HEALTHCON Regional 2022 | Stay Current. Stay Engaged. | Join today!

Audits Are the Heartbeat of Your Compliance Program

Audits Are the Heartbeat of Your Compliance Program

Here’s what you need to know to protect your healthcare entity’s revenue stream.

We all know that the heart is one of the most important organs of the body. The heart is responsible for multiple life-giving processes such as enabling the transportation of nutrients, hormones, oxygen, and waste products throughout the body. When your heart does not work properly, these life-giving elements are unable to reach your major organs and muscles. Your body becomes tired and weak; or worse, organs become diseased and begin to shut down. Your audit program is similar to your heart, as it should be the engine of your comprehensive compliance plan.

With the recent changes in healthcare delivery during the public health emergency for COVID-19, the new ICD-10-CM codes released out of cycle, and now the new 2021 evaluation and management (E/M) guideline changes, coding accuracy is more critical than ever. Ensuring your compliance audit program is active, effective, and healthy is essential.

What Is an Audit?

A system for auditing and monitoring must be implemented to measure the health of your compliance program. This system should include both internal monitoring and audits and external audits, as appropriate. First, we need to understand the difference between auditing and monitoring. Some organizations use the terms “monitoring” and “auditing” interchangeably. However, these two activities have different meanings:

  • Monitoring includes regular reviews performed as part of normal operations to confirm ongoing compliance, or review of day-to-day functions.
  • Auditing includes formal reviews of compliance with a particular set of standards as base measures.

The word “audit” often conjures up feelings of wrongdoing, or at the very least “a thorn in your side.” It’s similar to starting a new exercise program. Initially, we are motivated and everything is great. Then real-life events take priority, muscle fatigue sets in, and quickly we resort back to old habits.

Coding audits are a preventive measure that regardless of your organization’s size can safeguard your business. But what is involved in auditing? Auditing is a more comprehensive review than monitoring and includes a review of statutes and regulations or compliance with internal requirements, used as base measures.


  • ensures compliance with a range of statutory and Centers for Medicare & Medicaid Services (CMS) requirements in critical operations areas;
  • includes regular, periodic evaluations of the compliance program to determine the program’s overall effectiveness;
  • is performed at least annually, or more frequently, as appropriate; and
  • may include a variety of audit methods (for example, desk, on-site, internal, or external) and includes written reports containing findings, recommendations, and proposed corrective actions.

Case Study

To show you just how critical having a heart-healthy audit program is, I want to share with you a case study AAPC Audit Services did recently.


A large hospital system (with more than 6,000 physicians in all specialties) partnered with AAPC Audit Services to discover how the new E/M guidelines are impacting their organization. In advance of the audit, the organization provided rigorous clinical documentation training — based on the 2021 E/M calculations — to their physicians and other nonphysician providers.


Discover how providers’ current documentation was holding up to the new E/M guidelines.


Simultaneously with their regular compliance audit, AAPC’s team of auditors applied the 2021 criteria and identified whether the E/M level remained the same, went up, or went down based on their providers’ pre-2021 documentation.

Since office visit code levels are assigned using either medical decision making (MDM) or time starting in 2021, both calculations were applied to ensure best results.

A standard sample size of 10 dates of service for each provider was used.


Each provider audited received individual results for their 2021 comparison.

In addition to the individual provider impact, the organization received a summary of the overall E/M comparison and financial impact by practice, which assisted them in knowing on which providers and/or practices to focus additional trainings.

The results demonstrated that the guideline change has resulted in changing reimbursement.

  • 77 percent of the E/M services did not change.
  • 13 percent of the E/M services were lower.
  • 10 percent of the E/M services were higher.

With results like this, defining new benchmarks and best practices in today’s evolving healthcare arena is a must. Combining traditional documentation and coding audits with a new approach such as performing “quick check audits” (focused audits that include only a specific code category or a specific service type) more frequently can leapfrog you to a healthier compliance program.

Internal vs. External Audits

It’s important to perform both internal and external audits. Internal audits can ensure current compliance regulations are followed while adjusting coding practices based on changes in the industry and discovering workflows and processes that improve end results. Staying in an outdated, comfortable state with no learning or growth “workouts” lays the groundwork for your compliance program engine to sputter and not deliver revenue lifeblood to keep your organization alive.

An advantage of conducting an external audit is that vendors can provide highly experienced auditors who bring an outside perspective, new ideas, and solutions to common pain points. When a practice hires an external auditor, the auditor will typically conduct a “baseline” audit, sampling various services to measure the coding compliance for each provider and coder. External audits are performed either quarterly, biannually, or annually depending on the strengths and weaknesses in coding and compliance discovered during the baseline audit.

An internal audit can be conducted periodically by the coding staff trained in auditing medical records or by a practitioner trained to audit for coding and compliance. At a minimum, the internal audit should be conducted annually, or more often if problem areas have been identified. The decision to perform the audits internally or externally is determined by each individual practice.

Time for a Checkup

Now you can see why we feel auditing is the heartbeat of your compliance plan. Just like preventive health measures such as eating a heart-healthy diet, getting exercise to maintain a healthy weight, getting quality sleep, and managing your stress level ensure a healthy heart, being proactive rather than reactive and implementing AAPC Audit Services’ gold standard for compliance audits, which is to audit, educate, and re-audit, will ensure a healthy and viable compliance program.

5 Reasons Why Audits Are More Important Than Ever!

1. Enhanced Data Quality

Reliable data is the lifeblood of healthcare. Keeping to a healthy heart rhythm with your audit program, along with rigorous feedback and consistent follow-up, will significantly increase the quality of your data. Audits will help you identify strategic initiatives that otherwise could have been missed. Audits can provide insight on not only if the coding is accurate, but how and why a particular code was assigned or not assigned. Audits allow you to easily perform a root cause analysis.

2. Improved Operational Effectiveness

Day-to-day operations in a medical organization involve significant amounts of clinical documentation, which is processing-heavy and labor-intensive. Think about it: The process begins with a patient scheduling an appointment and ends when final payment is received. To ensure the accuracy of this information at all stages in the process, you must give your organization a thorough health checkup. This can be done through your audit program, which considers whether processes, workflows, and transactions are functioning appropriately. Identifying root causes of discrepancies or inefficient workflows will not only improve revenue and decrease risk, but also improve employee morale and productivity. Everyone is happy when a change has made their job easier!

3. Improved Clinical Documentation Integrity

Although coding audits typically are performed with a review and analysis of the medical documentation and coding, they should be more than this. Including a review of policies, procedures, the proper use of electronic health record systems with their query processes, as well as accuracy of the claim (UB-04 or CMS-5010 form) will ensure consistent compliance with regulations, timely reimbursement, and quality patient care.

4. Improved Physician-Coder Relationships

Coders and physicians should view an audit as a time to learn and strengthen their relationship. Neither the coder nor the physician can possibly know everything when it comes to the complexities clinical medical documentation and coding bring. There will always be different opinions and interpretations. Both must approach the audit process with an open mind. Joining together in conversations can deepen the understanding to an entirely new level. This approach of collaborative learning will build mutual respect and trust resulting in continual improvement.

5. Enhanced Accuracy of Reimbursement

Changes in regulations, such as the 2021 E/M guidelines, will impact organizations in unique ways based on payer mix, specialty, payer contract, and documentation practices. Whatever new regulation or the impact the fact remains; over- and underpayments have plagued all organizations for years. Inaccurate coding results in hemorrhaging money, and much like blood, there isn’t much of that you can afford to lose and remain alive and viable. Best practices suggest that frequent, ongoing audits are the key to preventing fraud, waste, and abuse while ensuring accurate and appropriate reimbursement.

5 Steps in Performing an Audit

1. Identify the audit scope.

Best practices suggest focusing on your risk areas is a good start. Defining the specific areas of risk depends on where you are at in your pathway to 100 percent accuracy. The Medicare Recovery Audit Contractors (RAC) report, Office of Inspector General (OIG) work plan, and Program for Evaluating Payment Patterns Electronic Report (PEPPER) can help guide you. As an added layer, reviewing your revenue cycle key performance indicators (KPIs) and billing patterns, such as highly utilized/highly compensated services, will clarify your organization’s position. Referring to any previous audit results can also provide intel on the type and scope of your audits.  

2. Determine the audit type.

Audits may be performed prospectively, which takes place prior to claim submission, or retrospectively, which involves reviewing claims that have already been submitted. The advantage of prospective reviews is the prevention of incorrect claims going out, thereby reducing the chance of a denial or payback. The advantage of retrospective reviews is simple: You have more time. These reviews are not subject to the same short timeline as prospective audits. There are cons to both types, as well. We could spend all day debating the pros and cons of either type. Either type is acceptable; the takeaway is to ensure that CPT®, HCPCS Level II, and ICD-10-CM codes are included, regardless of approach.

3. Plan for the audit frequency.

Audit frequency will depend on the occurrence of coding changes, regulatory changes, compliance issues uncovered in your organization, and billing patterns and trends. Both the OIG and CMS recommend that all physicians and nonphysician providers have their coding reviewed annually. If there are audit findings (errors), frequency should be increased to ensure compliance. Additionally, when there are significant changes in the industry, such as with the 2021 E/M guidelines, more frequent reviews are necessary to ensure providers and coders are up to speed and comfortable with the changes. Based on Healthicity’s recent Compliance and Coding Auditing survey, 51 percent of organizations are performing monthly or quarterly reviews.

4. Determine sample selection.

Sample size can be driven by many factors. Guidance published by the OIG recommends auditing a minimum of 10 patient encounters per provider. A random sample approach may be used for standard compliance audits. Obtaining a valid statistical sample using RAT STATS is typically used for focused audits in situations where payback may be necessary. Another approach in identifying your sample is to run a utilization report (most EHRs will have this ability) to look at your coding patterns before making a selection. Your sample size can be based on the utilization percentage, such as 3 percent. Start small so you do not get overwhelmed. I suggest starting with the top codes billed for your practice, E/M, surgery, or known industry problems. There are many ways to pull records to audit; getting started is often the hardest part. Depending on the volume of your practice and the resources, consider auditing newer records only. 

5. Present findings and recommendations.

Written reports containing findings, recommendations, and proposed corrective actions that must be communicated to not only the providers and coders but also to clinical staff and other stakeholders in the organization. The report should be easy to follow and meaningful. Including a scorecard is an ideal way to monitor the effectiveness of your audit and training programs. Allowing for open dialog is critical in ensuring the desired behavior changes and will result in personal buy-in and accountability. The goal is to use your audit results to help improve accuracy of documentation and coding, improve the revenue cycle, and improve the overall performance of your organization.


Certified Professional Compliance Officer - CPCO

Stephani Scott, CPC, RHIT
Latest posts by Stephani Scott, CPC, RHIT (see all)

About Has 7 Posts

Stephani E. Scott, CPC, RHIT, vice president of AAPC Services, has over 25 years’ experience in the healthcare industry, working closely with physicians and staff in health information management. She has worked in a variety of settings including hospital, long-term care, large multispecialty physician practice, and electronic health record software design and development. Scott has extensive experience in inpatient and outpatient auditing and coding compliance and is responsible for overall project performance and client satisfaction. Scott was also a part-owner of a consulting company for many years, providing services in best practices for physician practice management services including coding, billing, and revenue cycle management audits.

Comments are closed.