Telehealth regulatory oversight and enforcement trends

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA)

CT magazine (July 2022)

One of the notable impacts of the COVID-19 pandemic on the healthcare industry has been the boom in services provided via telehealth. This boom is in part due to temporary flexibilities applied at both the state and federal levels to ease barriers to the provision of, and reimbursement for, telehealth services, and in part due to increased consumer demand to access services from the convenience of their home (further building on a trend of new digital health platforms offering direct-to-consumer services in recent years). For example, a recent study from the U.S. Department of Health & Human Services (HHS), released in December 2021, showed a 63-fold increase in the portion of Medicare visits conducted via telehealth during the pandemic, from approximately 840,000 in 2019 to 52.7 million in 2020.[1]

In addition to the growth in the delivery of services via telehealth generally, as patients and providers alike have become more familiar with telehealth technology, there is an increased interest from health systems in permitting pre-procedure and post-procedure visits, as well as other follow-up care, across state lines. Where patients would otherwise travel for specialized care, this type of change would allow them to remain home for at least some services received.

Not surprisingly, because there has been substantial expansion of telehealth as a new means to deliver healthcare services, and related substantial increase in payer reimbursement, there has also been a substantial uptick in regulatory oversight and enforcement activity. This heightened scrutiny will likely continue, as telehealth services have become recognized as an important tool in the delivery of healthcare services, particularly as a means to remove barriers and promote access to care.

In recent years, audits and enforcement activities have been underway by federal and state agencies, including the HHS Office of Inspector General (OIG), the U.S. Department of Justice (DOJ), and various state medical boards. The following is a summary of some of these key activities and trends.

OIG audits and enforcement activities

A 2018 OIG report determined that 31% of sampled Centers for Medicare & Medicaid Services claims, analyzed via post-payment data, did not satisfy applicable telehealth services requirements.[2] OIG recommended, among other actions, future post-payment reviews in order to identify disallowable claims, including those that fail to meet the requirement that services be provided to beneficiaries at allowable originating sites. Notably, while the most burdensome Medicare telehealth services requirements, such as geographic restrictions, have been temporarily waived during the COVID-19 pandemic, these restrictions will apply again when the federal public health emergency ends, barring congressional action.

More recently, OIG has announced multiple audits related to telehealth services as part of its Work Plan, many of which are expected to be issued this year, including:

  • “Audit of Home Health Services Provided as Telehealth During the COVID-19 Public Health Emergency,”

  • “Audits of Medicare Part B Telehealth Services During the COVID-19 Public Health Emergency,”

  • “Medicare Telehealth Services During the COVID-19 Pandemic: Program Integrity Risks,”

  • “Use of Medicare Telehealth Services During the COVID-19 Pandemic” (to include review of part B and Part C data and evaluate the extent to which telehealth services are used and how they compare to in-person delivery);

  • “Medicaid—Telehealth Expansion During COVID-19 Emergency,” and

  • “Use of Telehealth to Provide Behavioral Health Services in Medicaid Managed Care.”

The scope of these reports indicates that OIG will be examining the use of telehealth across a broad swath of programs, including Medicare Part B, Medicare Part C (Medicare Advantage), Medicaid, and Medicaid managed care, as well as focusing on home health services and behavioral health services.

DOJ enforcement activities

DOJ has pursued charges in a number of telehealth-related matters in the last several years, particularly in cases involving kickbacks from orders of medically unnecessary testing or durable medical equipment (DME) ordered via telehealth. These efforts have included large-scale actions in recent months, such as a $1.1 billion fraud case involving 138 defendants,[3] and a $67 million matter alleging 10 Florida residents paid kickbacks and bribes in exchange for doctors’ orders of tests and DME.[4] The DOJ’s work in this area preceded the pandemic, with the department investigating major fraud and abuse violations in 2018 ($1 billion in false claims for improperly solicited pain creams)[5] and 2019 ($1.2 billion in false claims involving DME companies and clinicians providing telehealth services).[6]

It is important to recognize that the conduct under scrutiny in these enforcement actions is not novel. Historically, it has been a subject of significant scrutiny in fraud and abuse enforcement—all that has changed is that the conduct at issue is effectuated via telehealth. These enforcement actions do not show inherent risk in use of telehealth to deliver legitimate, medically necessary services. This distinction is often referred to as “telefraud” versus “telehealth.” Nevertheless, these types of enforcement actions can (and do) create a negative perception of telehealth in the eyes of some and may invite additional scrutiny of other services provided via telehealth in the coming years.

State medical boards

Because professional boards operate independently in each state, often with separate boards for doctors of osteopathy; doctors of medicine; and other providers, including social workers, nurses, and occupational therapists, it is challenging to track enforcement actions related to violations of state licensure or scope of practice requirements initiated by state medical boards. Media coverage sheds light on some of these actions (e.g., a Florida physician who had treated patients in Connecticut via telehealth throughout 2018 without the proper license was recently fined),[7] but not in a statistically meaningful way.

Because state professional board actions are largely responses to complaints filed against individual clinicians for substandard practices, patterns can be difficult to identify. However, there is no question that state boards are more attuned to the provision of services via telehealth within their jurisdictions than they were before the pandemic—a reality that invites further scrutiny of telehealth services in the months and years ahead.

What’s next?

As rumblings of a potential end to the federal public health emergency continue, several key components of the American telehealth landscape remain somewhat in the balance. State level licensure waivers that have facilitated the provision of care across state lines throughout the pandemic are gradually receding, but the true “elephants in the room” reside at the federal level. Legislation is currently circulating in Washington that would extend the waiver of the Ryan Haight Act provisions of the Controlled Substances Act (i.e., the currently waived authority that normally requires a prior in-person examination before controlled substances are prescribed via telehealth except where certain narrow and limited exceptions are satisfied)—a development that would serve as a lifeline for telehealth platforms that have established workflows involving prescribing controlled substances via telehealth, in reliance upon pandemic-specific waivers of federal law, notwithstanding state laws that may also prohibit such workflows.[8] More broadly, Congress would need to act to prevent Medicare’s most onerous telehealth requirements, including originating-site and rural-area restrictions, from returning after the pandemic is over.

Compliance tips

The heightened attention of federal and state authorities to services delivered via telehealth, combined with the ever-changing federal and state requirements regarding the use of telehealth, has created an environment of potentially material risk for the unwary. At the same time, telehealth has become a well-recognized and useful tool in trying to reduce barriers to healthcare, with lower cost and high-quality patient care, not to mention an expectation of many patients, and one that is likely poised to further expand its role as a component of healthcare delivery.

One of the most significant steps to take to help mitigate risk in this environment is to closely monitor regulatory developments at the federal and state levels. Beyond tracking developments from the Centers for Medicare & Medicaid Services and in an organization’s home state, if an organization’s practitioners seek to provide services to patients across state lines, which has been the trend, setting up a process to identify changes in applicable requirements across each state where patients are located when receiving care is a useful and important endeavor. States vary with respect to licensure requirements and exceptions for clinicians providing services across state lines, as well as with respect to other scope-of-practice requirements. In addition, an issue can arise if an organization operates in a state that does not have a prohibition on the corporate practice of medicine and decides to expand its telehealth service offerings into neighboring states with a more restrictive position on the corporate practice of medicine.

Developing and adopting clear policies and procedures regarding the use of telehealth and educating practitioners on those policies and any relevant regulatory requirements can also help mitigate risk. Particularly if providing services via telehealth is a newer endeavor for an organization or is being rolled out in a broader fashion than historically used, proactive education of practitioners and monitoring of the service line can help identify and address any potential issues early in the process.


  • Telehealth expansion during the pandemic has led to additional scrutiny.

  • Federal and state authorities are monitoring trends and risk areas.

  • Telehealth regulatory requirements are in flux and should be tracked.

  • Barring congressional action, many flexibilities currently relied on will end with the public health emergency.

  • Adopting clear telehealth policies and educating practitioners help mitigate risks.

1 U.S. Department of Health & Human Services, “New HHS Study Shows 63-Fold Increase in Medicare Telehealth Utilization During the Pandemic,” news release, December 3, 2021,
2 Gloria L. Jarmon, CMS Paid Practitioners for Telehealth Services That Did Not Meet Medicare Requirements, A-05-16-00058, Office of Inspector General, U.S. Department of Health & Human Services, April 2018,
3 U.S. Department of Justice, “National Health Care Fraud Enforcement Action Results in Charges Involving over $1.4 Billion in Alleged Losses,” news release, September 17, 2021,
4 U.S. Department of Justice, “Ten Florida Residents Indicted for $67 Million Health Care Fraud, Wire Fraud, Kickback, and Money Laundering Scheme,” news release, February 25, 2022,
5 U.S. Department of Justice, U.S. Attorney’s Office for the Eastern District of Tennessee, “Four Men and Seven Companies Indicted for Billion-Dollar Telemedicine Fraud Conspiracy, Telemedicine Company and CEO Plead Guilty in Two Fraud Schemes,” news release, October 15, 2018,
6 U.S. Department of Justice, “Federal Indictments & Law Enforcement Actions in One of the Largest Health Care Fraud Schemes Involving Telemedicine and Durable Medical Equipment Marketing Executives Results in Charges Against 24 Individuals Responsible for Over $1.2 Billion in Losses,” news release, April 9, 2019,
7 Lisa Backus, “CT medical board fines two doctors $5,000,” New Haven Register, May 18, 2021,
8 Telehealth Extension and Evaluation Act, S. 3593, 117th Cong. (2022).

[View source.]

Written by:

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.