Rock the Mock Audit

Rock the Mock Audit

Know how your practice would fare in a government audit.

Does the thought of an external audit keep you up at night? Well, fear no more! By conducting “mock” or self audits, you can uncover potential issues before a regulator or payer does. During such an audit, an outside consultant or staff within your company assumes the role of enforcement officials and conducts the level of investigation that is anticipated from the regulator.

Mock audits prepare your practice or facility for an official audit by walking you through the process of documentation requests, which involves identifying the information you will be asked to disclose and designating personnel responsible for gathering, preparing, and presenting that information. With this knowledge in hand, you can focus on resolving issues uncovered during the mock audit.

Evaluation and Management – CEMC

How to Get Started

First, determine how many resources and how much time you can expend on an audit. For example:

  • Is there someone who will be in charge and who is able to keep the focus and energy moving towards the end goal?
  • Do you have access to the reports you need to identify your audit target areas?
  • Are the providers on board with this idea? And will they be open to the feedback, corrective actions, and results you will find?

Asking yourself these questions will help you to anticipate and address obstacles you may encounter during the mock audit.

You also must know what you agreed to with your payers. Review the websites and contracts of top payers to learn what each health plan requires as part of its integrity program or claims review process. Take note of the time periods for records review, whether an auditor is allowed to visit the practice site, and the frequency with which auditing can occur for each plan.

Identify Risk Areas

With limited resources and dollars, you’ll need to define the scope of the mock audit to your highest risk areas. Start by determining if past risk areas have been resolved. If no issues rise to the top, use resources such as benchmarking data and common error reports to assess risk. Good resources are the Centers for Medicare & Medicaid Services (CMS), the Office of Inspector General (OIG), Comprehensive Error Rate Testing, Medical Group Management Association (MGMA) survey data, specialty society member Web tools, etc.

The OIG’s top hits for auditing can be found in the OIG Work Plan. Common targets of the OIG are:

  • Improper application of modifier 25 Significant, separately identifiable evaluation and management service by the same physician or other qualified health care professional on the same day of the procedure or other service and modifier 59 Distinct procedural service;
  • Up-coding (especially relative to evaluation and management (E/M) services);
  • Unbundling of global surgery; and
  • Overuse of diagnostics without supporting medical necessity.

Compare your CPT® and HCPCS Level II utilization data with CMS data available on the Medicare Utilization for Part B web page. For example, open the 2014 “Medicare Part B Physician/Supplier National Data – Calendar Year Evaluation and Management Codes by Specialty” file. To use this data file, copy the Internal Medicine utilization under “Allowed Services” for each E/M code you are interested in reviewing onto a spreadsheet, as shown in Chart A.

Chart A: CMS Internal Medicine 2014

CPT® Frequency Percentage
99201 8,184 1%
99202 90,835 5%
99203 494,415 30%
99204 784,102 47%
99205 282,662 17%
Total 1,660,198

Next, calculate a percentage for each code. For example, divide the frequency number that internal medicine physicians coded 99201 (8,184) by the total of new patient codes reported (1,660,198). The result tells us that internal medicine physicians coded 99201 approximately 1 percent of the time when billing Medicare for a low-level, new patient office visit in 2014.

Generate a similar billing utilization report from your practice management system. Follow the same procedure to calculate the frequency use of each code in your practice. These percentages can then be used to create a bell curve (as shown in Chart B). Although coding above, below, or at the national bell curve for your specialty does not necessarily mean you’re coding accurately (or not), knowing how your personal bell curve stacks up offers a clue to areas your coding may deserve a closer look.



To simplify this process, AAPC offers the E/M Utilization Benchmarking Tool. This tool compares a physician’s, or an entire practice’s, evaluation and management (E/M) CPT® code utilization to peers in the same specialty. The distribution of utilization by code within each E/M subcategory is benchmarked to the distribution of paid Medicare claims for physicians in the same specialty, nationally.

Time to Audit

After you identify the areas, providers, and codes that should be targeted, it’s time to conduct the audit. Pulling a sample of, for instance, 10 charts per provider or 10 percent of total targeted charts may be a good way to start, and keep the workload manageable. External consultants may have other recommendations based on the total volume of your practice and the types of services you bill. The coding should be consistent with the auditing tools provided by your Medicare carrier, private payers, and standard coding auditing guidance, including those found in the CPT® and ICD codebooks.

Tip: AAPC’s Healthicity medical auditing software provides two viable solutions for internal auditing: Audit Manager is an all-in-one audit management solution that simplifies the audit workflow and takes the guesswork out of the audit process; Audit Services enables you to pool from our nationwide network of credentialed auditors to conduct medical chart reviews, medical record and documentation review, and audit validation. For more information, visit:

Share the Results

Shortly after the review session, be sure each provider receives a report (in table format) summarizing your overall findings. For example, the report might show there were three instances in which a service was billed as 99212 Office or other outpatient visit for the evaluation and management of an established patient, which requires at least 2 of these 3 key components: A problem focused history; A problem focused examination; Straightforward medical decision making, but documentation would have supported 99213 Office or other outpatient visit for the evaluation and management of an established patient, which requires at least 2 of these 3 key components: An expanded problem focused history; An expanded problem focused examination; Medical decision making of low complexity. You should also provide each physician with a copy of his or her charts with the reviewers’ comments.

If you’re concerned that some providers may disregard the feedback, you can place a redacted summary for all providers to see. In this summary, let each provider know which data represents their results, but block out the others. They can see how they did in comparison with their peers. Many find this sort of competition very motivating.

Make a Positive Change 

Be sure you do something about the errors, inconsistencies, and other issues you find. For example:

  • Do policies and procedures need to be updated or corrected?
  • Are there areas where additional education may be needed?
  • Does your electronic health record template require some refining or a complete overhaul?

The same people who conduct the audit should notify management of the actions needed to address areas of weakness. Management should determine procedures for correcting these errors. These procedures may vary from payer to payer.

Overpayments may need to be refunded or corrected bills resubmitted. Although this may amount to “waving a red flag” in front of the insurer, it’s usually better to come forward than to play the game of wait and see. For significant errors, consult your healthcare attorney before acting on your findings.

Like preventive medicine, proactive internal reviews allow you to correct over-coding before it causes overpayment, and to correct under-coding before it turns into under-billing.

Overcome Obstacles

If a physician refuses to adapt his or her coding and documentation patterns to ensure compliance with applicable regulations, disciplinary action may be warranted.

A very real danger is that you will conduct the audit and identify errors, but will have no support to correct them. Knowing there is an issue that your practice has done nothing to correct can create a huge liability risk. To gain support, make the process as fun as possible. For example, you might create T-shirts, candy bar wrappers, and notes with sayings such as, “I Rock the Mock,” “Be Audit You Can Be!” “Keep Calm and Audit On,” or “Don’t Make Me Use My Audit Voice.”

Lastly, remember that rules change and people change, so periodic internal audits are necessary. Keep the audit process fresh and relevant, and do your best to identify risk areas before they become real problems.


Lisa Jensen, MHBL, FACMPE, CPC, is the senior manager of external audit at Providence Health Plans in Beaverton, Ore. She has a master’s degree in Healthcare Business Leadership. Jensen has been a Certified Professional Coder (CPC®) since 1996 and a Fellow in the American College of Medical Practice Executives (FACMPE) since 2008. She is a member of the Portland Columbia River, Ore., local chapter.


Leave a Reply

Your email address will not be published. Required fields are marked *