Insurance Audits for Out-of-Network Practices

An audit notice can come as a surprise for practices that are out-of-network with insurance companies. The goal was to avoid insurance regulations! We unpack why you’re being audited and how to handle it.

Cash-based or out-of-network practices continue to grow in popularity. If your practice accepts no insurance or just a few health plans, you probably expect to reduce administrative hassle and time spent credentialing, billing, and dealing with insurance companies.

For many, this model has a downside: it is incongruent with patients’ need for their health insurance to pay for services. To address this, many practices assist patients with submitting claims to their insurer for out-of-network services. They may provide a superbill and paperwork for the patient to complete and mail to their insurer. But some practices go a step further and submit the out-of-network claim directly to the insurer on the patient’s behalf (sometimes referred to as “third-party billing” or “courtesy billing”). The practice may take full payment at the time of service and indicate that reimbursements should be mailed to the patient. Alternatively, the practice might delay billing the patient until the insurer has made a coverage determination.

For practices operating under one of these models, it can understandably come as a shock to receive a notice that an insurance company is auditing the practice. If this happens to you, be sure you understand (1) what information the insurance company is requesting and (2) whether and how you are obligated to respond.

Why Out-Of-Network Practices Get Audited

Insurance companies often want more information about a particular claim before they pay it. What services were actually provided? Do those services match the details on the submitted claim? Were they medically necessary? By requesting additional information from the patient’s provider, the insurance company can assess the claim’s validity, the proper amount of coverage, and whether the policy allows for the requested out-of-network coverage.

The insurance company might also review a group of claims they have previously paid out to your practice to determine whether they have paid excess reimbursement and are entitled to a clawback. Your (or your patient’s) request that they reimburse a new claim invites them to review how they’ve paid you in the past.

Additionally, states may obligate insurance companies to do their part in detecting and reporting fraud, waste, and abuse in the healthcare industry. So, some audits can be part of a routine process that insurance companies conduct to serve such goals.

Do You Have to Respond to an Insurance Audit?

Your obligations to respond to an audit might hinge on your role in the claim submission process and why the insurance company selected you for an audit. But be careful before assuming you don’t need to respond; if you make the wrong determination, you might face steep financial consequences.

Your courtesy billing might be the culprit.

If you do courtesy billing for your patients, you’ll need to begin by determining what agreements or representations you’ve made to your patients and the insurance companies. Discuss your billing arrangements and day-to-day practices with your attorney, and work with them to clarify the level of risk you might be taking if you ignore the audit. Failing to respond to a proper audit might result in fines or a lawsuit, which can be disastrously expensive. 

The audit might have nothing to do with you.

While many states don’t explicitly authorize insurance companies to audit out-of-network providers, they also don’t prohibit it. Thus, insurers can conduct audits for their own purposes – like ensuring their employees are properly processing claims – even if the out-of-network provider doesn’t have an affirmative obligation to respond. Your attorney can also help evaluate your obligations under your state’s law. State law can dictate what authority the insurance company has to conduct an audit or request copies of your records. 

What if you’re entirely cash-based? 

Say that you haven’t engaged in any contact with the insurance company or performed any courtesy billing, and you have never agreed to anything that appears to obligate you to respond. However, your patients still have contracts with their insurance companies. If the insurance company doesn’t get the information they want or need to process a claim, it may deny payment on that claim. The patient may appeal this determination, a process that might require them to submit additional documentation about their treatment at your practice.

In some cases, the insurer may contact you directly for supplemental information, especially if the patient’s appeal has reached the point of physician review at the insurance company. Thus, if you refuse to assist in the patient’s efforts to obtain reimbursement or to allow the insurance company to audit that patient’s file with your office, it may leave you with a very disgruntled patient. 

How to Prepare for a Potential Audit

Strict adherence to your practice’s policies and procedures – on everything from confidentiality to medical information privacy to informed consent – can help you prepare for many worst-case scenarios like lawsuits, insurance audits, or disciplinary investigations.

Comply with HIPAA and state privacy requirements.

It is important that you understand how HIPAA and state health information privacy requirements apply to your practice. Be sure you’re clear about when you will need patient authorization to release certain information and whether you need to notify patients of information requests and disclosures during an audit or investigation. Also, be aware that your status as an out-of-network provider may shift some of your disclosure requirements.

Maintain clean, compliant records.

One component of maintaining medical information confidentiality is understanding and strictly adhering to your record-keeping requirements. The requirements stem from various sources: your practice act, your ethical standards, state law, and federal law.

Your attorney likely integrated these standards into your internal practice procedures, so follow them carefully. Remember that even if you don’t contract with insurance companies that tell you how to maintain records and notes, state law often dictates such standards.

Also, keep in mind that patient records contain more than encounter notes; they include informed consent documentation, an acknowledgment of receiving your privacy practices, and other acknowledgments or authorizations you’ve collected as required by law.

If you receive an audit notice, do not start retroactively changing the information in your patient records! An attempt to demonstrate that you’ve remedied the error(s) and complied with their request can inadvertently look like an attempt to change the records and cover up your mistakes. If you do make changes to patient records, defer to your attorney about how you should document that you have modified the records.

Set clear expectations for patients.

Clarify for your patients what to expect when filing for out-of-network insurance reimbursement. Be careful that you don’t promise them that insurance will cover your services. It’s essential to educate your patients about how your status as an out-of-network provider may affect their reimbursement. Emphasize that even if you do provide them with a superbill, their insurance might not cover your services. If the patient understands this risk from the onset of your relationship, it will help avoid surprises later.

Also, consider collecting payment at the time of service, which ensures that patients can afford the service even without insurance reimbursement. Such payments also eliminate the need to send patient accounts to collections if insurance doesn’t pay.

What to do ASAP If You Receive An Insurance Audit Notice

Your non-compliance with an audit notice could trigger fines, a lawsuit, or an angry patient. But, before you take on the responsibility of responding to the audit request, consider the full implications for your practice. 

• Confirm that the request is legitimate. Scams are rampant in healthcare, and it’s crucial that you not provide any confidential information to a non-validated source.
• Identify any response deadlines, and give yourself enough time to comply with them.
• Send the audit letter to your attorney as soon as you receive it. These are often time-sensitive, and your attorney will need time to prepare a response or ask the insurance company’s attorney for additional time (which isn’t guaranteed).
• Review your patient documentation to determine if you have the requested information.
• Review your patient privacy policies and procedures to determine whether your internal policies allow you to disclose the requested information.
• Protect the integrity of your records. Don’t change any historical records that relate to the audit inquiry without talking to your attorney first. This could make things worse, not better.

To learn more, see our related blog, “Understanding Insurance Audits.” 

Get Legal Support

If not handled delicately, an audit may still bring all the headaches and negative consequences you were trying to avoid as a cash-based or out-of-network provider. An experienced healthcare attorney can be your most important ally during an audit. An attorney will seek to craft a response addressing the insurance company’s concerns without over-communicating and attracting additional scrutiny to your practice.

If you’re located in any of the states where we have licensed attorneys, reach out to us to support you through an insurance audit. We offer a free consultation to allow you to see if we fit your needs.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader and should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.