The Healthcare Insurance Audit Process

Apr 5, 2021 | Articles, Audit and Compliance

Don’t Panic. How to Navigate the Healthcare Insurance Audit Process:


The best way to be prepared for a healthcare insurance audit is to understand the healthcare insurance process front and back. From the initial inquiry all the way to the appeals process, here’s what you and your team need to know before an auditor comes knocking.

Who conducts audits?

Audits are conducted by a payor. The payor could be Medicare, Medicaid or a commercial insurance company. Medicare and Medicaid audits are conducted by third-party contractors. Commercial insurance audits can be conducted by a third-party contractor or an employee of that insurance company.

What triggers an audit?

Audits are a regular part of working in healthcare and with health insurance. If transactions are occurring between a hospital and an insurance company or government medical care coverage program, audits are guaranteed.

The timing of an audit is dependent entirely upon the insurance company, Medicare or Medicaid. If the payor wishes to conduct an audit, the hospital must comply. To trigger the start of an audit, the payor will usually send an official letter of intent to audit and request documentation.

What are auditors looking for?

Auditors are looking for instances of over or underpayments in an insurance transaction while using established policies and procedures as a guide for rooting out miscalculations, errors and even fraud.

Oftentimes health systems believe audits are working against them, with intent to take back payments. However, audits are designed to double check work on both sides of the transaction, meaning there is a chance the hospital can receive money back from an error on behalf of the payor.

How to prepare for a health insurance audit

The best way to respond to a health insurance audit is to prepare in advance. Knowing what you’re up against is key to navigating such a deadline-driven, paperwork-heavy process. There are several tactics you can use in your training
and education.


• Read up on the audit process

The first way to prepare is reading resources like this article and others across the web. Credible sources can provide authentic accounts of what to expect based on their own experiences. Sources like Becker’s Hospital Review and RAC Monitor are excellent for keeping up with breaking news and developments in the audit space.

• Consult colleagues in other departments

Speaking with colleagues in the industry at conferences, networking events or even in online forums and groups can also be helpful. Ask about their experiences with audits in their organization and how they handled any roadblocks. Everyone has a story about an audit that went wrong! Swapping stories gives you a chance to learn from their mistakes.

• Try a mock audit

Because audits are best learned by doing, rather than reading, some teams also choose to conduct mock audits, especially during new employee onboarding. These fake audits help identify weak spots early on and allow for course correction prior to the real deal.

How do I respond to a health insurance audit?

No two audits are exactly alike, but each one generally follows a similar process, starting with the audit request and progressing through to the decision to appeal the results. When responding to a health insurance audit, stick to the following basic process.


There are two parts to the audit process, each with its own set of steps. The first part, the immediate response, happens right after the audit process is triggered by the payor. When boiled down, it is comprised of four simple steps:


1. Receive the Additional Document Request (ADR)

The hospital receives an official ADR from the payor, whether it be a Medicare or Medicaid audit contractor or employee of a commercial health insurance company. A typical ADR will list out the claims to be audited and the process for response, usually submitting medical records or documentation. At this point, the audit has begun and every action you take is considered time sensitive.

2. Collect documentation

To collect required documentation, you will need to work with your health information management (HIM) department, the group within the hospital that manages medical records. Alert them to the audit and detail which medical records you need pulled. You will also want to pull associated documentation like physicians notes to be thorough.

3. Review collected documentation

Once you have all your required medical records, conduct a final review to double check your work. Verify the documents delivered by HIM correspond with the ADR from the payor. If you have the time and manpower, enlist another team member to triple check your work.

4. Submit all documentation

Finally, submit all documentation to officially respond to the audit. Because this process is deadline driven, the most important thing to remember is that you must respond within a certain time, or you may automatically forfeit the audit’s monetary amount in question.

With Medicare and Medicaid audits, the Centers for Medicare and Medicaid Services (CMS) provides a standard number of days to submit needed materials. With commercial insurance audits, the number of days you have to respond to an audit depends on the requirements in the payor agreement.

The audit management team must adhere to a strict timeline and make sure all employees participating in the audit response are adhering to deadlines. More missed audit deadlines means increased audit exposure and a lower bottom line.


Collecting and submitting documentation is considered the immediate response to the audit. The second part is monitoring the response from the result of the audit. The result of the audit dictates how far into the process you will get in Part Two.


1. Receive audit results

Audit results usually come in the same form of communication as the ADR, oftentimes an official letter. The audit may find no discrepancies in the process and conclude that the transaction was processed correctly. If this is the case, the healthcare audit process ends here.

However, the audit may also uncover a discrepancy in the transaction in the form of over or under payment. If this is the case, the amount owed to you or that you owe will be reflected in your next payment by the specific payor.

It can sometimes be tricky to find or even notice these adjustments, especially in larger health systems that are sending batches of claims on a regular basis. However, it’s critical to track audit exposure. Letting too many audit results get away from you can make it difficult to understand the true financial impact audits have on your organization.

2. Decide whether to appeal results

If you were found to have been overpaid on an audit and emphatically disagree with the results, you are able to appeal the decision. Often this means you believe the hospital provided care at established levels with the correct treatments and filed all the appropriate paperwork. If you think this is true and your audit did not work out in your favor, you may wish to appeal.

On the government side of things, with Medicare and Medicaid audits, there are levels of appeal built into the audit process. Commercial insurance audit appeals are conducted by pre-set provisions in the payor agreement that lays out the agreed audit process.

Deciding whether or not to appeal can be difficult. Work with your internal team to determine your case and decide whether or not it’s worth investing the time and effort to appeal. Think about how big the pool of audited claims is, what was the financial impact of the audit and how strongly you feel your position is justified.

3. If appealing, repeat Immediate Response process

At its lowest levels, appealing essentially involves repeating Steps 1-4 in Part One, above, from filing the appeal to re-submitting documentation and appeal paperwork. Like the original audit, the appeal will be time-bound and require its own set of paperwork.

At this point, you will once again have to wait on audit results. If the results turn in your favor, the process ends. If the results remain the same and you continue to feel strongly that they should be different, you can appeal to higher and higher levels, until you start to invest money in appealing to different courts of law. Remember, the decision to appeal remains entirely up to you and your organization.

Leveraging reporting to improve the audit process

Once you’ve been around the block a few times and have successfully navigated healthcare audits, you should always leverage available data to improve your internal audit response process and decisions to appeal in the future.

For example, knowing you have a certain success rate with one type of appeal and have a good chance at getting the result overturned is a better business decision than investing the time and effort just to hope the audit results work out in your favor the second time. Good, hard data can be key in determining your appeals strategy moving forward.

Data on lost audits and audit exposure can also help you determine root causes within your organization. Do you have a consistently audited problem with preauthorization, coding or standard of care? What steps can you take now to prevent audit exposure in the future?


Bluemark’s Blueway Tracker software is your best defense against insurance audits, providing project management, automation, critical deadline alerts and comprehensive reporting. Take your audit response to the next level with a technological solution that saves time, money and effort.

Learn more about Blueway Tracker, now with Full Cycle esMD, and how it can work to transform your audit response process here.