November 26, 2022

Volume XII, Number 330


November 23, 2022

Subscribe to Latest Legal News and Analysis

OIG Medicare Telehealth Data Brief Demonstrates Continued Focus on Data Analytics in Program Integrity Efforts

On September 2, 2022, the US Department of Health and Human Services (HHS) Office of the Inspector General (OIG) released a data brief analyzing telehealth services covered by Medicare and related program integrity risks. OIG sought to evaluate the impact that the regulatory flexibilities implemented during COVID-19, and corresponding hikes in utilization rates for telehealth services by Medicare beneficiaries, had on program integrity. OIG found that of the 742,000 providers evaluated, 1,714 had “concerning billing” on at least one of the seven measures that OIG considers to be potential indicators of fraud, waste and abuse. The data brief is OIG’s latest effort to use data analytics to identify program integrity concerns and includes specific proposals to improve data quality to aid in program integrity efforts.


Seven OIG Program Integrity Measures

OIG identified seven measures that it views as posing high risk for fraud, waste and abuse. These measures were developed in collaboration with OIG investigators. Such integrity measures are related to, but different from, the seven measures OIG identified in a special fraud alert released in July 2022 with respect to provider arrangements with telehealth companies. The seven measures identified in the data brief are as follows:

  • Billing for both a telehealth service and a facility fee for most visits (672 providers identified)

  • Always billing telehealth services at the highest, most expensive level (365 providers identified)

  • Billing telehealth services for more than 300 days of the year (328 providers identified)

  • Billing both Medicare fee-for-service and a Medicare Advantage plan for the same service for a high proportion of services (138 providers identified)

  • Billing more than two hours of telehealth services per visit (86 providers identified)

  • Billing telehealth services for at least 2,000 beneficiaries in a year (76 providers identified)

  • Billing for a telehealth service and ordering medical equipment for at least half of beneficiaries (67 providers identified).

OIG’s data analysis found that 1,696 of the providers with concerning billing practices were identified as having one of the seven measures present in their billing practices, while 18 had two measures present. OIG noted that the presence of any of the measures in a provider’s billing may indicate that the provider is billing for services that are not medically necessary or were never actually provided to the patient. OIG also expressed quality of care concerns for such providers. Of the providers identified as having billing practices that may present high risk of fraud, waste and abuse, more than half (991) were part of a medical practice where at least one other provider was likewise identified as high risk. OIG noted that this may indicate that certain practices encourage problematic billing practices among their providers. Of the providers that had concerning billing practices, OIG specifically identified 41 as being associated with telehealth companies.

OIG Program Integrity Recommendations

Based on its findings, OIG recommended five steps that the Centers for Medicare & Medicaid Services (CMS) should take to guard against fraud, waste and abuse in the Medicare program related to telehealth services. OIG recommended that CMS take the following actions:

  • Strengthen monitoring and targeted oversight of telehealth services

  • Provide additional education to providers on appropriate billing for telehealth services

  • Improve the transparency of “incident to” services when clinical staff primarily delivered the telehealth service

  • Identify companies that bill Medicare

  • Follow up on the providers identified in the OIG data brief.

In its response to the draft data brief, CMS explicitly concurred with the OIG’s recommendation to follow up with providers specifically identified in the data brief, but did not commit to implementing the remaining recommendations. Two of these recommendations include specific action items to change or modify claims or enrollment materials to better identify telehealth service providers.

Concerns Raised Regarding “Incident-to” Billing

While OIG noted certain challenges in analyzing the data available to it from an oversight perspective, OIG called particular attention to the challenge that incident-to billing presents for such enforcement efforts. According to OIG, incident-to billing presents a challenge because it allows services provided by clinical staff that are directly supervised by a different physician to be billed under the supervising physician’s identification number. Therefore, it is more difficult for OIG to determine who performed services billed on an incident-to basis. OIG further cited previous work that uncovered other concerns with incident-to billing, namely that certain incident-to services were being provided in-person by providers that did not possess the proper licenses, certification, credentials or training necessary to provide such services.

To remedy this challenge, OIG recommended that CMS create and require the use of a modifier to indicate incident-to telehealth services performed by clinical staff under the supervision of the billing physician. OIG also recommended that CMS create a pathway to report the identification numbers of the clinical staff that perform the incident-to services. OIG recommended that CMS work with the designated standards development organization and National Uniform Claim Committee to implement this change on the claims form.

In its response to OIG dated July 29, 2022, CMS acknowledged that increasing the transparency of incident-to services may aid in program integrity efforts but noted that the ability to change the required form lies outside of CMS’s power. CMS noted that the claims form is the responsibility of the designated standards maintenance organization and changing the form could be a “significant undertaking and require extensive system changes that impact the entire health system.” CMS also questioned whether a new modifier would be sufficient to address OIG’s concerns without a simultaneous change to the claims form that would identify the individual that primarily delivered the telehealth service.

Identification of Telehealth Companies

OIG also expressed a desire to identify telehealth companies that are providing services. OIG noted that currently there is no systemic way to identify telehealth companies in Medicare data. OIG recommended that CMS update the Medicare enrollment application, including the CMS-855B, to identify telehealth companies that enroll in the Medicare program. OIG alternatively suggested that a new taxonomy code be created for telehealth companies in collaboration with the National Uniform Claim Committee.

CMS’s response to this suggestion stated that the risk specifically associated with telehealth companies is “unclear.” CMS stated that it would review the providers identified by the data brief as potentially posing a high risk against telehealth providers already identified by CMS. CMS would then determine whether additional information is necessary to identify telehealth companies, and would evaluate the feasibility of updating the Medicare provider application or taxonomy codes at that point.

Key Takeaways

  • The data brief is the latest OIG effort demonstrating OIG’s use of data analytics to determine which providers are billing outside of OIG-expected standards, and could be translated into further enforcement action.

  • Providers should continue to ensure that telehealth services are properly billed in accordance with applicable billing policies.

  • As the COVID-19 public health emergency continues to evolve, providers should be aware of flexibilities that may be modified or cease to exist, and should update their billing practices accordingly.

  • OIG, CMS and other agencies may explore ways to improve the data already available to them, which may further enhance enforcement agencies’ ability to target and refine program integrity efforts.

© 2022 McDermott Will & EmeryNational Law Review, Volume XII, Number 280

About this Author

Dexter Golinghorst Health Law Attorney McDermott Law Firm Chicago

Dexter Golinghorst focuses his practice on health law matters, providing regulatory and operational advice to traditional healthcare providers, industry innovators and other healthcare and life sciences clients. Dexter also assists in transactional matters, performing due diligence, drafting and reviewing agreements and providing counsel on compliance matters for mergers, acquisitions, joint ventures and other strategic transactions.

Prior to joining McDermott Will & Emery, Dexter served as a legal extern for a leading academic medical...

Tony Maida Health Care Attorney McDermott WIll Law Firm

Tony Maida is a partner in the law firm of McDermott Will & Emery LLP and is based in the Firm’s New York office.  Tony has extensive experience in health care fraud and abuse and compliance issues, including the federal Anti-Kickback and Physician Self-Referral/Stark laws, false claims and overpayments, and government investigations.    He works closely with our health and white collar teams on criminal, civil, and administrative investigations and counseling clients on corporate transactions and compliance programs.

Tony previously served...

1 212 547 5492

James A. Cannatti III* practices at the intersection of today's most pertinent health care issues, including digital health, health IT policy, and fraud and abuse, including Anti-Kickback Statute/Stark Law matters. With more than 10 years of experience in the US Department of Health & Human Services’ (HHS) Office of Inspector General (OIG), most recently as Senior Counselor for Health Information Technology, James is well-attuned to the regulatory issues impacting the rapidly evolving digital health landscape, including:

  • Information...