Potential Compliance Risks with the 2021 E&M Changes

February 16, 2021

E&M Changes 2021For the first time in 25 years, significant changes have been made to the evaluation and management (E&M) coding and billing guidelines. As a result, there are potential compliance risks that providers should keep in mind when coding and billing for E&M services.

It is important to note that the 2021 E&M changes apply only to services provided in the physician office or hospital outpatient setting. All other E&M services, such as those performed in the inpatient setting, are unchanged and continue to follow the 1995/1997 guidelines.

One of the changes is that time may be the basis for selecting the level of E&M service regardless of whether counseling or care coordination occurred. When utilizing time as the basis for determining the E&M level, it is important to remember:

  1. Calculation of time can include both face-to-face time and non-face-to-face time
  2. Time can only include time spent on the same day as the patient encounter
  3. Calculation of time can include time spent:
    • preparing to see the patient – reviewing data and records
    • ordering medications, tests or procedures
    • referring or communicating with other health care professionals
    • documenting in the medical record
    • interpreting test results
    • communicating information to the patient, family or caregiver
    • care coordination
  1. When clinicians jointly perform an E&M service, the time spent can only be counted once
  2. Clinician staff time may not be included in the calculation of time
  3. Calculation of time may not include activities which are separately coded and/or billed
  4. Time spent must be must be supported by the documentation in the medical record

Also, remember, there are a finite number of hours in a day so the combined documented time for all patients seen on a particular day should be reasonable given the fixed number of hours in a day.

Another change is that the history and physical are no longer required elements to support the level of E&M service. However, in the majority of cases they will provide information that informs medical decision making and the appropriate course of treatment. As such, it will continue to be important to document the relevant history and physical information in the medical record.

Lastly, when using medical decision making instead of time as the basis for the E&M level, note that the AMA Documentation Guidelines Table of Risk has been revised to reflect guideline and definition changes. In order to compliantly classify medical decision making, it is important to be familiar with the new guidelines and definitions.

E&M services are the most frequently billed health care service and the most frequently audited. This coupled with the 2021 changes, make it important to be aware of the risks when coding and billing for E&M services in order to ensure compliant practices.

Please contact us if you have any questions. We are here to help!

What Happens When a Privacy Violation is Suspected?

The Life Cycle of a Privacy Incident

Internal Investigationlife cycle of privacy incident

When UConn Health’s Office of Healthcare Compliance and Privacy (OHCP) receives notice of a potential privacy incident, they conduct interviews with employee(s), management, human resources and union(s) (if applicable). This is time-consuming and detracts from work and patient care.

Notification to Patients

If an investigation shows that a breach has occurred, the law requires UConn Health to send a detailed notification letter to each patient whose protected health information (PHI) was compromised. This can significantly erode our patients’ trust in UConn Health.

Disciplinary Action

Privacy violations may result in disciplinary action up to and including termination from your position at UConn Health.

Notification to Regulators

UConn Health must notify the federal government, and in some cases the Connecticut Office of the Attorney General and other regulators (including in other states) about the breach.

Government Investigation

Reporting a breach may result in a lengthy government investigation that requires significant time and resources to manage and places our practices under a government microscope.

Fines and Negative Publicity

Not only do privacy breaches expose UConn Health to potential fines; they attract media attention and may cause reputational harm.

Education and Guidance

OHCP offers education and guidance to individuals and departments that have privacy-related questions or concerns. Invite us to your next staff or department meeting for a privacy refresher or question-and-answer session!

Let’s Partner in Privacy!

Please contact us immediately if you suspect or know about a privacy issue or incident.   The sooner we know, the more helpful we can be.

Changes to Open Payments: 5 New Provider Types Added

January 19, 2021

Open Payments is an online program and public website that provides information about financial relationships between drug and medical device manufacturers and healthcare providers.

Drug and device companies must report certain payments or other transfers of value they make to physicians and teaching hospitals, including:

  • Consulting fees
  • Speaking fees
  • Honoraria
  • Payments for research activities
  • Ownership or investment interests
  • Meals and travel/lodging

The Centers for Medicare and Medicaid Services (CMS) then posts the reported data online.

Effective January 1, 2021, drug and device manufacturers must also report payments or other transfers of value they make to the following additional provider types:

  • Physician assistants
  • Nurse practitioners
  • Clinical nurse specialists
  • Certified registered nurse anesthetists and Anesthesiologist assistants
  • Certified nurse-midwives

Healthcare providers themselves are not required to report data to Open Payments. However, it behooves them to review and, if necessary, dispute payments reported about them.

Open Payments is one tool used by UConn Health’s Clinical Conflict of Interest Committee to identify relationships between clinicians and industry that may give rise to financial conflicts of interest.

For questions about Open Payments or the Clinical Conflict of Interest Committee, contact Alyssa Cunningham or Gus Fernandez-Wolff.

Celebrate Data Privacy Day!

January 28, 2021 is Data Privacy Day, a global effort to raise awareness and promote privacy and data protection best practices.

At UConn Health, data privacy is everyone’s responsibility! Our patients trust that we will protect their personal information, and each of us plays a role in maintaining that trust and upholding UConn Health’s strong commitment to privacy.

In honor of Data Privacy Day and every day, please remember:

Pause Your "Send"

Before you press “Send,” double check that the email addresses you are sending to are the right ones. Sending protected health information (PHI) or other confidential data to the wrong email recipient could result in a data breach and puts our patients’ privacy and UConn Health at risk. Be aware of Outlook autocompleting email addresses – always confirm that auto-complete has selected the right recipient.

Don't Make It Personal

Do not download PHI or other confidential data on personal devices. UConn Health devices use specific security measures and technology, which typically are not in place on personal devices.

No Snooping

Employees are not permitted to access patient records for non-work related reasons. This includes a family member or co-worker’s record, even when the family member/co-worker asks you to view their record. If accessing a patient’s record is not necessary for you to do your job, don’t do it!

Double Check That AVS

When handing the After Visit Summary - or any other document containing PHI - to a patient, take a moment to confirm that you have the right document for the right patient.

Share the Bare Minimum

Whether working in the office or from home, PHI should be shared on a “need to know” basis only. When your work requires the sharing of PHI ~ whether with colleagues or external parties ~ provide only the minimum amount of PHI necessary to accomplish the purpose (as stated in UConn Health’s Minimum Necessary Policy).

It’s essential that we exercise good privacy practices. Our office is here to help! Please reach out to us with any of your privacy questions or concerns. You can email us at or you can contact a team member directly.

Public Health Emergency and Telemedicine Update

August 11, 2020

telamedOn July 25, 2020, Health and Human Services Secretary Azar extended the Public Health Emergency (PHE) until October 23, 2020. As a result, several of the Centers for Medicare and Medicaid (CMS) temporary coverage and payment policies established under the PHE will continue Some of the continuing policies are: a twenty percent add-on payment for COVID-19 inpatients; mandatory coverage of COVID-19 testing without beneficiary cost sharing, and continued relaxation of the telehealth guidelines.

Closer to home, on July 31, 2020, Connecticut Governor Lamont signed into law Bill No. 6001 making additional modifications to the existing telehealth guidelines. The new law expands the clinicians authorized to provide telehealth services to include dentists and genetic counselors. In addition, the law allows out-of-state providers to provide telehealth services in Connecticut without a Connecticut license as long as certain criteria are met. The law also requires providers to limit reimbursement from uninsured patients receiving telehealth services to the Medicare reimbursement amount.

The provisions enacted under the new law are in effect until March 15, 2021 and apply to in-network providers of fully insured plans and providers enrolled in the Connecticut Medical Assistance Program. View more information on the provisions of the law.

University Training Policy

policy_training_universityAs recipients of Federal funding, the University is required to provide all employees and graduate assistants (collectively “employees”) and affiliated parties with training on the elements of the University’s compliance program and the University’s expectations that all will act in accordance with applicable laws, policies, and standards.

All faculty, staff, graduate assistants, and affiliates on all campuses, including UConn Health are required to receive compliance training, which may differ in type of training or frequency based on their role and responsibility.

Specific training requirements are determined based on an employee’s job function in conjunction with other University and UConn Health policies, laws and regulations. In addition, there may be requirements for employees to attest to having received training and understanding obligations and responsibilities.

Employees may be required to complete specialized and/or additional compliance-related training as needed for their positions or in an effort to maintain the institutions compliance with applicable laws and policies, whether those trainings are provided by the Office of University Compliance or another University office or entity with compliance-related responsibilities.

Review the policy.

Welcome Alyssa Cunningham

We are pleased to announce that Alyssa Cunningham has been appointed to the role of Assistant Vice President for Healthcare Compliance and Privacy. Alyssa is an experienced lawyer with 14 years of concentrated health care law, compliance and privacy experience, who joined UConn Health’s Office of the General Counsel in 2017. With the health care regulatory environment constantly changing, Alyssa’s legal experience, knowledge of UConn Health, and expertise in the areas of health care compliance and privacy will prove extremely valuable.

Alyssa will lead both the Office of Healthcare Compliance and the Office of Privacy Protection and Management.

As a reminder, the Office of Healthcare Compliance works to ensure compliance with federal and state laws and regulations as well as University policies. Healthcare compliance at UConn Health encompasses patient care, billing and reimbursement practices and employee and student education. The Office of Privacy Protection and Management at UConn Health serves as a central resource for healthcare privacy-related matters and assists with navigating applicable rules and best practices to protect the privacy rights of our patients and other constituents.

Welcome Bridget Richard

April 23, 2020


The Office of Healthcare Compliance is excited to welcome Bridget Richard as our newest team member. Bridget has joined our team in the role of Administrative Officer. Bridget’s primary responsibilities will include managing the departments’ budget, the administrative functions of the institutions monthly Exclusions Checking Program and managing program data. Bridget will also be supporting the Healthcare Privacy Office.

Prior to joining the office, Bridget worked for the Department of Orthopedic Surgery where she was responsible for coordinating and overseeing the Orthopedic Surgery Residency Program.

Bridget holds a Bachelors of Arts from Assumption College where she majored in English with a concentration in Mass Communication and Writing.  ​


Open Payments and COVID-19

Open Payments Review TimelineOpen Payments, also known as The Sunshine Act, is a national disclosure program that promotes a more transparent and accountable health care system by making the financial relationships between applicable manufacturers and group purchasing organizations (GPOs) and health care providers (physicians and teaching hospitals) available to the public.

CMS is aware that the COVID-19 pandemic is greatly impacting the healthcare community as a whole and understands the tireless work of its healthcare providers this time. However, due to statutory limitations, CMS does not have the authority to postpone the review and dispute period of April 1-May 15, 2020.

The review and dispute period for physicians and teaching hospitals remains April 1-May 15, 2020. In order to complete the review and dispute process, covered recipients must register in the Open Payments system.

Covered Recipients have until December 31, 2020 to initiate disputes of data published in 2020. If a new dispute is initiated after the 45-day review and dispute window (April 1-May 15), it will be published as original attested-to data in the initial data publication.

A comprehensive list of frequently asked questions about the Open Payments program is provided on the CMS website. These FAQs are reviewed and revised as needed in order to support the implementation of the program.


Virtual Medicine

Today the regulatory landscaptelahealthe in healthcare is changing in response to the unique circumstances of the COVID-19 public health crisis. In addition, UConn Health has had to quickly adapt how it provides patient care in order to protect both our staff and patients. One of these areas of changing regulations and adaption is providing care through virtual medicine formats such as e-visits and telehealth. So what is the difference between an e-visits and telehealth?

Q: What is an e-visit?

A: E- Visits are patient initiated communications with their provider through an online patient portal such as MyChart. E-Visits require evaluation, assessment and management of the patient.

Q: What is telehealth?

A: Telehealth consists of a real time communication between the provider and patient using an interactive audio and video telecommunications system which the provider initiates.

Other forms of virtual medicine include telephone or audio only communications, remote image evaluations and virtual check-ins.  All types of virtual encounters let the patient communicate with their provider without having to come into the office. Although these encounters are not done onsite, the same documentation principles remain. 

Guidance on reimbursement and/or payment for these services is changing rapidly. Staff at UConn Health are working hard to make sure that these changes are being addressed behind the scenes to ensure the least amount of disruption for our providers.  Providers who have documentation and coding questions can email for assistance.