The Hospital Finance Podcast®

Government enforcement action regarding abuse of telehealth waivers [PODCAST]

besler insights blog corner graphic

The Hospital Finance Podcast

In this episode, we welcome back Brenna Jenny, Healthcare Partner at Sidley Austin, to talk with us about enforcement action around telehealth waivers and the expansion of remote patient monitoring. 

Learn how to listen to The Hospital Finance Podcast® on your mobile device.

Highlights of this episode include:

  • The evolution of telehealth
  • Billing for telehealth during the pandemic
  • Enforcement action around telehealth waivers
  • History of Remote patient monitoring (RPM)
  • Future of RPM
  • RPM billing and coding compliance concerns

Mike Passanante: Hi, this is Mike Passanante and welcome back to the award-winning Hospital Finance podcast. To talk with us about enforcement action around telehealth waivers and the expansion of remote patient monitoring, I’m joined by Brenna Jenny. Brenna is currently a partner in the Washington, D.C. office of Sidley Austin, where she is a member of the health care practice. Before re-joining Sidley, Brenna served as the Principal Deputy General Counsel at the Department of Health and Human Services, as well as the Chief Legal Officer for the Centers for Medicare and Medicaid Services. Prior to joining HHS, Brennan also worked at the Civil Division of the Department of Justice. Brenna, welcome back to the show.

Brenna Jenny: Thanks for having me, Mike.

Mike: So Brenna, telehealth went from being a little-used modality pre-pandemic to being a common occurrence for many people since the spring of 2020. How did we get here?

Brenna: Let’s go back to the beginning. The Public Health Service Act authorizes the secretary of HHS to declare a public health emergency in certain circumstances. Then, Secretary Alex Azar issued such a declaration on January 31st, 2020, in response to the emerging COVID threat. HHS has actually declared a public health emergency a number of times just in the past 15 years. The most recent declaration was issued on September 3rd in response to Hurricane Ida in New York and New Jersey. What is unusual about this public health emergency is, of course, its nationwide scope and length. These declarations generally lasts for just 90 days unless extended, and we have had multiple extensions already. The latest was on July 19 of this year. And given the spread of the Delta variant, I expect that we’ll not only have another extension in October but at least one subsequent extension. The fact that we are in a sustained public health emergency has important regulatory implications for health care providers. Once the secretary of HHS declares a public health emergency and the president also declares an emergency under the Stafford Act, the secretary of HHS can invoke a special authority to waive a variety of Medicare and Medicaid requirements, and not just those in HHS regulations, but also those in statute. That’s a really unique authority for an agency to be able to temporarily set aside not just its own rules, but requirements Congress has imposed as well. 

That waiver authority enabled the HHS to completely transform the health care delivery landscape and give unprecedented flexibility to health care providers to support them during the pandemic. When I served as the chief legal officer for CMS during the first year of the pandemic, I oversaw the development of dozens and dozens of these waivers. One of the most impactful uses of the waiver authority was to expand telehealth. When Congress first amended the Social Security Act to extend Medicare payment to telehealth services, the authorized scope of services was actually quite narrow. Telehealth was basically designed to address a shortage of health care providers in rural areas. But using that waiver authority, HHS was able to offer a number of services to Medicare beneficiaries through telehealth and commercial payers quickly followed suit. Using the waiver authority, HHS expanded not just the types of patients who could receive telehealth services, but also the types of providers who could furnish them. Hospitals, of course, don’t bill for telehealth services because they are professional services. But under the waivers, any employed health care provider authorized to bill Medicare for professional services can also furnish a bill for Medicare telehealth services. That means providers like physical and occupational therapists can now bill Medicare for telehealth, and hospitals can still bill for a facility fee relating to telehealth services if certain requirements are met.

Mike: That’s great background, Brenna. And telehealth has been a great way to improve the safety of visits with health care providers and ensure that patients continue to have access to critical medical care during the pandemic. But it’s been a big change for providers to go from offering telehealth services sporadically to offering them in a widespread manner. Do you have any tips for what hospitals should be doing to ensure that their providers’ billing and coding in this space is appropriate?

Brenna: I think telehealth will be a significant focus for the Department of Justice and the whistleblower bar. We see this time and again when there are significant regulatory developments and new opportunities to bill enforcement follows. So I do think hospitals would be prudent to do a self-review and ensure that they have a clean bill of health, so to speak, when it comes to billing for telehealth during the pandemic. The government has increasingly been relying on data analytics to identify targets for investigation. They’ve been very open about that in public statements. Hospitals can and should, as a result, be engaging in their own data analytics to try and assess whether there are any outlier providers within the organization. For example, hospitals could survey all of their claims data with the Modifier 95, which signifies that a service was provided via telehealth, and get a sense of whether there are any outliers by a physician or medical group in terms of the volume of telehealth services they’re billing. Similarly, hospital networks with multiple hospitals may wish to look at each hospital’s claim volume for code Q3014, which is for a telehealth originating site facility fee and check for any outliers or trends. The volume of telehealth services has decreased and leveled off in many areas, as compared to the start of the pandemic. And so one trend that could signal a need for a deeper review is if certain areas of the enterprise but not others have continued to sustain those early pandemic volumes of telehealth services. Of course, there are a variety of factors to take into account as part of this analysis. For example, use of telehealth will necessarily vary by medical specialty, but hospitals should know what’s in their data and what that data might signal to the government.

One other issue to flag relates to copay waivers. The HHS Office of Inspector General, or OIG, which enforces the Anti-Kickback Statute, announced very early in the pandemic that they would exercise enforcement discretion under the Anti-Kickback Statute and allow providers to waive copays for telehealth services even without conducting a financial need assessment. This is a very stark departure from OIG’s usual position on cost-sharing waivers, which is generally that they should be related to financial need. OIG stated that the policy will continue for the duration of the public health emergency, but the declaration of emergency has lasted longer than some might have predicted as a result of the Delta variant, and I don’t think that OIG necessarily expected that the declaration would continue this long after vaccinations became broadly available in this country. I suspect that OIG may become concerned that providers will begin to take advantage of the copay waiver flexibility. This is particularly true because copay waivers hit on an area of focus for law enforcement right now. DOJ and OIG are very sensitive to concerns that those who sell items or services to federal health care programs will offer something of value to patients in order to induce those patients to choose their items or services. We have seen this concern manifest very acutely with respect to drug company patient assistance programs, which have been a huge enforcement area over the past few years. OIG has said in its policy statement that it will not view the furnishing of subsequent services occurring as a result of the free telehealth services as evidence of an inducement without something more. The providers will need to be very careful about how they portray the copay waivers for telehealth services such that they do not link those waivers to offers of other services.

Mike: Brenna, have there been any enforcement actions yet relating to the abuse of telehealth waivers?

Brenna: Yes, and I think we’re starting to see the pace pick up. In May of this year, DOJ’s Criminal Division announced first in the nation charges against an individual for abusing the CMS telehealth waivers. And on September 17th, DOJ announced a national health care fraud takedown, including charges against additional defendants for exploiting those waivers. I expect we will continue to see more cases like this relating to telehealth enforcement, including coming out of DOJ’s Civil Division under the False Claims Act. Now, some of you may be thinking, “I’ve been hearing about telemedicine fraud all the time over the past few years. Why is she talking about this as if it’s new?” Well, what DOJ often refers to as telemedicine fraud is not the same as what I’ve been talking about. And the cases that DOJ refers to as telemedicine fraud, fraudsters use telephone conversations to prescribe medically unnecessary DME or genetic tests to patients they have never seen or treated. But the fraudulent billing is for the DME and tests and not for professional services or facility fees. Here when I talk about telehealth enforcement, I’m referring specifically to allegations that the professional services and/or facility fees were provided through telehealth, but for some reason were billed inappropriately, and that is a brand-new area of enforcement that we are just seeing the tip of the iceberg on.

Another important point for providers to keep in mind is CMS’s new Unified Program Integrity Contractor or UPIC program. Over the past couple of years, CMS has been phasing in UPIC’s, which are designed to centralize not just CMS’s various audit activities, but also to enhance coordination between CMS, its contractors, OIG, DOJ, and relevant state agencies. I found it interesting that during the pandemic, DMS amended the program rules for UPICs to specifically require UPICs to immediately refer any potential fraud related to the pandemic to the HHS office and Inspector General. So rooting out abuse of pandemic billing flexibilities is very much an area of priority for the government. And OIG is particularly focused on telehealth as part of that pandemic oversight. OIG maintains a work plan listing all of its ongoing audits and inspections. A work plan is a great way to understand OIG’s priorities and issues of concern, and I always encourage clients to keep tabs on updates to the work plan. OIG currently has eight open audits relating, in some fashion, to telehealth. One of those is called Medicare Telehealth Services During the COVID-19 Pandemic: Program Integrity Risks and OIG expects to release that report later this year. I anticipate that OIG’s findings will affect how law enforcement pursues potential telehealth fraud and it will also inspire the whistleblowers’ bar to try and target providers’ use of telehealth services.

Mike: Brenna, let’s pivot and talk about remote patient monitoring, which is also something that took off during the pandemic. Can you talk about the regulatory history behind the expansion of RPM?

Michael: Remote patient monitoring or RPM involves a connected device that gathers physiologic data, such as blood pressure or glucose levels, and then transmits that information to a healthcare professional who interprets it. Importantly, RPM is not telehealth. That’s because telehealth services are defined as services that replace an in-person visit with a health care provider. But RPM sits in a broader category of virtual care that involves technologically driven services that complement but don’t replace in-person visits. Virtual care like RPM services are not subject to the same statutory restrictions as telehealth. And so even before the pandemic in 2018, CMS was able to begin to allow providers to separately bill Medicare for RPM services. And every year I was at HHS, the department incrementally expanded RPM. For example, by adding new codes and clarifying that auxiliary personnel can furnish services for treatment management and bill incident to a physician supervision. During the pandemic, HHS also made two important and permanent clarifications. First, that RPM can be used for acute conditions, not just chronic ones. And second, that patient consent can be obtained at the time of services rather than in advance. Just for the pendency of the pandemic, VMS, is also allowing providers to furnish RPM services to new patients, in addition to established ones. As a result of these expanded billing opportunities, over the past few years, RPM has become increasingly popular among physicians and hospitals who want to increase home care.

Mike: Brenna, where do you see RPM going under the new administration?

Brenna: I think the Biden administration will continue the last administration’s incremental expansion of RPM. As evidence of this in the latest annual physician payment proposed rule and the first issued by the Biden administration, DMS proposed a new set of codes for Remote Therapeutic Monitoring or RTM. In some respects, these codes are cousins to the RPM set of codes. But RTM breaks new ground in a couple of respects. First, the type of data being collected. RPM collects physiologic data, but RTM gathers non-physiologic data. For example, an inhaler may gather data about how frequently a patient uses the inhaler at home, and it also collects metrics, such as the pollen count in the air when the patient uses the inhaler. TMS seems to be deliberately trying to expand RTM because, in the preamble to the proposed rule, they stated that they are interpreting these codes as allowing for patients to self-report data, even though that’s not specifically stated in the AMA code descriptors. RPM, in contrast, only covers data that is automatically transmitted from a connected device. Assuming CMS finalizes Medicare coverage for the proposed RTM codes, I think our RTM will offer important supplemental opportunities to enhance virtual care alongside RPM.

Mike: And, Brenna, what are some of the compliance concerns providers should be thinking about regarding RPM billing and coding?

Brenna: First, providers should be cautious about accepting billing and coding advice from the manufacturers of devices used for RMP. The government’s position is that at the end of the day, providers are responsible for the accuracy of their claims, and depending on the facts and circumstances, DOJ may not give significant credit to the defense that a provider was relying on a manufacturer’s incorrect billing advice. The provider should do their own due diligence and make sure they’re comfortable with their billing and coding policies. Second, I’ve been advising my clients that there is value in adopting enterprise-wide policies and procedures around RPM. For example, hospitals should consider how they can ensure that treating providers are considering relevant information obtained through RPM when making treatment decisions. What CMS does not want to see is a bill for RPM services that are not meaningfully incorporated into treatment or a plan of care. Hospitals should also have a policy for how patient consent is obtained annually and documented in the patient’s medical record. If RPM is used to evaluate or monitor an acute condition, hospitals should have a process in place for identifying when the acute condition has passed to prevent accidental continued billing for RPM services. Hospitals may also want a policy that governs when RPM services for a chronic condition are reassessed to ensure those services remain medically necessary. Finally, hospitals should consider analyzing claims data to identify outliers within the enterprise on RPM billing, either with respect to frequency or the percentage of a particular provider’s patients who are receiving RPM services. This is a brand-new area of billing, and it has been complicated by the fact that just when providers were dipping their toes in the water on RPM, the pandemic hit. I think that the government’s enforcement attention with respect to telehealth is going to evolve to target virtual care such as RPM and providers should make sure they have compliance controls in place early to head off any issues.

Mike: Fantastic insight, as always, Brenna. If someone wanted to get in touch with you, how can they do that?

Michael: Just send me an email. My email address is

Mike: Brenna Jenny thanks so much for joining us again today on the Hospital Finance podcast.

Brenna: Thanks, Mike.

The Hospital Finance Podcast

SUBSCRIBE for Weekly Insider Updates

  • Podcast Alerts
  • Healthcare Finance News
  • Upcoming Webinars

By submitting your email address, you are agreeing to receive email communications from BESLER.

BESLER respects your privacy and will never sell or distribute your contact information as detailed in our Privacy Policy.

New Webinar

Wednesday, June 12, 2024

live streaming

Partner with BESLER for Proven Solutions.