Telemedicine fraud had attracted DOJ attention before the pandemic
DOJ has traditionally been wary of telemedicine. Even before the COVID-19 pandemic and the accompanying rapid expansion of telehealth, enforcement in the telemedicine industry was on the rise. In 2019, DOJ pursued enforcement actions in the telehealth space that involved claims for durable medical equipment (DME) and for compound medicines.
Through “Operation Brace Yourself,” DOJ targeted an alleged fraud and kickback scheme through which DME companies paid illegal kickbacks and bribes to medical professionals working for fraudulent telemedicine companies. In exchange, the medical professionals referred Medicare beneficiaries to the conspiring DME companies for back, shoulder, wrist, and knee braces that were medically unnecessary. The DOJ investigation resulted in enforcement actions against 24 defendants associated with five telemedicine companies, as well as the owners of dozens of durable medical equipment companies and three licensed medical professionals.1 According to DOJ, the fraud schemes involved more than $1.2 billion in loss.2
Also in 2019, a physician agreed to pay $300,000 to resolve allegations that he violated the FCA by causing “pharmacies to submit false claims for compounded medications to TRICARE by issuing or approving prescriptions which were invalid, because [the physician] did not speak with or examine the patients in question and did not have an established physician-patient relationship with them. . .” 3
Pandemic-era telemedicine boom increases opportunities for fraud and abuse
Traditionally, Medicare’s coverage of telemedicine has been extremely limited. As a result of the pandemic, telehealth service providers were granted broad flexibility to provide telemedicine services and this flexibility remains today. The easing of restrictions stemming from the COVID-19 pandemic has prompted a dramatic increase in the use of telehealth.4 It seems unlikely that the federal government will reinstate pre-pandemic restrictions on telehealth services given the increased popularity and reliance on telehealth services. Indeed, Congress has introduced several bipartisan bills to address post-pandemic telehealth services, signaling that utilization of telehealth services will likely remain prevalent.5
While regulatory flexibility for telehealth services has expanded health care access and improved health care services, it has also increased opportunities for fraud and abuse. And the government has demonstrated a resolve to stamp out fraud and corruption in the telemedicine industry, including through use of the FCA.
In October of 2020, DOJ announced a telehealth enforcement action for a fraudulent DME billings scheme dubbed “Operation Rubber Stamp.” The scheme involved defendant telemedicine executives allegedly paying medical professionals to order DME, genetic and other diagnostic testing, and pain medications without sufficient patient diagnostic interaction, resulting in $1.5 billion in fraudulent billings to government health care insurance programs.6 To date, this investigation has led to criminal charges of health care fraud, false statements, violations of the federal Anti- Kickback Statute (AKS) and related conspiracies against more than 30 individuals. Although DOJ has not announced any related FCA actions yet, such fraud schemes could eventually prompt FCA claims by DOJ or whistleblowers.
In contrast, FCA violations have been alleged and resolved in an ongoing investigation dubbed operation “Happy Clickers,” which involves allegations that physicians “approved orders for medically unnecessary braces and cancer genetic testing despite many red flags that these items and services were illegitimate.”7
The transition to electronic health records has also created FCA risk
Electronic health records are computerized versions of a patient’s medical history maintained by his or her health care provider over time, which have automated access to patient information and offer the potential to streamline patient care while improving the accuracy and clarity of medical records.8
In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health Act (HITECH Act) establishing the Medicare and Medicaid Electronic Health Records Incentive Programs.9 The statute provided over $30 billion for incentive payments to physicians and hospitals to encourage them to transition to EHR and make “meaningful use” (MU) of the software.10 In order to obtain these incentives and, at present avoid penalties,11 health care providers must warrant that they satisfied certain Department of Health and Human Services (HHS)-adopted criteria, including utilizing approved EHR software and achieving various utilization milestones. The EHR software companies are required to provide software that meets specific MU standards around the functionality of the software. In order to demonstrate that the EHR software could meet the MU standards, the software was required to pass tests performed by an independent, accredited testing laboratory, followed by certification from an independent, accredited certification body authorized by HHS.12
In recent years, DOJ has pursued several FCA cases related to EHR that have led to large settlements and highlight various FCA risks for EHR companies and those doing business with them.
- Discounts in exchange for referrals. In January of 2019, Inform Diagnostics, a pathology laboratory company, paid $63.5 million to resolve FCA allegations arising from claims that the company violated the AKS and the Stark Law “by engaging in improper financial relationships with referring physicians” by subsidizing their EHR systems and providing them discounted technology consulting services in exchange for patient referrals for laboratory services.13
- Product capability misrepresentations. In February of 2019, Greenway Health LLC agreed to pay $57.25 million to resolve an FCA action alleging it caused its users to “submit false claims to the government by misrepresenting the capabilities of its EHR product ‘Prime Suite’ and providing unlawful remuneration to users to induce them to recommend Prime Suite.”14
- Misrepresenting eligibility for EHR Incentives. In May of 2019, Coffrey Health System agreed to pay $250,000 to resolve FCA allegations that it submitted false claims to the Medicare and Medicaid Programs under the EHR Incentive Program by falsely attesting “that it conducted and/or reviewed security risk analyses” required by HHS.15
- Improper kickbacks in exchange for improper Clinical Decision Support programing. In 2020, Practice Fusion Inc. (Practice Fusion), a health information technology developer, paid $145 million to resolve criminal and civil investigations relating to its EHR software, including a $118.6 million FCA settlement.16 The resolution addressed allegations that Practice Fusion “extracted unlawful kickbacks from pharmaceutical companies in exchange for implementing clinical decision support (CDS)17 alerts in its EHR software designed to increase prescriptions for their drug products.”18 In particular, Practice Fusion allowed pharmaceutical companies to shape the creation and implementation of the CDS alerts in ways aimed at advancing the sales of the companies’ products, and such alerts were not always a reflection of accepted medical standards.19
- Improper remuneration schemes. Finally, on January 28, 2021, DOJ announced a $18.25 million FCA and AKS settlement with athenahealth Inc. (Athena), resolving two separate qui tam lawsuits. The United States alleged that Athena violated the FCA and AKS by (1) inviting new and existing customers to “Concierge Events,” including sporting events like the Masters Tournament and the Kentucky Derby with complimentary travel and luxury accommodations; (2) paying kickbacks to existing customers for each new client that signed up for Athena services; and (3) brokering deals with competing EHR vendors that were discontinuing their EHR services to refer their clients to Athena in exchange for remuneration based on the value and volume of their practices.20
We expect FCA and other fraud investigations relating to telehealth fraud and EHR to continue. Brian M. Boynton, Acting Assistant Attorney General for the Civil Division at the Department of Justice, recently stated that he expects “a continued focus on telehealth schemes, particularly given the expansion of telehealth during the pandemic.”21 He also identified fraud relating to EHR as another area that is likely to be a focal point of future enforcement efforts.22
The Department of Health and Human Services Office of Inspector General (OIG) has also made clear that it is “conducting significant oversight work assessing telehealth services during the public health emergency.”23
In light of expanded government scrutiny and enforcement in the telehealth space, telemedicine companies and providers should evaluate their compliance programs. Providers should be aware of potential government scrutiny of the length of telemedicine visits, as well as DME and genetic testing prescriptions. Further, providers should ensure that physician-patient relationships and encounters are properly documented and monitor any proposed legislative and regulatory changes.24
In anticipation of continued government oversight and enforcement into EHR, EHR companies should confirm that their products are compliant with EHR incentive program requirements. EHR organizations should ensure that they maintain a robust compliance function around software development and implementation, keeping abreast of certification requirements and standards, training members of its workforce on these requirements, and conducting risk assessments to isolate and fix vulnerabilities. Meanwhile, health care providers should ensure their selected EHR software is properly certified by HHS and has previously maintained successful reliable outcomes.25
In the wake of the Practice Fusion settlement, marketing or brand personnel involvement and/or funding should raise a red flag in the CDS context. Sponsored CDS programs require exacting evaluation to guarantee that they are clinically proper, commercially neutral, and consistent with any pertinent guidelines. CDS tools and other clinical interventions or recommendations must be grounded in evidenced-based medical guidelines.
Telemedicine and EHR technologies have rapidly changed patient care, introducing opportunities for potential fraud and abuse and exposing gaps in oversight. Companies operating in these spaces should expect increased FCA enforcement in these areas going forward and take steps to minimize their risk.
1. Press Release, U.S. Dep’t of Justice, Federal Indictments & Law Enforcement Actions in One of the Largest Health Care Fraud Schemes Involving Telemedicine and Durable Medical Equipment Marketing Executives Results in Charges Against 24 Individuals Responsible for Over $1.2 Billion in Losses (April 9, 2019), https://www.justice.gov/opa/pr/federal-indictments-and-law-enforcement-actions-one-largest-health-care-fraud-schemes.
3. Press Release, U.S. Dep’t of Justice, Federal Health Care Fraud Takedown in Northeastern U.S. Results in Charges Against 48 Individuals (Sept. 26, 2019), https://www.justice.gov/opa/pr/federal-health-care-fraud-takedown-northeastern-us-results-charges-against-48-individuals.
4. According to a Department of Health and Human Services report published in July 2020, less than one percent (0.1%) of Medicare visits were provided through telehealth before the COVID-19 Public Health Emergency, while in April 2020, almost half (43.5%) of Medicare primary care visits were provided through telehealth. Medicare Beneficiary Use of Telehealth Visits: Early Data from the Start of the Covid-19 Pandemic, Assistant Sec’y for Planning and Evaluation, U.S. Dep’t of Health and Human Servs. (July 28, 2020), https://aspe.hhs.gov/sites/default/files/private/pdf/263866/hp-issue-brief-medicare-telehealth.pdf.
5. See, e.g., TELE HEALTH HSA Act of 2021, 117th Cong. (1st Sess. 2021), https://www.congress.gov/bill/117th-congress/senate-bill/2097?s=1&r=58; and the Advancing Telehealth Beyond COVID-19 Act of 2021, 117th Cong. (1st Sess. 2021), https://www.congress.gov/bill/117th-congress/house-bill/4040/ text?r=9.
6. Press Release, U.S. Dep’t of Justice Operation Rubber Stamp: Major health care fraud investigation results in significant new charges (Oct. 7, 2020), https://www.justice.gov/usao-sdga/pr/operation-rubber-stamp-major-health-care-fraud-investigation-results-significant-new.
7. Press Release, U.S. Dep’t of Justice, U.S. Attorney Announces Criminal and Civil Enforcement Actions Against Medical Practitioners For Roles in Telemedicine Fraud Schemes, U.S. Dep’t of Justice (Aug. 24, 2021), https://www.justice.gov/usao-wdmi/pr/2021_0824_Happy_Clickers.
8. Electronic Health Records, Centers for Medicare & Medicaid Services, CMS.gov, https://www.cms.gov/Medicare/E-Health/EHealthRecords (last modified on Mar. 26, 2012, 11:42 AM).
9. H.R. 1, 111th Cong. (2009), https://www.healthit.gov/sites/default/files/hitech_act_excerpt_from_arra_with_index.pdf.
10. Id.; see also, Adler-Milstein, Julia and Ashish K. Jha, HITECH Act Drove Large Gains In Hospital Electronic Health Record Adoption, HealthAffairs. org (Aug. 2017), https://www.healthaffairs.org/doi/10.1377/hlthaff.2016.1651.
11. The incentive payments of the HITECH act were in place until 2015. Since that time, health care providers who cannot demonstrate that they are utilizing approved EHR software are subject to certain penalties in the form of reduced Medicare reimbursements.
12. Press Release, U.S. Dep’t of Justice, Kansas Hospital Agrees to Pay $250,000 To Settle False Claims Act Allegations (May 31, 2019), https://www. justice.gov/usao-ks/pr/kansas-hospital-agrees-pay-250000-settle-false-claims-act-allegations; Press Release, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $57.25 Million to Settle False Claims Act Allegations (Feb. 6, 2021), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-5725-million-settle-false-claims-act-allegations.
13. Press Release, U.S. Dep’t of Justice, Pathology Laboratory Agrees to Pay $63.5 Million for Providing Illegal Inducements to Referring Physicians (Jan. 30, 2019), https://www.justice.gov/opa/pr/pathology-laboratory-agrees-pay-635-million-providing-illegal-inducements-referring.
14. Press Release, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $57.25 Million to Settle False Claims Act Allegations (Feb. 6, 2021), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-5725-million-settle-false-claims-act-allegations.
15. Press Release, U.S. Dep’t of Justice, Kansas Hospital Agrees to Pay $250,000 To Settle False Claims Act Allegations (May 31, 2019), https://www.justice.gov/usao-ks/pr/kansas-hospital-agrees-pay-250000-settle-false-claims-act-allegations.
16. Press Release, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $145 Million to Resolve Criminal and Civil Investigations (Jan. 27, 2020), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-145-million-resolve-criminal-and-civil-investigations-0.
17. The Practice Fusion deferred prosecution agreement defines CDS to include “computerized alerts and reminders to care providers and patients; clinical guidelines; condition-specific order sets; focused patient data reports and summaries; documentation templates; diagnostic support, and contextually relevant reference information, among other tools.”
20. Press Release, U.S. Dep’t of Justice, Electronic Health Records Technology Vendor to Pay $18.25 Million to Resolve Kickback Allegations (Jan. 28, 2021), https://www.justice.gov/opa/pr/electronic-health-records-technology-vendor-pay-1825-million-resolve-kickback-allegations.
21. Press Release, U.S. Dep’t of Justice, Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Federal Bar Association Qui Tam Conference (Feb. 17, 2021), https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks-federal-bar.
22. Press Release, U.S. Dep’t of Justice, Acting Assistant Attorney General Brian M. Boynton Delivers Remarks at the Federal Bar Association Qui Tam Conference, (Feb. 17, 2021), https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks-federal-bar. The focus on EHR is consistent with Assistant Attorney General of the United States for the Civil Division Jody Hunt’s comments in February 2020 in which she noted that enforcement efforts pertaining to EHR fraud was one of the Department’s top three priorities in FCA enforcement for the coming year. Press Release, U.S. Dep’t of Justice Assistant Attorney General Jody H. Hunt delivers remarks to the Federal Bar Association 2020 Qui Tam Conference (Feb. 27, 2020), https://www.justice.gov/civil/speech/assistant-attorney-general-jody-h-hunt-delivers-remarks-federal-bar-association-2020.
23. Letter from Christi A. Grimm, Office of Inspector General, U.S. Dep’t of Health & Human Srvs., Principal Deputy Inspector General Grimm on Telehealth (Feb. 26, 2021), https://oig.hhs.gov/coronavirus/letter-grimm-02262021.asp.
24. A March 2021 MedPAC report proposed three protections against telemedicine fraud: (1) increased scrutiny for providers that bill a high volume of telehealth services per beneficiary as compared to other clinicians, (2) requiring that clinicians provide an in-person visit before ordering costly DME or clinical laboratory tests, and (3) prohibiting “‘incident to’ billing for telehealth services provided by any clinician who can bill Medicare directly.” See Medicare Payment Advisory Comm’n, Reports to the Congress: Medicare Payment Policy (Mar. 2021), mar21_medpac_report_to_the_congress_sec.pdf.
25. Colin R. Jennings, DOJ Pursues More Electronic Health Records Cases, 9 National Law Review 162 (June 11, 2019), https://www. natlawreview.com/article/doj-pursues-more-electronic-health-records-cases.