Skip to main content

Managing Today’s World of Audits

An audit is an unpleasant and perhaps inevitable fact of life in wound clinics, making it important to be organized in your response to CMS requests. Focusing on several types of audits, this author details preparing a response to an audit, and how to manage and monitor audit activity.

As a follow-up to the Today’s Wound Clinic article “Successfully Navigating Today’s World of Audits,” published in October 2019, this article will focus on how to monitor and manage those audits for which we have been subjected to through the various audit programs conducted by the Centers for Medicare and Medicaid Services (CMS).1  

It is important to note that as of this writing and under the 2019-Novel Coronavirus (COVID-19) Provider Burden Relief, CMS is suspending most Medicare Fee-For-Service (FFS) medical review activity during the Public Health Emergency (PHE) period. Nevertheless, it is important to understand how to best manage today’s world of audits, as this is just a temporary suspension and as CMS has noted in several updates, it may conduct medical reviews during or after the PHE if there is an indication of potential fraud.2 This suspension of medical review activity includes pre-payment medical reviews conducted by Medicare Administrative Contractors (MACs) under the Targeted Probe and Educate (TPE) program, and post-payment reviews conducted by the MACs, Supplemental Medical Review Contractor (SMRC) reviews and Recovery Audit Contractor (RAC).

CMS has reported that no additional documentation requests will be issued for the duration of the PHE for the COVID-19 pandemic. Targeted Probe and Educate reviews that were in process will be suspended and claims will be released and paid.2 Current post-payment MAC, SMRC, and RAC reviews will also be suspended and released from review.2 The temporary suspension is only for the duration of the PHE, hence the need to be sure that your audit monitoring program is well established. This downtime for reviews is a great opportunity to assess and update current audit monitoring programs or establish a solid audit monitoring program if one does not already exist.

How to Prepare a Proper Reply to an Audit

As we discussed in the previous article, audits are now an everyday activity and are now expected with some degree of regularity for the care provided to patients across all specialties. The first step in managing and monitoring any audit program or activity is to prepare a proper reply.  

A timely reply is absolutely paramount in responding to any documentation request, from any payer. Most audit programs’ additional documentation requests (ADR) include a very specific date or timeliness requirement for responding. Most allow 45 days from the date of the ADR or documentation request. A good general rule of thumb is to set a 30-day time limit to reply, thus allowing for preparation, mail or other submission related challenges. Remember to organize the documentation packet from beginning to end as it relates to the patient’s timeline of treatment. Numbering the pages in the documentation packet will further assist with communications conducted with the auditors during any follow up education provided through the TPE program or the Discussion & Education (D&E) option made available in the SMRC audit program.  

In order to best monitor the activity in any audit program, be sure to keep a complete copy of the documentation packet submitted to the contractor.  

Managing Audit Activity

It is suggested that a designated audit review or monitoring team be assembled by the hospital and/or provider or provider group practice. Many hospitals might include this type of team as part of their compliance department, health information management department, billing department or perhaps even a specific independent audit oversight team. There are a number of options for assembling this type of team. The formation of such a team becomes even more important in larger health systems, where a documentation request may bounce from one department to another before being properly addressed.  

The location, contact information, and purpose of this team should be regularly conveyed throughout the hospital or organization. There have been far too many denials issued that were directly related to either no reply to an ADR or a late, untimely reply to an ADR. The primary goal of this team is to receive, respond and track the outcome of all external audit activity. Some teams of this nature may also take on internal auditing responsibilities depending on the structure and size of the hospital or provider group practice. This type of team generally provides routine reporting on all audit activity to senior or executive leadership.  

This team or department should be well versed and up to date on the various audit programs, particularly those conducted by CMS. They should be aware of which services are being reviewed under each type. In addition to medical review activity that can be performed by any one of the MACs, there are generally three major types of CMS audits that are in progress at any given time. The three primary audit programs are the TPE, SMRC, and recovery audit program.  

TPE audit program. Under the TPE audit program, most MACs will publish on their respective websites, the specific services, under both Part A and Part B, that are currently being audited under this initiative. The TPE section on the MACs’ websites will also include information regarding how the TPE program works, what happens during the review and what action may be taken if error rates do not indicate improvement.3 It is also suggested that the specific departments who perform the services currently listed under the TPE list of services be notified that their services are likely to be audited. Those departments could be provided with documentation checklist and other resources to further ensure that they are capturing all of the needed documentation to successfully satisfy any audit request. Several MACs have included documentation checklist for certain services that are being audited.

For example, Novitas Solutions has documentation checklist published for over 30 types of services, including office and outpatient Evaluation & Management services with several more coming soon. Noridian also has a broad selection of documentation guidelines that are incredibly helpful when reviewing a department’s documentation and responding to an ADR.

Those checklists can be found at: and

SMRC audit program. In the SMRC audit program, there is but one contractor, Noridian Medicare Services. Noridian has a specific, well defined section for SMRC activity on its website which can be reviewed at this link: Once at this website, select the tab titled “Current Projects” for a list of services being audited under this initiative. This list will contain a project ID and a project title. For even more detailed information and to better support the departments within the hospital or provider group practice, select the project ID link for the background, reason for review, claim sample details as well as documentation requirements for the service being audited. References and resources are also included.  

While responding to audits can be burdensome and confusing, it is helpful that Noridian has published such detailed information as noted above under the Project ID link. Hyperbaric oxygen therapy (HBOT), for example, is listed under Project ID 01-020. For a look at the useful information and guidance related to coding, billing and documentation for this service, review the detailed information found at this link:
The SMRC website also includes information on the D&E period and contact information, which may both be needed by the audit monitoring or tracking team should the hospital or provider be engaged in a SMRC audit.

Recovery audit program. For the recovery audit program, the CMS website provides contact information for each of the 4 RACs as well as the durable medical equipment/home health/hospice RAC contractor. That information can be found at:

On each RACs website, there is a variety of information posted, including all CMS approved audit issues. In addition to the CMS approved audit issues, hospitals and providers may also check their claims review status, view review results, update contact information and export data.

Based on the wealth of information published under each of these three CMS audit programs, the audit monitoring team should be clear on the services possibly being audited and better able to educate their respective departments on documentation requirements and establishing medical necessity for the services they provide.

Monitoring Audit Activity

The audit monitoring team or department should track or monitor which types of services are being audited as well as the outcome and determine if an appeal is necessary for those with unfavorable findings or results. To accomplish this type of monitoring, there are several options or programs available and they range in varying degrees of sophistication and data collection.  

At the very least, the tracking tool should include the following elements:

• Who is requesting the documentation
• The date of the documentation request
• The type or origin of the request (i.e., TPE, SMRC, RAC)
• The specific patient(s) and date(s) of service being audited
• The CPT/HCPCS and ICD-10 codes
• Who is preparing the ADR documentation reply
• The preparer’s contact information (either email or phone number)
• The due date for the documentation reply
• The date the reply was submitted (also consider noting method or how the packet was submitted, such as mail, encrypted CD or MAC portal)

Follow-up information should also be included in the tracking or monitoring tool and would include:

• The outcome or results, such as favorable or unfavorable
• If unfavorable, will an appeal be filed if disagreeing with those findings

Supplemental notes or information that may also be included or possibly recorded in a separate system or tracking tool would include:

• Department specific education, including the general content of the education and date the education was conducted
• Provider specific education, including the general content of the education and date the education was conducted
• Follow audit requirements or activity to confirm noted improvement, by either the audit contractor or internal hospital or provider practice staff
• An escalation process in those instances without noted improvement, by either the audit contractor or internal hospital or provider practice staff. For example, in the TPE audit program, a hospital or provider will move on to an additional round of auditing (up to 3 rounds) if improvement is not noted
• Favorable findings that can be used as best practices for other departments or for other services

As noted earlier, there are a variety of ways to track audit activity. Be sure that the method, template, system or process used is easy to manage, provides all of the needed details and can identify trends. Also be sure what is used renders itself useful in educating the providers, clinicians, and staff that are all engaged in the patient’s care and the all-important documentation that completely and unequivocally captures the needed care that is rendered to your patients. It should also be secured and only accessible by the designated staff within the audit monitoring team or department with the appropriate oversight for this team’s function.   


From this comprehensive type of audit monitoring and tracking, hospitals and provider practices are more likely to note trends, both favorable and unfavorable, and address them in the timeliest manner possible. Necessary updates and education should be conducted as a result. Proactive education can also be conducted for other departments or services so that those areas may avoid audits or at least be successful if or when they do occur.
Continuous monitoring is essential in today’s healthcare world. It provides us with information for the areas that are in most need of education, support and possibly additional resources. A sound audit tracking or monitoring program will lead to reimbursement that won’t be recouped down the line.

Diane G. Weiss is the Vice President of Revenue Integrity & Education at RestorixHealth.


Diane Weiss, CPC, CPB, CHRI

1. Weiss DG. Successfully navigating today’s world of CMS audits. Today’s Wound Clinic. 2019; 13(10):22–25.
2. Centers for Medicare and Medicaid Services. 2019-Novel Coronavirus (COVID-19) Provider Burden Relief Frequently Asked Questions (FAQs). Published March 2020.
3. Noridian Medicare:

Back to Top