After more than two years into the public health emergency (PHE), telehealth is poised to remain a permanent fixture in the American healthcare system. On the federal level, the Department of Health & Human Services (HHS) has encouraged the use of telehealth, implementing measures to facilitate the use of telehealth services by healthcare providers. Many states have followed suit, initially issuing temporary orders and subsequently passing legislation to support the expansion of telehealth services. While regulators recognize the benefits of telehealth, including increased access to care, there is heightened awareness that the expansion of these services invites new and adapted forms of fraud. While the Department of Justice (DOJ) began shifting its attention to telehealth fraud prior to the PHE, DOJ intensified its efforts during the PHE when there were relaxed rules surrounding telehealth – and it is likely to remain a priority. This article provides an overview of telehealth enforcement trends, outlines the most significant enforcement actions prior to and during the PHE, offers predictions for where DOJ will be focusing its attention in the future, and suggests best practices for mitigating exposure to telehealth fraud.
May 25, 2022
Telehealth Fraud
Enforcement Trends to Watch
Kate Driscoll, Esq and Jennifer Greco, Esq
The Precipitous Rise of Telehealth
Prior to the PHE, Medicare reimbursable telemedicine services were relatively limited. At the immediate outset of the PHE, the Centers for Medicare & Medicaid Service (CMS) expanded telehealth services to broaden coverage by government insurance given the unprecedented need to access medical care through telehealth services. By the end of 2020, CMS added more than 144 telehealth services to Medicaid/Medicare coverage. Statistics provided by McKinsey in a 2021 report highlight the rapid growth of telehealth. At the onset of the pandemic, there was an initial spike of 32 percent in telehealth visits for all office and outpatient visits. Telehealth levels then stabilized at 13-17 percent across all specialties leveling off at 38 times pre-COVID-19 levels. Given telehealth’s ready expansion, the global telemedicine market is potentially, according to McKinsey, a $250 billion industry. There will likely be continued expansion of telehealth services given the staggering increase in investment in virtual care and as provider and patient perceptions have shifted to broader acceptance of telehealth services.
Enforcement Trends
Federal law enforcement has responded to the rapid growth of telehealth services by increasing its resources to combat telehealth fraud. Federal agencies, including DOJ, the Department of Health and Human Services Office of Inspector General (OIG), and CMS, have increased enforcement actions of telehealth fraud in coordinated nationwide efforts. Enforcement has primarily focused on large schemes involving egregious examples of fraud, including nationwide kickback and referral schemes involving testing laboratories and durable medical equipment (DME) companies, where kickback payments are exchanged for patient referrals for services or DME that are reimbursable by government insurers. Charges have been brought against marketers, executives of telemedicine companies, owners of DME companies, testing lab facilities, all the way down to individual physicians. Fraudulent billing has also been a focus for DOJ, including false billing for “phantom patients” that do not exist or for sham telehealth interactions that never occurred; improperly coding telehealth services rendered; exaggerating time spent with patients; and misrepresenting the type of virtual service delivered. A form of fraudulent billing may function as part of a larger kickback scheme, including bundling medically unnecessary and expensive testing and DME with other, cheaper services.
Enforcement Actions Prior to the PHE
Even prior to the PHE, telehealth fraud was an enforcement priority. In 2019, DOJ led several significant takedowns involving telehealth fraud, alleging billions in fraud loss.
- Operation Brace Yourself: Twenty-four defendants, including executives of telemedicine companies, owners of DME companies, and three medical professionals were criminally charged in a fraudulent billing scheme involving call centers in the Philippines and Latin America. As part of this scheme, DME companies paid illegal kickbacks for the ordering of medically unnecessary braces by medical professionals working for fraudulent telemedicine companies. These medically unnecessary orders occurred after only a brief telephone conversation or no interaction at all with patients. The CMS Center for Program Integrity (CPI) also took administrative action suspending payments to 130 providers. The indictments alleged $1.2 billion in fraud loss, and charges included, among others, conspiracy to commit healthcare fraud; violations of the Anti-Kickback Statute; conspiracy to defraud the United States; and aiding and abetting. Operation Brace Yourself has resulted in several convictions, including one pair of DME company owners who were each sentenced to 151 months in prison and were required to pay $27 million in restitution.
- Northeast Health Care Fraud Takedown: In this coordinated action across seven federal districts in the northeast, DOJ alleged more than $800 million in loss resulting from the distribution of 3.25 million opioid pills through “pill mills.” Charges included: conspiracy to defraud the United States; violations of the Anti-Kickback Statute; solicitation of healthcare kickbacks; healthcare fraud; and conspiracy to commit healthcare fraud. DOJ obtained guilty pleas from corporate executives, including a vice president of marketing at a telemedicine company and owners of DME companies for their submission of over $600 million in fraudulent claims to Medicare.
- Operation Double Helix: Thirty-five defendants across five federal districts were charged in a fraudulent genetic cancer testing scheme. Cancer genetic testing laboratories paid illegal kickbacks for referrals by medical professionals affiliated with fraudulent telemedicine companies and the ordering of medically unnecessary and costly cancer genetic tests. Doctors were paid to prescribe these costly tests after only a brief telephone conversation or without any patient communication at all. DOJ targeted the telemedicine companies, genetic testing laboratories, and 10 medical professionals who allegedly submitted more than $1.7 billion in fraudulent claims to the Medicare program. Charges included, among others, conspiracy to commit healthcare fraud; conspiracy to violate the Anti-Kickback Statute, and healthcare fraud. This enforcement action has resulted in convictions, including a patient recruiter who helped further the illegal kickback scheme by targeting Medicare beneficiaries with telemarketing calls and was sentenced to 10 years’ imprisonment.
Enforcement During the COVID-19 Pandemic
To keep pace with the rapid increase in the use of telehealth services, federal law enforcement increased its enforcement efforts with coordinated nationwide takedowns by the newly minted National Rapid Response Strike Force of telehealth fraud schemes alleging billions in fraud loss. The Strike Force was created in 2020 and coordinates with DOJ’s Fraud Section, U.S. Attorney’s Offices across the country, state Medicaid Fraud Control Units, the Federal Bureau of Investigation, OIG, and other agency partners. The scale of the cooperative law enforcement actions leaves no doubt about DOJ’s ongoing commitment to combatting telehealth fraud.
- 2020 Operation Rubber Stamp: Led by the National Rapid Response Strike Force, this October 2020 operation involved civil and criminal actions against 86 criminal defendants, including telemedicine executives, marketers, owners of DME companies, genetic testing laboratories, pharmacies, and more than 24 licensed medical professionals. After patients were allegedly solicited by international telemarketing companies, telemedicine executives allegedly paid healthcare providers to order medically unnecessary diagnostic testing, DME, and pain medications with little to no patient interaction. The laboratories, pharmacies, and DME companies allegedly purchased the orders in exchange for illegal kickbacks. As part of this action, CMS separately took record-breaking administrative action, revoking Medicare billing privileges of 256 medical professionals for their involvement in the fraudulent scheme. Charges included conspiracy to commit wire and healthcare fraud; making false statements related to healthcare; and violations of the Anti-Kickback Statute. The prosecution is ongoing.
- 2021 COVID-Related Fraud Takedown Involving Multiple Healthcare Fraud Schemes: In May 2021, 14 defendants across the United States were charged for their alleged participation in various healthcare fraud schemes that exploited the COVID-19 pandemic and resulted in over $143 million in false billings. The cases are being prosecuted in seven federal districts. According to the indictments, defendants include telemedicine company executives, physicians, marketers, and medical business owners. The scheme involved marketers allegedly offering beneficiaries COVID-19 tests at senior living facilities and medical offices. While collecting samples for COVID-19 tests, marketers allegedly suggested additional, unrelated testing supplies and tests to patients covered by Medicare. Fraudulent labs allegedly paid marketers to receive the beneficiaries’ samples and Medicare information for processing. Conspiring telemedicine providers were allegedly paid by marketers or labs to authorize referrals for the unnecessary tests, which are often required for Medicare payment of these tests. The labs allegedly submitted claims to Medicare and received reimbursement for COVID-19 and the additional, unrelated tests. Additionally, CMS took adverse administrative actions against over 50 medical providers for their involvement in these healthcare fraud schemes. The prosecution is ongoing.
- August 2021 Operation “Happy Clickers”: In August 2021, DOJ initiated a takedown effort dubbed “Operation Happy Clickers” due to the speed in which medical personnel “clicked through” their approvals to prescribe medically unnecessary DME and genetic tests. The indictments alleged that telemarketers with no medical background gathered leads by aggressively pursuing Medicare beneficiaries. The marketers then allegedly funneled the leads to medical practitioners, who they allegedly paid to sign off on medically unnecessary DME and cancer genetic testing orders, all of which occurred through the use of telemedicine. The marketing company then allegedly sold those signed orders to the owners of the DME supply companies and labs in violation of the Anti-Kickback Statute. While resolutions were reached with certain practitioners involved in the scheme, Happy Clickers is an ongoing prosecution.
- September 2021 Takedown: DOJ charged 138 defendants across 31 districts for their alleged participation in various healthcare fraud schemes involving over $1.1 billion in false and fraudulent claims to Medicare and other government insurers. The kickback schemes alleged here were similar to that in Operation Rubber Stamp in which payments were made for health professionals to order unnecessary DME, genetic and other diagnostic testing, and pain medication, which were ultimately paid by government insurers. The proceeds of the scheme were allegedly spent on luxury items, including vehicles, yachts, and real estate. This prosecution is ongoing.
- December 2021 Takedown: In December 2021, high-level employees of a telemedicine company were indicted in an international kickback scheme. Those indicted were alleged to have used a telemedicine company to generate a high volume of prescriptions for compounded medications and DME, without regard to medical necessity, through kickback payments. As part of the scheme, the licensed physician charged was allegedly paid kickbacks per prescription. The physician allegedly wrote prescriptions without speaking to patients in exchange for these payments. Additionally, the executives allegedly falsely informed providers that “nurses” had already consulted with the patients and determined that compounded medication or DME was medically appropriate. In reality, the “nurses” were located in the Philippines and were not registered to practice medicine in the United States and had generally not even spoken with the patients. This prosecution is ongoing.
- May 2022 Guilty Pleas: Owners of a telemedicine company pleaded guilty to conspiracy to violate the Anti-Kickback Statute and conspiracy to commit healthcare fraud. As part of the scheme, pharmacies and DME providers paid bribes to marketing companies for expensive drug prescriptions and DME orders from physicians. The marketing companies provided the telemedicine company with the personal information of federal healthcare beneficiaries, along with pre-filled prescriptions and DME orders, which the telemedicine company passed on to the doctors they had bribed. The doctors often approved medically unnecessary prescriptions and orders without having any contact with the patient. This scheme resulted in the submission of more than $64 million in false and fraudulent claims to federal healthcare benefit programs. Sentencing for the defendants is scheduled for October 11, 2022. Each faces a maximum of five years in prison for the kickback charge; a maximum of 10 years in prison for the healthcare fraud conspiracy charge; and potential fines, restitution, and forfeiture penalties for each charge.
The Future of Telehealth Enforcement
Enforcement actions against telehealth fraud during the PHE have primarily targeted egregious examples of fraud. But where will DOJ focus its enforcement efforts in the future? DOJ will likely initiate enforcement actions focusing on more nuanced forms of telehealth fraud, especially fraud that occurs by knowing violation of regulatory rules, especially when billing to government insurers. OIG has already signaled that it will be conducting oversight work assessing telehealth services, focusing its attention on providers’ billing patterns for telehealth services.
In addition, there will likely be increased use of the civil False Claims Act (FCA). To date, criminal charges have been the primary focus of enforcement actions. As DOJ begins to investigate nuanced areas involving regulatory rule-breaking that does not rise to the level of criminal charges, the FCA will be a powerful tool for DOJ that could lead to substantial recoveries. In 2021 alone, DOJ recovered $5.6 billion from FCA cases, more than $5 billion in the healthcare industry – the largest recovery since 2014 and the second highest ever. Whistleblowers will be a key factor in driving FCA cases and helping identify sophisticated fraud schemes. Whistleblowers are incentivized to report potential misconduct as they receive federal protections against retaliation if they bring a claim to the government and are also rewarded a portion of the proceeds collected by the government in a qui tam suit.
Best Practices to Mitigate Telehealth Fraud
As telehealth has become embedded in the American healthcare system and is an enforcement priority for DOJ, telehealth providers and healthcare companies and their counsel should take proactive measures to mitigate risk and exposure to fraud. Best practices include:
- Develop a robust compliance program that is routinely updated and audited to assess effectiveness. Policies that were put into place prior to the PHE should be reviewed and revised as necessary with special attention paid to compliance with data privacy and security laws (e.g., the Health Insurance Portability and Accountability Act). Companies should review the government resources publicly available to assist in developing compliance programs, including DOJ guidance on corporate compliance measures and resources from CMS and HHS. With the ever-changing telehealth regulatory landscape, compliance programs should focus on billing and coding requirements and provide frequent compliance training updates to relevant staff.
- Exercise caution when entering into relationships with third parties to avoid unintentionally becoming involved in a fraud scheme. Companies should use background and conflicts checks when hiring new providers or contracting with third parties.
- Implement reporting mechanisms, such as an anonymous tip line, so that suspected wrongdoing can be reported by employees at all levels of the organization. If there is an allegation of misconduct, companies should conduct internal investigations to assess the merits of reported misconduct and determine how to proceed. These investigations are typically led by a compliance officer with the assistance of outside counsel. After conducting an investigation, consideration should be given to the potential risks and exposure faced by the company, including, whether to refer a matter or make a voluntary disclosure to DOJ.
- Consider requiring in-person visits before approving expensive testing and DME prescriptions.
- Consider using data and analytical tools to their advantage. DOJ frequently uses data to identify outliers in telehealth services and possible sources of fraud. Companies should monitor telehealth providers and look for any outlier behavior that could suggest fraud, including providers who are billing relatively greater amounts to telehealth services, or are ordering much more expensive DME or expensive diagnostic testing.
Conclusion
The surge in telehealth during the PHE has cemented its position in the American healthcare system as provider and patient attitudes have shifted toward wider acceptance of the benefits and efficiencies of telehealth. DOJ has increased enforcement efforts to combat egregious examples of telehealth fraud, but will likely pivot to more nuanced enforcement involving regulatory rule-breaking, including increased use of the FCA. Telehealth providers and healthcare companies should remain proactive and nimble to adapt to the changing regulatory landscape by developing and regularly updating robust compliance programs and implementing mechanisms to detect and minimize exposure to telehealth fraud.