By HENRY LEVENTIS, Bone McAllester Norton, PLLC


Before COVID-19 was a household name, telemedicine was already changing the face of healthcare. In response to the coronavirus, however, federal and state governments have taken several steps to rapidly expand providers’ use of telemedicine.

For example, Centers for Medicare and Medicaid Services (CMS) recently eliminated the “eligible initiating site” requirement and now permits providers to use telemedicine to treat all beneficiaries in their homes, not just those who live in rural areas. Likewise, the Drug Enforcement Agency (DEA) now allows registered providers to prescribe controlled substances to patients they have never met in person and Health and Human Services (HHS) has relaxed enforcement of HIPPA requirements regarding the use of non-secure means like Skype to deliver telemedicine.

Although federal and state governments are encouraging the use of telemedicine more than ever before, there are a number of regulatory and compliance issues that providers should keep in mind as they expand their use of telemedicine.


Enforcement Priority Areas

As telemedicine has grown, so has regulators’ focus on identifying waste, fraud and abuse in this area. These regulators include the Justice Department, HHS Office of Inspector General (OIG), Medicaid Fraud Control Units and CMS’s Unified Program Integrity Contractors (UPIC).

When a provider’s use of telemedicine involves areas, like durable medical equipment or compound pharmaceuticals, that have traditionally been considered high-risk for fraud, the provider is more likely to get regulators’ attention. The use of telemedicine to prescribe in these areas may also increase a provider’s chance of “winning” CMS’ audit lottery. Providers who utilize the DEA’s relaxed restrictions on prescribing controlled substances through telemedicine, particularly opioids, can also trigger heightened scrutiny.


UPIC Records Requests

This scrutiny often begins in the form of an audit. At first glance, UPIC provider audits, in particular record requests, give the impression that CMS is just checking in to ensure that a provider’s records support associated reimbursement payments. However, these inquiries are far from random and likely indicate that CMS has identified what they believe to be a suspect billing pattern. These audits are often a precursor to federal and state investigations.

Regardless of whether an audit triggers an investigation, however, healthcare providers working in telemedicine need to know that they can lose Medicare privileges for up to 10 years for mere records keeping violations, like non-compliance or inadequate compliance with a records request. This can present something of a minefield for providers because federal regulations place the onus on them to maintain patient records for at least seven years.

In reality, many telemedicine providers never actually possess or maintain patient records; rather, they access them online through a secure portal owned by the medical practice, hospital or telemedicine company and maintained by an electronic health records (EHR) vendor. Thus, if a provider receives a UPIC records request, he or she could be at the mercy of their employer or EHR company to locate patient records in a timely fashion.

This can be difficult as these requests contain scant information about the patients involved. If a provider has worked with multiple telemedicine companies during the date of service range in the request, the challenge is even greater.


Practicing Defensive Medicine

So, what should you do? The answer is not to avoid this increasingly important method of delivering patient care during our national health emergency. Instead:

  • Be proactive about records access when negotiating future employment agreements and talking with your current employer.
  • Be thoughtful about documenting patient charts.
  • Be sure that your employment agreement provides for timely access to patient records or other documentation in the event of a UPIC audit.

UPIC records requests typically allow for 45 days to respond. The employment agreement requirements related to records request should apply even after you leave the company, as a request for assistance from a former employee will receive greater priority when it references the employer’s contractual obligation.

If you are already treating patients through telemedicine, determine who owns and maintains the EHR. Learn how you can access and search records in a timely manner if the need arises while you are with the company and if you separate from the company.

As for practicing telemedicine, go back to the basics: If you are prescribing for telemedicine patients, especially in the areas referenced above, be vigilant in documenting the medical necessity for each prescription. Resist the temptation to cut and paste verbiage from one patient chart into another. This may seem like an easy time-saving measure, but many regulators view “cookie cutter” patient charts as indicia of fraud.

If you are prescribing opioids through telemedicine, fully document facts that demonstrate that you are acting in the usual course of your professional practice. In addition to documenting medical necessity, document that you reviewed the patient’s medical history, the patient’s urine drug screens and your state’s controlled substance monitoring database – and, finally, document any efforts to identify red flags of a patient’s drug abuse, misuse or diversion.



Despite federal and state governments encouraging greater use of telemedicine, regulators tasked with combating waste, fraud, and abuse in our healthcare system will continue to view it with caution. Until that changes, telemedicine providers should employ these simple steps to protect themselves and their practices.


Henry Leventis HeadshotHenry Leventis is a member with Bone McAllester Norton, PLLC. An experienced litigator, Leventis is the former White-Collar Chief and Director of Litigation for the United States Attorney’s Office in Nashville. Joining the law firm at the beginning of 2020, he helps clients across a number of industries, including healthcare, with civil litigation and administrative enforcement actions, along with criminal matters. As a former federal prosecutor, he understands the importance of having an experienced and effective advocate on your side. For more information, go to





Bone McAllester Norton