Industry Voices—Relaxing telehealth regulations does not mean relaxing fraud enforcement

File folders labeled "insurance," "fraud," "claims," and "under investigation"
Eased telehealth regulations could sput greater fraud. (Getty Images/Olivier Le Moal)

The COVID-19 pandemic rapidly expanded telemedicine use. Telehealth currently addresses everything from routine to pandemic-related care.

To facilitate this expansion, federal healthcare programs have loosened, at least temporarily, telehealth restrictions.

These eased restrictions, however, create increased opportunities for healthcare fraud and abuse, including Anti-Kickback Statute (AKS) and False Claims Act (FCA) violations.

Research

Learn What 1,000 People Said About Their Virtual Care Experiences During COVID-19

72% of patients had their first virtual visit during the pandemic and most now want it as a permanent option. Learn what else our survey revealed about their experiences with virtual visits, preferences for scheduling them, and more.

Recent telehealth regulation changes and telehealth scrutiny

The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services adjusted their telehealth requirements to expand telehealth’s ability to serve patients during the pandemic:

  • Patients no longer need to reside in designated rural areas or have preexisting relationships with their providers.
  • Patients can have their telehealth appointments from the convenience and safety of their homes without traveling to medical facilities.
  • More services can now be offered via telehealth, including evaluations to determine continued eligibility for hospice care.
  • Telehealth providers can waive patient deductibles and copayments without penalties for offering impermissible kickbacks.
  • In some circumstances, Medicare and Medicaid no longer require physicians to be licensed in the state in which their patients are located.
  • Providers can use a number of everyday communication technologies to provide telehealth services without being fined by HHS’ Office for Civil Rights. Providers are, however, required to make good faith efforts to protect patients’ privacy, including, among other things, enabling all available encryption and privacy settings and notifying patients of the increased risk of using such technologies. 

Despite these changes, some constants remain, such as the scrutiny telehealth providers face from regulators, particularly for AKS and FCA violations.

RELATED: Telemedicine CEO pleads guilty to role in $424M Medicare fraud scheme

In the past year, well before the rise of COVID-19, telehealth providers saw two of the biggest Department of Justice (DOJ) takedowns in history for rampant kickback and fraudulent billing schemes. First, in April 2019, the DOJ charged 24 telemedicine and durable medical equipment company executives and physicians for allegedly paying $1.2 billion in illegal kickbacks and bribes related to prescribing unnecessary back, wrist, shoulder and knee braces.

Second, in September 2019, the DOJ charged 35 individuals in a $2.1 billion fraudulent Medicare billing scheme involving alleged kickbacks to telehealth providers ordering genetic tests. Regulators made clear that COVID-19 will not reduce their focus on prosecuting wrongdoing.

For example, the DOJ recently arrested a Georgia man for his alleged role in a conspiracy involving unnecessary COVID-19 tests. Pandemic or not, the telehealth industry is firmly in the crosshairs of heightened government scrutiny and oversight.

Changed regulations may Increase, rather than decrease, enforcement actions

While easing regulations lead many to assume a decrease in enforcement actions, enforcement actions may increase as regulators respond to new opportunities for fraud. Specifically, telehealth services make it easier for fraudsters to pose as physicians and lure patients into sharing their protected health information or installing malware on their devices. 

The relaxed telehealth regulations greatly expand the number of patients for whom fraudulent claims can be submitted. Reduced cybersecurity requirements for telehealth communications increase the risk of hackers intercepting or stealing the protected health information necessary to submit fraudulent claims or commit healthcare identity theft.

RELATED: Telehealth could grow to a $250B revenue opportunity post-COVID-19, analysis finds

Such practices will not go unchecked, and telehealth providers should establish protocols to keep from being unwittingly pulled into the crosshairs. Here are 10 considerations to reduce the risk of enforcement action:

  1. Establish mechanisms to verify patient identity.
  2. Establish or maintain protocols for informed consent and beneficiary initiation.
  3. Identify states that have waived in-state licensure requirements for telehealth, and establish protocols for disengaging telehealth with patients where the provider is not licensed in the patient state after the pandemic emergency is lifted.
  4. Establish practice standards for patient examinations and remote prescribing.
  5. Document and maintain patient encounter records, including all regularly mandated documentation (such as patient eligibility for hospice care).
  6. Properly code telehealth services to ensure coverage.
  7. Review vendor agreements and patient incentives to ensure compliance with the AKS, FCA and Civil Monetary Penalties Law.
  8. Ensure compliance with state credentialing and scope of practice requirements.
  9. Establish privacy and security protocols for telehealth offerings and related systems.
  10. Notify patients of the increased risk of privacy issues when using telehealth services and strongly consider using telehealth vendors willing to execute a HIPAA-compliant business associate agreement.

Patricia Carreiro and Erin Hoyle are attorneys at Carlton Fields. Ms. Carreiro is a data privacy and cybersecurity litigation attorney. Ms. Hoyle is a white-collar crime defense attorney.

Suggested Articles

A new report found that nearly one in four assisted living facilities had at least one COVID-19 case, as lawmakers press for better data.

Healthcare employment continued to recover in June as the sector gained 358,000 jobs, with hospitals starting to add jobs after losses in May.

Here are the healthcare startups trying to shake up the $260 billion primary care market.