Time and Location in Telehealth Notes: Avoid Recoupments (42 CFR § 410.78(c)(2))

Accurate documentation of patient location and time in telehealth notes is a critical Medicare compliance requirement tied to 42 CFR § 410.78 and is a frequent focus of CMS post-payment reviews. Small practices that clearly document where the patient was located (originating site), the modality used (audio-video or audio-only), and the time associated with the encounter significantly reduce the risk of claim denials and recoupments. This article provides a practical documentation checklist mapped directly to the regulation and to CMS and OCR audit expectations, enabling small clinics to produce telehealth notes that withstand review.

Telehealth has become a routine part of care delivery for many small practices, but it remains an area of heightened audit risk. Medicare telehealth payment depends on specific regulatory definitions, including interactive telecommunications system and originating site, both established in 42 CFR § 410.78. Post-PHE oversight has emphasized clear documentation of whether visits were furnished via audio-video or audio-only technology and where the patient was physically located at the time of service.

Documentation of time and location supports billing integrity, substantiates medical necessity, and demonstrates compliance with Medicare payment rules and HIPAA safeguards. This guide explains what CMS and OCR expect to see in the chart, why these elements matter, and how small practices can implement compliant documentation using low-cost tools.

How 42 CFR § 410.78 Relates to Time and Location Documentation

42 CFR § 410.78 defines Medicare telehealth services and establishes the structural elements CMS verifies during audits:

• Use of an interactive telecommunications system

• Identification of the patient’s originating site (location at the time of service)

• Limited exceptions allowing audio-only technology under defined conditions

• Documentation sufficient to support the service billed

Section 410.78(c) clarifies that a telepresenter is not required unless medically necessary, but it does not eliminate the obligation to document patient location, modality, or time when relevant. CMS contractors routinely deny claims when these elements are missing from the medical record.

Why auditors focus on time and location

• Location determines whether the service qualifies for Medicare telehealth payment and whether the correct place of service or modifiers were used.

• Time substantiates time-based E/M selection, prolonged services, and confirms the encounter occurred on the date billed.

Incomplete documentation in either area exposes the practice to denials, recoupments, and appeals.

OCR Oversight and the Role of Location Documentation

The Office for Civil Rights (OCR) enforces HIPAA Privacy and Security Rules for telehealth encounters. Documentation related to time and location intersects with HIPAA compliance in several ways:

• Vendor safeguards and BAAs: Records should reflect use of platforms with appropriate safeguards and Business Associate Agreements.

• Privacy context: Noting the patient’s location and whether others were present helps demonstrate reasonable privacy precautions.

• Incident response: Maintaining incident logs and documentation of mitigation supports OCR expectations if a breach occurs.

OCR investigations may arise from patient complaints, self-reported breaches, or referrals following CMS audits. Clear documentation reduces exposure in both contexts.

Step 1: Capture the patient’s exact location (originating site)

What to document

• Patient’s physical location at the time of the visit, including city and state; a street address provides the strongest audit support.

• If located in a facility, document the facility name and address.

Why it matters

• CMS requires explicit evidence of a qualifying originating site for telehealth payment.

Low-cost implementation

• Add a required “Patient location” field to the telehealth note template or a mandatory smart phrase.

Step 2: Document modality (audio-video vs. audio-only)

What to document

• Clear statement of modality used.

• If audio-only, document why video was not used and why audio-only was clinically appropriate.

Why it matters

• Audio-only telehealth is permitted only under defined conditions in 42 CFR § 410.78(a)(3) and requires supporting documentation.

Low-cost implementation

• Provide clinicians with short, pre-approved template sentences for modality documentation.

Step 3: Document time (start/stop or total time)

What to document

• Start and stop times or total time spent on the date of service when billing by time.

• Brief description of activities performed.

Why it matters

• Time documentation substantiates time-based coding and supports medical review.

Low-cost implementation

• Include a simple time field in the telehealth template; allow either start/stop or total time entry.

Step 4: Verify patient identity and note who was present

What to document

• Identity verification (for example, name and date of birth).

• Names and relationships of any individuals present during the visit.

Why it matters

• Supports fraud prevention and privacy safeguards.

Step 5: Document provider location (distant site)

What to document

• Clinician’s physical location at the time of service (clinic or remote location).

Why it matters

• Supports licensing, jurisdictional, and administrative review.

Step 6: Add a brief clinical justification for telehealth

What to document

• One-line explanation of why telehealth was appropriate for the encounter.

Why it matters

• Demonstrates medical appropriateness if CMS questions substitution for in-person care.

A small rural clinic billed multiple telehealth visits with notes stating only “telehealth visit – medication refill.” During a MAC medical review, claims were denied due to missing patient location, modality, and time documentation, resulting in $18,600 in recoupments.

Corrective actions implemented

• Mandatory telehealth template capturing location, modality, and time

• Staff training on documentation standards

• Vendor BAA inventory and incident log

Outcome
Subsequent reviews confirmed compliance, and no additional recoupments were imposed.

• Using vague phrases such as “patient at home” without location details

• Billing audio-only services without documenting why video was not used

• Omitting time when billing time-based codes

• Failing to record provider location

• Missing or outdated vendor BAA documentation

• Make location and modality required fields in telehealth notes

• Standardize audio-only justification language

• Use templates to minimize clinician burden

• Maintain a centralized vendor and incident log

• Conduct brief monthly self-audits and document corrective actions

Documenting time and location in telehealth notes is essential to compliance with 42 CFR § 410.78 and to meeting CMS and OCR audit expectations. A simple, standardized template that captures patient location, modality, time, identity verification, provider location, and vendor safeguards creates a defensible audit trail. Monthly self-audits help sustain compliance and protect revenue.

To further strengthen your compliance posture, consider using a compliance regulatory tool. These platforms help track and manage requirements, provide ongoing risk assessments, and keep you audit-ready by identifying vulnerabilities before they become liabilities, demonstrating a proactive approach to regulators, payers, and patients alike.

• 42 CFR § 410.78 Telehealth services

• Telehealth resources and CMS policy on telehealth
  Guidance on telehealth remote communications and enforcement discretion

• Documenting telehealth visits