5 Tips to Fight Telehealth Fraud

By Zachary Amos •  Updated: 08/12/22 •  5 min read

Telehealth has skyrocketed over the past few years. As COVID-19 made physically visiting a doctor’s office more complex, digital solutions let patients connect with healthcare professionals virtually. Now it’s clear these systems are here to stay, but they also bring some new concerns.

More than half of all healthcare visits happened virtually in mid-2020. While that number has since dropped, more than a third of patients still use telehealth. That’s good news for healthcare accessibility, but it raises questions about telehealth fraud.

What Is Telehealth Fraud?

Telehealth fraud occurs when people take advantage of these digital solutions to make money. Considering how healthcare spending reached $4.1 trillion in 2020, telehealth systems are a tempting target for fraud.

Sometimes, that fraud looks like providers billing patients for services they didn’t receive or misrepresenting what a virtual visit entailed. Alternatively, cybercriminals could pose as legitimate telehealth providers to trick patients into paying them. In other scenarios, cybercriminals could commit identity theft to claim telehealth services fraudulently.

While telehealth’s popularity is relatively new, fraud cases have already emerged. The most significant healthcare fraud enforcement action in history happened in 2020 when the Department of Justice accused 86 defendants of fraudulent telemedicine claims. The losses from these fraud cases added up to $4.5 billion.

How to Fight Telehealth Fraud

Telehealth has many advantages, but providers, users, and software vendors must address the fraud problem so it can reach its full potential. Here are five ways to reduce telehealth fraud risks.

Educate UsersOne of the most important measures is educating people on telehealth’s risks. Phishing already accounts for 45% of cybersecurity incidents in healthcare — online care’s growing popularity could lead more people to fall for these scams. Education is the solution.

Telehealth providers should inform their customers about scams they may see and how to recognize them. Their processes and communication should follow strict standards to make it easier to tell legitimate messages from scams. Frequent reminders to keep detailed records of services to prevent provider fraud are also helpful.

Providers should also train their staff to spot and avoid phishing attempts. Doing so can help stop cybercriminals from gaining access to internal records that could help them commit fraud.

  1. Improve Verification Methods

Telehealth platforms also need to be able to verify users’ identities. One of the reasons telehealth fraud is snowballing is because it’s relatively easy to impersonate patients in many cases.

Verification on these services must go beyond a simple username and password. Multi-factor authentication should be enabled by default and come up anytime people schedule a meeting or make a transaction. This step may make the telehealth process less streamlined, but it’s crucial for security.

Biometric security for account creation is also essential. When patients set up an account, they should scan their driver’s license, then verify it with a live video selfie. These steps help prevent identity thieves from creating telehealth accounts.

  1. Employ Data Visualization

Some less technical steps can help, too. If providers can visualize their records better, it’ll be easier to spot any unusual activity or incorrect billing. This visualization can help highlight potential fraud cases, addressing them before the criminal can cause too much damage.

Many programs can automatically compile healthcare data into easy-to-read charts and graphs. Telehealth companies can review these visualizations to better understand billing, services provided, and patient usage statistics. Anything that doesn’t add up will stick out in this comprehensive view, making it harder to commit fraud and get away with it.

  1. Implement AI

Telehealth companies can also go further by using artificial intelligence (AI). Visualizing data can help recognize fraud patterns, but it isn’t always fast enough to catch fraud early and still has room for human error. AI can analyze the same data faster and more accurately detect potential fraud.

Many companies already use AI to detect theft patterns and stop fraud in the financial industry — the medical sector could do the same. These algorithms can catch the early warning signs of fraud before humans recognize them, stopping criminals sooner. Other AI tools could monitor networks for suspicious activity to prevent hackers from accessing patients’ personal information.

  1. Secure Patient Data

Telehealth providers should ensure they keep patient data private and secure. These apps store a lot of sensitive information, and if any gets out, criminals could use it to commit identity fraud. Limiting access to this data helps prevent this and keeps companies compliant with data privacy laws.

Encrypting data both at rest and in transit is the first step. Next, companies should keep access privileges to an absolute minimum. Any user, device, or app should only be able to access the data they need to work correctly.

While some states require providers to keep medical records for years, telehealth platforms should consider minimizing how long they hold onto sensitive documents. Businesses should review local laws, then delete data as soon as they no longer need it under the law to minimize the chances of a breach.

Telehealth Must Become More Secure

When telehealth is private and secure, it can make healthcare more accessible and convenient. Users, providers, and software developers should keep the related risks and these mitigation steps in mind to help enable this. Telehealth’s potential is vast — but only if it doesn’t become a hotbed for fraud.

Zachary Amos

Zachary is a tech writer and the features editor of ReHack Magazine where he covers cybersecurity and all things technology.