Skip to Main Content

Each year, the American Medical Association (AMA) issues new guidance for E/M coding. The good news for urgent care is that this year, many of the changes refer primarily to health systems and hospitals. Nonetheless, it’s important to be sure your staff is familiar with what is new. In this blog we’ll also provide some tips to block phishing scams as well as explore some initiatives by Health and Human Services to improve rural healthcare access and be sure the underserved populations have options to be well.

2023 E/M Guidelines Update

The changes that the American Medical Association (AMA) will make to their E/M Guidelines for 2023 have minimal impact to the office/urgent care setting. The purpose of these changes is to roll out the new guidelines implemented in 2021 for all categories of E/M.

With these published changes, the 1995/1997 guidelines will be completely retired. Experity may have the opportunity to support other categories of codes with their coding engine.

Problem Addressed

Two new options will be added to the Low category of Problem Addressed.

1 stable, acute illness

“Stable, acute illness: A problem that is new or recent for which treatment has been initiated. The patient is improved and, while resolution may not be complete, is stable with respect to the condition.”

1 acute uncomplicated illness or injury requiring hospital inpatient or observation level of care

“Acute, uncomplicated illness or injury requiring hospital inpatient or observation level care: A recent or new short-term problem with low risk of morbidity for which treatment is required. There is little to no risk of mortality with treatment, and full recovery without functional impairment is expected. The treatment required is delivered in a hospital inpatient or observation level setting.”

This section option is for the hospital setting only.

In addition to these new definitions, condition examples will be removed from all definitions for Problem Addressed.


History and/or Examination

“E/M codes that have levels of services include a medically appropriate history and/or physical examination, when performed. The nature and extent of the history and/or physical examination are determined by the treating physician or other qualified health care professional reporting the service.”

The words “when performed” will be added to the descriptions for E/M codes 99202-99215. This indicates if a history or examination is not necessary it does not need to be documented. It may be necessary to support Problem Addressed or Data Reviewed, however.

When leveling based on time, the total time needs to appear in the actual medical record. CMS has suggested that the record state the level was selected based on time.

Independent Historian

The AMA clarified that a translator should not be counted as an independent historian. As the translator does not have a history or is not involved in management of the patient, use of a translator does not count in the Data Reviewed section. However, the need for a translator could be a Social Determinant of Health (SDoH) in some instances. This could be a Moderate level of Risk of Management.

Shared/Split Visits

The AMA has the following definition for shared visits.

“A shared or split visit is defined as a visit in which a physician and other qualified health care professional(s) both provide the face-to-face and non-face-to-face work related to the visit. When time is being used to select the appropriate level of services for which time-based reporting of shared or split visits is allowed, the time personally spent by the physician and other qualified health care professional(s) assessing and managing the patient and/or counseling, educating, communicating results to the patient/family/caregiver on the date of the encounter is summed to define total time.

Only distinct time should be summed for shared or split visits (i.e., when two or more individuals jointly meet with or discuss the patient, only the time of one individual should be counted).”

This definition does not align with the guidelines from the Centers for Medicare & Medicaid Services (CMS) on shared/split visits. Medicare policy is that shared visits are for the hospital setting only.

Changes by Category of Codes


The lowest level, 99241, will be deleted in 2023.

Code MDM Time (Met or Exceeded)
99242 Straightforward 20 minutes
99243 Low 30 minutes
99244 Moderate 40 minutes
99245 High 55 minutes

Consultations are rarely performed in the urgent care setting. Most payers follow Medicare guidelines and do not reimburse for consultations.

Home Visits

The categories for domiciliary, rest home, and custodial care will be deleted in 2023. Included are codes 99324-99328, 99334-99337, 99339, and 99340. Services in these settings will be reported with the home visit codes. The Place of Service (POS) will identify the type of facility.

Code 99343 will be deleted in 2023

Code Patient Type MDM Time (Met or Exceeded)
99341 New Straightforward 15 minutes
99342 New Low 30 minutes
99344 New Moderate 60 minutes
99345 New High 75 minutes
99347 Established Straightforward 20 minutes
99348 Established Low 30 minutes
99349 Established Moderate 40 minutes
99350 Established High 60 minutes


Nursing Facility Services

These codes are used by the admitting physician or specialists. HCPCS modifier “AI” is required on the admitting physician claim to identify their role in the care of the patient.

Code 99318 will be deleted in 2023.

Code Visit Type MDM Time (Met or Exceeded)
99304 Initial Straightforward or Low 25 minutes
99305 Initial Moderate 35 minutes
99306 Initial High 45 minutes
99307 Subsequent Straightforward 10 minutes
99308 Subsequent Low 15 minutes
99309 Subsequent Moderate 30 minutes
99310 Subsequent High 45 minutes
99315 Discharge N/A 30 minutes or less
99316 Discharge N/A More than 30 minutes


These codes are also used for skilled nursing facilities. The POS is used to report the type of facility where the service is performed. Nursing facility is POS 32; skilled nursing facility is POS 31.

This definition is unique to nursing facilities:

“Multiple morbidities requiring intensive management: A set of conditions, syndromes, or functional impairments that are likely to require frequent medication changes or other treatment changes and/or re-evaluations. The patient is at significant risk of worsening medical (including behavioral) status and risk for (re)admission to a hospital.”

Prolonged Services

Existing face-to-face prolonged services codes 99354-99357 will be deleted for 2023.

Two options remain for reporting prolonged services in the office or home setting:

  • 99417 – each 15-minute increment of time beyond the minimum time for 99205, 99215, 99345, or 99350
  • G2212 (Medicare only) – each 15-minute increment of time beyond the maximum time for 99205, 99215, 99345, or 99350

A new prolonged services code will be added for the inpatient, observation, or nursing facility setting. The AMA is using placeholder 993X0 for now.

Other prolonged services codes:

  • 99358, +99359 – non-face-to-face service on a date other than the date of the E/M
  • 99415, +99416 – prolonged clinical staff time under direct supervision of the physician or non-physician practitioner (NPP)

Bolster Your Email Security with 10 Top Tips

Hint: Quiz staff on phishing ploys

Even the most tech-savvy folks get duped by email phishing and malspam. It’s critical that you take the time to educate your staff members on how to react to even the simplest virus or hoax — or you risk leaking your patients’ electronic protected health information (ePHI).

Use these 10 tips for protecting ePHI and your organization against an accidental malware attack

  1. Remain skeptical: Even if an email was sent to you by a colleague or from an email address that looks like a colleague’s, that doesn’t make it legitimate. Attackers can create fake email addresses that look like the ones you know. Do your due diligence and check with the supposed sender to make sure the email was purposely sent before opening any attachments.
  2. Stay on top of software updates: Operating systems and software developers release updates regularly when they discover vulnerabilities, security flaws, or any number of other problems. By running these updates as they’re released and vetted by your practice’s IT department, you’ll protect your devices against attackers.
  3. Turn off automatic downloads: Your email software settings may have an option to automatically download attachments. If so, disable this feature to protect your computers against possibly dangerous files.
  4. Perform frequent backups: If a cyberattack occurs, you’ll be able to get your computer and network back up and running sooner if your practice has backups on hand.
  5. Secure legacy systems: If your organization depends on a legacy system to keep things running smoothly, ensure it’s compatible with new software. The chances of a cybersecurity incident are higher with legacy systems, so it’s critical that you manage updates and implement strict authentication protocols.
  6. Consider cloud-based email security: Many of your staff may still be working from home. A cloud-based email system can help curtail ransomware woes and secure your data more efficiently as your IT team and vendor have easier access to shut down issues.
  7. Employ a phishing test: Time and again, phishing is the culprit that takes systems down with just one click on a link. Phishing tests let you check the habits of your team and train those that need a refresher. Regular testing can help you avoid common attacks.
  8. Utilize encryption: Your employees may lack the skills to identify a phishing scheme, and that’s where encryption technology comes into play. Email encryption can help your organization authenticate emails with tools to ensure that the email isn’t a phishing attack.
  9. Make training ongoing: Your employees are going to get a wealth of HIPAA and IT training when they start at your firm — but that shouldn’t be the end of their data security education. With each new threat — and especially if an incident occurs — you must update and re-train staff, keeping them in the loop and offering tools and guidance.
  10. Trust your gut: Don’t open any email or attachment if it seems suspicious. Your computer’s antivirus software could even be fooled into thinking the message is safe. Attackers constantly release new threats before protection software has been updated. If you feel uneasy, trust your gut.

Keep these tips handy to serve as a reminder the next time you receive an unsolicited email with an attachment.

Rural Healthcare: 3 Important Updates

CMS offers several rural healthcare fixes in MPFS proposed rule.

The pandemic revealed that access to safe and affordable healthcare isn’t always guaranteed. The feds continue to try to rectify these equity issues with recent funding and policy making. Read on for the scoop on three items to know.

1. Fee Schedule Aims to Bolster RHCs and FQHCs

In the Medicare Physician Fee Schedule (MPFS) proposed rule published in the Federal Register on July 29, the Centers for Medicare & Medicaid Services (CMS) offers up a few proposals to assist providers helping beneficiaries at Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs).

Reminder: RHCs are Medicare-certified and offer primary care specifically in rural areas with limited healthcare options. FQHCs operate in both rural and urban locations that have provider shortages and assist patients with both primary and dental care. Both types of facilities must meet certain Medicare standards and comply with Conditions of Coverage and Certification.

First, CMS wants to make chronic pain management a priority at RHCs and FQHCs. “We are proposing to include chronic pain management services in the general care management HCPCS code G0511 [Rural health clinic or federally qualified health center (RHC or FQHC) only, general care management, 20 minutes or more of clinical staff time for chronic care management services or behavioral health integration services directed by an RHC or FQHC practitioner (physician, NP, PA, or CNM), per calendar month] when these services are provided by RHCs and FQHCs,” notes the proposed rule. The expansion of G0511 would have little impact on Medicare spending “since the requirements for the new chronic pain management and behavioral health integration services are similar to the requirements for the general care management services furnished by RHCs and FQHCs” already, CMS reasons.

Two other proposals focus on telehealth provisions outlined in the Consolidated Appropriations Act, 2022 (CAA, 2022) and deal with the post-COVID-19 public health emergency (PHE) transition. CMS wants to extend telehealth flexibilities for RHCs and FQHCs for 151 days after the PHE ends.

2. Community Health Gets a Funding Boost

The Department of Health and Human Services (HHS) intends to improve community and public health resources for patients in underserved areas by investing more than $266 million in providers and programs.

“Patients depend on community and public health workers for care and medical information,” expounds HHS Secretary Xavier Becerra in an HHS release. “These investments will equip community and public health workers with the skill sets needed to provide effective community outreach, increase access to care, and assist individuals with critical prevention and treatment services.”

Details: The HHS Health Resources and Services Administration (HRSA) will disperse upward of $225 million to 83 grantees via its Community Health Worker Training Program, training and supporting 13,000 workers. The health members include “promotores de salud, community health advisors, outreach workers, patient navigators and peer counselors,” who all strive to connect people and build trust in communities, HHS says.

Another $47 million is earmarked for the Public Health Scholarship Program and will be distributed to 29 grantees by HRSA, incentivizing individuals to pursue public health careers.

3. CMS Issues RFI on Efficiency, Equity, and Burden Reduction

If you want to offer the feds your two cents on reducing regulatory burdens, CMS is soliciting input with a new Request for Information (RFI) titled “Make Your Voice Heard: Promoting Efficiency and Equity Within CMS Programs.”

CMS “is committed to engaging with partners, communities, and individuals across the health system to understand their experiences with CMS payment policies and quality programs, particularly how existing and proposed CMS payment policies and quality programs impact the experience of healthcare,” the agency says on the RFI webpage.

“Through this RFI, CMS is seeking public input on accessing healthcare and related challenges, understanding provider experiences, advancing health equity, and assessing the impact of waivers and flexibilities provided in response to the COVID-19 public health emergency (PHE),” the agency explains. “CMS will use the comments received … to identify potential opportunities for improvement and increased efficiencies across CMS policies, programs, and practices,” it adds.

“This RFI aims to gather feedback and perspectives related to … reducing burden, and creating efficiencies across the healthcare system,” CMS says in a release.

Heads up: Leave your comments on the RFI through Nov. 4.

Important: Experity Payment Scam

We were recently informed that a client received an email from a scammer who represented themselves as Experity. This email contained instructions to change the bank account information for making payments to us which the client followed, giving the scammer access to their account information.

The situation has been resolved, but in today’s security environment it’s an important reminder that we all remain vigilant in protecting ourselves from phishing attempts and other forms of cyber-attacks.

IMPORTANT: Experity personnel will never ask you via email or text to change bank information for remitting payments to us. If you receive a request of this nature, please contact us immediately at

REMINDER: The most secure way to make a payment to us is through our VersaPay payment portal. If you haven’t yet created a VersaPay login, please contact us at to set one up.

Note from Urgent Care Association

Ask Your Senators to Follow CDLT Panel Payment Recommendations

CMS is currently considering 2023 Medicare payment rates and they need to hear from Urgent Care physicians and APPs ASAP on the current reimbursement rate for the combined COVID-19/Influenza A/Influenza B point-of-care diagnostic test (CPT 87428).  For the second year in a row, the Clinical Diagnostic Laboratory Tests (CDLT) Advisory Panel’s recommendations support a significant increase in payments ($63.59).

The current payment rate for this multiplex test ($30.94) is almost 12.5% lower than the payment rate for the standalone COVID-19 test ($35.33).  Last year, CMS did not follow the Advisory Panel’s recommendations for an increase, and we want to ensure that they hear from clinicians this year before making a final decision. UCA is writing a letter to CMS on behalf of the industry, and we would request that you send emails to your Senators asking them to pressure CMS to follow the CDLT Panel recommendations for an increase in payments.

Click here to send a letter to your senators today!  They could make a final decision regarding this matter as early as this week.  If you have any questions, please email

Interested in more urgent care tips, best practices, and industry updates? Check out our September and October installments.

Interested in more? Our RCM experts use smart solutions and best practices to stay on top of revenue cycles and reimbursement.

Learn how


Sign Up for the Urgent Care Minute

Join over 20,000 healthcare professionals who receive our monthly newsletter.