Exclamation point in an orange circle over an orange background.

Does conducting internal audits mean the same person that codes your claims should also be reviewing their work to determine accuracy? Many of you reading this post may find my answer hard to believe, but the answer is no, it should not be the same person! The fact is we want independence and objectivity, and when we review our own work, we have neither; thus, the audit sample(s) and/or the audit(s) are biased! Think about it this way, if you were reviewing your work and you found that 30-40% or greater were errors, would you report yourself? When it comes to auditing, it’s critical to have independence and objectivity to demonstrate a “culture of compliance,” and in the event it results in having to make a self-disclosure to OIG or even just a voluntary refund to the MAC or a Commercial Payor, you have to make a bona fide disclosure, including a Corrective Action Plan (CAP). This is why using outside review companies is so important, but you shouldn’t just rely on any ole’ “auditing company”. The fact is, when it comes to audits, you get what you pay for, and that’s a fact. These days with the internet, anyone can create a website, create testimonials, copy and paste the information they found on Google and make themselves look like a Fortune 500 Company (buyer-be-ware)!

I have heard it a thousand times; “you’re too expensive,” or “we talked to a local group who is much cheaper,” or “we can outsource it overseas, and it is even cheaper!” First, “expensive” is subjective. Ask yourself, are you really comparing apples to apples, or is it apples to rotten bananas? Second, yes, you can use someone local (sole proprietor), and they may be outstanding, but what happens in the event you have to issue corrected claims, file a voluntary refund, or worse, you have to disclose your results to OIG (claims potentially rise to the level of fraud)? Will that person or outsourced group overseas have access to legal counsel specializing in health care on speed dial?

On the other hand, what happens if the group overseas indicates you are doing everything right and you are not, but if they tell you or your providers that you’re clueless, odds are you may not renew for the next round of audits. But hypothetically, what if they tell you the health of your provider(s) coding is excellent, and then you become the target of a MAC Audit, and they determine your error rate is 80 or 90 percent? Who are you going to hold liable? It won’t be the overseas-based company because the majority of them are beyond the reach of the Justice Department. If you think you are going to sue them, guess again. Take India, for example. India has a court backlog of 40 million cases (you read that correctly) according to the chief justice back in April 2022! The fact is, they have 20 judges per million population, which is severely inadequate given the trend of litigation is rising. Second, if you think a foreign court is going to rule against one of their own Nationals in favor of an American company, guess again.

The other mistake health care providers make is not performing their audits under privilege. Making sure any and all of your communications are protected to the extent your state law allows is critical, especially if at some point it results in a disclosure, someone filing a qui tam, you receive a Civil Investigative Demand (CID), or you become the target of an investigation through an SIU, UPIC, MAC, OIG, etc. You want to make sure all of the auditor’s work papers are protected (Work Product Doctrine – “Protects documents and tangible things that are prepared in anticipation of litigation by (or for) another party or its representative from disclosure to third parties”[1]).

That is why conducting an audit is not as simple as let’s just have an audit done! You have to be cerebral about the process and understand who’s looking at your claims and whether or not they possess the requisite skills in your specialty.

Here are some questions (and food for thought) to ask the next auditor you’re thinking of hiring:

  • What credentials in my specialty do your auditors possess?
    • Do you maintain a credentials file, and are you willing to share that with us?
  • How many audits of my specialty have you conducted in the last year, 3 years, or 5 years?
    • What is the anticipated turnaround?
  • Do you perform your audits under privilege, and if so, who is the attorney(s) and or firm(s) you work with?
  • How do you determine samples for the audit? This is such a critical question because you need to know out of the gate whether your audits are educational, confirmatory of a suspected problem, potentially being used for extrapolation, or some other reason.
  • Who is conducting your audit sample, and what is their educational level and/or experience with doing this?
    • Are they a statistician, a data scientist, or an economist?
    • Are they using RATSTATs, SAS, Medi Tab, or some other statistical package?
    • Is it a probe, convenience, non-probability, or statistically valid random sample?
    • How are they testing the sample? What type of simulation(s) are they running?
  • Do they carry Errors and Omissions Insurance, and if so, how much ($1,000,000 / $3,000,000 or greater)?
  • Can they provide references in your specialty(s)? MAKE SURE TO CALL THEM!!!
  • Have they been sued in the past, and if so, why and what was the outcome? Get the case number if possible and/or use Google!
  • Are your auditor’s W2 or 1099s (this can make a huge difference) and all based in the U.S. with a primary language of English? Make sure you question them on this because there are a lot of overseas groups that have an office in the U.S., but it may only have one (1) person there who is simply administrative, and all of the work gets uploaded to the cloud and then performed by folks overseas (This happens all the time)!
  • Ask them if they are willing to do a “proof of concept” (make sure you have a BAA in place before you send any PHI so as not to violate HIPAA).
  • In the event you determine our services are billed in error, what are your capabilities for supporting us moving forward with corrected claims, voluntary refunds, and/or self-disclosure?

Taking the time to ask the right questions can save you a lot of headaches.


Sean M. Weiss is a Partner and serves as the Vice President and Chief Compliance Officer for DoctorsManagement, LLC. You can find out more about our auditing and compliance services and keep up to date with the latest blogs and episodes of The Compliance Guy Podcast here: www.thecomplianceguy.com You can see where Sean will be presenting throughout the remainder of 2022 as well as inquire about hiring him as a speaker (National Speakers Association) for your next conference, summit, or webinar!  

  [1] Thompson Reuters Practical Law – Glossary Work Product Doctrine


By Sean M. Weiss, CHC, CMCO, CPMA, CMPE, CEMA, CMPE, CPC-P, CPC, CMOM, CMC, CMIS, Partner and Vice President of Compliance / DoctorsManagement, LLC

Sean Weiss Headshot
Call Us (800) 635-4040