CMS Intensifies Fraud Prevention Efforts Targeting Telehealth Billing and Upcoding

Overview of CMS's Enhanced Fraud Prevention Strategy

The Centers for Medicare & Medicaid Services (CMS) has significantly ramped up its efforts to combat fraud, waste, and abuse within federal healthcare programs, with a particular emphasis on telehealth services and inappropriate billing practices, including upcoding. This intensified focus reflects the rapid expansion of telehealth during and after the COVID-19 Public Health Emergency (PHE) and the corresponding increase in opportunities for fraudulent billing.

CMS, in collaboration with the Department of Justice (DOJ) and the Department of Health and Human Services Office of Inspector General (HHS-OIG), employs a multi-pronged approach to identify and prevent fraud. This includes advanced data analytics, provider enrollment screening, post-payment review, and proactive enforcement actions. The agency's commitment to program integrity is outlined in various public statements and reports, emphasizing the protection of taxpayer dollars and the integrity of the Medicare and Medicaid programs. The expansion of telehealth, while beneficial for patient access, has also introduced new vulnerabilities that fraudsters may exploit, prompting CMS to adapt its oversight mechanisms.

The Rise of Telehealth and Associated Fraud Risks

During the COVID-19 PHE, CMS rapidly expanded coverage for telehealth services to ensure continued access to care. This expansion led to an unprecedented increase in telehealth utilization. While overwhelmingly positive, this growth also presented new challenges for program integrity. CMS identified several areas of concern, including:

• Billing for services not rendered: Providers billing for telehealth visits that never occurred.
• Lack of medical necessity: Billing for telehealth services that were not medically necessary or appropriate for the patient's condition.
• Identity theft: Using beneficiary information to bill for fraudulent telehealth services.
• Upcoding: Billing for a more complex or higher-paying service than was actually provided or medically justified during a telehealth encounter.
• Kickbacks and illegal inducements: Schemes involving payments for referrals to telehealth providers or for ordering unnecessary durable medical equipment (DME), genetic testing, or prescriptions facilitated by telehealth.

CMS has explicitly stated its commitment to monitoring telehealth billing patterns for anomalies and potential fraud. This includes analyzing claims data for unusual spikes in certain service codes, billing for telehealth services from inappropriate locations, or patterns of high-volume billing for complex telehealth services without corresponding medical necessity documentation.

Understanding Upcoding in the Context of Telehealth

Upcoding is a specific type of healthcare fraud where a provider submits a claim for a higher-paying service or procedure than the one actually performed. In the context of telehealth, this could manifest in several ways:

• Billing for a higher-level Evaluation and Management (E/M) service: For instance, a provider might bill for a Level 4 or Level 5 E/M visit when the documentation only supports a Level 2 or Level 3 visit. This often involves exaggerating the complexity of the patient's condition or the time spent on the encounter.
• Misrepresenting the type of service: Billing for an interactive audio-visual telehealth visit when only an audio-only communication took place, which typically has a lower reimbursement rate.
• Billing for services not covered: Attempting to bill for non-covered services by misrepresenting them as covered services.

CMS utilizes sophisticated data analytics to detect patterns indicative of upcoding. This includes comparing a provider's billing patterns to their peers, analyzing the frequency of high-level E/M codes, and cross-referencing claims with patient medical records during audits. The agency's program integrity contractors, such as Medicare Administrative Contractors (MACs) and Unified Program Integrity Contractors (UPICs), play a crucial role in conducting these reviews and audits.

Key CMS Actions and Enforcement Trends

CMS's fraud prevention strategy is dynamic and responsive to emerging threats. Recent actions and trends underscore its commitment:

1. Enhanced Data Analytics: CMS continues to invest in advanced analytics tools to identify aberrant billing patterns, particularly for telehealth services. These tools can flag providers with unusually high billing for specific telehealth codes or those with a high frequency of high-level E/M codes.
2. Provider Enrollment Screening: CMS maintains stringent screening requirements for providers enrolling in Medicare and Medicaid. This includes background checks, site visits, and verification of credentials to prevent fraudulent entities from entering the programs. For telehealth providers, this may involve verifying the legitimacy of their practice locations and licensure across states.
3. Post-Payment Review and Audits: CMS contractors conduct extensive post-payment reviews and audits of claims, including those for telehealth services. These audits often involve requesting medical records to verify the medical necessity and accuracy of billed services. Providers must ensure their documentation clearly supports the services rendered and billed.
4. Collaboration with Law Enforcement: CMS works closely with the DOJ and HHS-OIG on criminal and civil enforcement actions against individuals and entities engaged in healthcare fraud. This collaboration has led to numerous indictments and convictions related to telehealth fraud schemes, often involving kickbacks, medically unnecessary services, and false claims.
5. Targeted Initiatives: CMS has launched specific initiatives to address telehealth fraud. For example, the Medicare Fraud Strike Force operations have frequently included cases involving telehealth fraud, highlighting the agency's focus on this area. These initiatives often target schemes involving durable medical equipment, genetic testing, and prescription drugs facilitated by fraudulent telehealth encounters.

Providers found to be engaged in fraudulent activities, including upcoding, can face severe penalties under the False Claims Act, which includes treble damages and significant civil monetary penalties per false claim. Additionally, providers may face exclusion from federal healthcare programs, loss of licensure, and criminal prosecution.

Regulatory Framework and Sources

The authority for CMS's fraud prevention activities stems from various federal statutes, including:

• Social Security Act: The foundational law governing Medicare and Medicaid, which includes provisions for program integrity.
• False Claims Act (31 U.S.C. § 3729 et seq.): Provides the federal government with tools to recover funds lost to fraud.
• Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)): Prohibits offering, paying, soliciting, or receiving remuneration to induce referrals for services payable by federal healthcare programs.
• Physician Self-Referral Law (Stark Law) (42 U.S.C. § 1395nn): Prohibits physicians from referring Medicare or Medicaid patients to entities for certain designated health services if the physician (or an immediate family member) has a financial relationship with that entity.

CMS communicates its policies and enforcement priorities through official publications, such as the Medicare Program Integrity Manual, Transmittals, and official press releases from HHS-OIG and the DOJ.

Official Sources:

• CMS Program Integrity Information: Provides an overview of CMS's efforts to fight fraud, waste, and abuse. https://www.cms.gov/Medicare/Fraud-and-Abuse/FraudAbuse
• HHS-OIG Telehealth Fraud Alerts: The OIG frequently issues alerts and reports related to telehealth fraud schemes. https://oig.hhs.gov/newsroom/news-releases/ (Search for telehealth-related releases)
• DOJ Press Releases on Healthcare Fraud: The Department of Justice regularly announces enforcement actions against healthcare fraud, many of which now involve telehealth. https://www.justice.gov/opa/pr/healthcare-fraud-enforcement

Conclusion

CMS's intensified focus on fraud prevention, particularly concerning telehealth billing and upcoding, signals a critical period for all healthcare providers. The expansion of telehealth has brought immense benefits but also increased scrutiny on billing accuracy and medical necessity. Providers must prioritize robust compliance programs, meticulous documentation, and continuous staff training to navigate this evolving regulatory landscape successfully and avoid severe penalties. Proactive measures are essential to ensure adherence to federal healthcare program requirements and to maintain program integrity.