Add a bookmark to get started

10 May 20238 minute read

OIG Telehealth Toolkit for program integrity risks: What payors and providers need to know

On April 20, 2023, the US Department of Health and Human Services, Office of Inspector General (OIG) published a new Telehealth Toolkit intended to assist public- and private-sector partners – such as Medicare Advantage plan sponsors, private health plans, State Medicaid Fraud Control Units, and other Federal healthcare agencies – in analyzing telehealth claims data to assess program integrity risks.

The OIG created the toolkit in response to the dramatic increase in the use of telehealth during the COVID-19 pandemic as well as the rising concerns of lawmakers and payors with respect to fraud, waste, and abuse associated with the provision and reimbursement of telehealth services. 

The toolkit is informational in nature and does not impose requirements on any third-party payors or federal and state programs. However, it provides instructive guidance for telehealth providers, as well as payors and programs, regarding potential focus areas of fraud, waste, and abuse.

OIG’s steps for analyzing telehealth claims

The OIG’s toolkit provides a series of five steps for payors to analyze telehealth claims or encounter data:

  1. Review program policies to understand the payor’s applicable payment and coverage policies

  2. Collect telehealth claims data for individual providers (the toolkit is not focused on institutional providers) based on data identifiers such as modifiers or place of service codes, and consider including virtual care visits (virtual check-ins, e-visits, remote monitoring, and telephone calls which are always conducted remotely)

  3. Conduct quality assurance checks to ensure the completeness and accuracy of the data including key fields, and to exclude claims containing erroneous values

  4. Analyze the data for program integrity risks focusing on the seven program integrity measures identified by the OIG in the toolkit, but keep in mind that adjustments may be desirable depending on different billing partners or the payor’s goals, and

  5. Interpret the results to identify potential areas of concern for the payor which may warrant additional safeguards or particular providers that may be at risk; however, any determination of fraudulent or abusive practices would require additional investigation beyond the steps identified in the toolkit.

OIG’s seven program integrity measures

In addition to the recommended steps for analyzing telehealth claims, the OIG identifies the following seven measures that can be used to identify fraud, waste, and abuse when reviewing telehealth billing practices.  Each measure is defined and includes “analysis” guidance on how to calculate the measure, as well as a “threshold” standard to apply to identify providers who pose risk.  Each measure is described below.

  1. Billing telehealth services at the highest, most expensive level for a high proportion of services. The OIG believes this practice could be indicative of “upcoding.”Notably, in terms of the threshold to apply, in its review of Medicare claims, the OIG considered providers that billed 100 percent of their telehealth services at the highest level in any of the service categories selected as high risk.The OIG suggested that payors may adjust the threshold for their needs (ie, lower threshold to identify potential risks and establish safeguards and higher thresholds if identifying providers for further investigation).


  2. Billing a high average number of hours of telehealth services per visit.The OIG believes this practice may indicate inappropriate billing for unnecessary services or services not rendered in order to maximize payment. The OIG applied a threshold of providers who billed for at least 25 telehealth visits, and, to avoid flagging providers that are appropriately billing, excluded certain extra-long services (ie, those that take more than 100 minutes and psychological evaluation and testing). The Medicare median time was 21 minutes per telehealth visit across all providers, and the OIG considered any provider billing an average of over 2 hours of telehealth services per visit as high risk.

  3. Billing telehealth services for a high number of days in a year. The OIG believes this practice may indicate a provider billing for services not actually provided. As for a threshold, because telehealth services were provided to Medicare patients a median of 26 days per year across all providers, the OIG considered any provider billing for telehealth services over 300 days per year as high risk.

  4. Billing telehealth services for a high number of patients. The OIG believes this practice may indicate a provider billing for services not actually provided. This measure is analyzed by calculating the total number of unique patients for whom they had billed at least one telehealth service during a one-year timeframe. In light of the OIG’s finding that the median number of Medicare patients for which telehealth services were provided was 21 patients for all providers, the OIG considered any provider furnishing telehealth services to over 2,000 Medicare patients to be high risk.  Additionally, the OIG suggests that certain billing patterns, such as billing solely or primarily for patients with whom providers have no established relationship, may indicate that these providers are billing for telehealth services using stolen or compromised patient identifiers.

  5. Billing multiple plans or programs for the same telehealth service for a high proportion of services. The OIG believes this practice may indicate that the provider is intentionally submitting duplicate claims to increase their payments.  The OIG limited its analysis to providers that billed Medicare for at least 50 telehealth services and considered a provider to be high risk if it billed both Medicare fee-for-service and a Medicare Advantage plan for the same service for more than 20 percent of their services.  According to the OIG, most providers never did this.

  6. Billing for a telehealth service and then ordering medical equipment for a high percentage of patients. The OIG believes this practice may indicate ordering unnecessary supplies or equipment and has been linked to known fraud schemes, including some high-profile settlements and enforcement actions.  The OIG limited its analysis to providers that billed Medicare for medical equipment or supplies within three months of the telehealth service. The median for this activity was only 3 percent of beneficiaries, and the OIG considered providers high risk if they ordered supplies or equipment within 3 months of telehealth services for at least 50 percent of their beneficiaries. Further, the OIG identified providers billing primarily for audio-only telehealth services before ordering medical equipment and supplies as potentially risky.  The OIG believes that this pattern may indicate that providers are cold calling new beneficiaries to increase orders for medical equipment, supplies, and telehealth services.

  7. Billing for both a telehealth service and a facility fee for most visits. The OIG believes this practice may indicate that the providers are intentionally billing both the telehealth service and a facility fee to increase their payments, even if prohibited by Medicare.The OIG suggests calculating this measure by determining the percentage of each provider’s visits that included both a telehealth service and a facility fee, while also limiting the analysis to providers having billed a certain number of telehealth visits (eg, 10 telehealth visits). The OIG considered a provider to be high risk on this measure if it billed for both a telehealth service and an originating site facility fee for more than 75 percent of their visits (most never billed this way). The OIG also recommends evaluating other providers that are part of the same medical practice as high-risk providers or that are associated with the same telehealth companies as high-risk providers.

Implications for providers

Whether or not payors adopt or follow this toolkit, telehealth providers should view this toolkit as a warning sign that payors, including Medicare, and enforcement agencies, such as the OIG, will be closely scrutinizing telehealth billing and reimbursement.  As such, providers are encouraged to review their telehealth billing practices, both under this toolkit and with respect to payor requirements, to assess whether they may be at risk of catching the attention of such payers and enforcement agencies. 

Many well-intentioned providers may not be fully aware of technical payor requirements, thereby leaving themselves vulnerable to audit liability. Even where a provider is confident in the legality of its practices, utilizing the information in this toolkit could be helpful to mitigate the risk or likelihood of time-consuming and costly audits and payer disputes as well as government investigations.

For more information, please contact the authors.