What Is Medical Auditing? Medicare & Medicaid (CMS) Audits for Medical Compliance Enforcement.

What Is Medical Auditing?Medicare & Medicaid (CMS) Audits for Medical Compliance Enforcement.

Hospital administrators, physicians, and employees of every healthcare billing department are aware that if their practice or hospital provides services to Medicare patients, they should be prepared to receive an audit request from the Medicare Parts C and D Oversight and Enforcement Group. The Centers for Medicare and Medicaid Services (CMS) is responsible for developing the audit strategy as well as implementing it every year. This article will explain, What Is Medical Auditing? Medicare & Medicaid (CMS) Audits for Medical Compliance Enforcement.

What Is Medical Auditing?

Medical auditing is the systematic evaluation of a healthcare organization’s performance. Almost any aspect of healthcare can be audited, although the majority of audits focus on payer payment systems to assess compliance with payer guidelines and federal and state legislation. The medical audit plays an important part in a healthcare organization’s compliance plan by finding faults and designing corrective procedures to eliminate them.

Importance of Medical Auditing

There are several reasons to perform medical audits. Auditing can help protect against fraudulent claims and billing activity, identify problems before being challenged with inappropriate coding, identify opportunities for reimbursement, and recognize the use of incorrect codes,

Medical auditing performed by the provider organization, or on its behalf, is crucial because it keeps coding and billing errors in check. Audits not only identify incorrect coding but also prevent incorrect coding from being repeated. Habitual claim errors impose a cumulative effect on an organization and, worse, invite federal reproach.

The laws governing healthcare fraud, chiefly the False Claims Act (FCA), account for the ambiguity of intent in habitual overbilling. The deliberate objective to defraud is not required for prosecution and penalty under the FCA.

Penalties for violating the FCA can include fines up to three times the program’s loss, plus, based on the 2022 regulations, as much as $23,607 for each claim submitted in violation of the law. Some agencies may assess even higher penalties.

Federal Scrutiny and Compliance Enforcement

Every year, medical claim errors filed by provider organizations result in inappropriate payments costing the fund tens of billions of dollars. Law requires the Centers for Medicare & Medicaid Services (CMS) to protect the taxpayer-sponsored Medicare Trust Fund.

To avoid inappropriate payments from compromising the Medicare Trust Fund, CMS works with Part A and Part B Medicare Administrative Contractors (MACs) and Durable Medical Equipment MACs (DME MACs). CMS collaborates with several contractors, who are all ultimately responsible for protecting taxpayers and future Medicare beneficiaries.

CMS contractors include:

  • RAC:

The Recovery Audit Contractors review post-payment claims to recover improper Medicare payments made to healthcare providers under fee-for-service (FFS) Medicare plans. RACs also inform CMS of detected errors to enable CMS to implement actions (directly and through MACs) that will prevent future improper payments.

Providers should note that CMS pays RACs a percentage of the amounts they recover, which incentivizes aggressive RAC scrutiny, as well as the likelihood that a provider organization will be audited by a RAC. RACs may audit claims going back three years from the date of payer reimbursement.

  • SMRC

The Supplemental Medical Review Contractor is a nationwide program fulfilled by Noridian Healthcare Solutions aimed at reducing improper payment rates through medical review of Medicare Part A, Part B, and DME claims. SMRC reviews are CMS-directed, in that CMS chooses the issue, scope, and time frame of SMRC activities.

  • UPIC

UPIC (Unified Program Integrity Contractors) contracts operate in five U.S. regions and fulfill responsibilities previously met by the Zone Program Integrity Contractor (ZPIC), Program Safeguard Contractor (PSC), and Medicaid Integrity Contractor (MIC) contracts. UPIC conducts regional activities to detect and deter abuse, waste, and fraud for medical claims filed through Medicare Part A and Part B, DME, Home Health and Hospice (HH+H), Medicaid, and the Medicare-Medicaid data match program.


The Investigations Medicare Drug Integrity Contractor is responsible for monitoring all fraud, waste, and abuse initiatives in the Medicare Advantage (Part C) and Prescription Drug Plan (Part D) benefits (specific to providers, prescribers, and pharmacies).


The Plan Program Integrity Medicare Drug Integrity Contractor is responsible for the Medicare Advantage (Part C) and Prescription Drug Plan (Part D) proactive data analysis, audits, generation of risk assessment reports, and plan sponsor education and outreach.

Assigned to various jurisdictions, these contracted entities perform analysis of claims data to identify questionable billing patterns and ensure that CMS reimbursement is made only to services meeting coding, medical necessity, and Medicare coverage requirements.

The Medical Auditing Process

The audit process is easy to understand when broken down into its parts.

Step 1: Plan the Medical Record Audit

Auditing objectives range from investigating areas of insufficient documentation to identifying improper coding, billing activity, and post-payment risks. Regardless, in all cases, conducting the audit to produce useable data requires planning.

Chart auditing is an iterative process, meaning that you repeat the process, and what you learn from one audit affects your starting point for the next. Therefore, answers to these questions will likely change. But understanding what is to be learned through the audit will enable the auditor to make the best decisions, and, once decisions are made, to maintain a focus on the objectives throughout the medical audit.

Step 2: Choose Between 2 Basic Auditing Methods

  1. A prospective audit helps identify and correct problems before sending claims to the payer. In a prospective audit, you review the documentation along with the codes that would have been billed to the payer. This allows for inconsistencies to be identified but typically delays the billing process.
  2. A retrospective audit is a post-payment audit to evaluate whether services that were previously reported to a carrier were reported appropriately and consistent with the carrier’s binding rules. The auditor reviews the documentation, claim forms, and sometimes the explanation of benefits (EOBs) to ensure proper medical billing.

Each medical practice must determine which type of audit method will work for its environment.

Step 3: Decide the Audit Approach

  1. A focused audit centers on a particular service item, provider, diagnosis, etc. For instance, you may need to audit a single provider because they’re trending in above-average reimbursement. Or maybe your organization is struggling with modifier errors.
  2. A random audit refers to a comprehensive review involving a sample of charts arbitrarily selected to indicate compliance problems reflected in all charts. The sample will come from a designated period, preferably within the last three months. This type of audit pinpoints areas to focus improvement efforts and training, as well as targets of future focus audits.

Step 4: Determine Audit Scope

Determining the audit scope includes emphasizing or defining factors that influenced the choice to conduct a focused or random audit. If this is the practice’s first audit, you may want to use random sampling. If the business has already done audits, previous audit reports should identify a focal area, such as new office visits, consultations, inpatient visits, or specific diagnosis codes. A player-focused audit may be required for a variety of reasons, including reviewing charts billed just to Medicare, Medicaid, or another payer.

When defining the audit scope, priority should be the primary determinant. The auditor should mention the audit sample’s date range while setting the audit scope.

Step 5: Determine Sample Size

The audit sample should use a percentage of patient encounters that represent the encounter types. Auditing too few records may distort results, while auditing too many records become impractical in terms of time and labor.

The standard sample size ranges from 10 to 15 charts. When conducting an audit involving multiple physicians, the OIG recommends five to 10 charts per medical provider.

Step 6: Select Audit Tools

An efficient audit tool is important when auditing medical records. If the auditor is conducting a review of surgical notes, for example, a surgical audit tool should be used. If the auditor is conducting an evaluation and management (E/M) audit, the tool needs to reflect the guidelines used by the practitioner.

When selecting an audit tool, remember that tools can vary among payers. MAC tools may vary, as well. The auditor should choose according to the audit scope, using a payer- or Mac-specific tool when applicable.

Step 7: Locate Documentation

Once the sample size and charts have been selected, you must collect documentation regarding the date of service (DOS) for the charts under consideration. The medical record for the patient visit may include labs, paperwork, photos, and other incidental items in addition to a notation. To conduct the review successfully, all paperwork is required.

Step 8: Conduct the Audit

Using your tools and resources, perform the audit. Be sure to review both coding and documentation. Double-check coding criteria for services such as:

  • Critical care services
  • Hospital services
  • Nonphysician practitioner services
  • New versus established patient
  • Time-based code requirements
  • Consult versus transfer of care

Step 9: Analyze Audit Findings

Once the audit is complete, analyze your findings and identify problem areas, such as:

  • Missing modifiers and/or incorrect modifier usage
  • Incorrect diagnosis linkage
  • Services performed but not billed
  • Improper assignment of CPT or HCPCS Level II codes for procedures or services
  • E/M levels not supported by documentation
  • Incorrect diagnosis codes, including ICD-10-CM codes that don’t capture optimum specificity or support medical necessity

Step 10: Create the Audit Analysis and Summary Report

Compile the audit findings in a concise audit report. Identify the number of encounters documented correctly and incorrectly. Note trends and errors in coding. Each error or risk area should be outlined categorically and labeled to define the category. All errors should be explained and include a citation to the appropriate standard. The auditor’s approach to communicating the audit results is as important as the approach to the audit.

Step 11: Meet with Coders, Practitioners, and Ancillary Staff

Discussing audit findings allows the auditor to address risks and the corrective actions to mitigate them. Allow enough time to talk about each case, offer suggestions, and answer questions. Let the staff know what they did well and how they can improve. If audit findings are under dispute, provide them with hard copies of payer and coding guidelines.

Step 12: Execute Audit Follow-up

If an error has been identified it’s necessary to report the error to the payer. The organization may voluntarily return the overpayment or request that the payer initiates a demand letter. How refunds are handled will depend on the payer who made the overpayment.

If, however, you suspect the overpayment is linked to a pattern of claim errors that have accumulated a sum in overpayments, you must investigate. You will need to initiate the process of a focused audit. If your findings confirm a significant error rate involving overpayments without evidence of fraudulent conduct, the organization should seek legal counsel to determine whether to voluntarily identify, disclose, and refund overpayments.

Auditing medical records can be a time-consuming process and may seem tedious, but the benefits far outweigh the inconvenience. The data contained within these charts can be extremely valuable for improving hospital efficiency and ensuring patient satisfaction. It’s important to use all of the resources at your disposal to provide the best possible experience for your patients.

To learn more___

Call @ +1 (224) 999-6997


Get a free no-sting attached billing services quote from ZEE Medical Billing for your practice.

Get in Touch

More from the category