Surviving the Wave of Seasonal Audits

Surviving the Wave of Seasonal Audits

By Sue Chamberlain, MSCTE, RHIA, CDIP, CCS-P

’Tis the season when both hospitals and physician practices see copious audit requests for medical records flooding in via mail, fax, email, and electronically. Each request may have hundreds—even thousands—of patient names with a very short due date. So, now what? Overtime? Put something else on hold? Outsource? Maybe just ignore them?

I am sharing what I found helped with my teams—and what I hope will help you—as we try to survive this year’s audit season. In my attempts to prioritize, organize, and reduce the time and resources within my organization, I found the most essential element needed is communication, with some understanding and critical thinking thrown in for good measure. I suggest you use the following recommendations as only a starting point. Some may or may not work for you, depending on your current contracts, the size of your organization, and even the representatives you may encounter. However, I encourage you to look at your current processes, because we may see increasing audits as we transition to a more quality/outcome-based healthcare system.

Fee for Service Moving to Pay for Performance

The American healthcare system is transitioning toward quality through programs like Healthcare Effectiveness Data and Information Set (HEDIS), Merit-based Incentive Payment System (MIPS), reduced readmission rates, the Affordable Care Act (ACA), and even the 21st Century Cures Act by attempting to decrease duplication and waste. Some programs started with the “carrot” of incentives but are moving toward the “stick” of penalties for lesser outcomes. Providers feel the brunt of this transition; they are pressured to see more patients and perform more procedures for the traditional fee for service but may potentially see lower income for “poor outcomes.”

Consider the push to discharge inpatients as quickly as possible to save costs under diagnosis related groups (DRGs) with a potential penalty for readmissions within 30 days. Providers are pushed to see more patients with shorter visit times and still remember to review—and document—all types of conditions or risk getting lower scores in published rankings. Many electronic health records (EHRs) are not always conducive to clear and specific documentation, leading to the need for more documentation reviews to ensure specific quality care, per payer standards, has been provided and outcomes have been achieved.

Poor outcomes/poor documentation equals less payment/lower reputation/penalties.

Analytics and Data Governance

Over the past few years, AHIMA has been emphasizing the importance of data governance, and this is supported in the growth of audits and chart requests. Data mining impacts payer policies, contracting, healthcare system decisions, and more; thus, it is important for our teams to understand the basics of data. Health information (HI) professionals possess a strong understanding of what data means due to our unique position of having one foot in the clinical setting and one in administration.

Types of Audits

For HI professionals responsible for both the hospital and physician division release of information (ROI) forms, you know that different kinds of requests come with their own unique challenges. In addition, some of the audits can benefit the practices, while others could negatively impact them. Thus, it is important to have a basic understanding of the purpose of different types of audits. I will touch on a few of the more common audit types, primarily focusing on those with the higher number of requests, with just a basic introduction.

Healthcare Effectiveness Data and Information Set (HEDIS)

HEDIS audits have the potential to benefit the primary care physician as they focus on the general multi-system healthcare provided. It is unusual to see requests for most other specialties. The outcomes of these reviews can offer a direct reimbursement to the providers based upon higher quality care compared to peers, as well a higher patient populations. The Centers for Medicare and Medicaid Services (CMS) contracts with the National Committee for Quality Assurance (NCQA) to develop HEDIS as “… a comprehensive set of standardized performance measures designed to provide purchasers and consumers with the information they need for reliable comparison of health plan performance.” HEDIS has 191 million people enrolled with more than 90 measures to track across six domains of care:

  1. Effectiveness of Care
  2. Access/Availability of Care
  3. Experience of Care
  4. Utilization and Risk Adjusted Utilization
  5. Health Plan Descriptive Information
  6. Measures Collected Using Electronic Clinical Data Systems

Some examples of the measures include:

  • Use of Opioids at High Dosage
  • Colorectal Cancer Screening
  • Chlamydia Screening in Women
  • Controlling High Blood Pressure
  • Comprehensive Diabetes Care
  • Pharmacotherapy Management of COPD Exacerbation
  • Follow-Up Care for Children Prescribed ADHD Medication (ADD)
  • Medication Reconciliation Post-Discharge
  • Prenatal and Postpartum Depression Screening and Follow-up

With more than 90 measures, it can be difficult for an office to ensure patients are evaluated for the appropriate measures and the evaluations are clearly documented (this is usually confirmed with chart review). For example, body mass index (BMI) needs dates with height, weight, and the calculated BMI. Some organizations have nurses review charts and call patients to schedule appointments to ensure patients are provided the care needed to meet the quality requirements.

Risk Adjustment Audit

The risk adjustment program of the ACA serves to offset the costs of high-risk patients so plans will insure the “sicker-than-average” populations with similar premiums to that of healthy populations.

Requests tend toward a calendar year of hospital encounters, but two to three years of all member records is not uncommon. The goal of the review is to find comorbid conditions that may not have been reported but show a sicker-than-average patient who may require more resources.

At this point, I wonder if anyone is thinking, “Why can’t they pick these conditions up from coding? And are these the same payers that require the removal of comorbid ICD-10-CM codes to shift DRGs to one with a lower weight?” It seems more common for payers to deny diagnoses that impact DRG/payment even when it directly contradicts coding rules. My question: When the records are reviewed for risk adjustment (RA), are the diagnoses added back, showing a sicker-then-average patient, thereby benefiting after denying the (usually not-for-profit) system payment for the more complicated care rendered?

Tip: Monitor denials and DRG changes. Subcontractors may have other departments with incentive contracts to recover payments. I reviewed several diagnosis denials based on documentation where we could only find the records released for an RA audit. We were assured this could not happen, but no other explanation was offered in any of the cases.

Hierarchical Condition Category (HCC) Reviews

Hierarchical condition category reviews are used to calculate risk scores each year using categories by body system and/or similar disease processes. Patients may fall into multiple categories, including:

  • Major depressive and bipolar disorders
  • Asthma and pulmonary disease
  • Diabetes
  • Specified heart arrhythmias
  • Congestive heart failure
  • Breast and prostate cancer
  • Rheumatoid arthritis
  • Colorectal, breast, kidney, and other cancers

HCCs look to ensure the conditions are addressed with complete documentation, such as with the MEAT method:

Monitor – signs and symptoms, the disease process

Evaluate – test results, meds, patients’ response to treatment

Assess/Address – ordering tests, patient education, review records, counseling patient and family members.

Treat – meds, therapies, procedures, modality

Absence of elements can lead to additional record requests to support adding HCCs.

Documentation Issues That Can Cause More Audit Requests

All too often, clinical documentation integrity (CDI) programs focus only on the hospital setting due to the large impact on one case. However, common documentation issues in the office can affect the number of audit charts requested, quality outcomes, and rankings as well as hospital denials. Common issues include:

  • Missing documentation – Providers may only document MEAT if the problem is new or exacerbated. For example, I have had many providers complain about the HCC requirement to address an amputation with, “Do you want me to say it didn’t grow back?” and do not evaluate the amputation unless the patient complains of pain or skin issues.
  • Cloning/templated – By following the templates within an EHR, notes are often very similar, may conflict within the same note, and often lack specificity of the patient’s condition without additional effort by the provider.
  • Problem list – Issues may be only on the problem list, which may or may not be kept up to date, with no additional MEAT to the documentation. Example: “HTN, under control.”
  • EHR vs. paper – With hybrid records, some documentation may be missed due to storage or scanning processes. This can include unofficial hybrid records when providers print and document on the paper.
  • Lack of understanding the importance of a complete and accurate medical record – Some providers see documentation as a waste of time, saying “The notes are just for me,” and push back on writing something specific to each patient. This can lead to patient requests for corrections (which will increase with more access) and, worse, fraud and abuse issues.
Tips to Help Survive the Waves

I have hopefully provided some ideas to improve documentation that may decrease the number of charts that need to be audited, resulting in fewer requests. You can also consider outsourcing all of this to an ROI vendor. The inconsistent influx of requests can wreak havoc on a team. If outsourcing to a vendor, make sure they have an experienced auditing department as part of the team in order to minimize or eliminate costs. In the meantime, let’s discuss some short-terms ideas to help with the waves crashing now.

Short-Term Tips:
  • Sort your requests by payer and then subcontractors. Payers may hire multiple subcontractors, resulting in duplicate requests for the same patients, while subcontractors have contracts with multiple payers. This can get confusing.
  • If you have multiple sites and/or offices, condense and organize your sites. Ask for the following (you may need to ask for a supervisor):
  • One list for all patients from all sites in the network. Ask for the list in an Excel spreadsheet to allow for manipulation rather than a multi-page fax. Have a list of all of your providers and addresses available, or refer them to the website if it is easy to research. This will stop the multiple requests and follow-up calls going to each site, stop duplicates, and help coordinate a more streamlined response.
  • One representative to be assigned—one contact name and number to communicate status and needs. Refer other callers to that individual to update their call list; this will almost instantly cut your call volume.
  • Ask for a reasonable timeline. When do you think your team (internal or outsourced) can provide the records? Make sure your team knows to put patient requests first rather than first in, first out with audits.
  • Consider your submission format. Submit electronically when possible to track what was delivered and when. Monitor faxing to ensure the pages delivered match what was sent, as some can only send/accept 50 pages, for example. If paper via mail is required, send with signature and tracking. If you show charts were received but they are unable to find and request them to be sent again, ask for a compliance officer to submit a HIPAA violation. They are responsible for keeping records protected. In my experience, the records have always been found before I need to submit the formal complaint.
  • Ask for payment. Yes, you can ask for payment, as this is an “administrative burden” to your organization, and it is usually outside of the normal contract for free records. In my experience, subcontractors have given me less pushback than the payer. I have usually negotiated a flat fee for each record based off average size, but much lower than state rates—one amount for hospital charts and a smaller amount for physician records, even though it may be more visits. I invoiced for about 97 percent of the number of charts requested to avoid refunds for records not found or if they decided they didn’t need them after they were sent. I required at least 50 percent payment up front. Some payers refused to pay anything until records were received. I had only one subcontractor that never paid after calls and letters, so I refused to work with them again.
  • HEDIS audits benefit your providers, so payment has not been an option in my experience. However, ask for specific measurements not completed where possible versus sending one to three years of charts. This helps to identify trends of common documentation issues with an opportunity for documentation improvement measures.

Potential HIPAA risk: Patients have the right to restrict disclosure to payers, instead paying out of pocket. For example, the patient may not want their insurance to know they started smoking again.   Is there a system in place to identify those visits and/or diagnoses and prevent them from being sent as part of an audit request?

Year-Round Payment Audit Tips

Finally, here are a few tips for payment audits received year round.

  • Physician office notes may be critical in support of care in the hospital, such as the documentation of failed therapies, pre-certifications, support of diagnoses/CCs, etc. It’s suggested that you review procedures scheduled against the procedure that was pre-certified. Example: A hemorrhoid case that was pre-certed for “excision of anal lesion” was denied because the pre-cert didn’t match the procedure performed. Excision of anal lesion was the procedure given for pre-cert because “hemorrhoidectomy wouldn’t get approved.”
  • Requests usually will not state what they are reviewing. Trend types of records requested and denials. If possible, have someone qualified review records prior to sending, and look for opportunities to proactively improve documentation if needed. This may be an HI professional or nurse that understands how to identify related conditions as well as a general understanding of what a payer expects to see upon review to support medical necessity.
  • No records/not timely denial with takeback of payment after short request is becoming more common (issue for contracting). With the inability to appeal for time, track when the request was received. If the request is sent via the mail, keep the envelopes with the request. If the postmark is days after the date of the letter/response time, use this to appeal.
Contracting Tips

One last long-term tip: Administrators and contractors often know very little about the ROI process and costs to the organization, so review contract wording that includes medical records, coding, and denials, such as:

  • Contract related to request for records – Any records? “No cost for records” usually for payment, but is it applied to all, such as RA, HCC, HEDIS? Are there any limits on the number of requests or how often they can ask for the same chart?
  • Is the payer requesting full access into the EHR system? If so, will they provide an accounting for all records reviewed and for what purposes? Talk to your legal team.
  • Are subcontractors listed in payer contracts?

You may not be able to stop the flood of audits, but these tips can serve as a lifeboat, or at least a sort of flotation device to help keep you above water, avoiding some of the headaches and costs.



Sue Chamberlain ( is vice president of compliance and education for RRS Medical.