The Office of Inspector General (OIG) recently issued two notable compliance updates, of which health care organizations should take note as the COVID-19 public health emergency ends and regulatory compliance activities ramp up.

Changes to Form and Format of OIG Compliance Program Guidance

First, in an effort to modernize the accessibility and usability of publicly available resources, OIG issued a Notice in the Federal Register that it is changing its approach to issuing voluntary compliance program guidance documents (CPGs). CPGs provide helpful guidance to various healthcare entities on maintaining compliance with fraud and abuse laws, and have historically been tailored to specific types of health care entities, including without limitation: (1) hospitals; (2) home health agencies; (3) clinical laboratories; (4) DMEPOS suppliers; (5) hospices; (6) Medicare Advantage; (7) nursing facilities; (8) physicians; and (9) pharmaceutical manufacturers. A full list of the existing guidance documents is available here

According to this Notice, new and updated CPGs will now be posted by OIG on its website, and will no longer be published in the Federal Register.  To keep abreast of new and updated CPGs going forward, interested parties may sign up for the OIG listserv (available here) to receive email updates.

Additionally, OIG is planning to consolidate guidance across the health care industry (General CPGs) and for subsets of the industry (Industry Specific CPGs). The next industry-specific guidance is planned for Medicare Advantage and nursing facilities.

New Toolkit for Analyzing Telehealth Claims

Second, OIG issued a Toolkit: Analyzing Telehealth Claims to Assess Program Integrity Risks, which is based on the prior OIG report: Medicare Telehealth Services During the First Year of the Pandemic: Program Integrity Risks (OEI-02-20-00720).

The Toolkit provides a step-by-step approach to analyzing potential telehealth fraud and abuse issues in response to exponential growth in the use of telehealth during the COVID-19 pandemic. This may be particularly useful for health care organizations assessing operational and compliance risks associated with telehealth programs established during the pandemic, as the public health emergency officially ends May 11, 2023.

The Toolkit includes the following key measures used by OIG to identify fraud, waste, or abuse in billing for telehealth services, as well as OIG’s commonly used thresholds for identifying high risks to health care programs, which are likely to result in enforcement action.

  1. Billing telehealth services at the highest, most expensive level for a high proportion of services, which raises the concern over upcoding (e.g., billing CPT 99215 100 percent of the time may be a clear red flag).
  2. Billing a high average number of hours of telehealth services per visit, which raises the concern that billed services were either unnecessary or not being provided (e.g., billing 2 hours of telehealth services per visit v. median 21 minutes).
  3. Billing telehealth services for a high number of days in a year, which raises the concern that all billed services were not actually provided (e.g., billing 300 days per year v. median 26 days per year).
  4. Billing telehealth services for a high number of unique patients, which raises the concern that all billed services were not actually provided (e.g., billing 2000 beneficiaries v. median 21 beneficiaries).
  5. Billing multiple plans or programs for the same telehealth service for a high proportion of all services, which raises the concern over intentional submission of duplicate claims (OIG considers high risk billing to be billing 20 percent or more of all services, whereas most providers never bill this way).
  6. Billing for a telehealth service and then ordering medical equipment for a high percentage of patients, which can be an indicator of fraud schemes (e.g., ordering medical equipment for at least 50% of all beneficiaries v. the median 3 percent).
  7. Billing for both a telehealth service and an originating site facility fee for most visits, which is not permitted under Medicare if the patient is not actually in the health care facility when receiving the telehealth services (OIG considers high risk billing to be 75 percent of all services, whereas most providers never bill this way).