By Betty Hovey, BSHAM, CCS-P, CDIP, CPC, COC, CPMA, CPCD, CPB, CPC- Compliant Health Care Solutions |
The Audit Process


The Audit Process

Date Posted: Friday, September 15, 2023


Download PDF:



I hold a LinkedIn Live broadcast called Health Care Happenings that also airs on Facebook and YouTube every other Thursday, in which I discuss different healthcare topics.  I recently did a three-part series on auditing: Preparing for the Audit, Performing the Audit, and Providing the Audit Results.  This article will expand on that series to discuss the audit process.

Preparing for the Audit

There are many steps when preparing for an audit.  Preparatory questions include:  

  • What will be the extent of the audit? A full revenue cycle audit, a coding audit, or a documentation audit?
  • What type of audit will be performed? Retrospective? Prospective? 
  • Will the audit be random or targeted?
  • How many records will be included?

Extent of the Audit

A full revenue cycle audit involves the complete examination of the patient journey, from the initial scheduling or registration to the final payment collection. It helps identify problems that might be causing revenue leaks or inefficiencies in the system, whether in the front end (patient admission, registration, insurance verification) or the back end (invoice generation, payment collection, claim management).

Key aspects of review in a full revenue cycle audit include:

  • Patient Registration: Accuracy of data, like demographic information and insurance details, is verified.
  • Billing: Billing protocols and accuracy of invoicing are reviewed.
  • Claims Management: Efficiency of claims management, including denial and underpayment handling, is evaluated.
  • Payment Posting: Timeliness and accuracy of payment posting are checked.

A coding audit primarily revolves around the accuracy and appropriateness of code assignment for diagnoses, procedures, and services provided to the patients. It is vital to ensure regulatory compliance and proper Medicare/Medicaid and commercial payor payment.

Specifics to a coding audit are:

  • Code Accuracy: Review of diagnosis and procedure codes for accuracy and completeness.
  • Coding Conventions and Guidelines: Ensuring adherence to official coding conventions and government regulations.
  • Comorbidity/Comorbidity Condition (CC)/Major CC (MCC) Capture: To maximize rightful payments if involved in Risk Adjustment Plans.
  • Analysis of Denials: Examination of denied claims due to coding issues to identify patterns and trends.

A documentation audit focuses specifically on the quality and comprehensiveness of patient health records. It verifies whether the patient data, consultation notes, diagnosis, prescribed medication, and procedures are accurately documented or not.

Crucial elements of a documentation audit include:

  • Medical Record Completeness: Ensuring all necessary components such as patient history, physical exam findings, and diagnostic results are included in patient records.
  • Documentation Quality: Verification of precision, legibility, and timeliness of the documentation.
  • Compliance with Clinical Documentation Improvement (CDI) initiatives: Checking if the documentation supports the codes used for billing.

Thus, a full revenue cycle audit, a coding audit, and a documentation audit each focus on different areas of the operation but are all mutually reinforcing. They ensure the organization's financial health, regulatory compliance, and quality of patient care, establishing a strong foundation for comprehensive medical auditing.

Type of Audit

Choosing the type of audit to perform is another pivotal decision. 

There are two primary types to consider:

  • Retrospective Audits: These audits are carried out after patient care services have been rendered and billed. A retrospective audit provides the opportunity to uncover any overcoding, undercoding, or other discrepancies with codes and records.
  • Prospective Audits: This type of audit occurs before the billing is submitted. Prospective audits are preventive in nature, helping to identify potential risks or errors and take corrective actions before final billing.

Deciding between a retrospective or prospective audit largely depends on the internal audit policy of the organization, available resources, key audit objectives, and timeline of the audit process.

Choosing Between Random or Targeted Audits

Based on your strategy, you can conduct either a random or targeted audit:

  • Random Audits: This type employs a statistical sampling method eliminating biases and aiding in the generalization of the audit findings.  Random audits may be good for baseline audits for new physicians/APPs as they can give insight into the overall coding and documentation practices.
  • Targeted Audits: These are audits based on specific areas or known problem areas. It focuses on high-risk areas within the coding process.  This can be helpful in a practice to check for deficiencies in areas that are “on the radar” of the payors.  For example, if an OIG Work Plan project is posted that involves services performed at the practice, a targeted audit of those services can be performed to see if the documentation and coding are supportive of what is being billed.  This can help a practice feel confident in their practices or show them where they need to make improvements to be compliant.

Determining the Scope: How Many Records to Audit?

The scope of an audit, specifically the number of records to be reviewed, is reliant on several aspects—the size of the organization, risk areas, recent updates or changes in coding practices, or medical documentation, to name a few.

As a general rule, the Office of Inspector General (OIG) encourages auditing 5 to 10 medical records per physician.  With most of my clients, audits consist of between 15-20 records per physician/APP.   But this number may vary depending on the objectives of the audit. A well-constructed audit can yield valid results regardless of the total number of records reviewed as it's more the quality and representation of the sample that matters.

Choosing the Records

Once the type, scope, and number of records has been determined, how should the records be chosen?  Ensuring the correct sampling method for audits is crucial to maintain the standard of review.  I always use RAT-STATS when choosing my records, which is a free statistical software package developed by the Department of Health and Human Services (HHS) Office of the Inspector General (OIG) to assist in claims review.  The software was created by the OIG in the 1970s and is primarily used as a statistical tool for the OIG's Office of Audit Services.  RAT-STATS offers a sophisticated but user-friendly system to perform random sample or targeted selection of records.  It provides a variety of statistical sampling and estimation techniques which come in handy for a typical medical record audit.

Using RAT-STATS, you can:

  • Identify a Universe of Data: The first step in using RAT-STATS is defining the entire set of data that the audit would be considering.
  • Choose the Sampling Method: RAT-STATS software allows selection from Simple Random Sampling, Monetary Unit Sampling, and Stratified Random Sampling.
  • Determine the Sample Size: Depending on the universe of data, RAT-STATS provides an appropriate calculative approach to determining the audit sample size.
  • Perform Sample Draw: Once the sample size is determined, RAT-STATS performs an unbiased sample draw from the universe of data.

Performing the Audit

After planning for the type, sample size, and scope of a medical record audit—be it random or targeted, retrospective or prospective, the next step in the auditing process is performing the actual audit. This requires understanding and employing several critical tools and guidelines, including NCCI Edits, LCDs, NCDs, payor policies, and possibly coding auditing software.

National Correct Coding Initiative (NCCI) Edits

NCCI edits are automated pre-payment edits that prevent improper payments while billing Medicare Part B claims. 

They involve two key types: Procedure-to-procedure (PTP) edits and Medically Unlikely Edits (MUEs):

  • PTP Edits: These scrutinize CPT codes to prevent improper payment when unnecessary services are billed.
  • MUEs: These limit the units of service allowable under most circumstances for a single beneficiary on a single day.

The NCCI edits significantly aid in ensuring the accuracy and appropriateness of coding.  By incorporating NCCI edits into the audit process, auditors can systematically cross check individual billing records against established coding standards, identify code pairs that deviate from these rules, and flag discrepancies. Subsequently, the audit team can analyze these flagged instances to determine legitimate cases where modifiers apply or educate providers on correct coding guidelines to minimize future errors and potential revenue leakage. Incorporating NCCI edits during an audit is vital to maintain adherence to government regulations, promote ethical coding practices, and support the financial health of healthcare organizations.

Local Coverage Determinations (LCDs) and National Coverage Determinations (NCDs), and Payor Policies

LCDs and NCDs are two essential sets of guidelines that inform whether a service is covered by Medicare or not:

  • LCDs: Issued by Medicare Administrative Contractors (MACs), LCDs apply to their specific jurisdiction, specifying under what clinical scenarios a service is covered.
  • NCDs: Issued by the CMS, NCDs offer nationwide instructions for all MACs on whether to cover a particular service.

For commercial payors, each can have its own payment policies that may be the same or differ from NCDs and LCDs.  Most are published on the payor's website and can be searched when performing an audit.  

CPT, ICD-10-CM, and HCPCS II Books

Coding books are the foundation on which NCDs, LCDs, and commercial payor policies are based.  They have a wealth of information and guidance contained in them.  When performing an audit, these books are the first stop on verifying proper coding.  Audits may span across years in some cases, so it is important to use the books that match the year of the audited records as codes and guidelines change.  

While working on a medical record audit, NCDs', LCDs', and payor policies' determinations assist auditors in assessing whether medical services covered in audited records align with the federal policy. It is necessary for healthcare institutions to align their services with NCDs since they directly influence eligibility for Medicare coverage.

On the other hand, each MAC may interpret the NCDs differently and subsequently set their individual guidelines. Thus, during an audit, it becomes essential to follow LCDs that are applicable to the geographic service area of the healthcare facility. Payor policies are another critical component in medical record audits. Different insurance companies may have their unique set of coverage policies and payment limits. Becoming familiar with these specific payor policies ensures an accurate mapping of services availed to reimbursable services, which is vital in a medical record audit. Hence, auditors need to factor in the NCDs, LCDs, and specific payor policies while scrutinizing medical records to ensure a comprehensive analysis.

Coding and Billing Auditing Software

Specialized auditing software can significantly facilitate the auditing process through automation and advanced analytical capabilities. They can reveal patterns and discrepancies, aid in risk assessment and evaluation, and streamline the overall process.  Auditing software can produce many different types of reports that can be integrated into the full audit report.  Some software can track results for each physician/APP over time, so it can be noted if someone is doing better, doing worse, or staying stable with their audits.

The Audit Report

While performing the medical record audit is a significant step in ensuring compliance standards, delivery of the audit results is equally essential. Crafting a comprehensive audit report and successfully communicating the results to the stakeholders are critical for the effectiveness of the entire auditing process.

Crafting the Audit Report

An audit report serves as the formal record of findings from the audits. It paints a complete picture of what was audited, how it was audited, findings, and recommendations for improvement. 

Here are key elements that should be included in the audit report:

  • Executive Summary: This provides an overview of the audit. It should summarize the objective, scope, and key findings of the audit, making it easier for top administration to understand the audit's purpose and outcome.
  • Findings and Recommendations: This section details each audit finding and pairs it with a recommendation for improving that specific issue. Be sure to use clear and concise language so even those outside of auditing can understand.
  • Detailed Report for Each Physician/APP: Each Physician/APP should have a customized section in the report detailing their individual findings. Including coding errors, documentation deficiencies, or overutilization trends specific to their work.

Presenting Audit Results to Physicians/APPs

Discussing audit results, especially poor ones, can be a difficult task. 

Here are some tips to present audit results effectively:

  • Create a Positive Learning Environment: Start the meeting by appreciating their work and then introduce the audit findings. Always focus on the system or process, not on the individuals.
  • Use Data and Evidence: When discussing any findings, always support them with data and evidence from the audit. Visuals like charts and graphs can be very effective to showcase trends or patterns.
  • Involve Them in the Solution: Engage physicians/APPs in forming the action plan for identified issues. It not only ensures buy-in but also makes them part of the solution.
  • Provide Training and Education: Offer targeted education sessions to address the areas of weaknesses. Emphasize that audits are tools for improvement, not punitive processes.  It doesn't do any good to tell the physician/APP they have errors and not tell them ways to improve.  
  • Follow-Up: After implementing any remedial measures, follow up to measure progress. Also, be open to hearing feedback and making adjustments to the action plan if necessary.


Delivering audit results effectively is just as important as conducting the audit. Remember, the goal of an audit is to improve the overall accuracy and quality of coding, documentation, and other related processes. Focus on facilitating a better understanding of the audit process and improving the system rather than assigning blame for errors. Communicating with empathy and offering solutions for improvement will go a long way in gaining buy-in from the physicians and APPs and, ultimately, in achieving the overarching objective of the audit. In this way, an audit can be transformed from a confrontational process to a collaborative venture, driving compliance and improving efficiency in any healthcare organization.

Betty Hovey CCS-P, CDIP, CPC, COC, CPMA, CPCD, CPB, CPC-I, is the Senior Consultant/Owner of Compliant Health Care Solutions, a medical consulting firm that provides compliant solutions to issues for all types of healthcare entities.  

Compliant Health Care Solutions (CHCS) was founded by Betty for Coders, Auditors, Physicians, Other Providers, Clinics, and Facilities need assistance in navigating today's healthcare environment, especially when it comes to coding and compliance.  CHCS' philosophy is to offer every single client extraordinary service that is customized to their situation.  No cookie-cutter answers here.  Each person, practice, and situation is unique; so is our response.  We are honored to partner with every client we serve and will continue to show it for the long haul.  

Search BCA Magazine

Search here

List Articles

Select below

Editorial Board



Senior Consultant/Owner
Compliant Health Care Solutions




RELATED CEU's / Webinars

Search BCA Magazine

Search here

List Articles

Select below