By Jaime LM Jones
Faced with the COVID-19 crisis, the U.S. healthcare industry rapidly has moved to deliver a wide variety of medical and behavioral health services to patients via telehealth. At the same time, government and private payers have relaxed a variety of regulatory and contractual requirements to ensure a broader range of patients can access care remotely and providers will be reimbursed – at least temporarily – for those services. For example, regulations and rules around the licensure requirements to deliver telehealth services and whether a preexisting relationship with a patient must exist, and the requirements for the remote prescription of drugs have been modified. Similarly, rules regarding the technology by which the services are delivered (e.g., two-way video versus telephone) have been relaxed, and the HHS Office for Civil Rights has announced it will exercise its enforcement discretion under HIPAA during the pandemic.
As patients have adjusted to receiving and as providers have expanded their ability efficiently to deliver telemedicine services, so predictably the calls have come for these temporary adjustments to become permanent. In June, the Helping Ensure Access to Local Telehealth Act of 2020 (“HEALTH – Act”) was introduced. Among other things, the HEALTH Act would codify Medicare’s expanded telemedicine reimbursement for rural health clinics. On June 15, a bipartisan group of 30 U.S. Senators wrote a letter to Senate Majority Leader McConnell asking that the Medicare telehealth expansions under the COVID-19 public health emergency be made permanent, such that “telehealth remains an option for all Medicare beneficiaries both now and after the pandemic.”
Even if certain of the changes that have enabled the rapid expansion of telehealth services during the COVID pandemic ultimately do become permanent, others – in particular those related to HIPAA and data security – almost certainly will expire after the pandemic. Providers entering the telemedicine space now must therefore keep abreast of changes to the overlapping web of federal, state and payer requirements and be prepared to come quickly into compliance.
In all events, what has not and will not change is the applicability of the key drivers of government enforcement activity against the healthcare industry: the Anti-Kickback Statute and False Claims Act. These laws, along with other criminal and civil laws, have been leveraged by the Department of Justice (“DOJ”), HHS-OIG, and private whistleblowers for the last two decades to extract billions of dollars from providers. Indeed, a number of individuals and companies purporting to offer telehealth services have been the subject of significant criminal and civil investigations and resolutions.
For example, in April 2019, DOJ announced the indictments of 24 individuals and telemedicine companies involved in allegedly accepting kickbacks from DME suppliers and defrauding Medicare by convincing beneficiaries through telemedicine visits to accept items when they were not medically necessary. The indictments springing from that investigation continue to grow, with new charges against telemedicine providers announced in 2020.
Other telemedicine providers and owners of telemedicine companies have faced criminal charges and civil claims related to allegations that they leveraged their services to push on patients medically unnecessary and expensive dietary supplements, compounded medications and other drugs, often without examining patients. In one such set of cases, DOJ pursued criminal and civil charges against telemedicine companies that engaged with patients for the purpose of collecting insurance information and then sold that information to compounding pharmacies for the purpose of filling medically unnecessary prescriptions. Yet other owners of telemedicine companies have been indicted in connection with accepting kickbacks that led to the overutilization of cancer genomic and other diagnostic laboratory tests. In addition to the alleged acceptance of kickbacks by the telemedicine providers implicated in these enforcement examples, a common thread is that the providers are alleged to have prescribed products with minimal – if any – examination and no established physician-patient relationship.
With more dollars being spent by the federal healthcare programs on telehealth services, the enforcement scrutiny on the provision of those services will rise accordingly. As HHS-OIG has noted, “Telemarketing fraud is a major threat to the integrity of the Medicare program.” For its part, DOJ has been plain about its intent aggressively to pursue these cases: “As telemedicine becomes an increasing part of our healthcare system, vigilance in ensuring that fraud and kickbacks do not usurp the legitimate practice of medicine by electronic means is more important than ever.” Concomitantly, DOJ has invited allegations of fraud in the industry to be relayed to it through the FBI.
Telemedicine providers and owners thus must take steps to implement compliance programs and quality systems sufficient to ensure compliance with the panoply of applicable federal and state laws, regulations, licensing and contractual requirements. This includes taking steps to ensure that each billed patient encounter satisfies the applicable requirements, is medically necessary, and is properly documented. Likewise, particular attention must be paid to ensuring compliance with the federal and state Anti-Kickback laws in connection with any arrangements under which remuneration is received from other telehealth companies, manufacturers and suppliers of drugs, devices, and DHS, and from labs and pharmacies, keeping in mind that remuneration includes anything of value and can take the form of, among other things, payments, free or discounted equipment or software, and reduced-cost services.
The enforcement risk to telemedicine providers is heightened even further to the extent the allegations relate to potentially unnecessary COVID testing or treatment or otherwise seek to take advantage of beneficiaries during the pandemic. The Attorney General has announced that the detection and prosecution of fraud related to the COVID-19 pandemic is at the top of DOJ’s priority list. Thus, telemedicine companies that are engaged in providing COVID-related services should aggressively monitor the services for which they are billing during the pandemic and any referrals made by their providers for testing and treatments to ensure only medically necessary services are being billed and ordered.
Telehealth offers great promise for providers, patients who otherwise struggle to access care, the federal healthcare programs in terms of population health and reduced costs of care delivery, and investors in the healthcare industry. The increased application of telehealth is likely to persist beyond the current pandemic, but professionals and entities that provide telehealth services must be prepared to face both a complex array of rules and a vigilant Department of Justice otherwise they face substantial enforcement risk.
Jaime LM Jones is global co-leader of the Healthcare practice at Sidley Austin LLP and serves on the firm’s COVID-19 Task Force. She represents leading institutional healthcare providers and life sciences companies in civil and criminal government enforcement matters and False Claims Act litigation. Ms. Jones also leverages her enforcement and litigation experience to conduct confidential internal investigations, and helps clients design compliance program controls to address these risks. She can be reached at [email protected].
This article has been prepared for informational purposes only and does not constitute legal advice. This information is not intended to create, and the receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers. The content therein does not reflect the views of the firm.