Once a far-fetched concept, medical care provided through technology such as video and phone calls is now an ordinary part of the healthcare ecosystem. While the delivery of healthcare via telehealth has its benefits, those working behind the scenes know that this method of practice can be a regulatory minefield, especially when operating in communities with fewer resources devoted to in-house oversight.
The issue of telehealth fraud is not only costing providers, health systems and the government money, it's also reducing access to this critical health tool among the underserved. The question we aim to answer is: How can we minimize the risk of wrongdoing in this increasingly important field while maximizing access to the people who need it most?
The promise of telehealth
The concept of telehealth existed long before the development of the world wide web. In 1925, for example, a cover of Science and Innovation magazine featured a doctor diagnosing a patient via radio and imagined a device that would facilitate video-based examinations. However, the spread of internet access made it possible to deploy telehealth as we know it today. In 1993, the American Telemedicine Association was formed and began to visualize a future where telehealth was normalized.
In 2009, it became clear that the technology had advanced enough that health systems needed incentives to work properly with each other. As such, the American Recovery and Reinvestment Act (ARRA) poured money into healthcare, including the Health Information for Economic and Clinical Health (HITECH) Act. HITECH prioritized interoperability, which is what allows providers to share records across different Electronic Health Record (EHR) systems.
To follow up, the Health Resources and Services Administration (HRSA) received $16 million to expand telehealth access and services specifically in rural areas and for the elderly. The intent was to improve healthcare for people with limited access to in-person care.
Who is actually using telehealth?
Although the telehealth push was meant to bring better healthcare to rural Americans and those in underserved communities, the majority of current users are affluent in urban areas. Rural communities are at the low end of telehealth participation, yet are specifically targeted in fraud committed by dishonest providers, technology companies and run-of-the-mill scammers. Why is this?
Providers are hard to come by for those in rural areas. For example, about 20% of the U.S. population lives in rural communities, but only 11% of physicians practice in such areas. That means providers are spread particularly thin, forcing them to take on more patients at once and giving them less time to focus on regulatory necessities.
Additionally, the people living in these areas are on average older than the general population and less likely to have the robust internet or computer literacy needed to interface with more secure systems, leaving room for phone-based fraud that is much easier to perpetrate. These two reasons converge to disincentivize the outreach necessary to actually boost participation in rural locations.
Problems on the providing end
The healthcare industry is known for moving slowly, even in periods of immense upheaval. When Covid-19 forced an abrupt about-face toward greater telehealth adoption, many providers felt they were pushed out of a plane with no parachute and expected to figure out how to land on their feet. They had to not only learn new technology in most cases, but also had to become far more familiar with the intricacies of the Health Insurance Portability and Accountability Act (HIPAA).
To address the pandemic, the government relaxed several HIPAA policies with the intent of making telehealth easier to administer and to access. For example, physicians can now bill for telehealth services as if they were provided in person, including both video and audio-only visits. They can also practice across state lines, and provide care to new patients in addition to established ones. Most importantly, covered providers that are responsible for breaches of HIPAA in providing telehealth are not to be hit with penalties as long as the provision is "good faith".
While these relaxed policies in theory made it possible to expand telehealth care, they also opened the door to mass confusion as providers did not receive the regulatory training they needed. In South Carolina, a state where 27% of the population resides in rural areas and the rural poverty rate is 20.6% compared to the urban rate of 12.8%, 96% of Medicaid telehealth visits in 2020 were unallowable due to insufficient documentation and lack of monitoring controls. For providers, that means living in constant fear of committing fraud completely by accident.
Solutions to combat fraud and increase adoption
We must give providers and smaller healthcare systems the tools they need to mitigate fraud if we want to increase adoption and make telehealth a more viable option for underserved communities. Doctors, administrators and staff need a clear overview of relevant policies and associated regulations.
They need to be able to report data securely so it is centrally accessible and at-the-ready. Overall, the system needs to grant the ability to create checks and balances that deter fraud—accidental or malicious—without placing any undue burden or convoluted extra steps on already-strained medical professionals.
A better way forward
We can still fulfill the promise of telehealth for underserved communities if we remove the barrier of fraud for providers and systems in these areas. Modular, simple-to-implement risk management platforms like SAI360, with focused solutions for healthcare compliance, take the pressure off providers to sift through the current tangle of regulations and give them the time they need to provide quality telehealth care for as many patients as possible without worrying that a visit might lead to an incident of fraud or abuse.
Additionally, such platforms will become even more necessary in the near future, as the pandemic eventually wanes enough that the Office of Civil Rights (OCR) retracts the relaxed enforcement that has protected providers thus far. Providers and systems that act now to implement comprehensive fraud mitigation platforms will be well-served by functions like automatic audits, while those who fail to take such precautions will scramble as the OCR begins to crack down on HIPAA violations once more.