2 minute read
Telemedicine Audits: OIG Toolkit Informs Payers and Physicians
by TEAM
By Beth anne jaCkson
Having pursued and prosecuted significant fraud that took place in telehealth during the COVID-19 public health emergency (“PHE”), which ended May 11, the Office of Inspector General (“OIG”) is now poised to identify fraud related to telemedicine on an ongoing basis. In April 2023, the OIG published “Toolkit: Analyzing Telehealth Claims to Assess Program Integrity Risk” (the “Toolkit”). While the OIG specifically intended the Toolkit to assist Medicare Advantage plans, state Medicaid programs, and private health plans in analyzing their own telehealth claims data to identify key risk areas, the Toolkit also serves as a compliance blueprint for telemedicine providers. By knowing what the OIG and other payers are looking for, physicians can take affirmative steps to avoid coming under scrutiny or to become prepared to mount a strong response to allegations of improper billing or practice patterns.
Advertisement
Risk Number One. Providers who bill telemedicine visits to a large number of unique beneficiaries (rather than repeated services to a smaller number of patients) are considered to be high risk. For Medicare, the OIG considered providers who billed telehealth for more than 2,000 Medicare beneficiaries in a year to be high risk. The median was 21. As most other plans are significantly smaller than Medicare, expect their thresholds to be much lower. If you are billing for a high number of unique patients via telemedicine, be prepared to answer questions and justify any arrangements that you have. Further, ensure that you can demonstrate that the nature of your practice justifies how many different patients that you are seeing.
Risk Number Two. As with in-person services, billing for telemedicine services at the highest, most remunerative level for a high proportion of services – “upcoding” – demonstrates substantial risk of improper billing and is likely to prompt pre- or post-payment review or an audit. If you code at the highest level for all or most visits, make sure that your coding is justified and supported by the patient’s health care needs and rigorous documentation. The same is true if billing for prolonged services.
Risk Number Three. Billing a high average number of hours of telehealth services per visit is considered to be high risk. For purposes of this analysis, the OIG considered a “visit” to include all telehealth services a provider billed for a single beneficiary for one date. The Centers for Medicare & Medicaid Services (CMS) publishes a list of the median number of minutes for each CPT code that can be downloaded from its website. The median length of telehealth services per visit for all providers who billed Medicare for telehealth was 21 minutes. If you average significantly more than that amount of time for your telemedicine visits (the OIG threshold was an average of two hours, but other payers may have lower thresholds), that will likely be targeted for further scrutiny. To mitigate risk, it is important to establish a system for documenting time in a consistent manner. In addition, understand the data that your telemedicine platform can record and how that data can be extracted to support coding if needed. Finally, routinely monitor your billing so that you are never billing for an “impossible day” (that is, billing for 25 hours of services in a day).
Risk Number Four. Providers who bill for telehealth for a high number of days in a year will draw scrutiny because, to payers, doing so may indicate that the provider is billing for services not provided. The OIG threshold for this risk factor was 300 unique dates in a one-year timeframe for which the provider billed a telehealth service. The median was 26 days in a year. Once again, documentation will be key to defending claims billed, including not only medical record documentation, but also supporting documentation such as calendars, scheduling programs and data from your telemedicine platform.
Risk Number Five. Not surprisingly, the OIG identified providers who bill primarily (or solely) for telehealth visits with patients with whom they did not have an established relationship as a being a high fraud risk, as it may indicate that the patient information
