Medical coding audits are critical to a healthy revenue cycle, but with all the options, it is difficult to know where to position the different types of medical coding audit services in your revenue cycle management optimization strategy. 

One of the most challenging can be the self-audit – an internal review that can be used with other medical coding audit services to optimize your revenue cycle results. 

What Are Self Audits? 
Self audits are a careful review of existing medical coding practices to help ensure compliance with medical coding and billing standards, rules, and regulations [1]. They can also be incredibly powerful tools of prevention. They allow providers to protect against lost revenue and billing issues by getting ahead of payer audits. They help you find payment, medical billing, and medical coding issues (including missed revenue), identify problems in patient care, flag opportunities for training, and get ahead of compliance issues. 

It’s important to view self auditing as an opportunity. If your staff sees self audits as a negative, it might be time to change perspective. This type of internal audit can save everyone significant headache down the road and protect long-term organizational health. 

As your organization builds out a plan to incorporate self audits into your strategy, don’t try to reinvent the wheel. As important as it is for your approach to be customized to your needs, the Office of the Inspector General (OIG) offers compliance rules that will not only ease your planning but will also serve as a resource if the agency ever needs to examine your practices. CMS provides a few steps to developing and complying [2]. 

Risk Audit Steps

#1 Identify Risks
In this step, you’ll identify which compliance issues and risks top your list of concerns. You’ll also figure out where you’re the most vulnerable to these risks. You will need to incorporate input from a range of departments, including medical and nursing services, ancillary, patient finance, HIT and quality, and legal and compliance. 

This is also a good time to decide the type of scoring process you’d like to use. CMS suggests the following:

  • High: These are risks that repeat, that happen frequently, that have significant impact, or are difficult to detect.
  • Medium: These happen less often but are still difficult to detect. 
  • Low: This risk level is unlikely or has a lower potential impact. 

#2 Risk Audit: Reviewing Standards and Procedures
Here, you’ll be assessing the effectiveness of your standards and procedures. These are the resources like financial procedures, compliance training, policy manuals, and medical coding practices. 

Your review can include direct observation to test controls. Any weaknesses you find can guide your decision making when selecting claims for audit. 

#3 Risk Audit: Reviewing Claims
Now, go over bills and medical records “for compliance with applicable coding, billing, and documentation requirements…ideally [to] include the person in charge of billing… and a medically trained person (e.g., registered nurse or preferably a physician).”

OIG offers recommendations for determining sample size to avoid the weaknesses of random sampling. In general, prioritize claims with the highest volume, value, and chance of error. When reviewing claims, OIG recommends that you look for:

  • Data integrity, meaning a lack of zeros, blanks, edits, unreasonable values, and duplicate entries 
  • Dates of services, reason for visit, and vision orders as required
  • Appropriate history documented on the claim, risk factors, conditions limiting treatment, allergies, medications, and terminology being used and spelled correctly
  • Complete information around tests, labs, exams, and X-rays, including results and reasons as well as good copies 
  • The inclusion of progress, treatment plans, medication dosage, timing and usage, responses and changes, anesthesia, patient and family education, and any “watch” areas that are suspicious
  • Information on patient communications and information on missed appointments
  • Content that is legible, properly dated and signed while including correct administration and initialing of additions, deletions, erasures, and alterations as well as appropriate indication of valid credentials
  • Patterns and relationships between vendor, provider, and beneficiaries that are reasonable and appropriate 

#4 Document the Audit
Documentation is key to a productive audit. Good documentation will provide a complete and accurate record of your work in collecting risk data and preventing improper payments. Overall, you want your documentation to be thorough enough to convince any uninformed third party that the results of your audit are reasonable.

#5 Review, Act, and Measure Results
At this stage, the audit itself is complete and you can move on to revising your risk assessment and processes, documenting changes, and training and educating staff who are impacted by what you’ve found. 

It is important to track your progress toward improved control of risk. Without taking and tracking correcting actions, you won’t know what’s working and what isn’t. 

How to Use Self Audits in Your RCM Strategy
As you are conducting your audit process, keep in mind that it can illuminate areas in which you can tap into outsourcing when taking corrective action. For example, you might find use for payer contract review, risk adjustment coding, or outsourcing medical billing as you move through the process. 

If you’d like to discuss areas to look out for and how to leverage outsourcing medical coding audit services to apply your audit results, contact us today.


[1] R. Ingalls-Fitzgerald, “The Importance of Self Audits,” 1 March 2019. Available:
[2] CMS, “Conducting a Self-Audit: A Guide for Physicians and Other Health Care Professionals,” February 2016. Available:

Get In Touch!
close slider

    Get In Touch!