HHS-OIG’s Release of Telehealth Toolkit Underscores Government Expectations for Internal Reviews of Telehealth Billing

Updated on June 9, 2023

By Jaime Jones, Brenna Jenny, and Francesca Ozinal

The U.S. Department of Health and Human Services Office of Inspector General (“HHS-OIG”) recently released a toolkit offering “methods to analyze telehealth claims to identify program integrity risks.”  The toolkit builds on HHS-OIG’s September 2022 report analyzing program integrity risks arising from the spike in telehealth services furnished to Medicare beneficiaries during the COVID-19 pandemic.  HHS-OIG very rarely develops compliance toolkits for industry—only five are currently available—and its decision to do so for telehealth reinforces that oversight of telehealth billing is a law enforcement priority.  Although HHS-OIG asserted that it developed the toolkit to help federal government partners such as Medicare Advantage plan sponsors, private health plans, and State Medicaid Fraud Control Units identify problematic telehealth claims within their own data, healthcare providers can preemptively identify and address any issues by using the toolkit as a roadmap for their own internal reviews.

HHS-OIG prefaced its toolkit by acknowledging that the dramatic increase in telehealth usage during the pandemic has generated concerns about fraud, waste, and abuse.  In the September 2022 telehealth report, which is only one of multiple telehealth-focused reports HHS-OIG has published or is working on, HHS-OIG identified extreme outliers on seven telehealth billing metrics: 

1. Billing both a telehealth service and a facility fee for most visits;

2. Billing telehealth services at the highest, most expensive, level every time;

3. Billing telehealth services for a high number of days in a year;

4. Billing both Medicare fee-for-service and a Medicare Advantage plan for the same service for a high proportion of services;

5. Billing a high average number of hours of telehealth services per visit;

6. Billing telehealth services for a high number of beneficiaries; and

7. Billing for a telehealth service and ordering medical equipment for a high proportion of beneficiaries.

HHS-OIG acknowledged in this 2022 report that the set of 1,714 outliers it identified “does not capture all concerning billing related to telehealth services that may be occurring in Medicare.”  The toolkit builds on this report by providing specific recommendations for how stakeholders can analyze their data to identify outliers—and not just the most extreme ones—on each of the seven billing metrics.    

First, HHS-OIG provided a five-step framework for stakeholders: 

  1. Review relevant payment and coverage rules
  2. Collect all telehealth claims data (and stakeholders may wish to include, as HHS-OIG did, claims for virtual care such as e-visits and remote patient monitoring) 
  3. Test the completeness and accuracy of the data
  4. Analyze data to identify potentially concerning telehealth billing
  5. Interpret the results of the analysis to identify program integrity risks associated with telehealth 

The toolkit focuses on the latter two steps, i.e., how stakeholders can analyze and interpret their data to identify providers who pose risk.  Data we obtained from HHS-OIG under the Freedom of Information Act (“FOIA”) relating to the results of the September 2022 audit offer additional insights for identifying outliers that could warrant further review.  

For example, with respect to the measure that identifies providers who were outliers on their frequency of billing telehealth services at the highest, most expensive, level, the toolkit recommends first identifying “service categories that can be billed at different levels depending on the complexity of the patient’s condition or the duration required to diagnose and treat a patient” and then determining the percentage of each provider’s services that were billed at the highest level.  Although the September 2022 report only flagged as outliers those physicians who billed telehealth services at the most intensive level 100% of the time, the toolkit understandably characterizes this as a “conservative threshold.”  HHS-OIG suggests that if stakeholders want “to identify potential risks and establish safeguards,” they “may want to set a lower threshold.”  

Elsewhere in the toolkit, HHS-OIG observes that the Tukey method is a popular statistical test for identifying outliers.  Applying the Tukey method of identifying outliers to the more granular data we obtained through FOIA indicates that healthcare providers who billed for the most intensive level of telehealth services more than 13% of the time for home visits may be considered outliers.  However, important differences exist with respect to the intensity of telehealth services furnished in different sites of care, as healthcare providers in the physician office setting who billed the most intensive level of telehealth services more than 8% of the time may be considered outliers.  

For the measure that identifies providers who billed for telehealth services “for a high number of days,” HHS-OIG’s September 2022 report identified a program integrity risk from the 328 providers who billed for telehealth services for more than 300 days in a year.  The toolkit notes that HHS-OIG considers these providers to be high risk on this measure because their billing frequency far exceeded the median of 26 days.  HHS-OIG’s more granular internal data reveal that 300 days is far above even the 99th percentile.  Applying the Tukey method to the more granular data suggests that providers who furnished more than 176 days of telehealth services in a year are outliers as compared to all providers nationwide, and some of these providers may warrant additional review.    

On the heels of releasing this toolkit, HHS-OIG issued a report gauging the accuracy of documentation for Medicare psychotherapy services, including those furnished through telehealth, during the first year of the pandemic.  HHS-OIG concluded that less than 39% of the claims in its sample met Medicare requirements.  Extrapolating this perceived error rate across the $1 billion in psychotherapy services reimbursed by Medicare during a one-year period beginning on March 1, 2020 yielded an estimated $580 million in overpayments, $348 of which were for telehealth services.  

HHS-OIG concluded that these “deficiencies” occurred because the Centers for  Medicare & Medicaid Services (“CMS”) did not engage in adequate oversight “to prevent or detect payments for psychotherapy services, including telehealth services, that did not meet Medicare requirements and guidance.”  In particular, although HHS-OIG acknowledged that both CMS and healthcare providers faced unprecedented challenges during the COVID-19 pandemic, HHS-OIG seemed to criticize CMS for electing in March 2020 to pause the audits typically performed by Medicare Administrative Contractors (“MACs”) and then permit MACs to bypass conducting any medical reviews of psychotherapy services provided during the first year of the pandemic.  

HHS-OIG’s interest in telehealth services during the pandemic is consistent with recent enforcement actions by the Department of Justice (“DOJ”) targeting pandemic-era billing practices, including for services furnished through telehealth.  As HHS-OIG’s psychotherapy audit report reinforces, it can also be tempting for law enforcement to engage in 20-20 hindsight with respect to telehealth documentation and billing practices during the pandemic.  As law enforcement continues to look backwards and scrutinize telehealth services, providers may find it useful to engage in their own review first.