OIG Audit Alert: What are the Key Medicare Compliance Risks in Virtual Check-Ins and E-Visits?

Articles
Written By Reema Taneja and Olivia Rothstein

Is your digital health company prepared for increased scrutiny by the Office of Inspector General (“OIG”)? The OIG has become increasingly focused on the rapid expansion of virtual care. In an audit report issued in April 2026, OIG examined Medicare Part B payments for communication technology-based services (“CTBS”), with particular attention to virtual check-ins and e-visits.

As virtual care becomes a permanent fixture in healthcare, the OIG is sharpening its focus on how these services are billed. The audit report highlights significant vulnerabilities in Medicare reimbursement for CTBS, signaling a heightened enforcement environment that digital health innovators.

The $2.3 Million Red Flag

Upon reviewing claims submitted between January 2019 and December 2022, the OIG identified nearly 184,000 virtual care services that failed to meet Medicare requirements. This resulted in approximately $2.3 million in potentially improper payments.

The primary takeaway? The OIG is targeting providers who bill for virtual services that are either duplicative of other care or fail to adhere to strict timing requirements.

A Deep Dive into the Major Findings

OIG pinpointed three key areas where digital health providers face heightened compliance risk:

1. Virtual Check-In Timing Violations

Virtual check-ins(HCPCS G2010 and G2012*) are intended to be brief, standalone interactions that allow enrollees to communicate with their providers and avoid potentially unnecessary office visits. However, they are subject to strict "window" requirements.

  • The Requirement: 7-Day / 24-Hour Rule. To be billable, a virtual check-in:

    • Cannot originate from a related Evaluation and Management (“E/M”) visit provided within the previous 7 days.

    • Cannot lead to an E/M visit within the next 24 hours or soonest available appointment. If a virtual check-in concerns the same medical issue as a recent or upcoming E/M visit, it is considered part of that E/M service and is not separately billable.

  • The Finding: Providers frequently billed virtual check-ins during these prohibited timeframes for the same enrollee and the same diagnosis as a related E/M visit.

  • The Impact: OIG found nearly $2 million in potentially improper payments associated with virtual check-ins furnished within 7 days before, or 24 hours after, an E/M service for the same diagnosis.

*Note on Code Changes: As of January 1, 2025, HCPCS G2012 was replaced by CPT code 98016, which mirrors the original code’s billing requirements.

2. Improper Cumulative Billing for E-Visits

E-visits(CPT codes 99421–99423) are patient-initiated digital communications that require clinical assessment and decision-making.

  • The Requirement: E-visit codes are intended to be cumulative. Providers must aggregate all qualifying communications over a 7-day period and submit a single code based on the total time spent (e.g., 5-10, 11-20, or 21+ minutes).

  • The Finding: OIG found many providers billed multiple separate e-visit codes within the same 7-day period for the same medical condition, rather than reporting a single cumulative service.

  • The Impact:. This practice resulted in nearly $300,000 in potentially improper payments.

3. Misuse of Billing Modifiers

The audit also highlighted significant concerns regarding the use of billing modifiers, particularly Modifier 25 and Telehealth Modifiers

  • Modifier 25: OIG found that Modifier 25, which denotes a significant, separately identifiable service, was often used to obtain payment for both an E/M visit and a virtual check-in furnished on the same day for the same condition.OIGviews these services as duplicative.

  • Telehealth Modifiers (95 and GT): Similarly, when an E/M service was billed via telehealth alongside a virtual check-in for the same diagnosis, OIG concluded that the services were duplicative and that only one should have been reimbursed.

OIG Recommendations and CMS’s Response

The OIG issued three primary recommendations to CMS:

  1. Implement New System Edits: Develop automated filters to identify and deny claims for virtual check-ins and e-visits that violate the 7-day/24-hour window requirement or same-diagnosis rules.

  2. Clarify Code Descriptions: Clarify the meaning of “related or same medical condition” and “soonest available appointment” within the Medicare Physician Fee Schedule to ensure accurate billing of virtual check-ins.

  3. Enhance Provider Education: Further educate providers on proper billing requirements for CTBS.

CMS agreed with OIG’s recommendations to implement additional system edits and strengthen provider education meaning claim denials may increase in the coming months.. However, they did not agree with changing any HCPCS code descriptions, arguing that clarifications are better handled through "subregulatory guidance” rather than formal code modifications.

Compliance Checklist for Digital Health Providers

To align with OIG enforcement priorities, digital health providers should take the following steps:

  • Audit EHR Workflows: Ensure your system automatically aggregates e-visit time over an applicable 7-day period, rather than generating a separate claim for each individual patient communication.

  • Establish Timing and Diagnosis Safeguards: Implement “hard stops” or flags in your software to identify virtual check-ins that fall within the prohibited 7-day/24-hour windows relative to a traditional E/M visit, particularly when the services involve the same diagnosis.

  • Staff Training: Educate billing/coding teams that Modifier 25 cannot be used to justify separate reimbursement for a virtual check-in that is related to an E/M service furnished on the same day.

  • Prepare for “System Edits”: Anticipate more frequent claim denials as MACs implement new filters and system controls. Your team should develop a clear protocol for responding to “requests for further review” that includes clear medical record documentation of “medical necessity” and the “separately identifiable” nature of the service.

Innovation Requires Compliance. How Nixon Law Group Can Help

The regulatory landscape for digital health is moving fast. At Nixon Law Group, we help digital health innovators navigate an increasingly complex regulatory and reimbursement landscape through practical, forward-looking compliance strategies.

  • Comprehensive Compliance Assessments: We evaluate your billing, reimbursement, and operational workflows to identify potential vulnerabilities, strengthen compliance controls, and better position your organization for government audits and payer scrutiny.

  • Vendor Strategy: We help technology vendors structure platforms, workflows, and customer-facing tools in ways that support compliant clinical oversight, accurate documentation, and appropriate reimbursement practices.

  • Audit Defense: Our team assists in responding to audits, investigations, claim denials, and repayment demands.

Contact Nixon Law Group today to ensure your virtual care programs are built on a foundation of compliance.

Reema Taneja and Olivia Rothstein
Next

Does Every Digital Health Company Need a Health Tech Lawyer?