On July 20, 2022, the Office of Inspector General for the Department of Health and Human Services (“OIG”) issued a special fraud alert (“Alert”) advising “practitioners to exercise caution when entering into arrangements with purported telemedicine companies.” The Alert is only one of four such “special fraud alerts” that the OIG has issued in the past decade and it illustrates the importance of OIG’s statements.

OIG Flags Seven Characteristics of Telehealth Fraud

In the Alert, OIG cautions that certain companies that purport to provide telehealth, telemedicine, or telemarketing services (collectively, “Telemedicine Companies”) have carried out fraudulent schemes by: (i) aggressively recruiting physicians and non-physician practitioners (collectively, “Providers”) and (ii) paying kickbacks to such Providers in exchange for the ordering of unnecessary items or services, including durable medical equipment, genetic testing, and other prescription items. According to OIG, the fraudulent schemes have varied in design and operation and involved a variety of individuals, Providers, and health care vendors, including call centers, staffing companies, and marketers.

The Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), recently issued new regulatory guidance relating to covered entities’ HIPAA-compliant use of remote communication technologies for audio-only telehealth services. This guidance is a direct response to a December 2021 Executive Order that tasked HHS with developing HIPAA guidance for telehealth services, with the stated goals of improving “patient experience and convenience” as the COVID-19 public health emergency subsides. HHS has issued this guidance in anticipation of the national public health emergency ending, at which time OCR’s Telehealth Notification loses effect.

The new HIPAA guidance affects covered entities in four key ways.

The onset of the COVID-19 public health emergency (“PHE”) led to a surge in the use of telehealth by health care providers. In addition, the PHE fueled a boom in the number of direct-to-consumer (“DTC”) telehealth platforms, many of which have relied upon COVID-19 regulatory waivers to launch and operate in multiple states across the nation. For the reasons discussed below, DTC telehealth platforms should re-visit their compliance plans and be prepared for increased state and federal regulatory scrutiny.

As discussed in a prior blog post, in May of this year, the Department of Justice (DOJ), through its Fraud Section and in conjunction with the Center for Program Integrity, Centers for Medicare & Medicaid Services (CPI/CMS), began prosecuting defendants who were alleged to have perpetrated a variety of COVID-19-related scams on federal healthcare programs.  On September 17, 2021, the DOJ’s Health Care Fraud Unit, in coordination with its Health Care Fraud and Appalachian Regional Prescription Opioid Strike Force, the Department of Health and Human Services Office of Inspector General (HHS-OIG), the Federal Bureau of Investigation (FBI) and the Drug Enforcement Agency (DEA), announced a new wave of enforcement actions against 138 individuals, including 42 licensed medical professionals, alleged to have participated in health care schemes that resulted in $1.4 billion in alleged losses.

Many forces have been driving the growth of telehealth over the past decade, including value-based reimbursement models, population health management trends, and technology advancements. As we have discussed in previous blog posts, the COVID-19 pandemic was the jet fuel that propelled telemedicine utilization into the stratosphere. This growth was, in large part, due to the necessity of limiting in-person contact to avoid widespread COVID-19 transmission. In fact, as COVID-19 began to spread across the United States, the Centers for Disease Control and Prevention (“CDC”) advised health care providers to offer care via telemedicine technologies wherever appropriate. However, not all of this growth in the telehealth space can be attributed to the necessity of social distancing during the pandemic; even as transmission of COVID-19 has slowed in many areas, providers continue to offer telehealth for patient care, and patients continue to utilize it.

As discussed in a prior blog post, effective June 25, 2021, New York Governor Andrew Cuomo issued Executive Order 210, which officially declared the end of the New York State of Emergency caused by the COVID-19 pandemic. As a result, the New York emergency telehealth waivers have expired.  These telehealth waivers had previously allowed many digital health companies and health systems to utilize certain flexibilities related to the methods of allowable telehealth technologies and the use of out-of-state providers to expand services and to cover understaffed departments.

In response to the Governor’s announcement, the New York State Department of Health (“NYS DOH”) issued guidance extending the expansion for the ability of all Medicaid providers in all situations to use a wide variety of communication methods to deliver services remotely during the remainder of the federally-declared COVID-19 Public Health Emergency (“PHE”). Note that this guidance does not impact or provide additional flexibilities to non-Medicaid providers and, as discussed in our prior blog post, the New York State Education Department has only commented stating that given the expiration of the New York COVID-19 waivers, “professionals should exercise due diligence and good faith efforts to return to compliance with all Title VIII statutory and regulatory requirements without delay.”

On June 24, 2021, New York Governor Andrew Cuomo issued Executive Order 210, which officially declared the end of the New York State of Emergency caused by the COVID-19 pandemic effective June 25, 2021. The issuance of the Executive Order marked an important milestone for life post-pandemic and a welcome result for small businesses barely treading water trying to comply with the COVID-19 restrictions. However, the abruptness of the announcement, the limited carve-outs for health care professionals and the organizations that employ or contract with them, and the lack of permanent alternative solutions will create a tumultuous few weeks for those parties.

The early days of the COVID-19 pandemic saw an unprecedented coming together of the health care industry to treat communities beset by a deadly virus that strained provider resources across the country.  But just as normalcy returns, enforcement arms of the federal government have announced action against bad actors who took advantage of the COVID-19 pandemic to implement fraudulent schemes designed to specifically exploit the pandemic.

In separate actions on May 26, 2021, the Fraud Section of the Department of Justice (DOJ) and Center for Program Integrity, Centers for Medicare & Medicaid Services (CPI/CMS) announced cases against multiple defendants who perpetrated a variety of COVID-19-related scams on federal healthcare programs.  The DOJ charged 14 defendants who are alleged to have defrauded the government of over $143 million in false billings in the aggregate, while the CPI/CMS began administrative proceedings against more than 50 providers who took advantage of CMS programs meant to increase care access during the pandemic.

Among the numerous consequences of the Covid-19 Pandemic is a well-documented emphasis on the home.  Work at home.  Exercise at home.  See your doctor or other health provider at home.  Home-based health care beyond the traditional nursing care is yet another change wrought by the pandemic that will not likely be eliminated as we come to define the new normal.

The COVID-19 pandemic has seen a wave of telehealth policy changes across the nation at both federal and state levels. Such changes have expanded access to health care and addressed underutilization in chronic disease management while minimizing the risk of exposure for individuals seeking care. One such policy change in particular has received widespread attention and support from industry stakeholders and lawmakers alike: expansion of telehealth to include audio-only telephonic communications. However, the longevity of telehealth’s expansion to audio-only services remains uncertain as states and the federal government each pursue revisions to pandemic-era policies and flexibilities.