When the COVID-19 pandemic began, no one imagined that it was here to stay for more than a year and counting! Many thought it would take at most a couple of months for the outbreak to resolve and the stay-at-home orders, social distancing, and mask mandating laws would soon disappear. However, a year later we continue to wear masks and maintain social distance. One positive aspect of the pandemic has been the opportunity to expand the use of telehealth, providing many individuals with easier access to health care services and allowing providers to care for patients in a safe environment. This expansion has also led to potential abuse concerns, spurring the U.S. Department of Health and Human Services, Office of Inspector General (OIG) to publish a statement on February 26 announcing that the OIG is conducting seven different audits, evaluations, and inspections of telehealth services under the Medicare and Medicaid programs. These seven audits are discussed below.

Telehealth Enforcement Flexibility

On March 17, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) temporarily eased enforcement of certain regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This purported temporary flexibility allowed health care providers to communicate with patients and provide telehealth services through remote communication technologies that would normally not comply with HIPAA rules. Further, the OCR provided flexibility for health care providers to reduce or waive cost sharing amounts for telehealth visits in cases of the Medicare beneficiary’s financial hardship. In addition, the enactment of the Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 (the Act), an $8.3 billion dollar spending bill, lifted Medicare restrictions on telehealth coverage. Prior to the Act, Medicare only covered certain telehealth services, such as providing routine visits to beneficiaries living in rural areas. With the Act in effect, Medicare beneficiaries may receive various services via telehealth such as common office visits, mental health counseling, and preventive health screenings. Additionally, the Act expanded telehealth services to beneficiaries outside of rural areas and removed the requirement that an individual travel to a local medical facility to receive telehealth services from a doctor in a remote location.

These changes – in addition to changes across the delivery of health care – facilitated the unprecedented growth of telehealth services. A recent report by FAIR Health found that telehealth claims rose nearly 3,000 percent in 2020. The Centers for Disease Control and Prevention (CDC) recognized a 154 percent increase in the use of telehealth visits during the last week of March 2020, compared with the same time period in 2019.

OIG Audits

As telehealth is now more widely used, the focus has turned to audits and oversight. The OIG has recognized the need to ensure that the benefits of telehealth are not compromised by fraud, abuse, or misuse. As a result, the OIG is in the process of conducting the following seven audits involving telehealth services:

1. Home health services provided as telehealth during the COVID-19 public health emergency

This audit is focused on evaluating home health services provided by home health agencies (HHAs). This audit will analyze the types of skilled services furnished and determine whether the services were properly administered and billed in accordance with the Medicare requirements.

2. Medicare Part B telehealth services during the COVID-19 public health emergency

This audit will be conducted in two phases. The first will focus on assessing whether services such as evaluation and management, opioid use disorder, psychotherapy, and end-stage renal disease meet Medicare requirements. The second phase includes additional audits of Medicaid Part B telehealth services related to distant/originating site locations, virtual check-in services, electronic visits, remote patient monitoring, use of telehealth technology, and annual wellness visits to determine whether Medicare requirements are met.

3. Home health agencies’ challenges and strategies in responding to the COVID-19 pandemic

OIG will overview the strategies HHAs used when utilizing telehealth to treat patients remotely. This audit will look into addressing staffing shortages, and the effectiveness of the emergency preparedness plans implemented.

4. Medicare telehealth services during the COVID-19 pandemic: program integrity risks

OIG will identify program integrity risks associated with Medicare telehealth services during the pandemic. OIG will analyze providers’ billing patterns for telehealth services, and will describe key characteristics of providers that may pose a program integrity risk.

5. Use of Medicare telehealth services during the COVID-19 pandemic

OIG will examine the use of telehealth services in Medicare Parts B and C during the pandemic. OIG will look at the extent to which telehealth services are being used by Medicare beneficiaries and how the use of these services compares to the use of the same services delivered in-person. OIG will also review the different types of providers and beneficiaries using telehealth services.

6. Medicaid: telehealth expansion during COVID-19 emergency

In this audit, OIG will determine whether or not Medicaid agencies and providers complied with federal and state requirements for telehealth services under the national emergency declaration. OIG will also review whether the states gave providers adequate guidance on telehealth requirements.

7. Use of telehealth to provide behavioral health services in Medicaid managed care.

In this final audit, OIG will analyze how selected state Medicaid programs and managed care organizations use telehealth to provide behavioral health care.

Recommendations for Telehealth Providers

The OIG published a statement on telehealth fraud concerns explaining that the “OIG is conducting significant oversight work assessing telehealth services during the public health emergency.” The OIG’s reports resulting from these seven audits are expected to be published in either late 2021 or 2022. Telehealth providers who have begun or increased billing to Medicare or Medicaid for telehealth services during the COVID-19 pandemic can expect those claims to be subject to OIG review. The audits will also review remote patient monitoring, virtual check-ins, and e-visits. The primary goal of the OIG in conducting these audits is to ensure that “telehealth delivers quality, convenient care for patients and is not compromised by fraud.”

With the rapid growth of telehealth usage by patients and providers, it is important for providers to ensure compliance with evolving regulations of telehealth. The OIG’s work plans highlight the areas of potential increased governmental scrutiny in the coming months. In the interim, telehealth providers can use this information to conduct a “compliance check-up” of telehealth services by evaluating their services, operations, training, compliance program, and billing practices to ensure compliance with federal health care program requirements. An evaluation of billing practices can be done by conducting an internal or external audit of federal health care program claims. When conducting an audit, providers should ensure the file contains sufficient supportive documentation for the codes billed, address if the records meet specific telehealth billing requirements, and consider whether there are potential individual provider issues such as credentialing, enrollment, and licensing concerns. Companies should ensure all telehealth providers receive robust education on proper billing procedures for telehealth services. Finally, telehealth providers may consider reviewing their compliance policies and procedures to ensure their compliance program adequately addresses specific telehealth requirements.