Last year, HHS’s Office of Inspector General (OIG) completed its first deep dive into the 19.6 million Evaluation and Management (E/M) services Medicare paid for between March and November 2020, including telehealth services. While the report found that E/M services provided via telehealth generally complied with Medicare requirements, 5 out of the 105 services were found to be noncompliant, amounting to roughly 7% of the encounters reviewed. As RACs and UPICs gear up to extrapolate overpayments from the pandemic boom, this report emphasizes the need for providers to ensure their practices are up to date on the latest Medicare requirements to avoid costly audits by federal regulators.

What are E/M services?

As the name implies, E/M services refer to a variety of services in which a physician or other qualified healthcare professional evaluates or manages a patient’s health. These services may include office or outpatient services, hospital visits, home health services, and preventative care. Today, there are over a dozen categories of CPT codes, which differ based on the type and level of service provided, the location of the service, the type of practitioner billing the service, and whether the patient is a new or established patient. For telehealth practitioners providing remote patient monitoring (RPM) or remote therapeutic monitoring (RTM) services, a thorough understanding of payors’ E/M billing and coding requirements is essential to avoid clawbacks and ensure your practice bills all claims appropriately.

The COVID-19 public health emergency allowed providers significant flexibility in providing patient care, which resulted in relaxed Medicare billing requirements for telehealth, including E/M services. These flexibilities include:

• Eligible patients/conditions: The COVID-19 PHE allowed providers to provide and bill for  initial patient visits for both new and established patients. Prior to the PHE, providers could only bill for telehealth services rendered to established patients.
• Requirements for initial visits: Providers could conduct initial patient visits via telehealth, temporarily lifting the face-to-face, in-person visit requirement as a prerequisite to billing.
• Obtaining patient consent: While providers were previously required to obtain a patient’s consent to a service before an appointment, the PHE allowed providers to obtain patient consent at the time of the service.
• RPM/RTM billing flexibilities: The PHE significantly expanded providers’ ability to bill for RPM and RTM services. For one, the PHE allowed providers to render and bill for RPM services that were used in the course of treating either chronic or acute conditions. For RTM services, clinical staff could provide services that were rendered “incident to” a qualified health care professional as long as the professional provided general supervision, as opposed to direct supervision, over the staff. Both flexibilities remain in place today.

OIG’s Findings

Of the 110 services reviewed, only five missed the mark. In each case, the services were deemed noncompliant due to documentation errors. In one case, the sole page of notes provided was illegible and provided insufficient detail to support the service rendered. In the remaining instances, the providers failed to provide medical records to support the services offered—two of the providers admitted they had no records at all, while the two remaining providers failed to produce records despite multiple requests. These errors resulted in a total overpayment of $446. Yet the sample error rate—coupled with OIG’s warning that documentation lapses “may be extrapolated” under CMS rules—should put every telehealth practice on alert.

OIG’s other findings also prove to be helpful indicators of other common errors amongst E/M claims. Investigators found several charts that omitted time-spent and patient-status indicators, unsigned notes, and—critically for telehealth—no mention of where the doctor or patient was located during the visit. They also saw encounters logged as audio-visual that contemporaneous notes revealed were audio-only, a mismatch that can sink claims for many services once pandemic-era coverage of audio-only services ends.

Future Implications for Telehealth Providers

Why worry about a handful of paperwork errors? Because CMS routinely instructs its recovery contractors to project sample findings across the entire universe of similar claims, and sloppy or incomplete documentation continues is a common red flag that regulators look for. Further, while a 7% error rate may seem insignificant, Medicare spent approximately $1.4 billion on tele-E/M services during the audit window. Extrapolated across these claims, this amounts to $98 million in potential clawbacks. These findings only further demonstrate that OIG seems likely to continue investigating telehealth claims for fraudulent billing, particularly as telehealth usage continues to skyrocket.

Even more telling is where OIG is pointing next. In September 2024, OIG issued a report indicating the need for additional oversight of RPM in Medicare after finding that 43% of beneficiaries who received RPM services from 2019 through 2022 did not receive all the required components of the services. OIG has also added RPM to its Work Plan due to growing concerns about fraud, waste, and abuse. In 2025, we’ve already begun to see greater enforcement, showing that these were not mere empty promises. Just last week, a New Jersey hospital paid $529,000 under the Civil Monetary Penalties Law for RPM claims that flunked coverage rules. And Medicare isn’t the only payer concerned about fraud; trade press is already tracking a surge of RPM investigations across MACs and commercial payers alike.

Practices offering RPM services should not wait for MACs or other investigators to come knocking. Conduct privilege-protected self-audits that pair documentation reviews with video-platform metadata, cross-walk every tele-E/M note to the 2025 CPT rules, and verify that RPM logs show device transmissions on the exact days billed.

As regulators turn from pandemic flexibility to post-pandemic accountability, proactive diligence is the cheapest bill you’ll ever pay. Whether your practice needs help building compliance audit protocols, representation in a MAC or commercial payor audit, or questions about best practices for ensuring compliant billing, Health Law Alliance’s telehealth team—staffed by experienced attorneys with decades of experience handling government audits and investigations—is here for you every step of the way.