ISSUE 10 · WEEK 10 · MONTH 3
Coding, Compliance & Audit Defense
Compliance audit review

The OIG Work Plan just got updated — here’s what independent practices need to know

The OIG’s 2026 priorities directly affect independent practices.

THIS WEEK IN PRACTICE

Last week we covered E&M coding and the documentation that supports it. This week: the OIG Work Plan — the federal government’s published list of audit priorities for the year. Understanding what’s on the Work Plan is not about paranoia. It is about knowing which billing patterns are under active scrutiny so you can confirm your documentation and processes can withstand review.

 

DEEP DIVE

What the OIG Work Plan Means for Independent Practices in 2026

The Office of Inspector General publishes and updates its Work Plan throughout the year at oig.hhs.gov. The Work Plan identifies the specific areas where OIG auditors will be examining Medicare and Medicaid billing — the diagnoses, procedures, and billing patterns that will receive scrutiny in the coming months.

Here is what this looks like in practice. A 4-provider cardiology practice ran an internal audit of their modifier -25 usage after seeing it on the OIG focus list. They pulled 20 claims where -25 was billed with an in-office procedure. Finding: 6 of 20 (30%) had documentation that did not support a separately identifiable E&M service — the note referenced the same condition as the procedure with no additional evaluation. At $103 per 99213 and 150 modifier -25 claims per month, the exposure was approximately $55,000 annually in potentially recoupable payments. They retrained providers on documentation requirements and re-audited 60 days later: error rate dropped to 5%. The voluntary self-audit documentation became their strongest defense asset.

$1.2B

recovered by OIG in healthcare fraud enforcement in FY2025.
Independent practices are increasingly targeted. Self-audit before they audit you.

OIG Focus Area What They’re Auditing Your Risk Level Preventive Action
E&M upcoding Pattern of 99214/99215 without supporting MDM documentation HIGH if >50% of claims are 99214+ Monthly 10-claim spot check (see Issue 09)
Modifier -25 overuse Separate E&M billed with procedure on same day MEDIUM for procedure-heavy practices Verify documentation supports separately identifiable E&M
Incident-to billing NPP services billed under supervising physician without meeting all requirements HIGH for practices with NPs/PAs Audit: physician must be on-site, same plan of care, established patient
Telehealth compliance Incorrect POS codes, missing consent, audio-only without proper billing MEDIUM if >10% telehealth volume Audit 20 telehealth claims for POS, consent, modifiers
Duplicate billing Same service billed twice for same DOS LOW with clean scrubbing rules Activate duplicate claim edits in billing system
Lab unbundling Individual components billed instead of panel MEDIUM for practices ordering labs Review lab billing against NCCI edits

Focus on the top 2–3 areas most relevant to your practice. A voluntary self-audit is your strongest defense — documented findings with corrective action demonstrate good faith.

For independent practices, the Work Plan serves two purposes: it identifies the billing areas where your documentation needs to be strongest, and it provides advance notice of audit targets that allow you to conduct internal self-audits before an external one occurs.

The 2026 Work Plan includes several items of direct relevance to independent practices. Here are the five that matter most:

E&M code levels — particularly 99214 and 99215 billed at rates above specialty norms. The OIG has flagged this persistently. If your practice’s distribution of 99214 and 99215 is significantly above the national distribution for your specialty, your coding patterns may be flagged. The correct response is not to code down — it is to ensure your documentation unambiguously supports every higher-level code you bill.

Telehealth billing compliance. Following the expansion of telehealth during the COVID public health emergency and subsequent policy changes, OIG is examining whether telehealth claims meet current documentation requirements, use the correct place of service codes, and involve patients in eligible locations. Practices with significant telehealth volume should audit a random sample of telehealth claims from the past 12 months.

Incident-to billing. Services billed under the supervising physician’s NPI must meet specific conditions: the physician must have initiated the plan of care, the physician must be physically present in the office suite during the non-physician service, and the service must be for an established condition. Incident-to billing is a frequent audit target because the requirements are not always well understood.

Modifier 25 — significant, separately identifiable E&M on the same day as a procedure. OIG has flagged practices that append modifier 25 routinely to E&M codes billed on the same date as procedures, without adequate documentation that the E&M was truly separate from the pre/post work of the procedure.

Mental health billing accuracy — particularly time-based psychotherapy codes and crisis service billing. Practices providing behavioral health services should review documentation for time-based codes, confirming that notes reflect the specific start and stop time of the service.

 

THREE ACTION STEPS THIS WEEK

Complete each step before next Tuesday.

1

Pull a random sample of 20 claims from each OIG-flagged category that applies to your practice. For each claim, review the documentation against the billing requirement. For E&M high-level codes: does the MDM meet the threshold? For telehealth: is the place of service code correct and is the patient location documented? For incident-to: was the supervising physician physically present? For modifier 25: does the note document a significant and separately identifiable E&M?

2

Document your audit findings in a written summary. Note the number of claims reviewed, any claims that did not meet documentation requirements, and the corrective actions taken. This written audit record is evidence of good-faith compliance effort — practices with documented self-audit programs are treated significantly more favorably in OIG investigations than those without.

3

Implement the fixes for any patterns you identify. If your incident-to billing documentation doesn’t consistently reflect physician presence, add it to your clinical note template. If modifier 25 is being appended without adequate documentation, brief your coders and providers with specific examples of what the documentation needs to include. Make the fix prospective — correct the process, not just the individual claims.

 

FIVE THINGS WORTH KNOWING

1

The OIG recovered $2.5 billion from healthcare fraud and abuse investigations in 2024. The vast majority came from large health systems and pharmaceutical companies — but the OIG’s Targeted Probe and Educate (TPE) program routinely reviews independent physician practices for specific coding patterns.

2

Practices that receive a TPE review request from a Medicare Administrative Contractor (MAC) must submit documentation for the sampled claims within 45 days. Failure to respond or inadequate documentation results in claim denial and potential extrapolation across your entire claim volume for that code.

3

The OIG’s compliance guidance for individual and small group physician practices — published in 2000 and still applicable — recommends that practices conduct periodic audits of their own coding and billing, designate a compliance contact, and train staff on compliance obligations. Practices that follow this guidance face significantly lower penalties when violations are identified.

4

Incident-to billing generates 100% of the Medicare fee schedule for services provided by non-physician staff — compared to 85% when the non-physician bills under their own NPI. The 15-percentage-point difference is the financial incentive that makes incident-to billing both valuable and a frequent audit target.

5

The Stark Law (physician self-referral prohibition) and the Anti-Kickback Statute apply to independent practices that own or receive referrals from ancillary services — including in-office labs, imaging, and physical therapy. Practices that have added ancillary revenue streams should review their referral relationships for compliance with these statutes annually.

 

BILLING CORNER

How to Conduct an Internal Coding Audit Before an

An internal coding audit doesn’t require a compliance consultant or a formal program. It requires a random sample, a checklist, and the discipline to document what you find.

Your compliance officer and billing manager needs this.

FORWARD TO YOUR TEAM →

Step 1: Select your sample. Pull 30 claims at random from the past 90 days — 15 from your highest-volume E&M code and 15 from the next highest. Random means random: do not cherry-pick clean claims.

Step 2: Pull the documentation. For each claim, pull the clinical note for that date of service.

Step 3: Apply the coding criteria. For E&M codes: does the documented MDM or total time support the billed code level? For procedure codes: does the operative or procedure report describe the service billed? For any claims with modifier 25: does the note document a significant, separately identifiable E&M?

Step 4: Calculate your accuracy rate. Divide the number of claims that fully meet the coding criteria by the total number reviewed. A rate above 95% indicates strong documentation practices. 90–95% suggests specific areas for improvement. Below 90% suggests a systematic documentation problem requiring provider education and template revision.

Step 5: Document and act. Write a one-page audit summary: sample size, findings, accuracy rate, and corrective actions. File it. This document is your evidence of a functioning compliance program.

Internal Coding Audit Documentation Template

Audit date: [Date]    Auditor: [Name/Title]

Sample: [X] claims reviewed from [Date Range] for [Provider Name]

Focus area: [OIG category being audited]

Findings: [X] of [X] claims met documentation requirements. [X] claims had [specific deficiency].

Error rate: [X]%    Benchmark: Below 5% = acceptable. 5–10% = education needed. Above 10% = immediate corrective action.

Corrective action: [Specific fix, responsible person, deadline]

Follow-up audit date: [30–60 days from findings]

Key: Keep this document in your compliance file. If you are ever audited, voluntary self-audits with documented corrections are your strongest defense.

 

COMPLIANCE WATCH

Targeted Probe and Educate (TPE) Program — What to Do If You Receive a Request. The TPE program is Medicare’s approach to addressing billing concerns before they rise to the level of formal investigation. If your practice receives a TPE request from your MAC, you have 45 days to submit documentation for the sampled claims. The process: (1) read the letter carefully and identify the specific codes, dates of service, and beneficiaries in the sample; (2) pull the complete clinical documentation for each sampled claim; (3) submit the documentation by the deadline; (4) engage a healthcare attorney or compliance consultant if the sample size is large or the dollar amount at risk is significant. A TPE review is an opportunity to educate and correct. Practices that respond timely and fully often resolve the review with education only, no recoupment.

 

PEOPLE & PRACTICE

Building a Compliance Culture Without Making

Compliance programs in small independent practices often fail not because the practice doesn’t care about compliance, but because the framing creates anxiety rather than accountability. ’We need to make sure we don’t get in trouble’ is a compliance program built around fear. It produces over-caution, under-coding, and staff who avoid flagging problems because they’re afraid of what the answer will be.

A more effective framing: compliance is about doing things right so we can defend what we do. That means billing accurately for the clinical complexity we actually provide, documenting what we actually do, and having a process for identifying and correcting mistakes before they become patterns.

Concretely: hold a 30-minute annual compliance review with your billing team and provider(s). Cover three things: what the current OIG priorities are; what your internal audit found this year; and what changes you’re making to documentation or billing processes based on that audit. Make it informational, not accusatory. Document that it happened.

That 30-minute meeting, documented with a one-page summary of what was covered, is more compliance program than 90% of independent practices have — and it materially reduces your exposure if you’re ever subject to review.

 

ASK THE PULSE

From a reader managing a 5-provider internal medicine practice: ’We had a Medicare RAC audit last year and they took back $28,000 for E&M claims they said were underdocumented. We’ve fixed our templates since then but I’m worried about the same thing happening again. Is there any way to get ahead of it?’

Our answer: Yes — and the approach is the self-audit protocol described above.

The specific thing to do after a RAC recoupment is a targeted re-audit of the same code types that were recouped, using the same documentation criteria the auditors applied. Pull 20 claims coded at the same level(s) that were recouped, from dates of service after your template changes. Apply the MDM criteria to each one. If your accuracy rate is above 95%, your fix worked. If it’s not, your templates need further revision.

Also: document this audit and keep it. If you are ever subject to a follow-up review, your evidence that you identified the problem, implemented a fix, and verified that the fix worked is the most powerful thing you can present. It demonstrates that the original errors were not intentional and that the practice has a functioning compliance process.

One more thing: if the $28,000 recoupment was issued without going through the appeals process, it is worth reviewing the denied claims with a healthcare billing attorney. RAC denials have a meaningful appeal success rate when the clinical documentation actually supports the code.

Hit reply with your question.

Quick picks — tap one to vote for a future topic:

Audit preparation Compliance programs
Incident-to rules RAC audits
SEND US YOUR QUESTION →
 

ONE MORE THING

The OIG Work Plan is public, updated regularly, and available for free at oig.hhs.gov. It takes about 20 minutes per year to review the items relevant to your specialty.

Most practices never look at it. The ones that do have 20 minutes of forewarning that others don’t. See you next Tuesday.

 

COMING NEXT TUESDAY

Underpayments: the silent revenue leak your ERA is hiding

Payers underpay 7–11% of claims. Most practices never catch it.

Enjoying this issue?

Get The Practice Pulse delivered every Tuesday at 7 AM. Free.

SUBSCRIBE TO THE PRACTICE PULSE

www.practicepulseweekly.com

Know a practice manager who’d find this useful?  Forward this issue →

The Practice Pulse · Issue 10 · Every Tuesday at 7 AM
www.practicepulseweekly.com

Keep Reading