Tags
The top 5 medical billing upcoding risks practices overlook are:
- Evaluation and management (E/M) visits
- Preventive vs. problem-based visits
- Diagnostic testing and labs
- Telehealth and virtual visits
- Procedures with bundled services
Keep reading to learn more about these risks and apply medical coding compliance strategies to maintain revenue integrity.
What upcoding in medical billing means
Medical billing upcoding occurs when a provider reports a CPT billing code that reflects a higher level of service, procedure, or diagnosis than what they documented or performed.
When this happens, payers pay a higher level of reimbursement than what the procedure or service warrants. Even unintentional medical billing upcoding can trigger:
- Payer audits
- Claim denials
- Compliance penalties
However, there are far more dire consequences when medical billing upcoding is intentional or becomes systematic. At that point, it becomes fraud.
Medical billing upcoding vs. legitimate higher-level coding
While coding the highest level supported by documentation is compliant and appropriate, medical billing upcoding becomes problematic when the documentation does not justify the higher CPT code.
Fortunately, there are ways to focus on healthcare fraud and abuse prevention by leveraging a combination of technology and staff education working in tandem to address risk areas in medical billing.
Common triggers for CMS and payer audits
Healthcare providers may trigger payer audits when they:
- Exhibit outlier CPT code billing patterns when compared to peers in the same specialty
- Experience patient or whistleblower complaints
- Frequently fail to establish medical necessity
- Frequently resubmit claims due to high denial rates
- Produce inconsistent clinical documentation
- Report high volumes of higher-level E/M codes
- Use modifiers -25 or -59 frequently
Financial penalties and False Claims Act risks
Medical billing upcoding puts providers at risk for significant financial penalties and risks under the False Claims Act. More specifically, they can be liable for 3 times the amount of the improper payment plus civil penalties for each false claim.
Providers may also face:
- Civil monetary penalties
- Costly corporate integrity agreements
- Exclusion from Medicare and Medicaid participation
- Repayment of overpayments
- Significant legal and administrative expenses associated with defending an investigation or audit
In total, financial repercussions could total millions of dollars.
Why small practices are especially vulnerable
Small practices are vulnerable to medical billing upcoding and its potential negative financial consequences because they tend to:
- Lack insights into potential risks due to subpar (or nonexistent) analytics tools
- Lack the financial reserves necessary to absorb repayments, penalties, legal costs, and/or operational disruption associated with an audit or investigation
- Overlook the importance of coding education on CMS billing compliance guidelines and how to prevent medical billing upcoding
- Perform fewer internal audits due to a lack of staff bandwidth
In general, small practices are reactive rather than proactive, making them prime targets for Medicare upcoding audits. With that said, billing compliance for independent practices is achievable. However, it requires proactive planning to identify and mitigate risk areas in medical billing.
Service #1: Evaluation and management (E/M) visits
When it comes to medical billing upcoding, E/M coding mistakes are a high-risk area because small differences in documented medical decision-making (MDM) or time can shift a visit into a higher reimbursement level.
Common E/M upcoding scenarios
These common upcoding examples can occur when reporting E/M codes:
- Counting elements that no longer contribute to level selection (e.g., excessive review of systems or exam details)
- Documenting low- or moderate-complexity MDM but reporting 99214 or 99215
- Documenting routine follow-up without additional risk factors or management decisions, but reporting 99214 or 99215
- Misinterpreting risk when prescribing medications, managing stable chronic conditions, or reviewing diagnostic tests
Documentation requirements under updated E/M rules
According to E/M guidelines updated in 2021, providers must determine the level of service primarily by MDM or total time spent on the date of the encounter. This means E/M documentation must clearly demonstrate the following:
- Number and complexity of problems addressed
- Amount and complexity of data reviewed or analyzed
- Level of risk associated with patient management decisions, or
- Total time spent on the patient’s care on the date of the encounter, including both face-to-face and certain non-face-to-face activities such as reviewing records, documenting the visit, or coordinating care
How time-based coding can create risk
Time-based coding introduces additional compliance risk when providers:
- Document time that’s disproportionate to the complexity of the visit. For example, a physician bills a 40-minute time-based visit (E/M code 99215) for a patient with a stable, well-controlled condition that requires only a brief medication refill and routine counseling.
- Document time inconsistently. For example, a provider bills time-based E/M code 99215, documenting ‘40 minutes spent with patient,’ but the note contains only brief details of a straightforward encounter, and the appointment schedule shows the patient was checked in and out within 20 minutes.
- Estimate time (instead of providing an exact number of minutes). Time estimates make it difficult to verify whether the visit met the specific time thresholds required for each code level.
Service #2: Preventive vs. problem-based visits
Preventive and problem-based visits are prone to medical billing upcoding since they can happen together, but require distinct criteria for separate billing.
When separate billing is allowed
Separate billing is allowed when the provider also evaluates and manages a new or existing medical problem in addition to performing the routine screening and counseling associated with the preventive service.
Modifier usage and documentation expectations
Documentation must clearly state that the problem-oriented work meets the ‘significant and separately identifiable’ threshold required under the E/M coding guidelines.
This documentation should be separate from the routine preventive care documentation. Providers may report the E/M code with modifier -25 in addition to the preventive code only when documentation requirements are met.
Patient complaints that trigger audits
When patients receive a preventive service, they don’t expect a bill. However, if a provider addresses a separate problem, they will receive a bill. These ‘surprise bills’ sometimes trigger patient complaints that, in turn, spur payer reviews or audits.
Providers whose documentation and coding practices are compliant generally have no cause for concern. However, instances of medical billing upcoding may result in penalties and fines for providers.
Service #3: Diagnostic testing and labs
Diagnostic testing and laboratory services are at risk of medical billing upcoding because billing rules change based on whether the provider orders, performs, or interprets a test. Misunderstandings about these roles can result in choosing the wrong billing code.
Ordering vs. performing tests
When a physician orders a diagnostic test but does not actually perform or interpret that test, they generally should not bill the technical component of that test. The technical component covers the equipment, supplies, and technician work needed to perform the test, while the professional component covers the physician’s interpretation and report.
If a physician simply orders a test that is performed elsewhere (e.g., at a hospital, imaging center, or laboratory), they should not bill either component unless they personally interpret the results and provide a documented report.
Errors occur when providers mistakenly bill for performing the test itself or interpreting results, even when another facility performed and billed for those services. One caveat: Ordering tests may count toward the MDM associated with the E/M level.
Medical necessity documentation
Documentation must clearly demonstrate medical necessity for the diagnostic test or lab, including the patient's symptoms or conditions that justify the services.
Payer-specific coding rules
Payers often have specific policies regarding covered tests, frequency limits, and diagnosis requirements for testing and labs. Understanding and abiding by these policies promotes CPT coding compliance and revenue integrity.
Service #4: Telehealth and virtual visits
Telehealth, virtual check-ins, and e-visits are vulnerable to medical billing upcoding because documentation and coding rules have evolved rapidly in recent years. In addition, upcoding can occur when practices bill a full telehealth E/M visit when a virtual check-in may have been more appropriate.
For example, if a patient sends a quick portal message or has a short phone/video conversation about a minor issue, such as confirming whether to continue a medication or asking about mild symptoms, the service may qualify for a virtual check-in (98016) rather than a full E/M visit.
To prevent upcoding, documentation must clearly show:
- A comprehensive clinical evaluation,
- Appropriate medical decision-making, or
- Sufficient time on the date of the encounter
Because telehealth interactions can be short and informal, this type of coding error is relatively common and may draw scrutiny from payers or auditors.
Telehealth documentation requirements
Providers must clearly document the following information:
- Clinical work performed
- Medical necessity to support the reported E/M codes
- Modality (e.g., audio-video or audio-only when allowed)
- Patient consent
- Patient’s location
- Provider location
Time-based billing risks
E-visits are particularly vulnerable to upcoding in medical billing because they are entirely time-based services delivered through a patient portal, making accurate time tracking essential.
Vague documentation or inflated time totals can make higher-level e-visit codes appear unsupported during payer reviews.
CMS telehealth coding updates
Key updates for 2026 include:
- Continued removal of rural geographic restrictions
- Home-based telehealth access extended through December 31, 2027
- Permanent telehealth coverage for behavioral and mental health services
Medicare also continues to reimburse audio-only visits, particularly important for patients without video capability.
Service #5: Procedures with bundled services
Bundled services are at risk of upcoding in medical billing because billing rules require reporting multiple related services under 1 code. When providers incorrectly bill components separately — a practice called unbundling — they may receive improper separate payments.
Unbundling vs. upcoding risks
Unbundling and upcoding are distinct billing risks that can cause improper reimbursement. Unbundling happens when multiple individual procedure codes are billed instead of a single comprehensive code, potentially increasing payment.
Modifier misuse
When modifiers are applied incorrectly, or documentation does not support the fact that services were separate, such as different anatomical sites or distinct procedures, claims may appear to overstate the work performed, triggering:
- Compliance checks,
- Payer denials, or
- Audit scrutiny
NCCI edits and compliance checks
Practices can use National Correct Coding Initiative (NCCI) edits in billing software to automatically flag improper CPT code combinations before claims are sent. Staff can then check documentation for distinct services and apply modifiers if needed, or correct coding.
Proactively using NCCI edits helps minimize unbundling risks, lower denials, and comply with billing rules.
How practices can prevent medical billing upcoding and stay audit-ready
The good news is that practices can take proactive steps to prevent medical billing upcoding and remain prepared for an external audit.
Internal coding audits
Periodically review a representative sample of claims across procedures, diagnoses, and modifiers, comparing the assigned codes with the supporting clinical documentation and CMS billing compliance guidelines.
Documentation training for physicians
Educate clinicians on:
- How to clearly document the clinical work performed
- Medical necessity
- Key elements required to support all reported codes
Strong documentation is essential to improving coding accuracy healthcare organizations rely on to ensure compliant billing and appropriate reimbursement.
Claims scrubbing and automation
Use robotic process automation and analytics to compare codes, modifiers, and diagnoses against payer rules and coding guidelines. Then flag the services that appear unsupported or inconsistent with documentation for review and correction.
EHR-based coding support
Use embedded coding prompts, clinical documentation templates, and real-time decision support that align documentation with appropriate codes and flag potential mismatches prior to claim submission.
Key takeaways: Reducing billing compliance risk in your practice
To sum up, here’s how practices can reduce billing compliance risk associated with upcoding in medical billing:
- Always code the highest level supported by documentation — not higher. Billing a higher-level code without sufficient documentation can be considered medical billing upcoding and may trigger audits or penalties.
- Accurate and complete documentation is your best defense. Clear documentation of medical necessity, medical decision-making, procedures performed, and time spent ensures that billed services accurately reflect the care provided.
- Certain services carry a higher medical billing upcoding risk. E/M visits, preventive vs. problem-based encounters, diagnostic testing, telehealth visits, and bundled procedures are common areas where coding errors occur.
- Proactive healthcare billing compliance protects both revenue and reputation. Regular internal coding audits, clinician documentation training, claim-scrubbing tools, and EHR-based coding support help practices prevent errors, reduce medical billing audit risks, and maintain revenue integrity.
FAQs
Frequently asked questions
- A provider bills a higher-level E/M code because they believe prescribing medicine automatically qualifies as moderate risk, even when the overall MDM does not support that level.
- A coder assigns a higher-level E/M code based on multiple diagnoses listed in the note, even though only one condition was actually addressed and contributed to the MDM during the encounter.
- A physician documents that they reviewed ‘labs and imaging’ but does not specify the tests or interpretation, leading a coder to assume more complex data review than what actually occurred.
- Coding education for clinicians
- Electronic claim submission workflows
- Pre-submission claim edits
- Standardized EHR templates
- Flag incomplete documentation
- Provide visibility into billing performance and denial trends
- Suggest appropriate CPT codes and modifiers to ensure CPT coding compliance
- Track claim submission status and errors
- American Academy of Professional Coders (AAPC)
- American Health Information Management Association (AHIMA)
- American Medical Association (AMA)
- CMS Medicare Learning Network
- Tebra’s The Intake
Subscribe to The Intake: A weekly check-up for your independent practice
