External Audits and Compliance Preparation

Audit Sources and the Coder's Role

External audits come from many directions: Medicare's Recovery Audit Contractors (RACs), Medicare Administrative Contractors (MACs), the OIG and its annual Work Plan, Comprehensive Error Rate Testing (CERT), commercial payers, and accreditation-related reviews. The exact process varies, but the coder's compliance role is constant: support accurate records, locate documentation, explain the coding rationale, and follow policy.

Audit preparation is not a last-minute effort to make a record look better. A coder must never alter documentation, add a missing provider statement, delete inconvenient information, or backdate a correction — these acts can convert a coding error into fraud. When an error is found, it is handled through the organization's correction and rebilling process, which may include refunding overpayments.

What to Assemble for an Audit

Useful support includes the final codes, the claim and remittance detail, relevant provider notes, operative reports, orders, results, the discharge summary, query documents, cited official guideline references, payer policy references when applicable, and a written explanation of why each code was selected.

Internal Monitoring (Before the Auditor Arrives)

A strong compliance program audits itself first. The CCA exam treats internal review as proactive, not punitive.

Responding to Findings

Every finding gets a root-cause analysis. A one-off mistake may need only a single correction; a pattern may require provider education, coder education, CDM updates, workflow change, or a focused re-audit. For CCA questions, choose the answer that is transparent and policy-based. Do not ignore the request, destroy or withhold records, change codes without review, or discuss patient details outside approved channels. Compliance preparation is about proving accuracy or correcting errors honestly — not defending every claim at all costs.

Know the Auditors by Name

The CCA exam can name a specific reviewer and expect you to know its purpose. You do not need program minutiae, but you should recognize the role.

The Seven Elements of a Compliance Program

The OIG model compliance program — the framework the exam's "compliance program" questions assume — rests on seven elements: written policies and a code of conduct; a designated compliance officer/committee; effective training and education; open lines of communication (such as an anonymous hotline); internal auditing and monitoring; well-publicized disciplinary standards; and prompt corrective action on detected problems. A coder contributes most directly to the auditing/monitoring and corrective-action elements.

A Defensible Response Step by Step

1. Acknowledge the request promptly and within any stated deadline.
2. Gather the existing record: codes, claim and remittance data, controlling reports, queries, and guideline citations.
3. Explain the coding rationale in writing — which guideline and which documentation supported each code.
4. Do not alter anything: no rewritten notes, no backdated corrections, no omitted conflicting pages.
5. Correct verified errors through the formal correction and rebilling process, refunding overpayments as policy requires.
6. Analyze root cause and route systemic findings to education, CDM updates, or a focused re-audit.

The through-line for every CCA audit item is honesty plus process. The wrong answers tempt you to hide, alter, destroy, or stonewall; the right answer produces the existing documentation, explains the reasoning, and fixes verified mistakes through approved channels.

Prepayment vs Postpayment, and What It Means for You

Reviews come in two timing flavors, and the exam may distinguish them. A prepayment review holds the claim and requests records before payment, so a complete, well-organized record submitted on time directly determines whether the claim is paid. A postpayment review examines claims already paid and can result in a recoupment demand if the documentation does not support what was billed; here the coder's audit support and any required correction or refund come into play. Either way, the deliverable is the same: the existing record, the coding rationale, and honest correction of verified errors.

Turning One Audit Into Lasting Improvement

The highest-value exam answer in this section is almost always the one that converts findings into prevention. A single mis-sequenced claim warrants a correction; a pattern of the same error warrants root-cause analysis, targeted coder or provider education, a CDM or workflow fix, and a focused re-audit to confirm the fix worked. Findings limited to the billing office, ignored until the next audit, or used to reflexively rewrite policy after every denial all fail this standard. A mature compliance program closes the loop: detect, analyze, correct, educate, monitor.

For the CCA, internalize that audit readiness is not an event you scramble for — it is the byproduct of coding defensibly every day, keeping documentation and rationale traceable, and never altering a record to make a claim look better than the care that was documented.