What a billing audit covers and what it produces
A complete billing audit reviews 47 specific items across six revenue cycle stages: front-end (eligibility, demographics, prior auth), coding (CPT/ICD-10 accuracy, modifier logic, documentation), claim submission (clean claim rate, scrubber rules, payer mix), payer adjudication (denial pattern, appeal velocity, contract loading), A/R management (aging buckets, days in A/R, write-off discipline), and compliance (HIPAA, OIG work plan items, fraud red flags). The output is a prioritized findings list with estimated revenue impact and a remediation owner for each item.
- 47 items across 6 revenue cycle stages
- Front-end through compliance
- Findings carry revenue impact estimates
- Each finding has a remediation owner
The Medical Billing Audit Checklist: 47 Items
By MedPrecision Operations Team · Published
A real medical billing audit is not a single dashboard review. It is a structured walk through the entire revenue cycle — front-end eligibility, coding, claim construction, denial patterns, A/R aging, contract loading, compliance posture — looking for the specific failure points where revenue is leaking. This 47-item checklist is the framework used on most first-engagement audits at MedPrecision, organized by revenue cycle stage so the findings map directly to remediation owners.
Front-End: Eligibility and Patient Access (Items 1-9)
Item 1: Is real-time eligibility verification (270/271) run at scheduling for every patient? Item 2: Is eligibility re-verified at check-in to catch coverage changes since scheduling? Item 3: Are insurance card images captured and OCR-validated against the eligibility response? Item 4: Are demographics validated against payer records (subscriber name, DOB, ID format)? Item 5: Is the secondary payer identified at registration and the COB order confirmed? Item 6: For Medicare patients, is the MSP questionnaire completed (working spouse, workers' comp, no-fault, ESRD)? Item 7: Are time-of-service collections happening for known copays and outstanding balances? Item 8: Are referral requirements identified for HMO patients before service? Item 9: Are no-show and cancellation policies operationalized to capture documented patient acknowledgment? Front-end gaps are the single largest controllable source of CARC 27, 31, and 22 denials.
Front-End: Prior Authorization (Items 10-13)
Item 10: Is there a documented list of which CPT codes require PA by payer, kept current? Item 11: For PA-required services, is the request submitted within 24 hours of scheduling? Item 12: Is the approved PA number captured into the practice management system attached to the encounter, and is there a scrubber edit that blocks PA-required CPTs from claim submission without an authorization number? Item 13: Are pending PAs tracked in a dashboard with daily follow-up until cleared? CARC 197 denials are almost entirely preventable with discipline at items 10-12; the most common failure is item 12 (PA was approved, but the number didn't get captured to the claim).
Coding: Accuracy and Documentation (Items 14-22)
Item 14: Is there a defined coder review cycle for every claim above a specified complexity threshold (typically all surgical, all level-4/5 E/M, all infusion)? Item 15: Are coders certified (CPC, CCS, CCS-P) and is annual continuing education tracked? Item 16: Is documentation reviewed against the 2021 E/M guidelines (medical decision making or time-based)? Item 17: Are modifier 25, 59, 76, 77, and 91 applied consistently against NCCI edits? Item 18: For surgical claims, are global period rules (0, 10, 90 day) correctly applied? Item 19: Are diagnosis codes coded to highest specificity supported by documentation (no unspecified codes when specificity exists)? Item 20: Is there a query process when documentation is unclear, and is query response timeliness tracked? Item 21: Is the coder error rate by type tracked monthly? Item 22: Are coder audits performed quarterly with a minimum 25-chart sample? Coding gaps are the second largest revenue leak category and the largest compliance exposure.
Claim Submission and Scrubbing (Items 23-28)
Item 23: What is the documented clean claim rate, computed under the HFMA MAP Keys definition (no manual intervention, not just clearinghouse acceptance)? Item 24: Are scrubber edits maintained against payer-specific rules and updated when payer policies change? Item 25: Is the time from charge entry to claim submission under the HFMA target of 5 days? Item 26: Are NPI, taxonomy, and tax ID validated on every claim against NPPES and against the payer enrollment file? Item 27: Is place-of-service consistent with the rendering location (POS 11 office, POS 22 hospital outpatient, POS 02 telehealth)? Item 28: Are duplicate claim submissions prevented by the system, and are CARC 18 (duplicate) denials trended? Submission failures are the most measurable category — every gap shows in the CCR number.
Denial Management (Items 29-34)
Item 29: Is the denial rate trended monthly by CARC code, with the top 5 codes broken out separately? Item 30: Is the median time from denial receipt to first appeal action under 14 days? Item 31: Is appeal recovery rate tracked by denial type and by payer? Item 32: Is there a documented escalation path for denials that fail first-level appeal (peer-to-peer, second-level appeal, external review)? Item 33: Are denial root causes traced back to the front-end or coding stage that produced them, with feedback loops to prevent recurrence? Item 34: Are write-off thresholds enforced — no claim written off without documented appeal exhaustion or supervisor approval? Denial management is where most aged A/R sits; an unworked denial queue is the single biggest source of NCR drag.
A/R Management and Reporting (Items 35-39)
Item 35: Is days in A/R computed under the HFMA formula (90-day rolling denominator)? Item 36: Is the aging bucket distribution (0-30, 31-60, 61-90, 91-120, 121+) reviewed monthly? Item 37: Is the 90+ day A/R as a percentage of total A/R under 12-15%? Item 38: Is there a defined work queue for each aging bucket, with daily worklist assignment? Item 39: Are bad debt write-offs reviewed and approved at the appropriate authority level, with documented criteria? A/R management is the recovery layer — gaps here turn front-end and coding mistakes into permanent revenue loss rather than recoverable rework.
Contract and Fee Schedule (Items 40-43)
Item 40: Are payer contract allowed amounts loaded into the practice management system, current to the most recent contract amendment? Item 41: Is each payment posted compared to the loaded allowed amount, with underpayments flagged automatically? Item 42: Are fee schedule rates set at a defensible multiple of Medicare (typically 200-300%) with documented rationale? Item 43: Are renegotiation cycles documented, with major payer contracts reviewed at least every 24 months? Contract loading is one of the largest hidden revenue leak categories — payer underpayments that go undetected because the loaded rate doesn't match the contract rate represent immediate recoverable dollars.
Compliance and Risk (Items 44-47)
Item 44: Is the HIPAA risk assessment current (within 12 months) and documented with mitigations for identified risks? Item 45: Are workforce members with PHI access trained annually, with documentation? Item 46: Is the OIG work plan reviewed annually and findings mapped against the practice's billing patterns (e.g., E/M upcoding scrutiny, modifier 25 utilization, telehealth POS)? Item 47: Are billing-side fraud red flags monitored — duplicate submissions, unusual coding patterns, after-hours billing activity, single-coder claim approval bypasses? Compliance audit findings rarely produce immediate revenue impact but represent the largest tail risk — a False Claims Act exposure can cost more than the entire billing operation in a year.
Common Questions
Common questions about medical billing audit checklist (2026): 47 items to review.
Get a Free Billing Audit
Our billing specialists can walk you through this and more.
Get a Free Billing Audit arrow_forwardHow often should a practice run a billing audit?
A full external billing audit should occur every 12-18 months at minimum, with internal mini-audits monthly on a rotating subset of items. The full audit produces a complete revenue cycle assessment with remediation recommendations and revenue impact estimates; it is the right cadence for catching structural issues that develop over time. Monthly internal audits should rotate through subsets — coding accuracy on 25 charts in month one, denial pattern analysis in month two, contract underpayment review in month three — to maintain ongoing visibility without the full audit cost. Practices that have just changed billing companies, switched practice management systems, gone through a major payer contract renegotiation, or experienced an unexplained revenue drop should run a full audit immediately rather than wait for the cycle.
What is the difference between a coding audit and a billing audit?
A coding audit reviews documentation against assigned CPT and ICD-10 codes, looking for accuracy, modifier appropriateness, and documentation support — typically a sample of 25-50 charts reviewed by a certified coder (CPC, CCS, CCS-P) against payer policy and NCCI edits. The output is a coder error rate, identified upcoding or downcoding patterns, and recommended documentation training. A billing audit is broader — it includes the coding audit as one component but also reviews eligibility processes, claim submission, scrubber configuration, denial patterns, appeal velocity, A/R aging, contract loading, and compliance posture. The billing audit is operations-focused; the coding audit is documentation-focused. A finding in the coding audit might be 'modifier 25 is being used on 30% of E/M visits — review for medical necessity'; a finding in the billing audit might be 'CARC 197 denials represent 18% of total denials — investigate front-end PA workflow.'
How much revenue does a typical audit recover?
Recovery varies widely with practice size and the depth of pre-existing issues, but MGMA's published RCM benchmarks suggest practices with no recent audit typically have 3-7% of net collectable revenue leaking through identifiable causes. For a practice billing $5 million annually in net collections, that range is $150,000 to $350,000 in recoverable revenue. The categories with the highest recovery yield are usually contract underpayments (loaded rates not matching actual contract terms), unworked aged denials sitting past 90 days, missed timely filing on appeals, and posting errors that overstated contractual write-offs. The recovery is real but is not always immediate — some categories (working aged denials, appeals on past timely-filed claims) produce recovery within 60-90 days; others (contract loading fixes, scrubber rule additions) produce ongoing benefit going forward without lump-sum recovery.
What red flags should a billing audit catch?
Five specific red flag patterns warrant escalation. First, OIG work plan items showing in the practice's billing pattern at high frequency — modifier 25 used on >25% of E/M visits, level-5 E/M as >10% of total E/M codes, modifier 59 applied without NCCI documentation, telehealth POS 02 used when service was rendered face-to-face. Second, a single coder approving >50% of claims without secondary review. Third, after-hours billing activity (claims submitted, modifications made) outside normal workflow. Fourth, duplicate submission patterns suggesting intentional double-billing. Fifth, unusual specialty utilization patterns — for example, a primary care practice billing high-complexity G-codes for chronic care management at volumes inconsistent with patient panel composition. These are False Claims Act exposure indicators and require immediate review.
Should I run an audit before switching billing companies?
Yes — a baseline audit before switching is one of the most defensible specific investments available. The audit creates the documented starting point against which the new billing company's performance can be measured at 90 and 180 days, surfaces any pending issues that need to be resolved before the transition (open denials, aged A/R, pending appeals), and produces a credentialing and contract inventory that simplifies the transition itself. Practices that switch without a baseline audit frequently discover post-transition that some revenue loss began before the switch but gets attributed to the new vendor — making it harder to evaluate the actual transition outcome. The audit cost is typically 1-2% of annual collections and the return on that investment usually exceeds 300% within the first year of the new arrangement.
Do I need a CPA for a billing audit?
No — a billing audit is operational, not financial, and is performed by revenue cycle specialists rather than CPAs. CPAs perform financial statement audits under generally accepted auditing standards (GAAS), which review the accuracy of financial reporting but do not examine billing operations, coding accuracy, or revenue cycle KPIs. A billing audit is performed by certified coders (CPC, CCS, CCS-P), revenue cycle analysts, and practice operations consultants who specialize in healthcare billing. The output is operational — findings on coding patterns, denial trends, contract loading, scrubber configuration — not a financial opinion. Some firms offer combined billing-and-financial audits, but the scope and skillset are different and the deliverables address different audiences.
Related Services
Related Specialties
Get the 47-Item Audit
MedPrecision runs the full 47-item billing audit on every new engagement. Findings come back in 10 business days with revenue impact estimates and remediation owners.