Georgetown Law
Technology Review

In the wake of COVID-19, the use of telemedicine has grown rapidly. Telemedicine – “the practice of medicine using technology to deliver [health] care remotely” – has shifted the way patients and providers engage. Key to its rise has been a loosening of regulations resulting from the January 2020 declaration of a Public Health Emergency, the rise of payment parity laws requiring reimbursement for telemedicine care at the same rate as in-person care, and the issuance of shelter-in-place orders during COVID-19.

The surge in telemedicine has given rise to new opportunities for fraud and abuse. On July 20, 2022, the U.S. Department of Justice (DOJ) charged 36 defendants with committing more than $1.2 billion in health fraud related to false telehealth claims for unnecessary medical equipment and genetic testing. That same day, the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) issued an alert encouraging “practitioners to exercise caution when entering into arrangements with purported telemedicine companies.” Two months later, HHS-OIG published a telemedicine fraud report. In a survey of 742,000 providers who billed Medicare for a telehealth service during the first year of the COVID pandemic, HHS-OIG found “1,714 providers whose billing for telehealth services … poses a high risk to Medicare.”

The DOJ and HHS-OIG, equipped with advanced data analytics tools, enforce a number of criminal and civil laws to combat telemedicine fraud. To that end, Congress must ensure that these critical authorities have the resources they need to hold telemedicine fraud perpetrators accountable.

But a reactive approach isn’t enough. Novel governmental solutions are needed to prevent telemedicine fraud from occurring in the first place.

How are telemedicine fraud schemes carried out?

Telemedicine fraud schemes occur most commonly in four ways. Providers may inaccurately bill patients to increase reimbursements by inflating the time spent rendering telemedicine care or altering the complexity of services provided. Additionally, providers may misrepresent the telemedicine service they bill patients for, ranging from virtual check-ins to e-visits. They may also bill patients for telehealth services “not provided, or not provided effectively.” Finally, providers may accept kickbacks from telemedicine companies in exchange for referring patients—with whom they have little or no interaction—for unnecessary medical products or services, such as genetic testing and prescription medications.

What are the current tools in place to guard against telemedicine fraud?

The False Claims Act (FCA) is implicated if any person or organization knowingly submits a false claim to the federal government. The FCA is particularly relevant to health fraud cases because providers submit a claim to the U.S. Government every time they treat Medicare or Medicaid patients, “often amounting to thousands of claims over the course of a year.”

Providers violate the FCA when they bill for telemedicine services never provided, bill for unnecessary services, bill for excessive services rendered, up-code bills, or unbundle a bill to submit separate claims.

The Anti-Kickback Statute (AKS) prohibits health care providers from accepting remuneration (anything of value) in return for referring patients to other providers. These kickbacks may lead doctors to make clinical decisions based on financial incentives rather than patient interests and therefore increase healthcare spending by motivating the supply of unnecessary medical care.

AKS cases may occur when a telemedicine company solicits patients and pays a provider (who has limited or no interaction with the patients) in return for ordering unnecessary genetic testing, durable medical equipment (DME), or prescription medications that are reimbursable by Medicare or Medicaid.

In addition to federal statutes, the OIG uses its oversight authority over Medicare and Medicaid to detect telemedicine fraud. OIG is moving from a “pay-and-chase” model—one that tracks down fraudulent claims after the fact—to a more predictive approach geared towards finding fraudulent claims before they are paid.

Recommendations

Telemedicine’s growth shows no signs of abating. Included in the $1.7 trillion omnibus bill signed into law on December 23, 2022 is an extension of HHS rules that loosened restrictions on telemedicine during the pandemic. As a result, opportunities for fraud and abuse will likely grow.

Enacting new enforcement statutes to combat telemedicine fraud is not an effective solution because the FCA and AKS already cover the scope of improper conduct in telemedicine fraud schemes. Because of resource constraints, law enforcement authorities cannot realistically chase down all telemedicine fraud perpetrators. Rather, the only sustainable way to rein in telemedicine fraud is to prevent it from occurring in the first place, rather than prosecuting it after the fact.

However, Congress must balance preventing fraud with maintaining access to care. One preventative strategy consists of requiring patients to attend medical appointments in-person in conjunction with their telemedicine treatment plan. Along this line, Congress could pass laws requiring a pre-existing doctor-patient relationship established through a face-to-face encounter before telemedicine treatment, or require in-person consultations with patients before ordering certain high-cost health products or lab tests. HHS, in turn, could implement these laws and enforce them with the DOJ.

But while these approaches would reduce opportunities to commit fraud, they could also excessively limit access to care for patients in rural and underserved communities.

A better solution may be for Congress to pass a law requiring patients to have a pre-existing relationship with a physician prior to receiving telemedicine treatment but permitting them to establish this relationship through telemedicine. Like those involving in-person care requirements, this approach would curb many telemedicine fraud schemes that result from telemedicine companies contacting patients and inducing them to receive unnecessary tests or treatments from physicians they have no relationship with.

This approach would accomplish that without limiting access to care for patients who cannot find transportation to a medical clinic. Further, all states authorize doctor-patient relationships to be established via telemedicine, and the American Medical Association acknowledges that “a relationship can be established via telehealth if it meets the standard of care.”

In addition to legal solutions, providers can adopt several compliance measures themselves to mitigate the risk of fraud, such as rigorously documenting telemedicine appointments with patients, conducting daily charge reconciliation, and refraining from “entering into any third-party relationships involving the exchange of money for referrals.” But without novel laws and nuanced regulations, incentives for telemedicine fraud will persist.