Reviewing the Hospital Audit Process via your Audit Policy

Your Audit Policy

Did you know that you can improve your refund stats and total audit losses by writing a simple Third Party Audit Policy? Facilities not using a Third Party Audit Policy are missing the boat and really do leave themselves open to a higher percentage of losses on cases that may never need to be audited. When considering your audit policy there are some very important factors to keep in mind. Generally speaking your audit policy should follow the flow of an audit. So let’s start with the letter of intent.

Letter of Intent to Audit

Your first consideration for your policy is the Letter of Intent (LOI) date. This date will be your first determining factor for when and if an audit can take place. Most of our clients have a limit of between 6-12 months from discharge to the LOI. If the LOI is after those dates, no audit is scheduled. Since most facilities are with a 2-10% refund rate that’s instant savings. There are few other considerations for the initial engagement section of your policy. You need to decide on auditor conduct rules, where the audit will occur, when the audit will occur, and what specifically is allowed. The more detail included in your policy requirements, the better.


Prior to scheduling the audit your policy should now include several components. First, Medlinks™ when writing a policy advises clients to assure that the outstanding claim has been paid to at least 95% of the balance. Any number your facility wants will work but this keeps audit lag of reimbursement to a minimum. This is also a good place to outline your accepted response times and scheduling times, which we like to suggest 4 months for scheduling. This is also a good place in your policy to indicate how the external auditor will obtain the bill and access to the medical record. Be specific here, many facilities have auditors contacting their business office, their medical records, their directors and etc. This can be resolved through written policy. This is also the place in the policy where we outline the audit fee. Many opposing firms and/or payers may resist the fee based on contracts and these of course must be honored but most firms are willing to pay some fee. In any case it is important to remember, in nearly every case of a third party reviewer looking at your records, they are reviewing that record for a refund.

The Audit Process

Finally your policy should include the audit process itself. Medlinks™ is careful to define what is an audit and what are the acceptable rules of engagement. While very rarely used this can be a valuable tool for an auditor or firm who is trying to “bully” you into findings or processes that you just don’t agree with. Again, this is a good place to be specific, for example you may want to state that your site bills according to CMS standards and that audit reviews should follow these standards. This is the point in the policy where we also outline both the internal and external auditors responsibility for written results and signatures and we usually include a paragraph that bars this account from any further review once results have been agreed upon.

Empowering Both Parties

Since implementing policies at our clients sites we have seen substantial savings through two routes. The first which is hard to quantify is the numerous times each year that we receive phone or e-mail requests to audit and those requests never come to fruition after we provide the firm with the facilities policy. The second are the times where policy rules and regulations specifically exclude the audit from being performed. Finally a policy will empower your auditor.

Following the Steps of a Hospital Audit

As our healthcare changes Hospital Audit of a bill versus the medical record is a practice that continues to thrive. From the view of a firm mostly involved with defense audits, it is clear why these audits occur, but many consumers don’t realize their record has been audited or why. As part of this series will look at the audit process of a Hospital Audit. There is a process applied to the Hospital Audit and for those of you interested or new to the field this is a typical breakdown. This is a series of articles. This is article #1

Medlinks Audit Tracker

Step One Notification

Notification should occur via the Letter of Intent or otherwise known as the L.O.I. or the engagement letter. This letter usually sent by the carrier or the firm representing the carrier should contain the following elements as we have outlined in our Third Party Audit Policy. They are as follows:

1.1       The engagement letter will contain the following information: (1) name of patient; (2) patient account number; (3) dates of service (including pre-op services dates which may be included on the inpatient stay); (4) reason the claim was selected for audit; (5) name of insurance carrier requesting an audit; (6) name of firm and person (if known) performing the audit; (7) total charges; (8) release authorization form (terms of admission are not acceptable)

As we move past the Letter of Intent (LOI) into the scheduling phase, you’ll want to make a few decisions, and lay down a few ground rules.

Audit Criteria/Pre-Audit Information

On Site

All audits will be performed on-site. No part of the medical record will be made available for removal from the facility under any circumstances. No document copying will be allowed. No technology is allowed used in the presence of the document, including cameras, cell phones, or any other image duplicator. This paragraph is intended to stop the auditor who decides they will copy the record or parts of the record and then remove this PHI from your facility. As the auditor it is your responsibility to make sure no records leave during the audit review.

Number of audits on a single account

A single account may not be audited more than once, any additional requests to audit will be denied. The findings of the first audit will be used as the results for any additionally requested audits. This issue can come up and should be considered later when we discuss the cancellation policy. This rule corresponds with CMS policies regarding auditing.

Government regulations

Insurance Auditors or agents must comply with Federal, State, Contractual, and Ethical standards regarding confidentiality of medical records.


Prior to scheduling the audit, 95% of the total billed charges must be paid subject to the patient’s insurance policy. This number can be adjusted to your liking, we’ve seen 100% to 90% but never less, as these audits can sometimes take a long time in consideration.

Date Range

Audit requests will not be considered if greater than six months after bill date of insurance. This date range should correspond with your letter of intent rules and the savings here should not be overlooked. Careful review of these dates is a perfectly legitimate way to deny an audit and thus save your entire error rate in potential loss.

Date Range #2

Hospital will make best faith effort to schedule the audit to take place within one hundred twenty (120) days of receipt of written notice to audit. Either your audit policy will dictate rules of engagement or the other firm will dictate rules of engagement. Often firms will submit an acknowledgement of audit results. Signing this form could supersede your policy so consider not signing and referring that firm to the policy which they should have signed.


Accounts assigned to collection will not be considered for an audit unless the request came within the first six months after discharge. This number should be in keeping with your previous date parameters.

The Bill Pull

The third party auditor may not request copies of the discharge bill from the hospital. The insurance carrier must provide this information. This issue will require a level of finesse since some firms are only given a UB summary they may truly not have the bill. On the other hand, if your facility is being tapped for every bill, it may be because your facility gives a beautifully organized excel sheet, that allows for easy editing and sorting. While this may work for you, these requests should come to you, and the opposing side should understand that all aspects of the audit from bill pull, to chart pull come through you. You should be the only contact for audit issues.

Desk Audits

Under no circumstances will off site auditing be allowed. All audits will be conducted on site with the medical auditor, unless allowed on a case-by-case basis by the facility auditor. Your site may allow for “off site” or “desk” audits, however you should be trying every avenue to block or intercede in this process. Since any audit of any kind could result in losses for your site, you’ll want to have the same right to review. This issue may be a contract issue with your site and the payer but that should be checked by you and known.

Cancellation Abuse

A written request must be made to re-schedule or cancel a scheduled audit. Additionally, a re-schedule fee of one hundred dollars ($100.00) will be charged for re-scheduled audits. An audit may be re-scheduled only once. This clause is created for the auditor who schedules, cancels, re-schedules, or just doesn’t show. While it is likely rarely needed, enforcement comes easily when this clause exists.

Cancellation Abuse #2

Should the auditor fail to appear the audit would not be re-scheduled. There will also be a cancellation fee of $100.00 that must be collected prior to any further scheduled audits. This clause is created for the auditor who schedules, cancels, re-schedules, or just doesn’t show. While it is likely rarely needed, enforcement comes easily when this clause exists.

Cancellation Abuse #3

Any audit scheduled or tentatively scheduled via the disposition of a “Letter of Intent” that is subsequently canceled will be considered “closed for further review” unless a new “Letter of Intent” falls into allowable parameters as outlined in item Carefully consider what is being said here? If an audit is cancelled and is not still within the acceptable LOI timeline than that audit will be forever non-auditable. Save your e-mail or other documentation with this case for back up.


A fee of two hundred dollars ($200.00) will be collected for each audit where the total billing equals two hundred thousand dollars ($200,000.00) or less. For bills greater than two hundred thousand dollars ($200,000.00) up to five hundred thousand dollars ($500,000.00) an audit fee of three hundred and fifty dollars ($350.00) will be collected. Bills exceeding five hundred thousand dollars ($500,000.00) will be charged five hundred dollars ($500.00) the audit fee must be received prior to or at the initiation of the audit. DRG reviews will be billed at $35.00 per account or encounter reviewed. Chart copies will be charged at seven cents per page. Fees are at your discretion but have become a standard in the industry. This issue will also require the auditor understands some level of the contract with the payer. Be diligent on this point. The audit exit should begin with the handing over of the audit fee.

These terms begin to set the precedence for audit rules of engagement. Some of the rules are controversial and not all auditors would agree. Your level of enforcement is up to you. Here at our firm, we catalogue every LOI into our database, the Healthcare Audit Tracker. This then allows us to place the letter in a pending status and allows us to watch the dates for potential late requests to audit, expiration of the audit period allowed, or cancellation.

All Audits

All, and I mean ALL audits should have this requirement and you should allow no one access to Protected Health Information (PHI) without at the very least a letter of intent. A letter of intent is not: an e-mail an Excel spreadsheet with the cases the auditor wants to see

Finally, no one is coming through your door to do Quality Assurance audits or just friendly old’ audits that have no financial impact. Your staffs involvement on the smallest level has a financial impact, so start a policy for audit management. To learn more about the audit process read our next posting: Requesting Medical Records Criteria in the Hospital Audit.

All That Data…. 

As we move through the steps of a Hospital Audit, we have already detailed the engagement process, as well as the pre-audit criteria. These are crucial and between the pre-audit criteria and the audit itself is scheduling and audit data retrieval which we’ll address soon in an upcoming blog. For now let’s talk about the process of the audit itself and once again a few rules of engagement. 

Audit Type

What is an audit? Is it defined differently depending on who you are? The answers to these questions are important for you to know before you begin an audit. Strangely enough many in the audit community for years have earned their auditing stripes by trial and error and learning from experience, their peers, and often times their auditing opponent. If your an internal auditor that can be an expensive and painful lesson.

Third Party Definition for Defense

An Audit shall be defined for these purposes as a comparison of the facilities billing vs. the documentation. It shall not include discussions on physician practice and/or DRG coding. – While this is a simplified view of the audit, you may notice that it is intended to eliminate any discussion of “the patient didn’t need that”. In the third party audit, reasonableness, and the retrospective practice of medicine, has almost no place. The purpose of this type of audit is to determine the effective and correct application of billing versus documentation. Exceptions can occur such as in the case of gender specific charges, but an auditor saying “these billed and documented charges don’t belong because they shouldn’t have done this” should be reminded of the policy and your conceding to the change should be very carefully considered.

Itemization Reporting

An itemization of under and over charges must be completed by both auditors at the conclusion of the audit. This itemization and/or accompanying forms will be considered the final report and will permanently conclude the audit. If only one party typically reports their findings then that party will deliver their findings to the facility within 30 days of the review. – Itemization reporting is a big subject, so let’s see if we can break it up. First, as part of a balancing process, you’ll want to understand how your opposing auditor calculates their findings. For example, do they categorize disputed and/or disallowed charges as over billed? Most firms do calculate this way and if you don’t then you will need to understand from the beginning that “balancing” will require some further information be conveyed to the parties receiving results, such as your business office. 

The Actual Report

Both unbilled (undercharges) and unsupported (overcharges) must be included in the final report from the third party auditor. These findings must include description, price, and be summarized by department.  It is always a good idea to have both parties complete an itemization and have both parties “sign and date” this legal document. This avoids content control by one individual.


The audits must have exit conferences, and be summarized and signed-off by authorized representatives of both parties. No consideration will be given during the audit to the carriers non-covered items. The hospital will not consider these as unsupported or overcharged items for purposes of the audit.-Audits should have a formal exit process. Because the process can be tedious, and because your workload may be intense, it is our natural tendency to avoid the face to face exit. In auditing, the premier way to exit is face to face with clear cut notes and the medical record easily accessed. The introduction of EMR has made this easier, but it is a rare occasion indeed when both auditors have access to an EHR. If you choose to exit, by phone, by fax, by e-mail, or some other way, remember HIPAA and count the cost.

Room & Board (or roughly 50% of the billed charges)

Room and Board charges are initiated upon admission orders and are not based on patient location. The hospital will not reimburse room and board charges based on time of arrival to a unit. Staffing and other predatory measures require hospital expense in preparation for the patient’s arrival. Our policy is also careful to point out a few details such as the correct application of Room & Board. For our purposes room and board is applied immediately upon the time of the written order. So, no matter where the patient resides at midnight, an inpatient is an inpatient. You’ll want to understand your site or firms contract on this because many still follow a midnight rule. 

Un-Billed Charges

If necessary the hospital will submit an additional bill that itemizes previously unbilled charges identified during the audit. The hospital reserves the right to terminate an audit for perceived misconduct by a third party auditor. The hospital reserves the right to refuse an auditor access based on past misconduct. – reserve the right and never accept that this audit process is not a two way street. That is to say, charges removed should also allow for charges to be added. As an internal auditor, you may even have a rare occasion where your under charges exceed your over charges. Always a good day!

Contact with Director’s/Manager’s/Supervisors/Staff

No direct contact with departments will be allowed by the third party auditor.  All aspects of contact will be with the hospital auditor. – Never, ever, ever allow a Third Party Auditor free reign in your facility. Questions and queries to department directors/supervisors/staff are often unexpected and the answers are often wrong. You and your policy are in place to control conduct.

Refund Tabulation

If the insurance carrier receives a discounted or contracted rate, all refunds will be calculated using the same discount formula. Just to play fair and to completely understand the process be sure to understand the site’s rate and refund. What looks like a small refund in stated cash, could equal a much larger refund based on stop loss rates. Stay tuned for more on this in future blogs.


Any audit containing disputed or disagree items will not be finalized until this dispute has been arbitrated by the auditing company and hospital. All disputed items will be rectified with both parties before final results are submitted. -Much luck here, as this is generally ignored in my experience. A strong back office or quality control team can make a huge difference with a strong appeal policy and procedure. 

What if we don’t agree?

If no agreement can be reached in 90 days the items will be left on the billing as originally billed, and the audit will be considered complete. – Again, much luck here, but a contingency should be addressed for the occasion when the two parties just see the world in an entirely different way.

Medlinks Audit Policy

Medlinks Audit Policy has saved our clients many thousands of dollars, and potentially millions in savings associated with cancellations and audit control via the Audit Policy.

error: Content is protected !!

Free Audit Policy

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!