Telemedicine: Fraud and Abuse During the COVID Pandemic

Written by: Susan Walberg, JD, MPA, CHC

The COVID-19 pandemic has brought with it huge challenges for people all over the world; not only the obvious health-related concerns but also shutdowns, unemployment, financial difficulties, and a variety of lifestyle changes as a result.

When the COVID pandemic struck, CMS quickly recognized that access to care would be an issue, with healthcare resources strained and many providers or suppliers shutting down their offices or drastically limiting availability. Patients who needed routine care or follow-up visits were at risk for not receiving services during a time when healthcare providers were scrambling to enhance infection control measures and implement other new safety standards to protect patients and healthcare workers.

The Centers for Medicare and Medicaid Services (CMS) has responded by easing restrictions and regulatory burdens in order to allow patients to receive the healthcare services they need without undue access challenges. One key area that has changed is the restrictions related to telehealth services, which were previously only paid by Medicare under certain circumstances, such as patients living in remote areas.

Among the changes and waivers CMS has offered, telemedicine reimbursement is among the more significant. Telemedicine services, which includes office visits and ‘check ins’ are now allowed and reimbursed by Medicare. In addition to reimbursement changes, CMS has also relaxed the HIPAA privacy and information security enforcement standards, paving the way for providers to adopt a new model of providing services electronically. This means that providers could use commonly-available platforms to have video calls with patients and could use the phone for ‘check ins’.  Telemedicine visits are reimbursed the same as an office visit, and CMS has provided new billing codes for the more brief ‘check ins’ which can be conducted by phone. Health and Human Services has also relaxed its audit standards, which means it isn’t verifying the ‘established patient’ requirement which would typically apply to a visit conducted electronically.

Telehealth or ‘virtual’ visits have increased over 11,000% when the pandemic-related changes by CMS were implemented, according to Medicare data for March/April of 2020. Previous reviews of telehealth services by the OIG revealed a 31% error rate, and this was well before such services became easier to provide. Given those high numbers, it isn’t surprising this is a high-risk issue.

Unfortunately, loosening the regulatory requirements opened the door to fraud by dishonest providers, telemedicine companies, and others.

Types of Telehealth-Related Fraud

So how are telehealth services being used to defraud healthcare patients and payers?

One significant scheme identified involves telehealth companies who use various marketing techniques to lure unsuspecting patients to give their health information and they then transfer the patient to a medical provider for a ‘consultation’. These virtual visits are for unnecessary services or supplies, and are with providers that the patient does not know.

The telemedicine company then buys the prescriptions from cooperating providers and then sells them to pharmacies, laboratories, or medical equipment companies. The healthcare practitioners are paid a kickback to participate in this scheme.

Once the pharmacy or other company buys the prescription, it sends it to the patient and Medicare or Medicaid is billed. The telemedicine company receives a kickback. The ordered item is often not provided or is not needed by the patient.

This laundering of prescriptions is lucrative for the scammers. A recent national ‘takedown’ revealed that this one scheme has caused more than $4.5 billion in losses and involved more than 250 healthcare professionals, according to the Health and Human Services Office of Inspector General (OIG).

Another similar scheme has been operating for several years prior to COVID but has likely been made easier with the changing rules. In Operation Brace Yourself, telemedicine companies recruited individuals through advertising to participate in telephone ‘visits’ to prescribe unnecessary medical equipment, such as back, wrist, and knee braces. The doctors were paid a kickback for prescribing to those patients who they had never physically seen and who typically did not need the supply.

Operation Brace Yourself was a take down by the FBI, and it is estimated that Medicare paid up to $22 million a week to the companies engaged in this practice. Charges were filed against 24 individuals, with over $1.2 billion in losses attributed to the scheme.

While these are far-reaching and complex schemes, there are also smaller-scale fraud and abuse activities that occur related to telehealth.

• Billing issues, for instance, where a service is billed for a higher complexity than it should have been or billing for telehealth visits that never occurred.
• Scammers are offering money or gifts to patients for participating in a ‘COVID Survey’. This is an attempt to obtain medical and/or financial information that can be later used to create fraudulent bills.
• There are various schemes designed to obtain Medicare numbers and other patient data; offers for supplies, vaccine cards, or benefit reviews are designed to capture that information from unsuspecting Medicare recipients.
• Offers for patients to pay to get a better ‘place in line’ for the COVID vaccine. Medicare will not call beneficiaries to offer COVID products or services.

The OIG is constantly conducting audits and reviews of potential fraudulent or abusive practices. For the current year, 2021, the OIG has 7 different audits scheduled that are related to telemedicine, so this is a real concern.

What Patients Should Watch Out For

There are a variety of steps individuals can take to make sure they aren’t subjected to one of these fraud scams.

• Don’t share your personal health information, including any Medicare or Medicaid numbers, Social Security Numbers, Date of Birth, Address, or any financial information with anyone you don’t know.
• Be aware of widespread marketing scams, such as random phone calls, pop-up ads online, mailings, and other offers and outreach activities.
• Review your statements and bills; often these schemes won’t bill for the telehealth phone call as a visit. The money is made through the use of phony prescriptions, kickbacks, and further use of patient identity for additional billings. Read your statements to verify what Medicare or Medicaid actually paid for.
• Be careful how you dispose of any materials with your private information on it, such as syringes, mailings, vaccination records, and prescription boxes or bottles. Thieves can use this information.
• Be suspicious of unsolicited calls offering COVID-19 tests or supplies.
• Do not open text messages or hyperlinks in texts or emails about COVID if it’s from an unknown person.
• Beware of social media sites offering to sign up for vaccines, tests, and other COVID-related services. Verify any testing or vaccination site is official.
• Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate tracers will not ask for your Medicare number or other financial data or make test appointments (or ask for payments).

What Providers Should Do

Providers need to also be careful in this time of relaxed rules and enhanced scrutiny. In order to protect your own practice and your patients:

• Make sure that all telehealth visits and services are medically necessary and properly documented; it is likely they may be reviewed by Medicare, private payers, or even the OIG.
• Monitor the guidance by CMS routinely. With the COVID landscape changing frequently, CMS is striving to react timely and regulations change.
• Be clear to your patients how you communicate with them for appointments and services.
• Clearly explain to your patients if they will be contacted by an unknown pharmacy or DME provider based on your orders. A legitimate call could be suspicious to a wary patient if they aren’t advised.
• If patients contact you and believe they have been scammed by someone for healthcare services, give them the information below and encourage them to report.

Report Any Suspected Fraud and Abuse

If you suspect healthcare fraud, you can report it to the OIG tip line at 1-800-377-4950. You can also call your local Medicare carrier for Medicare Advantage Plans or CMS. The CMS.gov website has lots of information about healthcare fraud.

Additional resources are also available through the Medicare Senior Fraud Patrol at the website smpresource.org. This website has state-specific reporting options as well as a nation-wide number, 877-808-2468.

Learn more about Susan Walberg at compliancealacarte.com