Medical Billing Audit Checklist: The Complete Guide to Protecting Your Practice Revenue

Medical billing audits are a frontline financial and legal issue for every healthcare practice in the United States. Whether you’re a solo practitioner or a multi-provider group, having a thorough medical billing audit checklist in place can be the difference between a clean compliance record and a six-figure repayment demand.

The numbers are sobering. According to CMS, the Medicare Fee-for-Service improper payment rate was 7.38% in fiscal year 2022, representing approximately $28.7 billion in overpayments, underpayments, and documentation errors.

Most of those errors weren’t intentional. They were caused by poor documentation, miscoded services, credentialing oversights, and billing staff who weren’t trained on the latest payer policies. A medical billing audit checklist catches these errors before they become liabilities.

Why Regular Billing Audits Are Non-Negotiable

Federal law is not passive on this issue. The False Claims Act imposes civil liability on providers who knowingly submit, or fail to correct, false or inaccurate Medicare and Medicaid claims. Penalties range from $13,900 to $27,894 per false claim as of 2024, plus up to three times the damages.

Beyond legal risk, billing errors affect your practice financially in both directions. Upcoding leads to overpayment demands and audits. Undercoding, which is far more common than most practices realize, means leaving legitimate revenue uncollected. A 2021 study published in the Journal of the American Medical Association found that incorrect E/M coding costs physicians an estimated $1.3 billion annually in uncollected reimbursement.

A well-structured medical billing audit checklist addresses both sides: catching inflated claims and recovering missed revenue.

Types of Medical Billing Audits You Need to Understand

Medical billing audits differ not only in who conducts them, but in how aggressively they review documentation, how far back they examine claims, and how repayment is calculated. Some audits are educational and corrective, while others are investigative and legally driven. The scope of review can range from a small random sample to multi-year claim extrapolation, where findings from a limited sample are projected across hundreds or thousands of claims, dramatically increasing financial exposure. Understanding the operational structure, authority level, and enforcement power behind each audit type helps practices prepare documentation standards, internal controls, and response protocols appropriately.

Understanding which type of audit you might face, and what triggers each, is the first step in building a medical billing audit checklist that protects your practice from all angles.

The Complete Medical Billing Audit Checklist

Accurate medical billing starts long before claims are submitted. A comprehensive audit checklist ensures every patient registration, CPT code, ICD-10 diagnosis, and E/M selection is verified for compliance and maximum reimbursement.

Section 1: Patient Registration and Insurance Verification

Errors at registration cascade through the entire revenue cycle. Start your checklist here:

• Patient name, date of birth, and address match across all records and the insurance card
• Insurance ID, group number, and payer ID are accurately entered in the practice management system
• Coverage was active on the date of service, verified with a real-time eligibility check
• Primary and secondary insurance are correctly sequenced (coordination of benefits)
• Prior authorization number obtained and documented when required by the payer
• Referral requirements met for HMO and gated plans
• Insurance benefit type verified: mental health vs. medical, outpatient vs. inpatient

Section 2: CPT Code Accuracy and Medical Necessity

CPT coding is the highest-risk area in most practices. Your checklist should verify that:

• CPT codes submitted exactly match the documented services rendered in the clinical note
• No upcoding: the E/M level matches the documented complexity using the 2021/2023 CMS guidelines
• No undercoding: providers are not habitually billing 99213 for visits that clearly document 99214–99215 complexity
• Add-on codes are correctly appended to their required primary codes
• Modifier use is documented and clinically justified (Modifier 25, 59, 51, GT, 95, etc.)
• Bundled services are not billed separately in violation of NCCI edits

Section 3: ICD-10 Diagnosis Code Compliance

• The most specific ICD-10 code available is used, not defaulting to unspecified codes without a documented clinical reason
• Diagnosis codes are supported by direct language in the clinical note, not inferred
• The primary diagnosis reflects the reason for the visit, not a chronic condition managed elsewhere
• Comorbidities affecting clinical management are documented and co-coded
• Z-codes (social determinants of health) are used when applicable; they support medical necessity and improve risk adjustment
• ICD-10 codes are updated when clinical pictures change, not carried forward unthinkingly from previous encounters

Section 4: Evaluation and Management (E/M) Level Justification

CMS revised E/M documentation requirements in 2021 and again in 2023. Your audit checklist must reflect these changes:

• Medical Decision Making (MDM) OR total provider time is documented as the basis for E/M level selection
• MDM components are complete: number/complexity of problems, amount/complexity of data, risk of complications
• Time-based billing includes total time on the date of service, including pre- and post-encounter work
• New vs. established patient status is correctly identified (new patient = no prior face-to-face in the last 3 years)
• Split/shared visits between the physician and NPP are documented per the 2022 CMS split/shared billing rules

Section 5: Place of Service (POS) Codes

• POS code accurately reflects where the service was physically delivered
• Telehealth services use POS 02 (telehealth other than home) or POS 10 (telehealth, patient in home)
• Hospital-based services (POS 22) are not billed at office rates (POS 11); this is a common and costly error
• Facility vs. non-facility rates are correctly applied based on POS

Section 6: Provider Credentialing and Enrollment

• The billing provider is currently enrolled with each payer, and the NPI is registered correctly
• Individual NPI (Type 1) and organizational NPI (Type 2) are both accurate on claims
• Supervising physician credentials are documented for all mid-level provider services billed incident to
• OIG has excluded no provider on the billing roster; check monthly
• Provider re-credentialing deadlines are tracked and completed on time

Section 7: Claims Submission Integrity

• Claims submitted within timely filing windows: Medicare 12 months from DOS, most commercial payers 90–180 days
• Clean claims rate is benchmarked: industry standard is 95%+ clean claims on first submission.
• Claim scrubber is active and updated with current NCCI edits and payer-specific edits.s
• Electronic remittance advice (ERA) is reconciled against submitted claims within 30 days

Section 8: Denial Management and Appeals

• All denied claims are reviewed within 5 business days of receipt
• Denial reason codes (CO, PR, OA) are categorized and tracked by payer and reason
• Appeals are filed within payer deadlines, and Medicare Part B allows 120 days from the initial determination
• Denial patterns are analyzed monthly, and root causes are addressed at the source
• Write-offs are reviewed and approved by a supervisor, not processed by front-line billers alone

Audit Frequency Recommendations

The OIG Compliance Program Guidance for Individual and Small Group Physician Practices recommends conducting billing audits as part of an ongoing compliance program. Their guidance specifically recommends, at a minimum, an annual audit and quarterly audits for high-risk specialties.

Recommended cadence for a small-to-mid-size practice:

• Weekly: Review denied claims report and accounts receivable aging
• Monthly: Audit denial trends, clean claims rate, and collections by payer
• Quarterly: Random sample of 15–20 claims per high-volume CPT category per provider
• Annually: Comprehensive review of all billing categories, credentialing, and documentation compliance
• Ad hoc: Any time a new payer policy takes effect, after a RAC notice, or after a significant staffing change

Sample Size Guidance for Internal Audits

One of the most common questions practices ask is how many claims to review. The OIG recommends using a statistically valid sampling methodology. For practical purposes in small practices:

• Minimum 10 claims per provider per CPT code category for a baseline audit
• High-risk areas (E/M, high-cost procedures, mental health) warrant 20–30 claims per provider
• If errors exceed 10% in a sample, expand the audit to identify the full scope
• Document your sampling methodology; this demonstrates good faith in the event of an external audit

What to Do When Your Audit Finds Errors

Finding errors in an internal audit is a good thing; it means you caught it before a payer did. But what you do next matters.

If your audit uncovers overpayments from Medicare or Medicaid, the 60-Day Rule requires voluntary repayment within 60 days of identifying the overpayment. Failure to repay triggers False Claims Act liability.

Steps to take after finding billing errors:

• Quantify the scope: determine whether the error is isolated or systematic
• Calculate the overpayment amount accurately, and use the same methodology CMS would use
• Submit repayment through the appropriate CMS or payer channel with documentation
• Correct the root cause: update billing procedures, provide staff training, or fix EHR templates
• Document the entire corrective action process; this is your compliance record

Ready to Fix Your Medical Billing? We Can Help.

Billing errors, missed revenue, and compliance risks shouldn’t be part of your daily workflow. At Wisconsin Medical Billing, our expert medical billing team handles everything, from claim submission to denial management and compliance audits, so your team can focus on what matters most: patient care.

Whether you’re struggling with prior authorizations, ICD-10 accuracy, incident to compliance, or payer negotiations, we bring the expertise to fix it.

Schedule a free billing consultation today and recover lost revenue with our medical billing audits.

Frequently Asked Questions

How do I pick claims for my internal audit?

Use random sampling across high-volume CPT codes like E/M levels. Target 15-20 claims per provider quarterly, focusing on recent submissions for proactive error detection. 

What triggers a RAC audit for my practice?

High overpayment patterns, frequent high-level E/M codes, or abnormal billing volumes flagged in CMS data. Proactive internal audits reduce RAC scrutiny risks significantly. 

Should I hire external auditors for audits?

Yes, for objectivity on complex issues like split/shared visits or NCCI edits. They spot blind spots your team misses, often recovering more revenue than costs. 

How long to keep audit documentation records?

CMS requires 7-10 years minimum for Medicare claims; extend to 10 years for False Claims Act protection. Organize digitally for quick external audit access. 

What if the audit shows systematic undercoding issues?

Train providers on 2023 E/M guidelines, update EHR templates, and re-audit after 30 days. This recovers lost revenue while proving compliance efforts to payers.