Telehealth enforcement: Is it the next big thing?

With the start of the Biden administration and a U.S. Department of Justice (DOJ) led by Merrick Garland, predictions about future trends in government enforcement emerge:  First, the focus will shift to more white-collar crime enforcement actions. And second, the health care industry will continue to be a major focus for investigators and prosecutors.

We agree with both predictions. While the effect of administration changes on prosecutions and DOJ priorities is often overstated, Trump’s DOJ, even compared to recent Republican-led Justice Departments, was particularly focused on violent, drug, and immigration crimes, which necessarily diverted resources away from white-collar investigations. A swing back to a more muscular approach to white-collar and corporate fraud seems almost certain, particularly given the change in party in the administration.

On the second point, there is also little debate. As health care spending occupies an ever-larger portion of the federal budget and the economy overall, it will remain the target of enforcers. And in actions under the False Claims Act — the chief civil enforcement tool of DOJ — health care has dominated as a percentage of overall recoveries for many years running with no sign of stopping.

But if we drill down a little deeper beyond those general trends, it is instructive to ask what specific areas, particular issues, or sub-industries are likely to get government attention. No one knows for sure, but here’s one good bet — telehealth fraud and abuse.

Telehealth is not new, but with COVID-19, it saw unprecedented growth in 2020. With wider acceptance, both by patients and payors, telehealth is poised to grow even more in the coming years.

Just as telehealth is not new, fraud-and-abuse issues involving telehealth aren’t either. The Department of Health and Human Services (HHS) has issued several advisory opinions related to telemedicine arrangements as far back as 1998. (See, e.g. HHS-OIG Advisory Op. 98-18 (Nov. 25, 1998).

More recently, DOJ and HHS have conducted well-publicized, coordinated operations targeting so-called telemedicine fraud. Most such operations have targeted billing schemes involving kickbacks or medically unnecessary durable medical equipment (DME), compounded medications, and cancer genomic (CGx) testing.

These include “Operation Brace Yourself” (see, “Billion-Dollar Medicare Fraud Bust,” FBI.gov (Apr. 9, 2019)), “Operation Double Helix” (see, “Federal Law Enforcement Action Involving Fraudulent Genetic Testing Results in Charges against 36 Individuals Responsible for Over $2.1 Billion in Losses” (September 2019)), and national health care “takedown” (see, HHS-OIG 2020 National Health Care Fraud Takedown (November 2020)), all of which generated scores of “telemedicine fraud” cases now working through the courts.

While the schemes vary, most share several common attributes:

• First, individuals or entities obtain beneficiary contact and demographic information. In larger schemes, this can involve foreign call centers, traditional telemarketers, television advertisements to induce potential customers, and even in-person solicitations at health fairs and other public events.
• Second, a health care professional — usually a doctor or nurse practitioner — must provide the necessary documentation to support a claim for the given good or service billed. This is where the “telemedicine” facet arises, though sometimes in name only. In some cases, the doctor is simply signing an order for the product in return for being paid a small consultation fee. In others, there is some level of patient-doctor communication, though usually not sufficient to establish a doctor-patient relationship or otherwise meet the required elements of a telemedicine encounter under CMS rules.
• Third, an entity, for example the DME company, must package the beneficiary information with the doctors’ orders together to submit the claim for reimbursement, which then generates the (often lucrative) payment. Within each layer of the operation, there is potential for a kickback to be given or received from, for example, DME company to marketer, marketer to telemedicine company, telemedicine company to doctor, etc.

These cases have ensnared businesspersons and physicians alike, and many schemes are little more than fraudulent enterprises with only a thin veneer of telemedicine to cover what is really just another variant of a billing scam.

Physicians can be recruited and often misled about the propriety of their so-called telemedicine consultation. Mistakenly relying on others’ assurances, wrongly believing that they are separated from billing issues because they are just “consulting,” or engaging in willful blindness, doctors can often find themselves charged in massive fraud cases — and facing severe jail terms and restitution.

There have been dozens of doctors charged across the country. In one of the most recent sentencing, a New Jersey physician was sentenced to 33 months in prison related to a telemedicine case involving compounded medications.

These early cases involving telehealth share common attributes to other earlier versions of health care fraud. They are often fairly egregious and not nuanced; they exploit a new technology, compliance gap, or billing issue; and they capture headlines due to high losses or startling details.

But over the longer term, the real issues in telehealth enforcement are not likely to involve such clear criminality. While there will always be scams — just as there always are egregious “upcoding” or “phantom patient” cases — the next wave of telehealth enforcement is likely to involve more gray area and more sophisticated theories.

What will that look like specifically? Here are a few likely trends:

• In the short term, telehealth enforcement is likely to overlap with the enforcement of COVID-19-related relief programs, as the two areas may be factually intertwined.
• Federal, state, and professional authorities have rapidly (and in most cases, temporarily) changed or suspended the rules related to telehealth and telemedicine reimbursement. The uncertain, fast-changing environment will lead to greater compliance mistakes and government scrutiny.
• Reflecting the above, expect more investigations to be premised on the actual reimbursement rules for telehealth specifically, rather than on broader criminal conduct;
• Regulatory and civil enforcement — not just criminal prosecution — will occur. The civil False Claims Act is likely to move even more to the forefront in combatting alleged misconduct. With their lower standards of proof, many civil and regulatory provisions will capture conduct that might not rise to a crime.
• As telehealth becomes less of a specialty and more of just another means of health care delivery, telehealth practitioners and companies will face all the compliance landmines associated with their substantive area of practice.
• The technological advances that allow telehealth to increase the volume of billable events and generally improve efficiency in health care delivery will concurrently increase the enforcement security.
• Most telehealth fraud-and-abuse actions are currently based on kickback and medical-necessity theories. While those are unlikely to go away entirely, expect to see other theories involving violations of HIPAA, data-privacy laws, and state fee-splitting and corporate practice of medicine laws.
• Issues closely related to telehealth or, more broadly, technology will garner regulators’ attention. For example, investigations based on misconduct related to electronic health records and federal programs designed to encourage EHR will continue, as will the focus on telemedicine-prone areas such as DME sales and laboratory testing of all types.

Telehealth is an exciting and growing area. But just as it has captured the attention of patients, clinicians, and investors, so too has it captured the eye of regulators and enforcers.

The compliance landscape becomes even more difficult to navigate with changing rules due to COVID-19 and multiple sources of authority such as licensure rules, individual state laws, federal, state, and commercial reimbursement rules, and general fraud-and-abuse statutes.

While time will determine the exact shape of telehealth enforcement, health care professionals and their business counterparts in this new field should proceed with caution and with the help of qualified counsel. With government enforcement and white-collar matters, just as with medicine, an ounce of prevention is often worth a pound of cure.

Ty E. Howard (Dallas and Nashville), Scarlett S. Nokes (Nashville), Jason P. Mehta (Tampa) and Gene R. Besen (Dallas) are partners in the Government Enforcement and Investigations Practice Group of Bradley Arant Boult Cummings LLP. They represent clients in a range of matters related to government investigations, white-collar criminal defense, regulatory and compliance issues, civil litigation, and enforcement actions.

This article appeared in Business Crimes Bulletin, an ALM/Law Journal Newsletters publication that features the news and analysis you need to stay on top of the fast-changing, multi-faceted world of financial and white-collar crime.