Okay so you’ve had an audit, now what?

Written By Marlisa Coloso, RHIA, CRCR, CCS

What to Do If a Provider Fails a Regulatory Audit

If a healthcare provider is found non-compliant during a regulatory audit, immediate, thoughtful action is essential. Here's a practical roadmap to limit risk and begin resolving the issues:

1. Review and Validate the Findings

Start by carefully reviewing the audit results. Make sure you fully understand each finding. Independent verification by your coding or compliance team—or an external auditor—is crucial. Sometimes, audit errors occur, or proper clinical judgment may justify certain coding decisions.

2. Appeal If Appropriate

If you disagree with any findings, you typically have 30–45 days to file an appeal or rebuttal. Your response should:

  • Clearly state why you dispute the findings.

  • Include supporting evidence (coding guidelines, medical records, etc.).

  • Be professional, fact-based, and concise.

  • Follow all agency-specific appeal instructions to the letter.

Then, wait for the agency’s decision.

3. Involve Legal and Compliance Experts

If findings are severe—such as potential fraud, HIPAA breaches, or overpayments—consult your legal and compliance teams early. They can guide you on disclosure obligations and risk mitigation strategies.

4. Create a Corrective Action Plan (CAP)

Your CAP should:

  • Address each non-compliance area directly.

  • Include clear deadlines.

  • Assign responsibility for action items.

  • Provide education or training to fix knowledge gaps.

  • Include monitoring to ensure long-term compliance, such as an internal auditing plan, which is a proactive compliance tool.

 5. Repay Overpayments or Settle Penalties

If overpayments are identified, act quickly to return funds. Delays can lead to added interest, penalties, or legal complications.

6. Implement Preventive Measures

Once the immediate issues are resolved, focus on prevention:

  • Strengthen internal controls.

  • Increase the frequency and scope of audits.

  • Adjust workflows or systems to catch future errors early.

7. Document Every Step

From internal reviews and meetings to training and policy updates, document everything. Regulators appreciate transparency and can see when a provider is genuinely committed to fixing and preventing problems.

STAR Medical Auditing Services is here to help you with your provider audits! Our after-audit Reports, Presentations, and Trends target the issues with compliance, incorrect coding, and documentation evaluation and help you prepare for next steps.

 

Marlisa Coloso, RHIA, CRCR, CCS

Marlisa brings to STAR over 30 years of Health Information Management (HIM) experience. She has worked as a HIM leader with major health organizations in Hawaii including HHSC Kauai and Maui Memorial Medical Center. As the Senior HIM Consultant, Marlisa is provides her expertise to help our clients achieve their goals and reach their full potential.

Next

Physician Buy-In Is Non-Negotiable for CDI Success