Check Yourself: Internal Revenue Cycle Audits Gain Importance

By Mary Butler

Being told “there’s going to be an audit” triggers a fight or flight reaction of sorts. Visions of G-men in suits and ties, ominously wielding briefcases and calculators, spring to mind before the bearer of the bad news can clarify the context or minimize the impact. Health information management (HIM) leaders must keep this in mind when they tell their staff a revenue cycle audit is in their future.

When Tammy Ree, RHIT, CCS-P, PCS, CHC, CPC, senior HIM consultant at UASI, worked as an external HIM auditor, it was corporate policy not to use the word “audit” when they went on-site. Instead, they simply said they were doing a “review and assessment” to counter the defensiveness that kicks in at the onset of an audit.

“If I were to come in automatically in a power suit saying ‘We’re here to audit you,’ who’s going to open their door to me? Would you? But if I came in wearing a sweater and a skirt and say ‘I’m here to assess and review and to provide education,’ do you think you’d be more open?” Ree says.

Yet, providers would be foolish not to interrogate the processes and procedures that feed into the revenue cycle. According to a 2017 Change Healthcare report, more than $262 billion in claims are initially denied every year due to insufficient clinical information.1 What’s more, denials totaling $28 billion were directly linked to a lack of clinical documentation, according to the report. Appealing denials is not without its own costs, either. The success rate for claim denial appeals dropped from a median of 56 percent to 45 percent for private payers, and from 51 percent to 41 percent for Medicaid in the past two years, according to an American Hospital Association study.2 This shows that its best to be proactive with internal audits in order to head off denials before the bill goes out the door.

Touching nearly every aspect of a healthcare operation, a revenue cycle’s audit program likely would include checks on authorizations and referrals, insurance verification and assignment, charging, coding, claims submission, accounts receivable, write-offs, payments and adjustments, and other areas. Audits help identify where education is needed among staff and helps HIM professionals get ahead of the curve on things that external auditors are looking for. The goal is to have fewer disputes and appeals to deal with on the back end and get out in front of external audits—the internal audits are done to help find gaps and holes in the revenue cycle. As external quality, billing, and coding audits continue to increase from payers and regulators, such as Medicare’s Recovery Audit Contractors (RACs), the need for a thorough internal audit program has never been greater for healthcare providers. The revenue cycle needs to be operating efficiently if an organization wants to ensure its financial viability. An audit should examine nearly every aspect of a healthcare operation, both before a claim is dropped and retrospectively, experts recommend.

Self-audits “can also help reduce fraud and other improper payments, improve patient care, lessen chances of an outside audit, and create a robust culture of compliance,” notes Stacy Upton, RHIT, CCS, quality assurance manager at TrustHCS.

She adds that because ICD-10-CM/PCS and CPT, including evaluation and management, coding is always evolving it can be difficult to stay current on all the guidelines and Coding Clinic publications—plus, coding professionals routinely indicate a lack of time to stay on top of guidelines due to productivity demands and because of time spent on discharge not final billed (DNFB) accounts. Audits don’t just protect revenue, they also can pinpoint problems in an electronic health record (EHR), encourage strong communication between coding and clinical documentation improvement (CDI) staff, and inform the development of internal processes and procedures to ensure accurate and consistent coding.

Due to their clinical documentation and billing expertise, HIM professionals are ideal candidates to lead these wide-reaching revenue cycle audits. They know best which charts to pull for an audit and have the best sense of which DRGs, CCs, and MCCs result in the most denials. HIM also understands how errors at the start of an encounter at the registration desk can trickle down into the clinical documents and, eventually, the bill.

Internal audits don’t stop within the HIM department, but should be conducted throughout the entire revenue cycle. Areas of the revenue cycle that should be audited internally include coding and claims submission, CDI processes (review to ensure documentation is at the highest quality level to support claims), overall data quality and integrity (start with how many duplicates there are in the master patient index since this affects everything in the record downstream), and document management and release of information (anything feeding into the EHR needs to have its documentation quality checked).

This article checks in with HIM auditing experts on internal audit best practices before and after a bill goes out the door, the role of CDI and data analytics, aspects of a strong audit program, and how to get team members on board.

Coding as the First Line of Defense

As much as it might seem obvious, the best way for a provider to protect itself from denials and ensure its compliance with regulations is to audit its coding practices.

Felisha Bochantin, MS, CPC, CPCH, CPC-I, a population health analyst at 3M who has also worked extensively as a coder and coding auditor, says she still sees far too many coding mistakes, either due to bad habits, out of date coding software, or a lack of ICD-10 training.

“From a training perspective I’m not sure the totality of the industry got what they needed. I’ve done some post-payment audits recently and I’ve seen a lot of codes that were miscoded based on documentation in the medical record—a lot of retrospective payment data that’s less than desirable,” Bochantin says. “They’re not capitalizing on money that’s on the table because they’re either not able to decipher what’s in the medical record, or they’re not able to decipher or extrapolate that data into working measures. So I think training is always key.”

Bochantin says that progressive, proactive providers ask themselves whether they have weaknesses in AP-DRG and MS-DRG coding, or codes that are crucial to value-based care. Or, for example, they know they need to take a closer look at charts for every patient with septicemia in order to drill down into every payer classification to see if it was coded appropriately—reviewing the secondary and tertiary diagnoses and whether they were coded accurately.

Of course, close collaboration between coding departments and CDI teams is one of the best ways a provider can help ensure their coding is up to snuff.

“When I first started working 28 years ago, the revenue cycle started at the point of scheduling. Now it really starts at the point of care when the patient walks in the door and the provider starts charging for all that they’re doing for them,” Ree says. “What I see CDI as is the body of people that help support medical necessity and that gets the detail into the record so we can code it accurately for appropriate payment.”

For years, physicians have been underpaid for services they’re providing because they don’t write it all down, Ree says. CDI is a key part of changing that. “The downside that I see consistently across the board is that CDI and coding [staff] do not talk to each other,” Ree says. “What I’ve seen work really well is when CDI and coding meet, however frequently they need to, to talk through some of the difficult issues, to talk through some of the DRG issues, to talk through medical necessity in relation to the coding process versus the medical process.”

Communication between coding and CDI teams doesn’t just need to be face-to-face—some facilities are forging effective communication by having coding and CDI communicate through a shared software platform. That’s one element of the process Rochester Regional Health used when it implemented a process improvement program focused on decreasing payer denials for five key diagnosis codes—sepsis, acute respiratory failure, encephalopathy, acute kidney injury, and malnutrition.

The process at Rochester was led by Judy Kelly, MS, RHIA, CCS, CCS-P, CHDA, CPHI, senior director of HIM; Karen Linder, BS, RHIA, CCS, CCS-P, CHDA, coding director; and Kalena Britt, BSN, RN, CCM, CCDS, director of CDI—all of whom were acting in response to their facility’s chief financial officer who wanted answers as to why the health system was seeing so many denials. In addition to RAC audits, commercial payers had begun aggressive chart audits leading to an increase in denials. And whereas RAC audits limited the number of charts they requested and the DRGs they looked at, commercial payer audits were much broader and engaged in “unfettered denials activity,” Judy Kelly says. The coding and CDI teams knew it would be too difficult to study every denial and the reasons for it, so they selected inpatient diagnoses that had the highest financial impact and worked to reverse the tide.

Their process for tackling denials was multi-pronged and included forming an interdisciplinary team, reassessing all of their payer contracts, standardizing the denial tracking process, implementing software to raise awareness of internal red flags; and retraining mailroom, business office, and HIM staff to prevent missed deadlines and communications with payers.

Judy Kelly says that when she, Linder, and Britt started their denials management program, they thought the core problem was coding. In actuality, they ultimately realized it wasn’t just coding—it was about validating the codes with a “supercharged” CDI team. When they looked back at their denials, claims weren’t denied because they were coded incorrectly, they were being denied because there wasn’t enough clinical documentation to support the diagnosis. This led to much closer collaboration between coding teams and CDI teams.

The two teams met frequently to discuss process flow maps, physician performance, DRG mismatch trends, denial trends and case examples, and opportunities to provide service line training to the hospital departments affected by the new focus on the five diagnosis codes. They utilized health system consensus clinical criteria that was developed by the physician advisor team about what needed to be documented for validation of each of the five diagnosis codes. The CDI team began writing clinical validation queries to physicians—a step physicians hadn’t seen before. CDI and coding teams created notes on a shared software platform so that coding and CDI teams could interact on cases and determine when diagnoses were clinically valid.

“I went through many of our facilities and talked about the consensus criteria we use for those five big diagnoses, what a clinical validation query was. I emphasized that we’re not questioning their judgement, we just need what’s in their [doctors’] brains to be put on paper because we’re getting a lot of denials based on those diagnoses,” Britt explains.

The shared software program does an excellent job of showing, from the coding team’s perspective, what the CDI team is doing on the clinical validation side, according to Rochester staff. It provides the sense that all parties are closing the feedback loop.

“We still have coding audits for stated purposes. But I guess I’ll say once again this is well beyond coding,” Judy Kelly says. “Even when I have a coding audit, it’s going to be by a person with a coding background usually, maybe a nurse, but they can only code what’s in the record.”

Auditing the Whole Cycle

How a chart is coded and documented is the part of the billing process that brings in reimbursement, but money can be lost at many parts of a patient’s encounter, including registration, which encompasses validating a patient’s identity and their insurance information.

“I think it’s good to have an overall process review,” Ree says. “Just to have someone come in and work through your entire revenue cycle to see if there’s any breakdowns in communications or policies or procedures that may or may not exist. That means making sure that the insurance is entered correctly, which sometimes doesn’t get done and you’re essentially giving away free services.”

Even if a HIM director doesn’t directly oversee the registration or billing areas, they can still collaborate with other leaders to shepherd an end-to-end audit along from a project management perspective. A good audit also includes checking for coding accuracy, physician documentation, and checking to see that the chargemaster has been set up correctly. Internal audits can also use the US Department of Health and Human Services’ Office of Inspector General (OIG) work plan to guide their focus. The OIG work plan can offer clues about which data sets Medicare and Medicaid auditors will be paying attention to.

“When you have a topic it’s easy to go and say, ‘Run me a bunch of data on this particular code set and let’s see if we have any outliers or issues.’ Then you sample that and do your reviews. I think with data analytics you can get much more detailed down into the data,” Ree says. But, she cautions, “when I say data analytics from an auditing perspective, I think it’s useful once you identify an issue to drill down into what’s going on. I don’t think it’s useful using it to understand on a broad spectrum where you may have issues. From a quality perspective I think differently. The more detailed data you have you can better understand the quality of the care you’re providing.”

Audits are useless unless they’re repeated, meaning internal audits should be routinely scheduled and planned at intervals, experts say. “I think a good internal audit program is one of the most critical things in an HIM department,” says Cassandra Kelly, RHIA, vice president of client services and operations at Mindseeker. “There needs to be ongoing, regularly scheduled audits, regularly scheduled feedback with coders and auditors working hand in hand. There has to be open communication in the relationship—that’s something that the most successful audits have. Mutual respect between auditor and coder. That’s critical.”

According to Cassandra Kelly, to do the most thorough audit even the auditors should be audited.

“Many times, facilities overlook auditing the auditors. I think that knowing that your audit team is doing the job that they should be, you want to make sure they’re doing accurate work. If you have auditors that are not performing top notch audits on your coders, then it kind of defeats the purpose of auditing your coders within an organization,” Cassandra Kelly says.

Engaging Auditees

When an organization determines that an internal audit is necessary, Bochantin recommends outlining a clear set of standard operating procedures—including details such as who on the HIM staff will oversee them, the number and types of charts that will be scrutinized, and an outline of expectations.

To get staff engaged with an audit, two conversations need to take place, according to Bochantin—one with coding professionals and other HIM staff and one with physicians. Coding professionals should understand that compliance is in their job description—it comes with the territory. Bochantin recommends emphasizing this fact at the start of an audit. They should expect coding audits to come as often as on a quarterly or monthly basis. Physicians need to be told that audits are important to verify that quality care is being delivered and help understand how much money is being left on the table due to inadequate reimbursement. Physicians often have a harder time understanding that more training is needed on an ongoing basis.

Ree says that whether she’s conducting an internal audit or an external audit, she uses the same approach.

“I still try to understand emotionally what’s going on at the facility—what are they concerned about? I always go to the client and say, ‘Are we doing this review to discover opportunities for education, to discover opportunities to improve process, or will this be used in a punitive nature?’” Ree says. “What I’ve found especially when you audit coders or CDI people, if you’re going into the audit and they have a feeling they’re going to get in trouble if they have errors, their defense is automatically up, they won’t like you, they won’t listen to you. But if you go in and say, ‘There are no punitive damages that will occur because of it, it’s an opportunity to find out what’s going on, to improve processes and patient care,’ then people buy into it more.”


  1. Change Healthcare. “Change Healthcare Healthy Hospital Revenue Cycle Index.” June 26, 2017.
  2. American Hospital Association. “Regulatory Overload Report.”

Mary Butler ( is associate editor at the Journal of AHIMA.

Article citation:
Butler, Mary. “Check Yourself—Internal Revenue Cycle Audits Gain Importance.” Journal of AHIMA 90, no. 3 (March 2019): 12–15.