Regulation of Medicine


Always Be Prepared: How to Effectively Respond to Commercial Payer Audits

By: Scott R. Grubman & Gregory A. Tanner, Chilivis, Cochran, Larkins & Bever, LLP

No matter the size, type, or specialty, all healthcare providers should anticipate and be prepared to be audited by commercial payers. Such audits are typically initiated when a payer sends a request for records to a provider.  The records request could be for a random sample of patient charts, or it could be targeted at a specific billing pattern or procedure code. Either way, by requesting records, the payer has put the provider on notice that it is going to examine the documentation and evaluate whether the provider’s records justify the claims submitted for reimbursement.  The following are tips to follow when dealing with commercial payer audits:

  • Be Proactive

    Do not wait until a payer sends a records request. Be familiar with the rules and requirements that the payer expects providers to follow.  Use resources such as the provider agreement, provider manual, and any specific guidance or payment determinations that the payer has published.  After gaining an understanding of what each payer expects and requires, providers should establish and implement policies and procedures to properly and completely document their services according to the payers’ rules. The payers’ rules and the provider’s policies for complying with the rules should also be regularly reviewed and updated.  Additionally, providers should consider options for performing self-audits (either conducted in-house or by an outside auditor) to identify and mitigate any potential issues prior to a payer initiating an audit.

  • Comply with Document Requests

    It is standard for a commercial payer to reserve the right to conduct audits as a condition of a provider’s agreement with the payer.  Specific information about how a commercial payer conducts such audits are usually contained in the payer’s Provider Agreement and/or Provider Manual.  The payer is entitled to the records, and such disclosure does not violate HIPAA (although the provider should be sure to send in a HIPAA-compliant secured fashion).  Additionally, whether the provider can charge the payer for making copies of the records depends on the payer’s specific policies and the provider agreement, although it is unlikely that the provider may charge the payer for such copies.

  • Do Not Submit Original Records

    The records should be produced in electronic format (e.g., PDF files).  If some or all of the requested records are contained in hardcopy form, scan the records and make electronic copies to send instead of the originals. The provider should retain the original records. 

  • Know Your EMR System

    There are numerous electronic medical records (EMR) systems on the market, and they are not all the same, but they are all customizable.  Providers should be familiar with the specific options and customizable features of an EMR system and should ensure that the system’s output settings are properly configured so that copies of electronic records will accurately reflect what the provider intended to document. 

  • Identify Potential Issues

    Do not wait for the payer to conclude the audit to find out if there are any issues with the records that were submitted. While gathering the records, try to determine potential weaknesses needing corrective action, and implement changes accordingly.

  • Do Not Alter Patient Records

    Sometimes when gathering documents requested for an audit, providers discover an issue in the documentation that may be viewed as problematic. Sometimes such issues could be easily addressed by altering the documents by adding something minor or taking out something that clearly was not intended. In such cases, providers should resist the temptation and NOT alter the records. Adding an addendum may be appropriate, but such an addendum must accurately indicate the date it was added.

  • Do Not Rely on E/M Calculators

    Many EMR systems include built in “E/M Calculators” that automatically determine the code level for an office visit depending on the information selected when charting the encounter into the system.  Do not trust such electronic calculators to sufficiently support the complexity of a physician’s medical decision-making or other elements considered when selecting the appropriate E/M level. Be sure the record contains all key components required to justify the appropriate E/M level to mitigate the risk of the auditor down-coding or disallowing the level of service billed.  

  • Provide Complete Records

     It is important to note that a records request for a specific date of service potentially could involve other records that need to be included with the requested documents.  These might include lab test results, other diagnostic services, orders for these services, referrals, consultation reports, and other documents.  Consider whether other documentation should be included that would support the services billed.

  • Timely Produce the Documents

    Be mindful of response deadline imposed by the payer. Do not risk having to pay back an overpayment just because the records are sent late. Start preparing to submit the records as soon as the request arrives, and if more time is needed to respond then reach out to the payer and ask for an extension. They are typically willing to give at least one reasonable extension. 


Want to learn more?

Interested in how MagMutual can help?

View our products


The information provided in this resource does not constitute legal, medical or any other professional advice, nor does it establish a standard of care. This resource has been created as an aid to you in your practice. The ultimate decision on how to use the information provided rests solely with you, the PolicyOwner.