How Telehealth Became the Perfect Vehicle for Fraud

Until telehealth, there may never have been a better example of the fraud axiom that everything we do to make it easier for the consumer also makes it easier for the crooks.  Telehealth was supposed to be the key to unlock access to health care, replacing waiting rooms with video calls and having prescriptions written without physically visiting a doctor. Telehealth expanded access to health care, eliminated friction, and allowed millions of people access to health care they otherwise may not have had before.

However, the same technology that allowed telehealth to transform health care also allowed bad actors to exploit telehealth.  The healthcare fraud that followed the introduction of telehealth didn’t just expand, it scaled to industrial proportions. 

Before the telehealth boom, major health care fraud takedowns by the DOJ typically totaled a few billion dollars across multiple in-person health care fraud schemes.  These instances required coordination, the bad actors still had to have a physical location, complicit staff, and see actual patients for whom they could bill.  But in 2020, the DOJ Operation Rubber Stamp tackled six billion dollars of fraud, with four and a half billion of it being facilitated using telehealth.  Only five years later in 2025, telehealth was the single largest named category of fraud within the record-breaking action representing $14.6 billion in fraud, doubling the prior record from 2020.

The Trade: Access for Exposure

Every healthpayer system or process trades back and forth between stronger security and greater patient access. In-person healthcare explicitly made that trade choosing friction as a form of patient and fraud protection.  The patient friction of driving to the clinic, checking in with front-desk staff, observation by a nurse followed by an examination by a doctor were not designed as fraud controls, but they functioned as them. The physical presence of a patient and a doctor created accountability.

Telehealth removed those friction points associated with in-person visits and replaced them with all that remained: PII data and a device.  That PII and a device were all that were needed to administer care, but it was also all that was needed to fabricate an encounter with a patient, approve a prescription, generate a claim, and collect reimbursement; even without anyone ever having to actually appear on a screen.

For one group in particular, Medicare beneficiaries, telehealth visits surged. And by the end of 2023 about 12.6% of Medicare beneficiaries utilized telehealth services for their care. Outpatient telehealth’s share of total care climbed from under two percent to nearly five percent. Telehealth allowed the infrastructure to scale, but the fraud controls did not keep up.

Friction Was a Defense That We Engineered Away

Traditional healthcare had a ceiling of physical limitations because it needed bodies, time, and physical presence. A corrupt physician signing off on fraudulent claims is limited by how many patients he can physically cycle through each day.  That ceiling isn’t necessarily low, but it exists.

Telehealth changed the math in that a single provider offering telehealth could approve dozens of consultations each hour without any real patient examination, no real clinical interactions, and thus no actual medical judgement at all.  In one recently prosecuted case of an Adderall distribution scheme, telehealth was used to disperse over forty million pills and generate more than a hundred million dollars in revenue.  In that case, telehealth wasn’t the enabler of the fraud scheme, it was the fraud scheme.

The Identity Problem

Healthcare payers haven’t really solved the identity problem, instead relying on the friction associated with physical clinical visits for patient care where patient impersonation is possible but less likely.

Telehealth, however, moved patient identity verification to the verification of static patient data: name, date of birth, insurance credentials, etc. These data elements are weak confirmatory signals that fraudsters know how to undermine.  One prosecuted case involved a telemedicine operation that submitted $17.9 million in false Medicare claims using synthetic and stolen patient identities where the patients simply didn’t exist or did not consent.  Even though this case was successfully prosecuted, the underlying structural problem that enabled the massive fraud remains intact across the industry.

Billing at Scale: The Quiet Multiplier

Telehealth digital encounters enable the use of templated documentation, that in turn enables bulk claims submission.  Because of this, a single fraud operation can submit thousands of claims across Medicare, Medicaid, and commercial healthpayers before a single one of those claims is flagged for review or non-payment.  Where in traditional healthcare  fraudulent billing by the bad actors is limited by their physical ability to perpetrate the fraud, in telehealth the fraudulent billing is the fraud, and it rapidly scales.

Why This Caught Everyone Off Guard

The rollout and adoption of telehealth was fast because of necessity driven by the pandemic.  In March of 2020, the priority was ease of access, and as a result, regulators waived requirements and payers extended coverage.  The fraud mitigation playbooks of healthcare payers take time to write and even longer to operationalize.  So by the time healthpayers began to understand what was happening with telehealth the money was already rapidly leaving the door.

The Hard Truth About Telehealth

The healthcare industry had already been racked with fraud, and even without the pandemic it would have continued to grow.  However, telehealth scaled fraud  by removing the natural defenses associated with patient friction, and by adding reach and multiplying its speed.  For comparison, pre-pandemic in-person fraud schemes rarely exceeded three billion dollars in a single enforcement action, and often took years to execute.  But post-pandemic telehealth fraud schemes yielded tens of billions of dollars and took a fraction of the time to execute.

What Comes Next for Telehealth

Payers are now catching up, and their progress is real.  They are using analytic-based claims to detect fraud to make prepayment fraud decisions before claims are paid out.

Telehealth isn’t going anywhere as it is the future of care delivery, especially for formerly underserved populations who may need healthcare the most.  So healthcare fraud prevention must catch up by investing in stronger digital identity proofing, behavioral and device intelligence, real-time fraud risk decisioning, and expanded cross-payer visibility to match the scale of the new fraud threat.

The healthcare industry must be as innovative in its fraud defenses as it was in unlocking access during the pandemic by treating its fraud infrastructure as seriously as its new care infrastructure.