E/M Documentation for Telehealth Follow‑Up Visits: How CMS Defines Patient Status, Time, and Required Elements for Audit Support
With CMS tightening oversight across several program areas, including how Marketplace agents verify consumer actions, it’s clear the agency is zeroing in on documentation integrity. That same focus applies when auditors review telehealth E/M notes. CMS has spelled out more precisely what the record must include to justify time‑based coding, especially for established‑patient telehealth follow‑ups.
Where CMS Focus Is Heading
According to a GAO analysis, CMS implemented stricter procedures in 2024 to verify consent and track user actions within system workflows. The takeaway is simple: accountability must be verifiable. For telehealth and other professional services, that means documentation showing the clinician’s reasoning, time, and decision processes, not just copied notes or preset templates.
CMS’s current compliance posture reflects GAO’s findings in other areas, where weak validation controls allowed unauthorized activity. For E/M coding, the equivalent weakness is incomplete or vague documentation. When a MAC or Unified Program Integrity Contractor sees missing time detail or generic “stable follow‑up” language, they treat it as an integrity lapse. The revenue cycle takeaway is blunt: if it isn’t clearly on the encounter record, it doesn’t count toward billable time.
Defining Patient Status in a Telehealth Context
Telehealth visits can qualify as new or established patient encounters depending on prior documented contact. “Established” in CPT terms means the patient has received professional services from the same physician or another qualified clinician of the same specialty in the same group practice within three years. It’s a coding rule, not a payer preference.
When billing a telehealth follow‑up, established patient E/M codes (99212‑99215) are generally used. CMS expects the note to spell out the patient’s status, why the visit occurred, and whether it’s part of ongoing treatment, post‑discharge care, or monitoring. A defensible record shows continuity, reference to the prior encounter, progress since that visit, and any plan updates.
Time vs. Medical Decision Making, What Really Counts
Under the 2021 CPT framework, either total time or medical decision making (MDM) can determine the E/M level. For telehealth follow‑ups, time often provides more accurate support since it includes counseling, coordination, and documentation beyond the live conversation. But total time means only the clinician’s time on the date of service, not prior prep or staff work afterward.
Auditors look for specific elements:
- Total minutes documented for that same date, plus what tasks those minutes covered (reviewing results, counseling, updating the plan).
- Presence and modality noted, audio only or audio/video, since CMS still distinguishes between them and expects proper modifiers.
- Care coordination listed only if performed personally that day by the provider.
Auditors value precision more than word count. No need for long narratives, draw a clear link between documented effort and the billed code. If clarity is missing, they default to the lowest level supported.
Documentation Elements CMS and Payers Expect
Commercial payers such as Aetna and Cigna mirror CMS in requiring that records show the visit was medically necessary, synchronous, and compliant with consent and privacy standards. CMS’s current integrity focus underscores that consent, identity, and access verification matter in telehealth encounters just as much as in Marketplace functions. The GAO report calling out weak consent confirmation reinforces how explicit patient acknowledgment, whether for coverage or care, is mandatory.
For E/M documentation, the essentials include:
- Documented patient consent for telehealth delivery
- Stated patient status as new or established
- Date, time (total or start‑stop), and provider identity
- Findings, MDM or assessment, and treatment plan
- Next visit or follow‑up instructions
If any are missing, the claim becomes an easy audit target. Many payers now use automated logic to flag telehealth claims lacking time detail or consent attestation. Once flagged, payments are delayed, and any appeal hinges entirely on what’s documented rather than what happened during the call.
Monday Morning Fix: Make Time the Anchor
Skip formula notes. Review a handful of telehealth records this week, does each one show total time, MDM summary, and consent language? If not, it’s time to overhaul your quick‑reference guide for the E/M team. CMS’s pattern, as GAO has shown, heads toward stronger verification and traceable documentation. Each confirmed element, time, patient identity, consent, keeps future revenue intact.
Time, identity, and consent. Get those right and your telehealth E/M claims will hold up when CMS sharpens its post‑payment reviews.