How to Report Impactful Audit Results

How to Report Impactful Audit Results

Answer six questions to provide a concise audit that is purposeful, corrective, and educational.

You’ve reviewed the records and analyzed the results. Now, it’s time to prepare for what may be the most challenging aspect of the audit process: presenting the results in a way that makes sense and generates the change needed to ensure compliance and maximize revenue.

Prepare and Report an Audit that Matters

The audit results are what they are, and they won’t change by differences in reporting. But the impact of those results may be affected by how and to whom they are reported. To be sure your intended message is received, consider these six questions when preparing your audit report:

  • Who are you reporting to?
  • What are you reporting?
  • When was the audit performed and what date range did it cover?
  • Where was the audit focused? (i.e., inpatient or outpatient, particular clinics or locations) Was the audit performed remotely or onsite?
  • How was the audit performed? (i.e., methodology, guidelines, resources)
  • Why was the audit performed?

For more information regarding attorney-client privilege, see “What Encompasses Attorney/Client Privilege During an Audit?” by Julie E. Chicoine, JD, RN, CPC, CPCO, Healthcare Business Monthly (August 2016), available on the AAPC knowledge Center.

Who Are You Reporting To?

The focus of the audit findings will differ, depending on who you are reporting to. When talking with providers, consider whether they are doing their own coding or relying on a certified coder. Other questions to consider:

  • Is compensation affected by these results?
  • Will the provider be more interested in the percentage accuracy as an audit score or the net dollars involved?
  • Does the organization have coding policies that the provider has no control over?

There may be more focus on correcting errors and misunderstandings in documentation for future encounters.

When reporting to administration, recognize there may be additional financial pressures. The administrator may be more interested in under-coding and missed opportunities. And there should always be a reminder to refund over-payments within 60 days of discovery to avoid further False Claims Act liability.

When reporting to the compliance department, be aware of required reporting formats and internal coding policies and procedures.

Reporting to an attorney involves a more defensive posture than a compliance attitude. The format and focus of reporting hinges on whether the audit was concurrent with a payer review and whether there are legal actions or appeal proceedings pending the results. The attorney is more likely to be interested in the defense opportunities. For example, the documentation may not meet the level billed due to missing one element of the review of systems (ROS), but the defense may be that the services were performed and were medically necessary. Whereas, with the physician, you would focus on education to change future behavior (e.g., remind the provider how to document a complete ROS), with the attorney, you would focus on the nature of presenting problem to prove the services were medically necessary at the level billed.

Some protection may be provided by auditing under attorney-client privilege. This requires an attorney-client relationship, with the auditor acting in coordination with the attorney, and the client communicating in confidence with the attorney for secure legal advice.

What Are You Reporting?

The report should identify what was included in the audit, as well as what was not included. This will help you understand the scope of the audit. For example, know whether all payers were reviewed or if the audit is a judgment sample or a statistically-valid random sample.

A judgment sample cannot be extrapolated; whereas, a random sample may be. Extrapolation occurs when assumptions are made about the results. For example: An audit shows 40 percent of reviews for Evaluation and Management code 99214 were over-coded. Therefore, it’s assumed that 40 percent of all 99214 claims were over-coded.

When Was the Audit Performed?

Know and report the time of the audit, when and if the results were reported, and what the “date of discovery” of the overpayments or underpayments was.

Under the Health Information Technology for Economic and Clinical Health Act, overpayments must be refunded within 60 days of the date of discovery to avoid further penalties under the False Claims Act. Audit results may need to be marked “DRAFT” until they are reviewed and considered final.

Where Was the Audit Focused?

The report should specify the locations, clinics, and providers that were reviewed, as well as whether the audit was conducted onsite or remotely.

How Was the Audit Performed?

Know how the audit was performed. For example, the audit could have been conducted using 1995 and 1997 Documentation Guidelines for Evaluation and Management (E/M) Services, local Medicare Administrative Contractor policies, or software such as AAPC’s Audicy. Here is a statement that is appropriate when reporting the audit.

The following audit parameters were followed:

  • The auditor reviewed the medical record documentation, encounter form/superbill, and the final billed CMS 1500 claim form.
  • Under the guidelines of Medicare, Medicaid, and all other federal healthcare programs, the auditor verified that all charges billed are for covered and billable services.
  • The auditor verified documentation of the chief complaint.
  • The auditor determined appropriate assignment of E/M visit level CPT® codes.
  • The auditor verified that all billed procedures are documented in the medical record either in the progress notes or via a copy of the appropriate report.
  • The auditor verified the accuracy of CPT®/HCPCS Level II coding, modifier assignment, and number of units of service for documented procedures. The auditor verified that unbundling of codes has not occurred.
  • The auditor determined appropriate ICD-10-CM diagnosis coding and verified that the primary focus of the visit was sequenced as the first ICD-10-CM code.
  • The auditor verified the correct place of service code reported on the CMS-1500 claim form.

Why Was the Audit Performed?

The why should be specifically stated to provide context and suggest response. Consider and answer the following questions when crafting a narrative report or executive summary, such as the one shown in Figure A.

  • Was the audit due to a potential compliance risk? How was the risk identified?
  • Was the audit due to bell curve analysis identifying providers who are outliers?
  • Was the audit done because the provider bills high-risk services (e.g., prolonged care, high-level E/M codes, etc.)?
  • Was the audit due to issue on the provider’s Compliance Audit Plan or a potential issue on the Office of Inspector General’s Work Plan?
  • Was the audit done proactively by the compliance department or a for post-education purposes?
  • Was the audit in response to a payer audit? Was this a best practices vs. defensive audit?

The executive summary should include a high-level overview of the issues and how they are being addressed, the expectations, and any action plans, detailing necessary education. Be sure education plans specify who needs it and who will provide it.

The level of detail provided will vary depending on who you report to. For example, the provider will likely want to see encounter-level detail, while administration will just want to see broad results. The compliance department will want to see every detail, while the attorney may want only want detail of an overpayment that must be refunded.


Co-written by:

Sandy Giangreco Brown, RHIT, CPC, COC, CPC-I, COBGC, CCS, CCS-P, CHC, is the director of coding & revenue integrity at CliftonLarsonAllen, LLP. (CLA) specializes in Physician Practices and outpatient and inpatient hospitals She has more than 28 years of experience in healthcare and medical records management, coding, auditing and compliance in the hospital, outpatient, and physician settings. Giangreco Brown is a member of the Greeley, Colo., local chapter.

Kimberly Huey

Kimberly Huey

Kim Huey, MJ, CPC, CHC, CCS-P, PCS, CPCO, is an independent coding, reimbursement, and compliance consultant. She has been a Certified Professional Coder (CPC) since 1997. Served as president of Magic City Coders (Birmingham, Ala.) and is a founding member of the Capital City Coders local chapter in Montgomery, Ala.
Kimberly Huey

Latest posts by Kimberly Huey (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *