Telehealth – The Game Has Changed

Updated on June 22, 2021

By Kim Pardini-Kiely, Kevin Dunnahoo, and Bryan Beaudoin

The disruption created by the COVID-19 pandemic within the healthcare delivery system, coupled with high demand for convenient and safe access to care, has led to rapid and extensive expansion of coverage for telehealth services. Telehealth has irreversibly changed the way we deliver healthcare. This change presents healthcare organizations with an opportunity to develop or significantly expand their telehealth services to provide patient care and to improve patient safety and patient/physician satisfaction. However, it also presents several challenges: developing an effective clinical workflow, accurately documenting and coding for these services, and implementing effective and secure technology. The question now is how provider organizations can maintain these services going forward and ensure that they meet regulatory requirements and provide outstanding quality and service. There are three key areas of consideration which will also help provide a focus for audit and compliance plans.


Providers will need to be educated on how to conduct a virtual visit and to understand what is required for them to capture evidence of the visit that was conducted.  

• The first step is to complete patient identification and verification.  Medical and identity fraud is still a concern that must be addressed.

• Informed consent must be obtained and documented in the medical record prior to conducting the visit. Telehealth providers must explain the risks and benefits of receiving telehealth services, along with any information reasonably necessary to obtain effective consent. 

• Document the patient’s location, the provider’s location, the names and roles of anyone participating in the encounter, the number provided to the patient for the visit and a call-back number for the patient.

• The visit should be documented in the same way providers would document face-to-face services, matching those requirements of in-person visits by using the same Evaluation and Management (E/M) code. 

Coding and Billing:

Not only has Centers for Medicare and Medicaid Services (CMS)significantly expanded the number of now reimbursable services for telehealth, but it has significantly increased the amount it will reimburse for these services. It has done so via two methods:

  • Increased the rates CMS will pay for certain CPT codes, including telephone-only services, Hospital Billing (HB) services in the Emergency Department (E.D.), Physical Therapy (PT), and behavioral health services.
  • Eliminated the reimbursement discount for telehealth E/M CPT codes associated with services provided via telehealth so that CMS will now pay the same rate as if the E/M service were provided in-person. CMS has also relaxed requirements that limit many telehealth services to only patients with an established provider/patient relationship.

Commercial health insurance payers are also significantly expanding the array of services provided via telehealth for which they will reimburse and increasing the payment rates. It is crucial for coding, billing and revenue integrity that department leaders work collaboratively to review and update a matrix of reimbursable services by payor and communicate changes to the coding and billing teams. 

Technology, Security & Privacy:

There are many aspects that require scrutiny to ensure that the telehealth technology platform is functional and easy to use, but also provides the right level of security so that patient privacy is protected.  

  • Notice of enforcement discretion issued by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) allows for the use of non-HIPAA compliant non-public facing applications; however, maintaining patient confidentiality should remain top of mind, so conduct visits in a private setting. Keep in mind that these waivers are temporary so a plan to migrate to a HIPAA-compliant platform will be important. OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements. 
  • Access controls with identity verification for both the patient and the physician are critical to helping ensure the privacy of any telehealth visit. Given this technology may be accessed from any remote location, the ability to verify a user’s identity, preferably by using multifactor identification, is key to reducing the possibility of unauthorized users gaining access to sensitive resources and applications.
  • One of the biggest pain-points and hurdles for telehealth programs is utilizing technology for scheduling and queuing of the patient visits.  This process needs to be a key consideration to ensure patient and physician ease of use and efficiency.

Kim Pardini-Kiely is Associate Director, Clinical and Operational Management, with Protiviti.

Kevin Dunnahoo is Associate Director, Healthcare Technology, Cybersecurity, and Digital Transformation, with Protiviti.

Bryan Beaudoin is Senior Manager, Documentation, Coding and Billing, with Protiviti.

For more information, visit

14556571 1295515490473217 259386398988773604 o

The Editorial Team at Healthcare Business Today is made up of skilled healthcare writers and experts, led by our managing editor, Daniel Casciato, who has over 25 years of experience in healthcare writing. Since 1998, we have produced compelling and informative content for numerous publications, establishing ourselves as a trusted resource for health and wellness information. We offer readers access to fresh health, medicine, science, and technology developments and the latest in patient news, emphasizing how these developments affect our lives.