MassHealth Made Payments Totaling at Least $91,852,881 to Its Providers for Telehealth Behavioral Health Services That Were Not Properly Documented.

During our audit period, MassHealth made payments totaling at least $91,852,881 to its providers for telehealth behavioral health service claims that lacked required documentation. In our review of the patient records related to the 47 claims in our statistical sample, we identified numerous telehealth services for which the documentation did not meet MassHealth requirements. Each of the 47 claims had at least one issue. The issues are reflected in the table below, which quotes the “Requirements for Telehealth Encounters” section of Appendix A of MassHealth’s All Provider Bulletin 314.

*    Some claims are counted more than once because they had multiple issues.

We extrapolated the test results from our sample of patient records to the population of telehealth behavioral health service claims paid by MassHealth during our audit period. Based on this, we are 90% confident that the minimum amount of overpaid telehealth behavioral health service claims was $91,852,881 and the maximum amount was $96,464,816. The lack of documentation calls into question whether all of the $91,852,881 of service was properly delivered.

MassHealth’s All Provider Bulletin 314 states,

Providers must adhere to and document the following best practices when delivering services via telehealth:

1. Providers must properly identify the patient using, at a minimum, the patient’s name, date of birth, and MassHealth [identification number].

2.   Providers must disclose and validate the provider’s identity and credentials, such as the provider’s license, title, and, if applicable, specialty and board certifications.

3.   For an initial appointment with a new patient, the provider must review the patient’s relevant medical history and any available medical records with the patient before initiating the delivery of the service.

4.   For existing provider-patient relationships, the provider must review the patient’s medical history and any available medical records with the patient during the service.

5.   Prior to each patient appointment, the provider must ensure that the provider is able to deliver the service to the same standard of care and in compliance with licensure regulations and requirements, programmatic regulations, and performance specifications related to the service (e.g., accessibility and communication access) using telehealth as is applicable to the delivery of the services in person. If the provider cannot meet this standard of care or other requirements, the provider must direct the patient to seek in-person care. The provider must make this determination prior to the delivery of each service.

6.   To the extent feasible, providers must ensure the same rights to confidentiality and security as provided in face-to-face services. Providers must inform members of any relevant privacy considerations.

7.   Providers must follow consent and patient information protocol consistent with those followed during in person visits.

8.   Providers must inform patients of the location of the provider rendering services via telehealth (i.e., distant site) and obtain the location of the patient (i.e., originating site).

9.   The provider must inform the patient of how the patient can see a clinician in-person in the event of an emergency or as otherwise needed.

MassHealth’s All Provider Bulletins 281, 289, 291, and 303 contain the same or similar requirements.

Although MassHealth sent providers bulletins outlining the documentation requirements for telehealth services, it did not offer training to providers to ensure that claims were properly documented. In addition, MassHealth did not establish monitoring controls to ensure that telehealth services were documented in accordance with its All Provider Bulletins.

MassHealth should train its providers, and establish monitoring controls, to ensure that telehealth services are documented in accordance with its All Provider Bulletins.

MassHealth disagrees that it “made payments totaling at least $91,852,881 to its providers for telehealth behavioral health services that were not properly documented.” The basis for the audit finding is language in MassHealth Bulletins 281, 289, 291, 303 and 314 that providers delivering services via telehealth “adhere to and document” certain best practices delineated in the bulletins. The [Office of the State Auditor, or OSA] reads this language to require providers to “document” the listed best telehealth practices in the member’s medical records. MassHealth disagrees with this interpretation of its Bulletins. The Bulletins do not require the best practices to be documented in the member medical records. Rather, the “Documentation and Record Keeping” section, which immediately follows the section cited by the OSA, specifies the information that is required to be noted in the member’s medical record for a telehealth encounter.

As noted above, as part of its review of the OSA’s finding and its regular review of its telehealth guidance, MassHealth has recently issued a clarification to the “Requirements for Telehealth Encounters” section of its telehealth policy in its most recent Provider Bulletin, All Provider Bulletin 355, to clarify that providers are encouraged to document the delineated best practices in their written policies and procedures. MassHealth has also revised its “Documentation and Record Keeping” requirements to better align with industry practices and to minimize administrative burdens on providers.

Furthermore, MassHealth has robust program integrity processes in place to ensure that providers adhere to MassHealth requirements in the delivery of services. MassHealth reviews telehealth encounters in the same manner that it reviews in-person encounters, including medical record review, where appropriate. MassHealth is committed to continuing these important efforts to ensure the quality of services rendered to members and the integrity of the MassHealth program.

In its response, MassHealth also included additional background information on telehealth, which can be found in the Appendix of this report.

OSA acknowledges that MassHealth’s All Provider Bulletin 314 does not specifically require providers to document compliance with MassHealth’s required best practices in each member’s medical record. However, as noted in our report, OSA found inconsistencies in provider recordkeeping in this area; some providers documented some, or almost all, of these best practices in members’ medical records, while other providers did not.

MassHealth is not accurate when it states that we relied solely on a review of a member’s medical record when determining a provider’s compliance to these best practices. Specifically, in addition to reviewing a member’s medical record, during our audit we also requested from each of the providers in our sample all documentation (e.g., notes, billing, and member health information) related to the telehealth claims we reviewed. This documentation would include information that demonstrated that the provider complied with MassHealth’s best practice requirements. For example, if the claim we reviewed was for an initial appointment with a new patient, the information we obtained from the provider should document that the provider reviewed the patient’s relevant medical history and any available medical records with the patient before initiating the delivery of the service as required by MassHealth’s best practice requirements. OSA told MassHealth officials during our audit that we were reviewing all of the information regarding the claims in our sample, not just the members’ medical records. In fact, when several providers refused to provide OSA with all the supporting documentation regarding their claims that OSA was reviewing, MassHealth assisted OSA in attempting to obtain this information. It should be noted that, in many instances, providers responded to our requests for information by stating that all the information related to the telehealth claims being reviewed would be in the members’ medical records.

We agree with MassHealth that the “Documentation and Record Keeping” section of the All Provider Bulletins includes information that must be noted in the member’s medical record for a telehealth encounter, which is why we tested that section as well. Specifically, this section requires that providers include a notation in the member’s medical record that indicates the distant and the originating sites. As our report states, 20 of the 47 claims we tested did not meet that requirement.

In its response, MassHealth states that it had updated the language in its All Provider Bulletin 355 to indicate that providers are now “encouraged,” as opposed to being “required,” to have documented policies and procedures that incorporate MassHealth’s best practices. It also states that providers must still adhere to these best practices when delivering services via telehealth. In OSA’s opinion, since these best practices relate to the quality of telehealth services being provided to members, MassHealth should require that providers document MassHealth’s best practices for providing telehealth services in their policies and procedures to better ensure that proper controls exist over this activity.