Posted on
Jun 23, 2026
Telehealth Documentation Challenges: The 2026 Playbook for Virtual Care Compliance
Clinical Update — June 2026: This playbook has been revised to reflect the OIG's updated Telehealth Program Integrity Methodology (FY 2026 Q2), CMS Final Rule CY 2026 PFS adjustments to Place of Service logic, and the AMA CPT Editorial Panel's March 2026 errata on Appendix R digital medicine taxonomy. Modifier 93 audio-only billing thresholds and PSYPACT v. medical-licensure compact distinctions have been clarified based on three enforcement actions published between January and May 2026.
Telehealth Documentation Challenges: The 2026 Operations Playbook for Audit-Proof Virtual Care Compliance
TL;DR
Telehealth documentation in 2026 is no longer about checking boxes for "patient seen via video." The OIG now audits Video Link Integrity (cryptographic proof the video session was continuous and authenticated) and Patient Location (dual-source verification tying patient geo to provider licensure and payer policy). Existing guidance—including the AMA's Digital Medicine Clinical Scenarios Handbook—explains what codes and modifiers to use but never addresses how to produce immutable, machine-verifiable evidence that those codes are truthful. This gap has cost health systems millions in recoupments. Scribing.io closes it by auto-capturing WebRTC session telemetry, IP-geo + patient attestation, licensure geofencing, and FHIR-native audit trails—blocking note sign-off when compliance conditions aren't met. This playbook details the clinical logic, ICD-10 mapping, and technical architecture that Medical Directors of Virtual Care need to operationalize audit-proof telehealth documentation today.
Why 2026 OIG Audit Standards Broke Telehealth Documentation
The Information Gap: What Every Competitor Guide Misses
Scribing.io Clinical Logic: Cross-State Licensure + Video-to-Audio Fallback
Video Link Integrity: Cryptographic Session Verification Architecture
Patient Location: Dual-Source Geo-Verification and Licensure Geofencing
Technical Reference: ICD-10 Documentation Standards for F41.1 and I10
FHIR Implementation: Encoding Telehealth Provenance When EHR APIs Fight Back
Operationalizing Audit-Proof Telehealth: Workflow Breakdown for Medical Directors
Why 2026 OIG Audit Standards Broke Telehealth Documentation
The OIG's 2025–2026 Work Plan elevated telehealth program integrity to Tier 1 enforcement. After pandemic-era flexibilities expired under the Consolidated Appropriations Act, 2023 sunset provisions, recoupment actions shifted from isolated carrier audits to coordinated, data-driven sweeps. The enforcement posture is no longer "Did you document a telehealth visit?" It is now: "Can you cryptographically prove the modality, continuity, and geographic compliance of this encounter at the moment it occurred?"
Scribing.io was engineered for exactly this evidentiary standard. Where legacy AI scribes stop at transcription and note generation, Scribing.io treats the telehealth session itself as a chain-of-custody problem — capturing, hashing, and writing proof of Video Link Integrity and Patient Location directly into the clinical record via FHIR Provenance resources. The platform integrates natively with major EHRs, including through its Epic Integration via SMART on FHIR and its athenahealth API connection — critical because audit evidence that lives outside the EHR is evidence auditors discount.
Traditional telehealth documentation relied on provider attestation: a line in the note stating "Patient seen via synchronous video" and a POS/modifier selection in the billing system. Under 2026 audit methodology, OIG investigators now cross-reference three independent data sources:
Platform session logs (Zoom, Doxy.me, embedded EHR video) for connection type, duration, and interruptions
IP geolocation data compared against the patient's attested location and the provider's licensure jurisdiction
Billing primitives (POS 02 vs. POS 10, modifier 95 vs. modifier 93) for consistency with the above evidence
When these data sources contradict each other—and they frequently do—the result is extrapolated recoupment across all similarly billed claims. A single flagged encounter becomes the statistical seed for six- and seven-figure clawbacks.
Current enforcement data indicates telehealth-related recoupment actions in 2025–2026 disproportionately target behavioral health. Session durations are longer (increasing the probability of mid-visit modality changes), cross-state patient panels are common due to workforce shortages, and the CPT time-based codes used in psychiatry (90834, 90837) create precise audit surfaces where documented time must match session telemetry.
The core problem: no major coding handbook, including the AMA's Digital Medicine Clinical Scenarios guide, addresses how to generate, store, or reference the machine-verifiable evidence that auditors now demand. They define which code to use. They never explain how to prove the code is correct.
The Information Gap: What Every Competitor Guide Misses About Video Link Integrity and Patient Location
The AMA's Digital Medicine Clinical Scenarios Coding Handbook (last updated March 2025) remains the most authoritative public reference for telehealth CPT guidance. It introduced Appendix R's digital medicine taxonomy, mapped 14 clinical scenarios to appropriate code sets, and clarified the CMS vs. CPT Editorial Panel divergence on the new 98000-series telemedicine codes.
What it does not do — and what no competitor resource does — is address the evidentiary substrate underneath those codes.
Specific gaps in existing guidance
Documentation Element | AMA Handbook Coverage | 2026 OIG Audit Requirement | Gap |
|---|---|---|---|
Video Link Integrity | Assumes synchronous video occurred if provider reports it. No discussion of session verification. | Auditors request platform logs, cross-reference connection type and duration against billed modality and time-based codes. | No guidance on capturing, hashing, or storing session-level proof of video continuity. No framework for handling mid-session modality fallback. |
Patient Location Verification | States POS 02 or POS 10 should be used. Notes providers should "confirm" location. | Dual-source verification: patient attestation plus technical corroboration (IP geo, timezone consistency). Location must map to provider licensure state and payer coverage area. | No mechanism for automated geo-verification. No IP-to-geo corroboration. No licensure geofencing. "Confirm" is not operationalized. |
Modifier Selection Logic (95 vs. 93) | Defines modifier 95 for synchronous audio-video. Scenarios assume modality is stable throughout encounter. | Modifier must reflect actual modality for the billed service period. If video drops to audio-only for a material portion, modifier 95 may not be supportable. | No threshold or logic for when a session that started as video but degraded to audio should be re-coded. No QoS-based decision framework. |
POS Selection (02 vs. 10) | Describes POS options. Notes CMS/CPT divergence. | POS must be consistent with verified patient location. POS 10 requires the patient to actually be at their home. | No automated POS selection tied to verified location data. Manual selection creates audit exposure. |
Immutable Audit Trail | Not addressed. | Evidence must be tamper-evident. OIG expects contemporaneous records, not retrospective attestations. | No discussion of WORM storage, SHA-256 hashing, FHIR Provenance/AuditEvent resources, or any cryptographic evidence chain. |
EHR API Constraints | Not addressed. | Audit evidence must be retrievable and associated with the encounter. | No guidance on attaching session metadata to encounter notes when EHR fields are capped at 255 characters. No FHIR DocumentReference workarounds. |
The AMA Handbook is excellent at what it set out to do: clarify CPT coding logic for digital medicine encounters. But the 2026 audit environment demands documentation infrastructure, not just documentation guidance. Telling a provider to "use modifier 95 for synchronous audio-video" is necessary but insufficient when an auditor can pull Zoom's API logs and demonstrate that the WebRTC connection degraded to audio-only for 40% of the billed session.
Telehealth-native AI must specifically document Video Link Integrity and Patient Location within the note to meet 2026 OIG audit standards for virtual care. This is the anchor truth of this playbook, and it is the gap Scribing.io was built to close — not by replacing coding guidance, but by generating the cryptographic, geo-verified, FHIR-native evidence that makes the selected code defensible.
Scribing.io Clinical Logic: Handling Cross-State Licensure Violations and Mid-Session Video-to-Audio Fallback in Psychiatric Telehealth
The scenario
A psychiatrist in Chicago starts a 45-minute video session for Generalized Anxiety Disorder (GAD). The patient quietly joins from home across the state line in Indiana. Mid-visit, the video drops to audio-only for 18 minutes. The clinic bills 90834 (psychotherapy, 45 minutes) with POS 10 and modifier 95, but an audit cross-references IP geolocation and platform logs, flags out-of-state licensure plus loss of synchronous video, and recoups $18,400 from 46 similarly billed claims.
This is not hypothetical. It represents a pattern the OIG has identified across behavioral health telehealth programs, where: (1) patients relocate or travel without informing the provider, creating licensure jurisdiction mismatches; (2) bandwidth limitations in residential settings cause video degradation that goes undocumented; and (3) billing workflows are decoupled from session telemetry, so modifiers and POS codes reflect what was intended, not what occurred.
How Scribing.io handles this — step by step
Step | System Action | Data Captured | Compliance Impact |
|---|---|---|---|
1. Pre-session geo-capture | When the patient joins, Scribing.io prompts a location attestation ("Confirm you are currently located at [address on file] in [state]") and simultaneously captures IP-to-geo with timezone and DST validation. | Patient attestation (timestamped), IP-derived latitude/longitude, resolved state/jurisdiction, timezone offset, DST flag. | Dual-source location record created before the clinical encounter begins. Attestation and IP geo are compared automatically. |
2. Licensure geofence check | Patient's verified location (Indiana) is checked against the provider's licensure records. Indiana is not in the provider's licensure set. System flags: | Provider licensure jurisdiction(s), patient verified state, match/mismatch status, applicable interstate compact membership (e.g., PSYPACT applies to psychologists, not psychiatrists in this scenario). | Sign-off is blocked. The note displays a denial-risk rationale: "Service may not be billable — provider not licensed in patient's verified state of Indiana. Review interstate practice authority before proceeding." |
3. Session initiation — video link integrity capture | At session start, Scribing.io captures the telehealth platform identifier, meeting URL SHA-256 hash, WebRTC session ID, and start timestamp. | Platform name, meeting URL hash, WebRTC session ID, session start UTC timestamp, initial connection type (video). | Immutable session-start record created. This becomes the anchor for all subsequent QoS data. |
4. Continuous QoS monitoring | Throughout the session, Scribing.io samples WebRTC stats (via | Average jitter (ms), packet loss (%), ICE restart count, video track state transitions with timestamps. | At minute 22, the video track transitions to |
5. Automatic modifier adjustment | With 18 of 45 minutes (40%) on audio-only, the system determines modifier 95 (synchronous audio-video) is not supportable. Scribing.io auto-selects modifier 93 (audio-only). | Modifier recommendation with rationale: "Video active 27 min, audio-only 18 min. Video continuity below threshold for modifier 95. Modifier 93 applied per QoS evidence." | Prevents overbilling. The note reflects the actual modality delivered, not the modality intended. |
6. POS auto-selection | Based on verified patient location (home in Indiana) and audio-only modifier, POS 02 is selected. POS 10 is excluded because CMS requires POS 10 for synchronous telehealth provided to a patient in their home; audio-only encounters use POS 02 under the CY 2026 PFS final rule. | POS code with rationale trail linking back to geo-verification and modifier determination. | POS is provably consistent with location data and modality data. No manual selection required. |
7. FHIR Provenance write | All captured data — geo-attestation, IP-geo, licensure check result, WebRTC QoS log, modifier rationale, POS selection logic — is bundled into a FHIR Provenance resource (or DocumentReference when the EHR caps encounter fields at 255 characters) and written to the encounter. | SHA-256 hash of the complete evidence payload, FHIR resource ID, EHR encounter linkage, WORM-storage confirmation. | The audit trail is tamper-evident, encounter-linked, and retrievable by any authorized party. This is what the OIG expects and what no manual workflow can replicate. |
8. Sign-off gate | The provider sees a compliance dashboard before signing the note. In this scenario, two flags are active: (a) | Provider acknowledgment action, timestamp, resolution pathway selected. | Prevents claim submission for a service with known compliance defects. The $18,400 recoupment never happens. |
Every element in this sequence maps to a specific OIG audit vector. The licensure geofence prevents the jurisdictional violation. The QoS-driven modifier adjustment prevents the modality misrepresentation. The FHIR Provenance write creates the tamper-evident audit trail. And the sign-off gate ensures no claim leaves the system without compliance conditions satisfied.
Video Link Integrity: Cryptographic Session Verification Architecture
"Video Link Integrity" is the term we use for the complete evidence chain proving that a synchronous audio-video telehealth session occurred as documented. Under CMS telehealth policy, modifier 95 requires that the service was furnished via "interactive, real-time telecommunications system that includes, at a minimum, audio and video equipment." The word "includes" is doing enforcement work: it means the video component must be present, not merely attempted.
Scribing.io's Video Link Integrity system captures five data elements per session, each with a specific audit function:
Platform Identifier: Which telehealth platform was used (Zoom, Doxy.me, EHR-embedded). This matters because OIG auditors validate that the platform is a HIPAA-compliant, BAA-covered system.
Meeting URL SHA-256 Hash: A cryptographic hash of the session URL. This proves the specific session instance without exposing PHI in the URL structure. The hash is one-way — auditors can verify it against platform logs but cannot reconstruct the URL from the hash alone.
WebRTC Session ID: The unique identifier for the real-time communication session. This provides a second, independent key for cross-referencing platform logs during audit.
Start/Stop Timestamps (UTC): Session boundary markers in UTC to eliminate timezone ambiguity. These timestamps are compared against the billed service time to validate time-based CPT codes (e.g., 90834 requires 38–52 minutes of psychotherapy).
QoS Telemetry: Average jitter (ms), packet loss (%), ICE restart count, and — critically — video track state transitions. This is the data that proves whether the session maintained video continuity or degraded to audio-only.
All five elements are bundled, SHA-256 hashed as a single payload, and written to WORM (Write Once Read Many) storage. The hash is then embedded in the FHIR Provenance resource attached to the encounter. This architecture means that any alteration to the evidence — even a single byte — would produce a mismatched hash, making tampering detectable.
The W3C WebRTC Statistics API provides the raw telemetry. Scribing.io samples RTCStatsReport objects at 30-second intervals throughout the session, extracting RTCInboundRtpStreamStats for jitter and packet loss and RTCIceCandidatePairStats for connection state. Video track status is monitored through the MediaStreamTrack.readyState and enabled properties. When the video track transitions from live to ended — or when the enabled property flips to false for more than 60 consecutive seconds — the system logs a VIDEO_CONTINUITY_LOSS event with a UTC timestamp.
This threshold (60 seconds) was chosen deliberately. Brief video freezes due to network microbursts are clinically insignificant and do not change the modality classification. Sustained loss exceeding 60 seconds indicates a genuine fallback to audio-only communication that must be reflected in the modifier.
Patient Location: Dual-Source Geo-Verification and Licensure Geofencing
Patient location verification is the second pillar of 2026 OIG audit compliance. Under CMS Medicare Telehealth policy, the patient's physical location at the time of the encounter determines three things: (1) whether the provider is licensed to deliver care in that jurisdiction; (2) which POS code applies; and (3) whether the payer covers telehealth from that originating site type.
Single-source verification — asking the patient where they are — is insufficient. Patients may not know their exact jurisdiction (e.g., near a state border), may provide their home address when they are actually traveling, or may not understand the legal significance of the question. This is why Scribing.io implements dual-source geo-verification:
Source 1 — Patient Attestation: A timestamped, discrete data capture (not free text) where the patient confirms their current physical location. The attestation interface presents the address on file and asks the patient to confirm or update. Responses are stored as structured data elements, not embedded in note prose.
Source 2 — IP-to-Geo with Timezone/DST Validation: The patient's connecting IP address is resolved to a geographic location using a commercial IP geolocation database (accuracy to state/province level). The resolved timezone is compared against the device's reported timezone and DST offset for consistency. VPN detection heuristics flag known commercial VPN exit nodes.
When both sources agree on the patient's state, the system proceeds with licensure and POS logic. When they disagree — for example, the patient attests to being in Illinois but their IP resolves to Indiana — the system flags a GEO_CONFLICT and requires the provider to resolve the discrepancy before the note can be signed. Resolution options include: the patient corrects their attestation, the provider documents a known VPN/proxy situation, or the encounter is flagged for compliance review.
Licensure geofencing
Once the patient's state is verified, Scribing.io checks it against the provider's licensure table. This table is populated from primary-source verification (state licensing board records) and is updated on a configurable cadence. The system checks not only state medical licenses but also interstate compact membership: the Interstate Medical Licensure Compact (IMLC) for physicians, PSYPACT for psychologists, and the Counseling Compact for licensed professional counselors. Each compact has different participation rules — PSYPACT, for example, does not cover psychiatrists (who are physicians), a distinction that causes frequent billing errors in behavioral health practices.
If the patient's verified state is not covered by any of the provider's licenses or compact memberships, the system raises LICENSURE_MISMATCH and blocks note sign-off. The provider receives a specific, actionable message explaining which state lacks coverage and what options exist (obtain licensure, refer to a licensed provider in that state, or — in limited circumstances — document an emergency exception per the state's emergency practice provisions).
Technical Reference: ICD-10 Documentation Standards
Telehealth encounters are disproportionately flagged for ICD-10 specificity deficits because the virtual modality reduces the clinician's access to physical examination findings that naturally drive code specificity. In the psychiatric GAD scenario above, the primary diagnosis is straightforward: F41.1 Generalized anxiety disorder; I10 Essential (primary) hypertension. But specificity requirements extend beyond simply selecting the right terminal code.
F41.1 — Generalized Anxiety Disorder
F41.1 is a terminal code (no further characters available) in the ICD-10-CM hierarchy under F41 (Other anxiety disorders). Common specificity errors in telehealth include:
Undercoding to F41.9 (Anxiety disorder, unspecified): When the clinical note does not clearly document the diagnostic criteria for GAD — persistent, excessive worry about multiple domains for ≥6 months with associated somatic symptoms per DSM-5-TR criteria — coders default to the unspecified code, which carries higher denial rates.
Failure to document comorbid conditions: GAD frequently co-occurs with major depressive disorder (F33.x), insomnia (G47.0x), and somatic symptom patterns. Each must be documented at maximum specificity to support medical necessity for the billed service level.
Telehealth-specific documentation gap: Without physical examination, providers must explicitly document the clinical rationale for diagnosing GAD based on observed behavior during the video session (psychomotor agitation, visible tension), patient-reported symptoms, and validated screening instruments (GAD-7 score).
Scribing.io addresses this by extracting diagnostic evidence from the session transcript and mapping it to ICD-10 criteria. When the patient describes persistent worry across multiple life domains, the system surfaces F41.1 as the suggested code and highlights the supporting transcript segments. If the documentation does not meet the minimum clinical criteria threshold, the system prompts the provider to add clarifying detail before sign-off — preventing downstream undercoding.
I10 — Essential (Primary) Hypertension
I10 is frequently listed as a secondary diagnosis in behavioral health encounters because SSRIs and SNRIs can affect blood pressure, and many psychiatric patients have comorbid cardiovascular conditions. Specificity issues include:
Failure to specify hypertensive heart disease (I11.x) or hypertensive chronic kidney disease (I12.x): If the patient's history includes these conditions, I10 alone is insufficient and may trigger a query from the coding team.
Missing documentation of current management: Auditors check whether the hypertension was "addressed" during the encounter (medication reviewed, blood pressure discussed) to validate its inclusion on the claim. In a telehealth psychiatric visit, this requires explicit documentation — Scribing.io auto-generates a medication reconciliation section that includes antihypertensives when I10 is in the problem list.
By linking ICD-10 code suggestions to transcript-derived clinical evidence and problem list data pulled from the EHR via FHIR, Scribing.io ensures each code on the claim is traceable to documented clinical findings — the standard that CMS ICD-10 documentation requirements demand and that telehealth visits historically fail to meet.
FHIR Implementation: Encoding Telehealth Provenance When EHR APIs Fight Back
The theoretical elegance of FHIR-based audit trails collides with the practical reality of EHR API limitations. Here is what actually happens when you try to write telehealth compliance metadata to major EHR systems:
The 255-character problem
Several major EHRs cap encounter-level URL or reference fields at 255 characters. A complete Video Link Integrity payload — platform, URL hash, session ID, QoS summary, timestamps — exceeds 255 characters by a factor of three. Attempting to stuff this data into a single encounter note field produces truncated, useless records.
Scribing.io's architecture solves this with a three-layer approach, designed and tested against both the Epic SMART on FHIR and athenahealth API implementations:
FHIR Provenance Resource (preferred): When the EHR supports FHIR R4 Provenance resources linked to Encounter resources, the full evidence payload is written as a Provenance resource with the encounter as the target. The
agentelement references the Scribing.io system, theentityelement references the evidence payload in WORM storage, and thesignatureelement contains the SHA-256 hash. This is the gold standard.FHIR DocumentReference (fallback): When Provenance is not supported or is read-only, the evidence payload is written as a DocumentReference resource — essentially a structured attachment — linked to the encounter. The content is a base64-encoded JSON object containing all five Video Link Integrity data elements plus the dual-source geo-verification results.
Note Embedded Summary + External Reference (last resort): For EHRs that do not support Provenance or DocumentReference write-back, Scribing.io embeds a human-readable summary in the clinical note (e.g., "Telehealth Session Verification: Video active 27 min / Audio-only 18 min / Patient Location: IN / Modifier: 93 / Evidence Hash: a3f7b2...") and appends a shortened URL to the full evidence record in WORM storage. The URL resolves to a HIPAA-compliant audit portal accessible to authorized compliance officers.
Each layer preserves the core requirement: the encounter record contains either the complete evidence or a tamper-evident pointer to the complete evidence stored in immutable, HIPAA-compliant infrastructure.
FHIR AuditEvent for longitudinal compliance analytics
In addition to per-encounter Provenance, Scribing.io writes FHIR AuditEvent resources for every compliance-relevant system action: geo-verification, licensure check, modifier adjustment, sign-off gate trigger. These AuditEvent resources feed an analytics dashboard that enables Medical Directors of Virtual Care to identify systemic patterns — e.g., a specific clinic location with a high rate of GEO_CONFLICT flags, suggesting patients in that area frequently cross state lines.
Operationalizing Audit-Proof Telehealth: A Workflow Breakdown for Medical Directors
Implementation is where most compliance initiatives fail. The policies are written, the technology is purchased, and the workflows never change. This section provides the operational blueprint for Medical Directors deploying Scribing.io's telehealth compliance architecture.
Phase 1: Licensure table build (Week 1–2)
Populate the provider licensure table with primary-source-verified data for every clinician delivering telehealth services. Include: state medical license(s), DEA registration state(s), interstate compact membership (IMLC, PSYPACT, Counseling Compact, ASWB Mobility), and any temporary practice permits. Set update cadence to match license renewal cycles. Scribing.io ingests this data via CSV upload or direct API integration with primary source verification vendors.
Phase 2: Platform integration and QoS calibration (Week 2–3)
Connect Scribing.io to your telehealth platform(s). For Zoom, this uses the Zoom Apps SDK and Meetings API. For Doxy.me and EHR-embedded video, integration uses the WebRTC getStats() API via the Scribing.io browser extension. Calibrate the video continuity loss threshold (default: 60 seconds) based on your clinical and payer requirements. Some Medicaid programs have stricter audio-only billing rules that may warrant a shorter threshold.
Phase 3: EHR write-back configuration (Week 3–4)
Configure the FHIR write-back pathway for your EHR. For Epic organizations, this is done through the SMART on FHIR integration, registering Scribing.io as an authorized app with write permissions for Provenance and DocumentReference resources. For athenahealth practices, the athenahealth API integration uses the clinical inbox and document management endpoints. Test with synthetic encounters before go-live.
Phase 4: Provider training and go-live (Week 4–5)
Train providers on three things only — clinicians will not retain more:
The geo-attestation prompt is not optional. If the patient skips it, the session can proceed clinically but the note cannot be signed until location is resolved. This is a patient safety measure (licensure) as well as a billing compliance measure.
Sign-off gates are decision points, not errors. When a
LICENSURE_MISMATCHorMODIFIER_ADJUSTEDflag appears, the provider has clear options. The system explains why and what to do. This is faster than a post-hoc compliance review and infinitely cheaper than a recoupment.Nothing changes about how they practice medicine. The clinical conversation is the same. The AI scribe generates the note the same way. The compliance layer is infrastructure — it runs beneath the clinical surface and surfaces only when intervention is needed.
Phase 5: Ongoing compliance monitoring (Continuous)
Use the FHIR AuditEvent analytics dashboard to monitor: geo-conflict rates by provider and clinic, modifier adjustment frequency (high rates may indicate platform bandwidth issues that should be addressed operationally, not just documented), licensure mismatch patterns (may indicate patient panel outreach is needed), and sign-off gate override rates (which should be near zero — any override requires a documented rationale).
Publish a quarterly compliance report to your organization's compliance committee. Include the aggregate hash verification count — the number of encounters where the SHA-256 evidence hash was generated and stored — as your primary telehealth audit-readiness metric. This is the number your organization's legal counsel will want when the OIG comes calling.
Book a 15-minute demo to see our 2026 OIG audit-defense workflow in action: real-time licensure geofencing, auto POS 02/10 + modifier 95/93 enforcement, and cryptographically hashed video-link evidence written to your EHR via FHIR Provenance. Schedule at Scribing.io →
