Behavioral Health Scores a Big Win with Telehealth Waivers During Pandemic, but Audit Risks are High



Prior to the current public health emergency (PHE), Medicare allowed for coverage of telehealth services primarily in rural areas where beneficiaries had difficulty accessing quality health care. Based on the premise that patients should avoid travel, when possible, to health care facilities to prevent the spread of the coronavirus, the Center for Medicare and Medicaid Services (CMS) expanded Medicare’s telehealth benefits under the 1135 waiver authority and the Coronavirus Preparedness and Response Supplemental Appropriations Act. On March 6, 2020, under this new waiver, Medicare expanded coverage of the types of visits furnished to beneficiaries through several communication technology modalities. An increased range of providers, including clinical psychologists, and licensed clinical social workers, were now able to offer telehealth to their patients.

Soon after, the Department of Health and Human Services (HHS) announced that it would exercise enforcement discretion and temporarily waive penalties for HIPAA violations against health care providers that serve patients in good faith through non-public facing remote communication technologies, such as FaceTime or Skype, during the emergency. Then, CMS began paying the providers for certain telephone evaluation and management and behavioral health virtual visits at the same rate as similar in-person services. In addition, the HHS Office of Inspector General announced that it would not enforce requirements for practitioners to collect copayments from patients for these kinds of services. Private payors were encouraged to expand their telehealth coverage policies as well, and many did so.

Current Status of Telehealth

The PHE is still in effect, but whether the expanded status of telehealth after the PHE ends will remain is still unknown. On January 21, 2021, a bipartisan bill was re-introduced called the Protecting Access to Post-COVID 19 Telehealth Act. This Act seeks to preserve many of the current telehealth coverage expansions, including the elimination of geographic and originating site restrictions, so beneficiaries can continue to receive telehealth care at home and providers can still be reimbursed.

Telehealth was utilized heavily throughout 2020. Before the PHE, approximately 14,000 beneficiaries received a Medicare telehealth service in a week. But Doximity researchers now estimate that over 20% of all medical visits performed in 2020 were done via telehealth, representing almost $30 million dollars of claims paid by CMS and other payors.This telehealth surge was in large part driven by behavioral health virtual visits.

In my experience, CMS and private payors will audit where the money goes. Based on the high reimbursement amounts for telehealth, it is foreseeable that telehealth services will be an audit target for both CMS and private payors in the coming years.

Potential Telehealth Targeted Audit Areas for Behavioral Health

Timeline of Waivers/Policies

Providers must pinpoint when the various waivers from CMS, as well as private payor policies, became effective. The changes were implemented quickly and changed frequently, especially at the onset of the PHE. The services covered by CMS and the types of providers allowed to provide telehealth were gradually increased from the original CMS waivers in March of 2020. Providers need to conduct self-audits to ensure the dates of service for telehealth visits are in line with CMS coverage policies.

In addition, CMS coverage does not always translate into coverage by private payors. The effective date of telehealth coverage policies, any policy updates, must be researched for every payor and self-audits completed to ensure the private payor guidelines were met on the dates of service for all telehealth visits billed.

Scope of Waivers/Policies

Providers must also understand the scope of the telehealth waivers and policies. For instance, the Office for Civil Rights (OCR) HIPAA waiver did not give providers the green light to use any means of communication for a virtual visit. The communication must be made in good faith with a non-public facing product, such as Apple FaceTime, Google Hangouts or Zoom. Public-facing products, including Facebook Live, are not allowed. Self-audits must be conducted by providers to determine if the right communication products were not only used but appropriately documented.

State Law Regulations

When a client and a behavioral health provider are located in different states, each state has jurisdiction over the therapeutic relationship. Some states have eased requirements due to the PHE, allowing all licensed behavioral health providers in good standing to practice telehealth across state lines. In other cases, states require these providers to apply for permission to practice in-state. And, in a number of other states, these providers continue to be required to be licensed where they’re located and where the client is located. Again, self-audits of out-of-state virtual visits will need to be conducted to stay ahead of auditors.

Traditional Targeted Audit Areas for Behavioral Health

Provider Type and Time-Based Services

In the behavioral health context, the type of provider and the documentation of the time spent are the two areas traditionally targeted by auditors. Behavioral health entities must stay current with state laws and payor policies to know what types of providers can perform behavioral health services, especially when providing these services to out-of-state patients. For example, some payors will pay for counseling services provided by a licensed social worker while some payors will not. In addition, the proper documentation of time spent for time-based services should not be overlooked with all the additional documentation, such as type of communication method, provider and patient location, and patient consent, required by telehealth. Auditors will not overlook these areas with traditionally high error rates in telehealth if an audit is initiated for other reasons.


This article only touches on a few of the telehealth issues raised for behavioral health providers during the PHE. While dealing with all the economic and safety issues brought by the PHE, behavioral health providers were trying to keep up with these rapidly evolving changes to telehealth. It is likely inadvertent mistakes were made in determining coverage, performing, and billing for virtual counseling and other behavioral telehealth services. Providers must conduct self-audits to determine if the right policies were being followed for all their payors regarding documentation, coding and billing of the telehealth services. If a self-audit reveals that overpayments were made, the overpayments must be returned promptly to avoid future extrapolated overpayments or fraud investigations. Furthermore, behavioral health providers should be transitioning to the safest telehealth procedures, especially regarding HIPAA requirements, as the PHE will not last forever.

The good news is the greater use of telehealth is likely here to stay for behavioral health providers. If done correctly, these providers can be paid appropriately and it is a tremendous tool to use for effective treatment of their patients.

If you are a behavioral health provider with questions about how to appropriate document, bill or self-audit your telehealth services, or you have received an audit or overpayment notice, the experienced health care reimbursement team at Nexsen Pruet can help.



This is an article from a series on Effectively Responding to Payor Audits & Program Integrity Investigations.  Topics in this series include practical advice and legal developments for providers defending payor audits and investigations, plus articles concerning current audit and investigation targets and the various types of auditors reviewing claims and conducting investigations.  The Series covers topics of interest to all providers of health care services, including hospitals, hospices, home health agencies, skilled nursing facilities, DME suppliers, clinical laboratories, pharmacies, FQHCs, RHCs, ASCs, community mental health centers, physicians, therapists, and other health care facilities, entities, practitioners, and clinicians.

About Maynard Nexsen

Maynard Nexsen is a full-service law firm with more than 550 attorneys in 24 offices from coast to coast across the United States. Maynard Nexsen formed in 2023 when two successful, client-centered firms combined to form a powerful national team. Maynard Nexsen’s list of clients spans a wide range of industry sectors and includes both public and private companies. 

Related Capabilities

Media Contact

Tina Emerson

Chief Marketing Officer 

Direct: 803.540.2105

Jump to Page