Will Telehealth Fraud Grow Amid the COVID-19 Crisis?Recent Case Illustrates How Telemedicine Can Be Abused
The use of telehealth is ramping up as a result of the COVID-19 pandemic because fewer patients are visiting a doctor's office for treatment of various conditions. Now, the latest arrest in connection with an alleged $410 million healthcare fraud scheme serves as a cautionary tale of how fraudsters can abuse telehealth.
The Department of Justice has charged the operator of JI Medical, Inc., a California-based durable medical equipment company, in connection with his alleged participation in a fraud scheme that included telemedicine fraud and kickbacks and more than $410 million in fraudulent claims to Medicare. He's the 22nd person charged in connection with the massive fraud case.
Hirsh is charged with one count of conspiring to pay kickbacks in exchange for obtaining clinicians' orders for durable medical equipment, based on telehealth consultations that never happened. Then JI Medical fraudulently billed Medicare for the unneeded equipment, prosecutors allege.
"As part of this scheme, the physicians receiving the kickbacks from JI Medical, Inc. knowingly signed false medical records describing 'consultations' of Medicare patients," the Justice Department says.
Growing Opportunities for Fraud?
"Telemedicine is an important tool for legitimate providers - but paying kickbacks is not part of telemedicine and will not be tolerated under any circumstances," says U.S. Attorney Bobby L. Christine.
Chris Hacker, special agent in charge of FBI Atlanta, adds: "The FBI and our federal partners will continue to root out such deceitful practices ... even as telemedicine becomes more common."
And in a statement, the Justice Department says: "As telemedicine becomes an increasing part of our healthcare system, vigilance in ensuring that fraud and kickbacks do not usurp the legitimate practice of medicine by electronic means is more important than ever."
Charged earlier in the massive durable medical equipment fraud case are eight physicians, two nurse practitioners, two operators of telemedicine companies, and two brokers of patient data, among others, federal prosecutors say. The investigation is ongoing. A Justice Department spokesman did not provide further details.
More Fraud on the Way?
As the Department of Health and Human Services - as well as many private health insurers - have loosened some restrictions involving billable telehealth services during the COVID-19 pandemic, potential fraud schemes involving telemedicine will also likely grow, some experts predict.
"Anytime you open a program of this importance in such a short period of time, you are opening the door to all types of fraud," says retired FBI agent and forensics expert Jason G. Weiss, an attorney at the law firm Faegre Drinker, Biddle and Reath.
"COVID-19 was thrust upon us, and medical providers as well as law enforcement are all trying to adapt to this new virtual reality. With the creation of any new program in a rapidly condensed period of time, there will be some level of organized chaos involved, and cybercriminals will try and take advantage of it as was allegedly done here."
Until the expanded telehealth program is properly vetted and established rules are put into place, tested and documented, there is a far greater chance that cybercriminals will try to take advantage of the confusion, he says.
Many Types of Fraud Possible
Technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C. says the potential for telehealth fraud "includes not only fraud by providers who overbill, or bill for services not rendered, but also by unscrupulous entities who might offer 'cut rate' services with threat actors impersonating providers - think a white coated person on a Zoom call who appears to be in a stereotypical exam room."
Fraudsters posing as physicians and other clinicians could then ask patients for personal health information or personally identifiable information, such as Social Security numbers, Teppler notes. They also could attempt to install malware on the device a victim was trying to use for a telehealth visit, he adds.
The expansion of telehealth "during a once-in-a-generation pandemic can lead to massive cases of identity theft and all other typical types of medical fraud such as improper billing and over charging," Weiss says. "Cybercriminals are playing the odds that their abusive behavior will get lost in the cracks and missed by the proper authorities."
The Need for Vigilance
Teppler suggests insurers that are paying for expanded telehealth services consider taking aggressive fraud detection and prevention steps.
For instance, insurers should develop a "dynamic baseline model" of the new acceptable type, charge and frequency of claims involving telehealth.
Meanwhile, patients need to be on the lookout for phishing and other schemes that leverage telehealth themes in an attempt to persuade individuals to turn over their PHI or online account credentials, he adds.
Patients and medical providers must work together to ensure that all bills for telehealth services are correct, making sure the time, date and services delivered are accurate, Weiss says. "In short, vigilance is the enemy of confusion and fraud."
Teppler argues that healthcare regulators "understand the provision of healthcare services, but are still far behind in requiring the proofs of security and HIPAA compliance that pose privacy and security challenges."
Weiss expects federal and state regulators will eventually provide the necessary guidance and regulations to guard against fraudulent use of telehealth to steal money, rather than provide valuable services.
"If there is one silver lining from the coronavirus it is that it brought about the next generation of the healthcare evolution - telehealth," he says "The key to making telehealth really successful is to keep it safe and secure and to ensure that people feel safe using it."