The Medicare-reimbursement landscape for telehealth services faces closer enforcement scrutiny as providers increasingly leverage digital health tools to provide improved access, care management, and patient engagement. Providers and payers that are looking to use telehealth can minimize their enforcement risks by avoiding the common areas of noncompliance highlighted in recent agency reports and by taking preventive measures.

Earlier this month, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a report addressing major issues in Medicare reimbursement for telehealth. This report reflects the OIG’s increased scrutiny of telehealth reimbursement under Medicare. The report is also an action item related to the OIG’s 2017 Work Plan.

The OIG’s inquiry focused on “Medicare claims paid for telehealth services provided at distant sites that d[id] not have corresponding claims from originating sites.” The review came in the wake of a 287-fold increase in Medicare telehealth spending—a jump from $61,302 in 2001 to $17.6 million in 2015. As part of its report, the OIG audited 100 telehealth claims and found that 31 percent of them were not reimbursable under the Medicare rules for telehealth. Those improper claims resulted in Medicare overpayments of approximately $3.7 million. The overpayments were caused by the following deficiencies:

  1. Beneficiary was not located in a qualifying rural area: To be reimbursable, the beneficiary must generally be located in an underserved rural area that HHS has designated for telehealth eligibility. This was the most common deficiency that disqualified claims for payment.
  2. Services were not furnished by an eligible “distant site practitioner”: In order for a service to be covered under Medicare, a beneficiary must receive telehealth services from one of ten statutorily identified distant-site practitioners. Such practitioners include, but are not limited to, physicians and physician assistants, clinical psychologists, and nurse midwives.
  3. Beneficiary was not located at a qualifying “originating site”: Beneficiaries must be located at one of eight types of eligible originating sites when the telehealth service is furnished via a telecommunications system. Those sites include physician or practitioner offices, hospitals, critical-access hospitals, rural health clinics, federally qualified health centers, hospital- and critical-access-hospital-based dialysis centers, skilled-nursing facilities, and community mental-health centers. Importantly, a beneficiary’s home is not an eligible originating site.
  4. Improper means of communication between practitioner and beneficiary: As a condition of payment, CMS requires a practitioner to use an interactive audio- and video-telecommunications system that permits real-time communication between the practitioner (at the distant site) and the beneficiary (at the originating site). A practitioner cannot use audio-only, store-and-forward, or other message-based communications (although there is a limited exception allowing the use of asynchronous store-and-forward technology in Federal telehealth-demonstration programs in Alaska and Hawaii).
  5. CPT/HCPCS code used did not correspond to a covered Medicare telehealth service: Medicare reimburses for telehealth services at the rate set in the Physician Fee Schedule. To be reimbursable, the telehealth service must be listed among the eligible CPT/HCPCS codes that CMS publishes annually.

As part of its April 2018 report, the OIG also cited a Medicare Payment Advisory Commission (MedPAC) study of 2009 claims, which found that Medicare professional-fee claims without associated claims for originating-site fees were more likely to be associated with unallowable telehealth payments.

The OIG’s recent findings may also impact the level of scrutiny that new telehealth and virtual-care services receive, such as remote monitoring. In the November 2017 release of the 2018 Physician Fee Schedule Final Rule (effective January 1, 2018), CMS addressed revised payment policies for the Medicare Physician Fee Schedule and included new telehealth reimbursement codes. Specifically, CMS un-bundled CPT code 99091, which now allows providers to receive reimbursements for collecting health data generated by a remote patient and for interpreting such data. Given that the OIG is looking closely at fraud and abuse in the provision of telehealth services, providers should also look closely at the regulatory requirements for 99091 and other codes that can be used for virtual care such as psychotherapy for crisis (CPT codes 90839 and 90840), patient-focused and caregiver-focused health-risk assessment (CPT codes 96160 and 96161), and chronic-care-management services including assessment and care planning (CPT codes 99490, 99487 and 99489 and HCPCS code G0506). (See our prior blog post for an in-depth analysis of CPT code 99091.)

What This Means For You

Vigilant compliance is the name of the game. As Medicare reimbursement for telehealth services continues to rapidly expand, so too must an organization’s compliance program.

Providers must:

  1. Be vigilant in verifying that claims submitted to Medicare meet all five Medicare telehealth-reimbursement requirements. This includes ensuring that the beneficiary is located at one of the eight qualifying originating sites, and that services are provided by one of the ten eligible “distant site practitioners.” This may include instituting automatic internal controls to catch non-compliant telehealth claims—for example, professional fees without corresponding originating-site fees. Also, regularly training relevant staff and modify internal-claims-processing policies and procedures to ensure compliance with changing laws and regulations. Conducting periodic internal audits is also good practice.
  2. Ensure that third-party billers properly submit claims for telehealth reimbursement. A provider is automatically liable for any improper claims submitted to Medicare by third-party billers on its behalf. When entering into such third-party billing arrangements, include contractual terms that require compliance with and express representations about those requirements.
  3. Closely monitor financial arrangements with originating sites and marketing services. Expanding in the telehealth space requires connecting patients in rural or otherwise underserved areas with qualified providers and qualifying originating sites. It is not hard to imagine how the marketing and financial arrangements that can arise in such situations might run afoul of the Anti-Kickback Statute and the Stark law. When doing business with originating sites or qualified providers, and when marketing telehealth services, consult counsel about Anti-Kickback and Stark compliance.

Payers must:

  1. Ensure that any supplemental telehealth benefits offered to beneficiaries satisfy Medicare reimbursement requirements. Medicare Advantage (MA) plans may offer extra telehealth benefits that supplement the basic FFS benefit. MA plans must finance those extra benefits with rebate dollars and additional premiums. In offering those supplemental benefits, MA plans must not only comply with the five telehealth requirements outlined above, but they must also be mindful of the Medicare requirements that relate to rebates and premiums.
  2. Incorporate legislative changes and new covered telehealth services into MA bid calculations. For example, the Bipartisan Budget Act of 2018 (signed into law on February 9, 2018), expanded telehealth coverage under Medicare Parts B and C. Similarly, the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2018 (S.870) and the Increasing Telehealth Access to Medicare Act (H.R. 3727)) will expand telehealth coverage for MA members. Under those new laws, MA plans will be able to reimburse telehealth services at rates comparable to in-person services beginning in plan year 2020. Accounting for those telehealth coverage changes will be critical for MA payer-bid strategies.

New CPT codes; legislative expansion of telehealth reimbursement to address issues like the opioid crisis and behavioral health; and the ever-complicated intersection of telehealth statutes, rules, and regulatory guidance will require educational training and an acute attention to detail to manage enforcement risk.