10.4 Coding Audits, Monitoring, and Corrective Action

Audits That Improve the System

Domain 4 lists coding audits as a core revenue integrity activity. A coding audit is valuable only when it answers a defined question, uses consistent criteria, reports findings clearly, and drives corrective action that reduces future error. The Office of Inspector General (OIG) Compliance Program Guidance for hospitals expects organizations to conduct a baseline audit and then periodic (often annual) audits as part of an effective compliance program — auditing is not optional window dressing.

Sample Type Determines What You Can Claim

The single most-tested audit concept is the difference between sample types, because it controls how findings may be interpreted:

• Random / statistically valid sample (RAT-STATS style) — estimates overall coding accuracy and supports extrapolation of an error rate. Used for baseline and probe-and-extend overpayment estimates.
• Targeted / focused sample — deliberately selects a high-risk area (a code family, a new service, a specific coder, a denial pattern). It finds risk efficiently but cannot be generalized to the whole population.
• Prebill (concurrent) vs. retrospective (post-bill) — prebill prevents the error from reaching the claim; retrospective triggers correction, rebilling, or refund obligations.

Measuring Accuracy

Accuracy can be expressed several ways, and the exam may probe which to use: per-code accuracy (correct codes ÷ total codes), per-record (chart) accuracy (records with no error ÷ total records — a stricter measure), and DRG/APC accuracy (correctly assigned groupings). A common benchmark target organizations set is roughly 95% coding accuracy, though the standard is policy-defined, not a fixed AHIMA rule. Always report the denominator so the rate is reproducible.

Corrective Action Must Match the Cause

A finding does not always mean a coder needs retraining:

• Missing specificity → provider education and CDI query workflow, not coder discipline.
• Wrong system edit → IT and revenue integrity update the logic.
• Changed payer policy → billing/coding issue a new work instruction.
• Unsupported billing already submitted → compliance reviews correction, rebilling, and refund obligations (see the 60-day rule in 10.6).

Results need a communication plan: detailed enough to improve performance, but never shaming. Individual feedback fits coder coaching; aggregated trends fit provider education and committee reporting; compliance-sensitive findings follow approved channels.

A Practical Follow-Up Cycle

1. Validate the finding and resolve disagreements.
2. Classify root cause: documentation, coding, query, system, charge, payer, education.
3. Correct affected accounts when policy requires.
4. Educate the responsible group.
5. Update policy, edits, templates, or workflows.
6. Reaudit to confirm the error rate improved.

On the exam, reject answers that stop at measuring accuracy — measurement without corrective action does not improve revenue integrity — and reject answers that make payment the only outcome. Coding audits protect claims, quality data, compliance posture, and decision-making.

A Worked Audit-Interpretation Example

Leadership reports "our audit found 96% accuracy, so we're fine." The RHIA must ask three questions before accepting that number. First, what is the denominator? 96% per code (only 4 of every 100 codes wrong) is very different from 96% per record (4 of every 100 charts had at least one error), which in turn differs from DRG accuracy (did the error change the payment group?). A chart-level error that never moves the DRG has a different financial weight than one that does.

Second, what sample produced it? If it was a targeted probe of a known-risky code family, 96% cannot be claimed as the organization's overall accuracy — targeted findings do not generalize. Third, what is the error pattern? Ten random errors across ten coders is a different problem from ten identical errors by one coder or one provider. Reporting a bare percentage without denominator, sample type, and pattern is the trap; a defensible audit always states all three.

Sequencing Corrective Action and Refunds

When a retrospective audit finds that paid claims were overcoded, measurement is only step one. The RHIA must classify the cause, correct the affected accounts, and — critically — route confirmed overpayments to compliance for refund review under the 60-day rule (covered in 10.6). An audit that quietly notes overpayments without correcting and refunding them does not protect the organization; it manufactures retained-overpayment exposure. This is why "measure and file the report" is always a wrong answer: the loop must close with account correction, education, system or policy fixes, and a reaudit that proves the error rate fell.

Communicating Findings Without Defensiveness

Audit results need a deliberate communication plan. Individual, private feedback fits coder coaching and skill-building. Aggregated, de-identified trends fit provider education and committee reporting. Compliance-sensitive findings follow approved confidential channels rather than open meetings. The goal is behavior change, not blame — an audit program that staff experience as punitive drives defensive coding and underreporting, which undermines the very accuracy it is meant to improve.

The best RHIA answer is disciplined and traceable: define the audit, apply official criteria, trend the findings, correct accounts, fix the cause, and reaudit.