Understanding Insurance Audits

What’s at stake during an insurance audit? What steps should your practice take if you receive an audit letter? We answer all of your most pressing questions about the process.

Woman filing insurance audits.

If your practice submits claims to health insurance payors, you likely know that health insurance audits are not uncommon. Receiving an audit notification from a payor can be overwhelming. The daunting audit process itself can add to that overwhelmed feeling. Let’s discuss crucial information about health insurance audits and what steps your practice should take.

How is an insurance audit initiated?

An insurance audit is most frequently initiated through an official letter notifying the practitioner of the payor’s intent to conduct an audit. This notification will often include a records request, which will allow the payor to review a sample of your records and other documentation.

Protecting the confidentiality of patient information under HIPAA is extremely important. However, the provider agreement usually authorizes the release of patient records to health insurers.

What is the insurance company looking for?

Audits, whether from the Centers for Medicare and Medicaid Services or from a private insurance company, aim to root out fraud, abuse, and waste in the healthcare system. However, audits also help to encourage practitioners to foster proper medical billing practices and maintain compliance with laws.

There are two types of general categories for health insurance audits: pre-payment review and post-payment review. As the name suggests, pre-payment review means that your claims are being reviewed before payment is received. Post-payment review means that your claims are reviewed after you have already been paid.

Responding to an Insurance Audit.

How you respond to an audit can set the tone for and shape the progression of the entire process. Treat audit notifications seriously. Here are some steps to take when presented with an audit notification:

  1. Don’t panic! Audits are a reality in the healthcare industry. An insurance audit does not necessarily indicate that your practice has engaged in anything improper.
  2. Very carefully review every word of the audit notification. What was the send date? When is the deadline? How many patient charts and other documents are requested? Is there a stated reason for the audit?
  3. Try to determine the scope of the audit. This will depend on what entity is auditing you and how much information they provide, but this step can help determine the size and impact of the audit.
  4. If you have a compliance officer or someone on staff who focuses on audits, alert them immediately. This will allow that staff member to begin gathering all requested information right away and make the best use of the time before the records are due back to the auditor.
  5. If you have concerns about the audit, determine whether to hire an attorney. Jackson LLP’s experienced healthcare attorneys can work with your practice to ensure it maintains compliance with federal healthcare laws.
  6. Once you understand what is being requested, prepare all requested information noted in the audit letter. This can include medical records, invoices, and other materials. Usually, you will need to include a copy of the complete medical record. Many commercial payors will require a physician to sign a document affirming that the records provided constitute the entire medical record for that patient.
  7. Comply with the deadline. Send a copy of everything that was requested, unless an original was explicitly requested. If you cannot locate a specific document or file, request more time from the auditor.
  8. Upon audit conclusion, your practice should thoroughly review and correct the issues found during the audit. Use the results of the audit as an educational tool for understanding proper practices and training your staff. Additionally, this will help minimize your risk in the future.

See our related video, “Third-Party Payor Audit Letters: How to Respond.”


Is the audit notification just the tip of the iceberg?

Unfortunately, there is no clear answer to this question. An audit can be just a routine audit that is just a part of the larger health industry trend. Occasionally, however, an audit is more than merely “routine.” Therefore, it is crucial to carefully review the audit notification letter to try to determine the general scope of the audit.

If you have concerns about your compliance with billing practices or compliance with federal fraud and abuse laws, contact Jackson LLP’s experienced health care attorneys who understand the distinctions and requirements of federal regulations and how they may impact health insurance audits.

What will happen if I ignore, lie, or “cover up” my mistakes when responding to an audit?

Any of these responses to an audit can lead to failing the audit.  Ignoring an audit or missing a deadline can be enough to constitute failing the audit. Failing to provide information will mean that the claim will not get paid. If the claim was already paid, you will have to reimburse the payor for the payment.

Additionally, do not lie or cover up prior mistakes during the audit process. Never modify the requested records. When you look over the records the auditor requested, you may find errors and instinctively want to “fix” or clarify them. Do not do this—fraudulently altering the records will only amplify the negative consequences that can stem from the audit.

Now that Electronic Medical Records (EMRs) are commonplace, it is important to recognize that there is a cache of metadata for every file. This essentially means that medical records are under constant 24-hour surveillance. One way or another, the system logs all changes.

Deceitful practice during the audit process can also lead to failing the audit, resulting in unpaid claims or reimbursements for already paid claims. Additionally, if a Medicare audit uncovers actions it deems fraudulent, it may lead to a larger fraud investigation by the Centers for Medicare and Medicaid.

One option for providing clarity is to add addenda to records. If your practice chooses to add addenda to some records, ensure that the addenda clearly notes it was created at a later date to dispel the appearance of attempting to alter a medical record. Only add addenda in the most extreme situations and be sure to thoroughly document the reason for the addenda.

What prompts an insurance audit?

The origin of audits is often the biggest question. Many times, there is no specific discernable cause for the audit. While payors do not usually divulge the “why” of how an audit began (to preserve the surprise), there are certain circumstances that commonly lead to an audit.

Computer monitored practice patterns.

In the era of technological advancement, many payors utilize computer monitoring of practice patterns. Outlier payments and higher-than-average use of procedures are likely the most common audit triggers. Some payors compare comparable practices in the same geographic area to one another to study practitioner utilization rates. Being an outlier in this comparison may trigger an audit.

Additionally, perhaps your practice is suddenly billing a procedure that you did not bill previously—this can trigger an audit. Of course, there can be reasonable explanations for any activity that may seem “out of the norm”. For example, perhaps your practice has recently acquired a new piece of equipment that caused increased billing for use of that equipment.

Complaints from patients or employees.

Complaints from employees often trigger insurance audits. Perhaps your practice has a billing expert who feels that the owners are ignoring their billing concerns. Or, similarly, perhaps you have a patient who is concerned about the way you are billing their claim because they do not understand their Explanation of Benefits (EOB). Either scenario is possible and can lead to increased (valid and invalid) complaints.

Random selection.

Finally, a payor may randomly select your practice to undergo a health insurance audit because your billing triggers a computer algorithm or for no determinable reason at all.

What activities can trigger an audit?

There are several common trends that can increase the chances of an audit. While there is no foolproof method, addressing the possibility of these procedural and coding mistakes before they become common in your practice can add efficiency to your billing practices and can help avoid triggering an audit.

Inadequate Documentation.

Failing to have adequate documentation is risky for any practitioner. Documentation provides several key pieces of information: it proves that services were provided, that those services were provided at the level at which they were billed, and that those services were medically necessary. Without documentation that can provide this information, billing cannot be verified.


Unbundling refers to when a coder uses multiple CPT codes for the various parts of a procedure. This can either be due to a misunderstanding of billing practices or an effort to increase payments. As a rule of thumb: when there is one code available to capture all component portions of a procedure, that’s the correct code.


Upcoding refers to coding for a more expensive service or procedure than you actually performed. A common example of upcoding is if a practitioner only met with a patient for a few minutes and the coder billed for a full exam lasting 45 minutes. While upcoding can also be accidental, a pattern of such fraudulent billing can lead to fines and legal consequences from both government and private payors.


Undercoding, as you might expect, is the opposite of upcoding. It refers to leaving out codes from a patient’s record or coding for fewer services than were actually provided to the patient. While many practitioners utilize this coding to save patients some costs, this practice also has legal consequences and may trigger an audit.

Are mock audits worth it?

If it is feasible for your practice, it may make sense to perform your own random mock audits based on the above and other commonly known audit criteria. While performing mock audits is administratively costly, it can help address minor problems before they become too prevalent or too large to address.

Whether or not mock audits will benefit your practice will be based on your size, how often you are billing government and private payors, and your ability to go through with the process. 

Here is how you can create your own audit checklist:

  1. Monitor denied claims from government and private payors and determine why the claim was denied. Was it simply that the payor does not cover the service or did your coder misunderstand some coding guideline?
  2. Visit the CMS website for the most up-to-date information on claims submissions for Medicare and Medicaid.
  3. Visit the RAC website to find prior improper payments discovered during Medicare audits. This can help you learn from other practitioners’ mistakes.

Can I purchase “audit” insurance?

Errors that can lead to an audit can also lead to other legal ramifications, such as a patient suing you for damages that a billing error caused.  As a result, there are several insurance companies that, as part of professional liability services, offer Errors and Omissions (E&O) coverage for the healthcare and medical industry. These insurers often service large corporations, like Preferred Provider Organizations (PPOs), and small practices with just one medical biller.

Whether this type of insurance is something that your practice should purchase and maintain will depend on several factors. Ultimately, it is best to know all your options, including this one. 

Contact an experienced healthcare attorney to ensure your practice complies with federal law.

Jackson LLP’s experienced healthcare attorneys help practitioners comply with healthcare laws, which can minimize the impact an audit has on a practice. If you operate in one of the states where we have licensed attorneys, schedule a complimentary consultation with our firm by calling any of our offices or clicking the button below.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader and should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.

Free Attorney Consultation

Book Now
Skip to content