5 Payer Audit Errors Every Hospital Must Avoid

5 payer audit errors

Revised September 2022

Most healthcare providers, from large hospitals to solo practitioners, experience an external audit at some point. The scrutiny can unveil errors and violations, which can lead to hefty penalties. 

The key to surviving an external audit, with the least amount of frustration, is to avoid these five common mistakes. 

1. Late Responses

Your deadline to submit relevant documentation begins upon receiving that external audit request. 

External audits may be requested by a commercial health insurance payer, or government agencies such as the Centers for Medicare and Medicaid Services (CMS) or Office for Civil Rights (OCR). While the origin of the audit request doesn’t matter, a timely response is essential. 

Take all deadlines seriously. If an extension is needed, ask for one, immediately. Missing deadlines can result in hefty fines and penalties. 

2. The Wrong Documentation

A common trigger for payer audits is improper or lack of necessary documentation.  As a healthcare practitioner, you must prove the medical necessity of each test or procedure used to diagnose and treat your patients. 

Here’s the tricky part. Sometimes payers and providers disagree on what tests or procedures are medically necessary.  Additionally, medically necessary guidelines change frequently. CMS provides local coverage determinations (LCDs) and national coverage determinations (NCDs) to help with your documentation. Be sure you are aware of changes to these coverage determinations.  

The best way to mitigate this problem is to educate your staff on what services the payer considers medically necessary, and what documentation is required to establish medical necessity. 

 Additionally, clearly document the need for a particular procedure to treat or diagnose a patient. Finally, when required, ensure that authorization is received from the payer before rendering services. 

3. Billing the Wrong Codes

Incorrect billing and coding practices can raise suspicion of fraud, failed claims, or delayed reimbursement, and — you guessed it — external payer audits. Providers and patients overpay a whopping $68 billion annually due to incorrect billing. 

 Coding systems developed by the American Medical Association and the Centers for Medicare and Medicaid are designed to streamline the billing process. Every medical procedure and service from ambulance rides to chemotherapy drugs to doctor visits are contained within coding systems such as the ICD-10, CPT, and HCPCS. 

Studies show 80 percent of medical bills in the U.S. contain errors. This percentage can decrease by ensuring appropriate staff stay current with billing and coding updates and communicate those changes to the right clinical and administrative staff to avoid old and outdated codes. 

4. No Self-Audit

One way to prepare for payer audits is to perform regular self-audits within your facility.  Internal audits are great for identifying and eliminating weak spots that can potentially lead to headaches down the road, like rejected claims and costly compliance failures. 

 One drawback is the strain on precious resources like time and personnel. You can get around this problem by hiring a third-party audit service. Make sure you have HIPAA-compliant Business Associate Agreements (BAA) so that you’re allowed to share your patient health information with third parties providing auditing services.  

 Another option is to use software provides 24/7 access to survey compliance data. Ideally, this software will provide automatic tracking of all documentation and decisions involved in the process of running your organization. 

 This ensures that compliance professionals can get immediate reporting on how well their team is doing, conducting audits more efficiently and effectively. It’s a time and cost-effective solution to hiring an outside third-party provider. 

5. No Legal Help

Having a healthcare attorney in your corner can mean the difference between a smooth audit experience and an audit nightmare. 

Here’s how a healthcare legal team can benefit your health practice: 

  • Work intimately with your staff to analyze any risky billing procedures. 
  • Challenge any demands from payers for overpayment. 
  • Challenge any allegations of fraudulent billing practices. 
  • Push back on any denied claims and the overuse of service claims. 

 Again, software is a useful tool to support your attorney’s work. A system that stores all compliance information, including payment practices, and has search capability will provide your legal team with the information they need to fight payer audit discrepancies when the time arrives. 

 External payer audits don’t have to be a nightmare. By being adequately prepared and vigilant, your next audit experience can be more streamlined and less stress-inducing. 

Learn More About YouCompli

The best way to prepare for a payer audit is to carefully manage changes to regulatory changes and coverage determinations. YouCompli can help you establish a scalable, repeatable process so you don’t miss a relevant change and you can equip your clinical colleagues to respond to the change. Then, when the audit does happen, you’ll have an easy way to demonstrate your work to comply with the requirements. Find out more. 

Jerry Shafran is the founder and CEO of YouCompli. He is a serial entrepreneur who builds on a solid foundation of information technology and network solutions. Jerry launches, manages, and sells software and content solutions that simplify complex work. His innovations enable professionals to focus on their core business priorities.

Never Miss an Article on Healthcare Compliance

Get a 15-minute strategic overview of YouCompli

Audit Expectations and Challenges

When it comes to hospitals providing best-in-class health care, stress comes with the territory. From stabilizing trauma victims, to accurately distributing medications, to physicians and nurses working long shifts, increased demands are everywhere — including operations not directly involved with patient care. One demand that can turn daily routines completely upside-down and compound stress is an audit. A GRC compliance audit can be conducted internally by various hospital committees or externally, often by government-approved contractors.

Internal Audits

An internal audit seeks to determine if a hospital’s financial and operational controls, and their related policies and procedures, meet compliance and risk management demands.

Based on a hospital’s risk assessment, management develops and reviews the scope and goals of an audit. Running the audit is then delegated to a committee, with the most common committees focusing on:

  • Patient safety
  • Nursing staffing
  • Clinical quality
  • Medical staff

An internal audit involves interviews and evaluating personnel or procedures. Upon the audit’s completion, a report of its findings is prepared by the appropriate committee and shared with management. Corrective recommendations of action to any areas of noncompliance are collaboratively developed, and a finalized report is presented to the hospital’s board of directors, chief compliance officer, and audit and compliance committee.

The ultimate goal of an internal audit is to improve patient care. Who in a hospital wouldn’t want to improve it, right? But the truth is that an audit can diminish quality of care while it’s in progress. That’s because committees are often comprised of physicians, nurses, and technologists who are pulled away from patient-care responsibilities to work on compliance administrative tasks.

External Audits

According to a 2017 AHA report, four federal agencies — the Centers for Medicare & Medicaid Services, the Office of Inspector General, the Office of Civil Rights, and the Office of the National Coordinator for Health Information Technology — are the primary drivers of regulations and compliance costs across eight domains for hospitals:

  • Hospital conditions of participation
  • Billing and coverage verification requirements
  • Meaningful use of electronic health records
  • Quality reporting
  • Privacy and security
  • Fraud and abuse
  • Program integrity
  • New models of care

The frequency and pace of regulatory changes implemented by multiple federal agencies are dizzying. Hospitals are often required to comply with regulations in very short timeframes, requiring a significant investment of staff time and finances. What’s more, responding to multiple external audits increases administrative costs, and funds could be tied up in lengthy appeals processes contesting an auditor’s inappropriate determination.

External audits are conservatively estimated at $100 per hour. For example, consider the total costs of a HIPAA audit:

  • HIPAA Gap Assessment — Identifies gaps and provides remediation plans for those gaps
    (40 hours average, $24,000–34,000)
  • Full HIPAA Audit — Assesses hospitals against all the requirements in the HIPAA Security Rule
    (100 hours average, $30,000–60,000)
  • Validated HITRUST Assessment — Provides the most complete, certifiable framework for HIPAA to mirror PCI compliance (400 hours average, $100,000–160,000 — with costs much higher for larger organizations)

Protect Your Hospital

If your hospital is like most others, it’s spending too much staff time and money dealing with a blizzard of regulations and an avalanche of red tape. Fortunately, there are solutions. youCompli GRC risk management software monitors, reads, and translates complicated regulations into plain English. Our solution enables you to fully understand which rules are pertinent to maintaining compliance, further simplifying the auditing process. And it tracks everything, from end to end, making audits much less painful.

Learn how youCompli regulatory compliance management software protects your hospital.