Highlights of the General Audit Process

General Audit Process

Typically, a letter announcing the intention of an audit is sent to the company.  However, I have experienced where State Agents came directly into a clinic and started the investigation immediately on premises.  In this case, the investigation was based on a complaint issued to the State Medicaid agency.  Having Federal and State Agents come directly to a company, without notice, is rare but not unheard of.  Articles on the Department of Justice (DOJ) website have shown that the Federal government has conducted these types of investigations, when warranted.

 The letter will indicate the scope of the general audit process:

  • It could be an audit of specific providers or patient accounts, or they could ask for a ‘universe’ of data (e.g., the universe could be a list of all visits conducted in the last 12 months)
    • From the universe data, the health plan will select certain providers/cases/dates of service to audit
  • The health plan will ask for specific information (e.g., copy of visit note documentation, copy of the printout of a 1500 claim form for each service being audited, copy of contracts/agreements with providers or vendors (who work with their member/patient Protected Health Information (PHI)), evidence that all individuals who had access to PHI/patient account/provider information had proper compliance, HIPAA privacy & security training, copies of policies and procedures pertinent to the audit)
  • The health plan will examine the documentation provided.  They may come back with audit findings or can ask for more information
  • If errors are found in the audit, the health plan can issue:
    • An audit finding letter with a summary of the issues  
    • CAR (Corrective Action Required)/CAPs (Corrective Action Plans) for each area that did not pass the audit
      • The health plan will require that the company:
        • Conduct a Root Cause Analysis
        • Provide a plan to mitigate the issues (e.g., Quality Improvement Plan)
        • Provide a target date of when the corrective action will be fully implemented
        • Indicate the name of the person at company responsible for ensuring compliance with the CAP
    • ICAR (Immediate Corrective Action Required) – these are usually significant findings and must be resolved immediately
    • There are a couple of less significant audit findings (Observation Requiring Corrective Action & Observation) that will need attention and will stay on the health plan’s radar for the next audit cycle, to ensure the company has corrected the issue 

Ongoing infractions or egregious infractions could lead to termination of the contract with the health plan and further reporting to government agencies, as required.

During the Pandemic, onsite audits were discontinued, and online audits (aka webinars) were conducted instead.  There are ways in which a health plan can have access into a company’s system to review data or processes.  

Stay tuned for the next post which will highlight Access into Systems.


Leave a Reply

Your email address will not be published. Required fields are marked *

Skip to content