National Audit Guidelines

National Health Care Billing Audit Guidelines

AAMAS Disclaimer

AAMAS recognizes that due to the age of this document it may contain references to outdated manuals and forms. AAMAS is proactively leading an effort to update these guidelines and hopes to have a newly revised version available for publication in the very near future. That version, which you may read by clicking here, will be fully coordinated with all interested parties.


These guidelines are for audits that relate to the documentation or support of charges included in or omitted from a bill. Billing audits and therefore these guidelines do not address questions concerning: the level or scope of care, medical necessity, or the pricing structure of items or services delivered by providers. Providers and payers should have qualified personnel and mechanisms in place to deal with these issues


Audit log: An historical record kept by a payer or provider that records the audit experience related to particular party.

Bill: Any document that represents a provider’s request for payment. (Also referred to as invoice or claim.)

Billing audit: A process to determine whether data in a provider’s health record, and/or by appropriate and referenced medical policies, documents or support services listed on a provider’s bill. Providers conduct such audits either through an internal control process or by hiring and external audit firm. (These audits can be conducted on a retrospective or concurrent basis and commonly are referred to as revenue recovery audit.) Also, third party payers conduct billing audits through their employees or their agents. (Also known as chart audit or charge review.)

Concurrent Audit: a billing audit conducted before the issuance of an interim or final bill.

Retrospective Audit: a billing audit conducted after the issuance of an interim or final bill.

Health record: A compilation of data supporting and describing an individual’s health care encounter including data on diagnoses, treatment, and outcomes. (Formerly known as medical record or clinical record.)

Unbilled charges: The volume of services indicated on a bill is less than the volume identified in a provider’s health record documentation. (Also known as under charges.)

Unsupported or undocumented charges: The volume of services indicated on a bill exceeds the total volume identified in a provider’s health record documentation. (Also known as overcharges.)

Qualifications of Auditors and Audit Coordinators

All persons performing billing audits as well as persons functioning as provider audit coordinators should have appropriate knowledge, experience, and/or expertise in a number of areas of health care including, but not limited to the following areas:

  • Format and content of the health record as well as other forms of medical/clinical documentation.
  • Generally accepted auditing principles and practices as they may apply to billing audits.
  • Coding, including ICD-10-CM, CPT, HCPCS, and medical terminology
  • Billing claims forms, including the UB-04, the HCFA 1500 and charging and billing procedures
  • All state and federal regulations concerning the use, disclosure, and confidentiality of all patient records
  • Specific critical care units, specialty areas, and/or ancillary unity involved in a particular audit

Providers or payers who encounter audit personnel who do not meet these qualifications should immediately contact the auditor’s firm or sponsoring party.

Audit personnel should be able to work with a variety of healthcare personnel and patients. They should always conduct themselves in an acceptable, professional manner and adhere to ethical standards, confidentiality requirements, and objectivity. They should completely document their findings and problems.

The auditor must document all unsupported or unbilled charges identified in the course of an audit in the audit report. Individual audit personnel should not be placed in a situation through their remuneration, benefits, contingency fee, or other instructions that would call their findings into question. In other words, compensation of audit personnel should be structured so that it does not create any incentives to produce questionable audit findings. Providers or payers who encounter an individual who appears to be involved in a conflict of interest should contact the appropriate management of the sponsoring organization.

Notification of Audit

Payers and providers should make every effort to resolve billing inquiries directly. To support this process, the name and contact telephone number (and/or facsimile number) of each payer or provider representative should be exchanged no later than the time of billing for a provider and the point of first inquiry by a payer.

If a satisfactory resolution of the questions surrounding the bill is not achieved by payer and provider representatives, then a full audit process may be initiated by the payer.

Generally, billing audits require documentation from or review of a patient’s health record and other similar medical/clinical documentation. Health records exist primarily to ensure continuity of care for a patient; therefore, the use of a patient’s health record for an audit must be secondary to it’s use in patient care.

To alleviate the potential conflict with clinical uses of the health record and to reduce the cost of conducting a necessary audit, all payer-billing audits should begin with a notification to the provider of intent to audit. Notification should occur no later than twelve months after receipt of the final bill. Once notified, the provider shall respond to the qualified billing auditor within one month with a schedule for the conduct of the audit. When there is a substantial and continuing relationship between a payerand a provider, this relationship may warrant a notification period other than twelve months. Both parties should attempt to complete the audit process as soon as possible after such a notification.

Providers should conduct concurrent reviews of their bills before issuing bills to a payer. Provider retrospective audits should occur within twelve months of billing. All requests for audits, whether telephonically, electronic, or written should include the following information:

  • The basis of the payer’s intent to conduct an audit on a particular bill or group of bills. (When the intent is to audit only specific charges or portions of the bill(s) this information should be included in the notification request.)
  • Name of patient; birth date; date of admission and discharge, or first and last dates of service; provider’s account number and, patient’s coverage (payer’s) number
  • Name of auditor and the name of the audit firm
  • Whom to contact at the payer institution and, if applicable, at the agent institution to discuss this request and schedule the audit

Auditors should conduct audits at a provider’s site unless otherwise agreed. On-site audits prevent unnecessary photocopying of the health records and better ensure confidentiality of the records. In addition, on-site reviews encourage or promote mutual understanding of the records and afford both parties the opportunity to quickly and efficiently handle questions that may arise.

Some audits cannot be conducted on-site. Therefore, a provider may choose to allow individual, reasonable requests for off-site audits. Such off-site audits should conform in all respects to the guidelines for billing audits set forth in this document, adjusting how the guidelines are met to recognize that the auditors are not on-site. Under some circumstances providers may charge auditors a reasonable fee to cover photocopying and other costs associated with an off-site audit.

Unless otherwise agreed, auditors should make a request for an audit with providers at least 21 calendar days before the desired time for and audit. Providers should respond to such a request within one monthof the request and schedule the audit on a mutually agreed date and time not later than 90 days post request. Providers who cannot accommodate an audit request that conforms to these guidelines should explain why the request cannot be met by the provider in a reasonable period of time. Auditors should group audits to increase efficiency whenever possible.

If a provider believes an auditor will have problems addressing records, the provider should notify the auditor prior to the scheduled date of audit. Providers should supply the auditor/payer with any information that could affect the efficiency of the audit once the auditor is on-site.

Provider Audit Coordinators

Providers should designate an individual to coordinate all billing audit activities. An audit coordinator should have the same qualifications as an auditor. (See pp.3-4, Qualifications of Auditors and Audit Coordinators.)

Duties of an audit coordinator included, but are not limited to, the following areas:

  • Scheduling an audit
  • Advising other provider personnel/departments of a pending audit
  • Ensuring that an informed consent for the release of health information has been obtained
  • Gathering the necessary documents for the audit
  • Coordinating auditor requests for information, space in which to conduct an audit, and access to records and provider personnel
  • Orienting auditors to hospital audit procedures, record documentation conventions, and billing practices
  • Acting as a liaison between the auditor and other hospital personnel
  • Conducting an exit interview with the auditor to answer questions and review findings
  • Reviewing the auditor’s final written report and following up on any charges still in dispute
  • Arranging for payment as applicable
  • Arranging for any required adjustment to bills or refunds

Conditions and Scheduling of Audits

In order to have a fair, efficient, and effective audit process, providers and payer auditors should adhere to the following recommendations:

  1. Whatever the original intended purpose of the billing audit, all parties should agree to recognize, record or present any identified unsupported or unbilled charges discovered by the audit parties.
  2. Late billing should not be precluded by the scheduling of an audit.
  3. The parties involved in the audit should mutually agree to set and adhere to a predetermined time frame for the resolution of any discrepancies, questions, or errors that surface in the audit.
  4. An exit conference and a written report should be part of each audit. If the provider waives the exit conference, the auditor should note that action in the written report. The specific content of the final report should be restricted to those parties involved in the audit.
  5. The provider has 60 days to contest all findings, otherwise the audit shall be considered finalized.
  6. Once both parties agree to the audit findings, audit results are final.
  7. All personnel involved should maintain a professional courteous manner and resolve all misunderstandings amicably.
  8. At times, the audit will note ongoing problems either with the billing or documentation process. When this situation occurs, and it cannot be corrected as part of the exit process, the management of the provider or payer organization should be contacted to identify the situation and take appropriate steps to resolve the identified problem. Parties to an audit should eliminate on-going problems or questions whenever possible as part of the audit process.

Confidentiality and Authorization

All parties to a billing audit must comply with federal and state laws and contractual agreements regarding the confidentiality of patient information. All payer, audit, and provider organizations conducting or involved with billing audits should have provisions in their codes of ethics outlining their obligation to protect the confidentiality of patient information. In addition, these organizations should have explicit policies and procedures protecting the confidentiality of all patient information in their possession and disposal of this information.

The release of medical records requires authorization from the patient. Such authorization shall be provided for in the condition or admission or equivalent statement procured by the hospital upon admission of the patient. If no such statement is obtained, an authorization for a billing audit shall be required. Authorization need not be specific to the insurer or auditor conducting the audit.

Such authorization should be obtained by the billing audit firm or payer and shall include at least the following information:

  • Patient’s full name, address, and date of birth
  • Purpose for releasing/obtaining the information
  • Date that consent is signed
  • Signature of patient or legal representative

A patient’s assignment of benefits shall include a presumption of authorization to review records. The audit coordinator or medical records representative shall confirm for the audit representative that a condition of admission statement is available for the particular audit that needs scheduling.

The provider will inform the requester, on a timely basis, if there are any federal or state laws prohibiting or restricting review of the medical record and if there are institutional confidentiality policies and procedures affecting the review. These institutional confidentiality policies shall not be specifically oriented in order to delay an onsite audit.


Verification of charges will include the investigation of whether or not:

  • Services were delivered by the institution in compliance with the Physician’s plan of treatment (in appropriate situations, professional staff may provide supplies or follow procedures that are in accordance with established institutional policies, procedures include items that are specifically documented in a record but are referenced in medical or clinical policies. All such policies should be reviewed, approved, and documented as required by the Joint Commission Accreditation of Healthcare Organizations or other accreditation agencies. Policies should be available for review to the auditor.)
  • Services are documented in health or other appropriate records as having been rendered to the patient
  • Charges are reported on the bill accurately

The health record documents clinical data on diagnoses, treatments and outcomes. It was not designed to be a billing document. A patient health record generally documents pertinent information related to care. The health record may not back up each individual charge on the patient bill. Other signed documentation for services provided to the patient may exist within the provider’s ancillary departments in the form of department treatment logs, daily charges records, individual service/order tickets, and other documents.

Auditors may have to review a number of other documents to determine valid charges. Auditors must recognize that these sources of information are accepted as reasonable evidence that the services ordered by the physician were actually provided to the patient. Providers must ensure that proper policies and procedures exist to specify what documentation and authorization must be in the health record and in the ancillary records and/or logs. These procedures document that services have been properly ordered for and delivered to patients. When sources other than the health record are providing such documentation, the provider should make those sources available to the auditor.

Fees and Payments

Payment of a bill should be made promptly and should not be delayed by an audit process. Payment on a submitted bill from a third-party payer should be based on amounts billed and covered by the patient’s benefit plan.

A payment of 95% of the insurance liability shall be an acceptable amount prior to the scheduling of an audit. Based on 95% of payment by the payer, all hospital audit fees shall be waived. A payment of less than 95% is appropriate when state and federal regulations apply.

Any payment identified in the audit results that is owed to either party by the other should be settled by the audit parties within a reasonable period of time, not to exceed 30 days after the audit unless the two parties agree otherwise.


We welcome new members interested in this rewarding field of healthcare financial auditing. Gain access to research, networking with other audit professionals, and ongoing education.

Memberships are based on a calendar year, January 1 through December 31.

Renew your membership!

Member Login