While the Department of Justice (DOJ) began shifting its attention to telehealth fraud prior to the PHE, DOJ intensified its efforts during the PHE when there were relaxed rules surrounding telehealth – and it is likely to remain a priority. This article provides an overview of telehealth enforcement trends, outlines the most significant enforcement actions prior to and during the PHE, offers predictions for where DOJ will be focusing its attention in the future, and suggests best practices for mitigating exposure to telehealth fraud.
The Precipitous Rise of Telehealth
Prior to the PHE, Medicare reimbursable telemedicine services were relatively limited. At the immediate outset of the PHE, the Centers for Medicare & Medicaid Service (CMS) expanded telehealth services to broaden coverage by government insurance given the unprecedented need to access medical care through telehealth services.There will likely be continued expansion of telehealth services given the staggering increase in investment in virtual care and as provider and patient perceptions have shifted to broader acceptance of telehealth services.
Federal law enforcement has responded to the rapid growth of telehealth services by increasing its resources to combat telehealth fraud. Federal agencies, including DOJ, the Department of Health and Human Services Office of Inspector General (OIG), and CMS, have increased enforcement actions of telehealth fraud in coordinated nationwide efforts. Enforcement has primarily focused on large schemes involving egregious examples of fraud, including nationwide kickback and referral schemes involving testing laboratories and durable medical equipment (DME) companies, where kickback payments are exchanged for patient referrals for services or DME that are reimbursable by government insurers. Charges have been brought against marketers, executives of telemedicine companies, owners of DME companies, testing lab facilities, all the way down to individual physicians. Fraudulent billing has also been a focus for DOJ, including false billing for “phantom patients” that do not exist or for sham telehealth interactions that never occurred; improperly coding telehealth services rendered; exaggerating time spent with patients; and misrepresenting the type of virtual service delivered. A form of fraudulent billing may function as part of a larger kickback scheme, including bundling medically unnecessary and expensive testing and DME with other, cheaper services.
Enforcement Actions Prior to the PHE
Even prior to the PHE, telehealth fraud was an enforcement priority. In 2019, DOJ led several significant takedowns involving telehealth fraud, alleging billions in fraud loss.
- Operation Brace Yourself: Twenty-four defendants, including executives of telemedicine companies, owners of DME companies, and three medical professionals were criminally charged in a fraudulent billing scheme involving call centers in the Philippines and Latin America. As part of this scheme, DME companies paid illegal kickbacks for the ordering of medically unnecessary braces by medical professionals working for fraudulent telemedicine companies. These medically unnecessary orders occurred after only a brief telephone conversation or no interaction at all with patients. The indictments alleged $1.2 billion in fraud loss, and charges included, among others, conspiracy to commit healthcare fraud; violations of the Anti-Kickback Statute; conspiracy to defraud the United States; and aiding and abetting.
- Northeast Health Care Fraud Takedown: In this coordinated action across seven federal districts in the northeast, DOJ alleged more than $800 million in loss resulting from the distribution of 3.25 million opioid pills through “pill mills.” Charges included: conspiracy to defraud the United States; violations of the Anti-Kickback Statute; solicitation of healthcare kickbacks; healthcare fraud; and conspiracy to commit healthcare fraud.
- Operation Double Helix: Thirty-five defendants across five federal districts were charged in a fraudulent genetic cancer testing scheme. Cancer genetic testing laboratories paid illegal kickbacks for referrals by medical professionals affiliated with fraudulent telemedicine companies and the ordering of medically unnecessary and costly cancer genetic tests. Doctors were paid to prescribe these costly tests after only a brief telephone conversation or without any patient communication at all. DOJ targeted the telemedicine companies, genetic testing laboratories, and 10 medical professionals who allegedly submitted more than $1.7 billion in fraudulent claims to the Medicare program. Charges included, among others, conspiracy to commit healthcare fraud; conspiracy to violate the Anti-Kickback Statute, and healthcare fraud.
Enforcement During the COVID-19 Pandemic
The scale of the cooperative law enforcement actions leaves no doubt about DOJ’s ongoing commitment to combatting telehealth fraud.
- 2020 Operation Rubber Stamp: Led by the National Rapid Response Strike Force, this October 2020 operation involved civil and criminal actions against 86 criminal defendants, including telemedicine executives, marketers, owners of DME companies, genetic testing laboratories, pharmacies, and more than 24 licensed medical professionals. After patients were allegedly solicited by international telemarketing companies, telemedicine executives allegedly paid healthcare providers to order medically unnecessary diagnostic testing, DME, and pain medications with little to no patient interaction. The laboratories, pharmacies, and DME companies allegedly purchased the orders in exchange for illegal kickbacks. As part of this action, CMS separately took record-breaking administrative action, revoking Medicare billing privileges of 256 medical professionals for their involvement in the fraudulent scheme. Charges included conspiracy to commit wire and healthcare fraud; making false statements related to healthcare; and violations of the Anti-Kickback Statute.
- 2021 COVID-Related Fraud Takedown Involving Multiple Healthcare Fraud Schemes: In May 2021, 14 defendants across the United States were charged for their alleged participation in various healthcare fraud schemes that exploited the COVID-19 pandemic and resulted in over $143 million in false billings. The cases are being prosecuted in seven federal districts. According to the indictments, defendants include telemedicine company executives, physicians, marketers, and medical business owners. The scheme involved marketers allegedly offering beneficiaries COVID-19 tests at senior living facilities and medical offices. While collecting samples for COVID-19 tests, marketers allegedly suggested additional, unrelated testing supplies and tests to patients covered by Medicare. Fraudulent labs allegedly paid marketers to receive the beneficiaries’ samples and Medicare information for processing. Conspiring telemedicine providers were allegedly paid by marketers or labs to authorize referrals for the unnecessary tests, which are often required for Medicare payment of these tests. The labs allegedly submitted claims to Medicare and received reimbursement for COVID-19 and the additional, unrelated tests. Additionally, CMS took adverse administrative actions against over 50 medical providers for their involvement in these healthcare fraud schemes.
- August 2021 Operation “Happy Clickers”: In August 2021, DOJ initiated a takedown effort dubbed “Operation Happy Clickers” due to the speed in which medical personnel “clicked through” their approvals to prescribe medically unnecessary DME and genetic tests. The indictments alleged that telemarketers with no medical background gathered leads by aggressively pursuing Medicare beneficiaries. The marketers then allegedly funneled the leads to medical practitioners, who they allegedly paid to sign off on medically unnecessary DME and cancer genetic testing orders, all of which occurred through the use of telemedicine. The marketing company then allegedly sold those signed orders to the owners of the DME supply companies and labs in violation of the Anti-Kickback Statute.
- September 2021 Takedown: DOJ charged 138 defendants across 31 districts for their alleged participation in various healthcare fraud schemes involving over $1.1 billion in false and fraudulent claims to Medicare and other government insurers. The kickback schemes alleged here were similar to that in Operation Rubber Stamp in which payments were made for health professionals to order unnecessary DME, genetic and other diagnostic testing, and pain medication, which were ultimately paid by government insurers. This prosecution is ongoing.
- December 2021 Takedown: In December 2021, high-level employees of a telemedicine company were indicted in an international kickback scheme. Those indicted were alleged to have used a telemedicine company to generate a high volume of prescriptions for compounded medications and DME, without regard to medical necessity, through kickback payments. As part of the scheme, the licensed physician charged was allegedly paid kickbacks per prescription. The physician allegedly wrote prescriptions without speaking to patients in exchange for these payments. Additionally, the executives allegedly falsely informed providers that “nurses” had already consulted with the patients and determined that compounded medication or DME was medically appropriate. This prosecution is ongoing.
- May 2022 Guilty Pleas: Owners of a telemedicine company pleaded guilty to conspiracy to violate the Anti-Kickback Statute and conspiracy to commit healthcare fraud. As part of the scheme, pharmacies and DME providers paid bribes to marketing companies for expensive drug prescriptions and DME orders from physicians. The marketing companies provided the telemedicine company with the personal information of federal healthcare beneficiaries, along with pre-filled prescriptions and DME orders, which the telemedicine company passed on to the doctors they had bribed. The doctors often approved medically unnecessary prescriptions and orders without having any contact with the patient. This scheme resulted in the submission of more than $64 million in false and fraudulent claims to federal healthcare benefit programs. Sentencing for the defendants is scheduled for October 11, 2022.
The Future of Telehealth Enforcement
Enforcement actions against telehealth fraud during the PHE have primarily targeted egregious examples of fraud. But where will DOJ focus its enforcement efforts in the future? DOJ will likely initiate enforcement actions focusing on more nuanced forms of telehealth fraud, especially fraud that occurs by knowing violation of regulatory rules, especially when billing to government insurers.
In addition, there will likely be increased use of the civil False Claims Act (FCA). To date, criminal charges have been the primary focus of enforcement actions. As DOJ begins to investigate nuanced areas involving regulatory rule-breaking that does not rise to the level of criminal charges, the FCA will be a powerful tool for DOJ that could lead to substantial recoveries.Whistleblowers will be a key factor in driving FCA cases and helping identify sophisticated fraud schemes.
Best Practices to Mitigate Telehealth Fraud
As telehealth has become embedded in the American healthcare system and is an enforcement priority for DOJ, telehealth providers and healthcare companies and their counsel should take proactive measures to mitigate risk and exposure to fraud. Best practices include:
- Develop a robust compliance program that is routinely updated and audited to assess effectiveness. With the ever-changing telehealth regulatory landscape, compliance programs should focus on billing and coding requirements and provide frequent compliance training updates to relevant staff.
- Exercise caution when entering into relationships with third parties to avoid unintentionally becoming involved in a fraud scheme. Companies should use background and conflicts checks when hiring new providers or contracting with third parties.
- Implement reporting mechanisms, such as an anonymous tip line, so that suspected wrongdoing can be reported by employees at all levels of the organization. If there is an allegation of misconduct, companies should conduct internal investigations to assess the merits of reported misconduct and determine how to proceed. These investigations are typically led by a compliance officer with the assistance of outside counsel. After conducting an investigation, consideration should be given to the potential risks and exposure faced by the company, including, whether to refer a matter or make a voluntary disclosure to DOJ.
- Consider requiring in-person visits before approving expensive testing and DME prescriptions.
- Consider using data and analytical tools to their advantage. DOJ frequently uses data to identify outliers in telehealth services and possible sources of fraud. Companies should monitor telehealth providers and look for any outlier behavior that could suggest fraud, including providers who are billing relatively greater amounts to telehealth services, or are ordering much more expensive DME or expensive diagnostic testing.
The surge in telehealth during the PHE has cemented its position in the American healthcare system as provider and patient attitudes have shifted toward wider acceptance of the benefits and efficiencies of telehealth. DOJ has increased enforcement efforts to combat egregious examples of telehealth fraud, but will likely pivot to more nuanced enforcement involving regulatory rule-breaking, including increased use of the FCA. Telehealth providers and healthcare companies should remain proactive and nimble to adapt to the changing regulatory landscape by developing and regularly updating robust compliance programs and implementing mechanisms to detect and minimize exposure to telehealth fraud.