents a plethora of opportunities previously unseen. The use of telehealth technology is transforming healthcare, yet opens the door to a lasting surge of large-scale frauds perpetrated by complex rings that exploit easily accessible medical care and a constantly evolving patchwork of rules, regulations and laws.

The COVID-19 Factor: Telemedicine Schemes Before and After

Telemedicine fraud schemes that were uncovered before COVID-19 are harbingers of the fraud-related crimes insurers may expect going forward. These range from simple one-offs, such as questionable providers hawking bogus COVID-19 cures to complex rings using telemedicine companies to steal hundreds of millions in insurance payouts. Single-payer systems, such as Medicare and Tricare, regularly fell victim to telemedicine scams that follow a standard pattern: “Marketers” gather insurance beneficiaries and refer them to telemedicine companies, which then briefly connect the beneficiaries with physicians over the telephone as a pretext to prescribing expensive compounded drugs, durable medical equipment such as braces, or diagnostics, such as TBI testing.

The scale of the pre-COVID-19 schemes were nothing short of staggering: A single nationwide scam involving “free” or “low-cost” orthotic braces allegedly caused no less than $1.2 billion in false claims.

The expansion of the use of telehealth technology to deliver healthcare services due to COVID-19 has been instant, tidal and chaotic. Burdensome restrictions on the use of telehealth technology, largely based on HIPAA and privacy concerns, have been relaxed to accommodate the greater need to avoid face-to-face doctor/patient interaction. Pre-COVID-19 use of telehealth technology was restricted to services provided to under-served rural populations and to “store and forward” applications, such as tele-radiology. A HIPAA-secured connection was required, with the patient appearing at an approved “originating site” and the healthcare provider located at an approved “distant site” engaging in a “synchronous interaction” or real-time communication that required an audio-visual connection.

Today, most of the restrictions have been pushed aside. States relaxed, suspended or eliminated the rules, regulations and laws to allow wider use of telehealth technology during the pandemic. In fact, many states now allow communication between doctor and patient via smartphone or a computer. Patients may now send clinical data collected through remote monitoring devices to the physician for analysis and review. While the changes in the manner of delivery have occurred, the allowable ways to bill for such services is now, at best, not well defined.

The Centers for Medicare and Medicaid Services (CMS) has taken the lead in relaxing or changing rules. Pre-COVID-19, there were 101 telehealth services allowed by CMS; On March 30, 2020, CMS added 85 services, including physical medicine services, and one month later, it added an additional 51 services, thereby expanding telehealth services from 101 to 241 in a period of one month. Among the added services: inter-professional internet consulting; remote physiological monitoring; therapeutic exercise; neuro-muscular re-education; physical and occupational therapy evaluations; orthotic management and training; virtual check-ins; and remote evaluation of patients via photo or recorded video. Now at five months since the onset of the pandemic and healthcare being delivered via technology, the question now becomes how long these changes will remain once we are on the other side of the pandemic. It is an open question as to the extent the relaxation of the rules will be rolled back, if at all.

Payers Face Significant Challenges Relative to Billing and Reimbursement

Thousands of payers now face the challenge of catching up with the sudden change in the delivery of healthcare, particularly in billing and reimbursement, which, like all other parts of healthcare, are changing almost daily. Payers are not alone in struggling to adapt: Besides CMS attempting to accommodate the needs of patients and physicians alike, the American Medical Association has generated a bevy of new Current Procedural Terminology (CPT) codes and descriptors to match the new methods of healthcare delivery, which have and will continue to contribute to the confusion and chaos into 2021.

To add to the difficulty superimposed on the changes in services allowable via telehealth technology and the addition of new CPT codes is the concept of “parity” between healthcare delivered face-to-face and healthcare delivered via telehealth technology; thirty-five states have “parity” laws mandating that telehealth services be reimbursed at the same rate as face-to-face visits.

And to add more confusion and chaos, no two states are alike in how healthcare delivered via telehealth is regulated with reimbursement dependent on a variety of factors – live video; store-and-forward; remote patient monitoring; email/phone/fax; eligible providers or specialties; geographic location; originating/remote site restrictions; the form of consent; licensure; online prescribing; and coding.

With the present confusing fog of rules, regulations and laws expanding the use of telehealth technology, the probability of a tidal wave of fraud exploiting the uncertainty looms large. Workers’ compensation, auto, health and disability carriers and union welfare trusts with their “Cadillac” plans are in the crosshairs – payers whose claimants can be recruited by marketers and then run through the scheme should be prepared for an onslaught of fraudulent claims. Taken singularly, the claims will appear legitimate which is exactly what the fraudsters intend.

What Carriers Can Do To Prepare

Identifying and analyzing telehealth-based fraud schemes will be a formidable challenge given the changing rules and how the claims can easily blend in with legitimate claims. Separating fraudulent versus legitimate telehealth-related claims will not be easy as fraudulent providers often do not identify the services as having been provided via telehealth technology – bills and clinical records look just like authentic, legitimate claims.

Moreover, with the involvement of fraudulent telemedicine companies that count hundreds of physicians on their payroll, algorithms for the charting of pre-populated findings and pre-determined prescriptions will be extremely difficult to detect absent sophisticated and advanced analytics capability, both as to billing and clinical data. This is complicated by the fact that the bills will be spread out among hundreds of payers, each of which will be disadvantaged in their analytics capability by the lack of volume. Fraudulent telehealth claims generated by the scheme, if analyzed as a single claim, will look entirely legitimate and payable.

Only through analytics performed on a sufficient volume of claims, or perhaps the luck of coming across significant anecdotal reporting through investigation, will the carriers be able to recognize the fraudulent patterns. Add to that the difficulty in identifying the perpetrators: In the simple marketer-telemedicine company- drug/DME/diagnostics scheme that has the potential to be scaled-up to cause over a billion dollars in losses, the marketer who orchestrates the fraud, along with the telemedicine company supplying the pre-populated findings and pre-determined diagnoses never appear in patient charts or on bills. Their involvement is purposefully hidden.

What can payers do today to try to keep pace with telehealth fraud?

• Know the rules, regulations and laws that apply to the use of telehealth technology in the jurisdiction where the service was provided. Then, determine the extent to which they have been relaxed, suspended or outright eliminated because of COVID-19. Once the current status has been determined, constantly monitor the rules, regulations and laws to assess whether they are going to be restored to their pre-COVID status. Carriers must know what is and is not allowed.
• Flags must be created for identifying health care services delivered via telehealth versus traditional methods as a prelude to determining whether the telehealth services are legitimate. Whether it is an initial report script or relying on the provider to use specific codes, methods must be developed for this initial separating of the wheat from the chaff.
• Claim staff and dedicated SIU personnel must be properly trained to ensure the discovery of telehealth fraud schemes – anecdotal reporting from the field level and follow-up SIU investigation of a single claim can lead to the discovery of massive schemes.
• To reverse engineer a telehealth fraud scheme, particularly schemes involving telemedicine companies, carriers must fully utilize their in-house analytics group or retain the use of an outside analytics company to identify patterns that may emerge from submitted billing and clinical data. With multiple licensed physicians, drug or DME vendors involved, hundreds of combinations will be thrown at payers, all of which look legitimate if viewed as a single claim. Simple link analysis or geographical analytics no longer ensure uncovering a scheme – patterns are the marker. A macro-view is necessary to determine patterns.
• Old-fashioned boots-on-the-ground, knock-and-talk investigation is imperative to corroborate observations based on analytics. Whether performed by a private fraud investigator, SIU personnel or an attorney retained by the payer to handle claims litigation, anecdotal corroboration is necessary.
• Communication with other payers, as allowed by state laws, can create leads, identify providers, marketers, telemedicine companies and vendors. To the extent possible, enlist other potential victims to assist.
• Once a scheme is uncovered, in whole or in part, the payer can then decide on fraud reporting of suspected fraudulent claims and remedies available to the payer, including criminal referral or a civil action, depending on jurisdiction.

In facing this potential tsunami of fraudulent telehealth claims, insurers must become proactive leaders rather than reactive onlookers.Success and meeting the challenge of telehealth fraud boils down to this: Prepare now, or pay later.

Thomas E. Fraysse is the managing partner of Knox Ricksen LLP, a healthcare fraud and insurance fraud law firm with offices in Los Angeles and Walnut Creek, CA.