How to Audit a Medical Billing Process: A Step-by-Step Guide

A practical billing audit follows the claim from appointment booking to final payment, then shows where time, money, and control are leaking.

TL;DR

A medical billing audit is a structured review of how a clinic turns patient visits into clean claims, payments, denials, adjustments, and patient balances. The goal is not to inspect claims in isolation. A good audit follows the full claim journey, from appointment booking and eligibility checks to authorization, documentation, coding, submission, denial follow-up, payment posting, and patient billing.

The most useful audit starts with data, reviews a meaningful claim sample, traces each claim through the workflow, scores the main control points, and ends with an action plan. The sequence should be simple: Data Review -> Claim Sampling -> Intake Audit -> Authorization Audit -> Documentation Audit -> Coding Audit -> Claim Submission Audit -> Denial Audit -> Payment Posting Audit -> Patient Billing Audit -> Scorecard -> Action Plan.

Key Takeaways

• A billing audit should start with a specific question. A clinic may want to know why reimbursements are slow, why denials are rising, why AR over 90 days is growing, why patients are complaining about balances, or whether the billing process is ready for remote staffing or outsourced support.
• The audit should begin with data before reviewing individual claims. Denial rate, clean claim rate, rejection rate, charge lag, days in AR, AR over 60 or 90 days, payment posting lag, write-offs, and appeal success rate give the audit its first direction.
• The sample should include both successful and failed claims. Paid claims show what is working, denied claims show where the process breaks, and underpaid claims show whether the clinic is losing money even when payers do pay.
• The audit has to trace the full workflow. Intake, eligibility, authorization, documentation, coding, claim submission, payer response, payment posting, and patient billing should all be reviewed because the final denial or unpaid balance may be only the last visible symptom.
• The audit should end in action, not just findings. Every issue should lead to an owner, deadline, workflow fix, metric, expected result, and follow-up review date.

A Billing Audit Should Follow the Claim Journey

A clinic usually senses billing trouble before it can name the exact cause. Cash starts moving more slowly, AR over 90 days keeps growing, denials feel more frequent, patients call about balances they do not understand, providers complain about documentation queries, and the front desk feels buried under payer verification work.

The leak is hard to see because money rarely disappears in one obvious moment. It gets stuck in small places across the workflow: a rejected claim that nobody corrects the same day, an authorization number stored in an email instead of the billing system, a provider note signed three days late, a payer adjustment posted without underpayment review, or a patient balance sent before the account is ready.

This is where a medical billing audit becomes useful. A proper audit follows the claim from the first appointment detail to the final financial outcome. It asks whether the right payer was entered, whether eligibility was checked close enough to the date of service, whether authorization matched the service performed, whether the provider note supported the billed code, whether coding matched the medical record, whether the claim passed edits, whether the payer paid correctly, whether denials were worked on time, and whether the patient balance was handled clearly. The point is to understand how the claim moved, where it waited, and where the same mistake keeps returning.

The final symptom often appears far away from the original cause. A denial may appear in billing even though the problem began when the appointment was scheduled. An underpayment may appear during payment posting even though the issue sits in payer contract setup or adjustment logic.

A medical-necessity denial may look like a coding problem when the weaker point is provider documentation. A patient billing complaint may look like a collections issue when the balance was moved too early, explained poorly, or posted against the wrong responsibility. A good audit connects these points so the clinic can see the workflow, not just the account balance.

The external pressure has made this kind of review more important. CMS reported that Medicare Fee-for-Service had a 6.55% improper payment rate in fiscal year 2025, equal to $28.83 billion, and the agency explains that improper payments can involve insufficient documentation, missing information, coding errors, medical-necessity issues, and administrative gaps.

Prior authorization adds another heavy layer to the same problem, with the AMA reporting that practices handle an average of 39 prior authorization requests per physician each week, taking about 13 hours of physician and staff time. For clinics, these pressures show up as staff rework, payer calls, delayed collections, write-offs, and patient frustration.

A good audit needs a clear method before anyone starts opening charts. The simplest framework is: Data Review -> Claim Sampling -> Intake Audit -> Authorization Audit -> Documentation Audit -> Coding Audit -> Claim Submission Audit -> Denial Audit -> Payment Posting Audit -> Patient Billing Audit -> Scorecard -> Action Plan. This sequence keeps the audit grounded. It gives the team a path to follow, makes sure the front end is reviewed before the back end, and prevents the audit from becoming a loose search for “billing mistakes.”

The real value of this approach is that it turns a vague concern into a set of fixable problems. Instead of saying “billing feels broken,” the clinic can say authorization numbers are not being entered into the billing system, rejected claims are sitting for five days, one provider’s notes are creating charge lag, E/M claims need stronger documentation support, or underpayments are being posted without comparison against expected allowed amounts. Once the problem is named at that level, the audit can lead to action instead of another long report that sits unread.

Start With the Question the Audit Needs to Answer

A weak billing audit starts with a vague instruction like “check billing.” That sounds practical, but it usually sends the team into a broad review where every issue looks equally important and the final report becomes too large to act on. A useful audit starts with a sharper question: why are reimbursements slowing down, why are denials rising, why is AR over 90 days growing, why are patients disputing balances, why are coding queries increasing, or which parts of the process need to be stabilized before adding remote billing support? The question matters because it decides what the audit should examine first and how deep the review needs to go.

If the issue is rising denials, the audit should focus on denial categories, payer patterns, documentation support, authorization checks, coding accuracy, and preventability. If cash is slow, the better starting point is charge lag, submission lag, clearinghouse rejection queues, payer follow-up, days in AR, and payment posting.

If patient complaints are increasing, the audit should review patient responsibility estimates, statement timing, payment posting, balance explanations, and whether patients are being billed before payer responsibility is fully resolved. If compliance risk is the concern, the audit needs closer attention on documentation, coding support, modifiers, medical necessity, write-offs, and whether the medical record actually supports the billed service.

This first step keeps the audit from becoming a fishing exercise. A clinic does not need to inspect every part of the revenue cycle with the same intensity every time. It needs to inspect the parts most likely to explain the problem it is seeing. The uploaded draft makes the same operational point: the audit should be shaped around the problem, whether the concern is denials, slow cash, patient complaints, compliance risk, outsourcing readiness, or AR over 90 days. A simple way to frame the audit is:

If the clinic is seeing…	The audit should focus on…
Rising denials	Denial reasons, payer patterns, authorization checks, coding support, documentation gaps
Slow reimbursements	Charge lag, submission lag, rejection queues, payer follow-up, days in AR, payment posting
Growing AR over 90 days	Old claims by payer, claim value, denial reason, next action, appeal status
Patient billing complaints	Payment posting, patient responsibility, statement timing, balance explanations
Coding concerns	Documentation support, CPT/HCPCS, ICD-10-CM, modifiers, units, E/M levels, medical necessity
Outsourcing readiness	Claim volume, handoffs, documentation lag, denial workload, reporting gaps, escalation rules

This does not make the audit smaller in value. It makes it more useful. A clinic that begins with the right question can move from data to sample selection to workflow review without losing the thread. By the end, the findings should answer the original concern in plain operational language: where the claim is slowing down, which step is creating the risk, who owns that step, and what needs to change.

Pull the Right Data Before Reviewing Claims

Before the audit team opens individual charts, it should pull a basic data view of the billing process. This stops the audit from becoming a hunt through random claims and gives the team a clearer sense of where to look first. The useful starting set includes claim volume, total charges, payments, adjustments, denial rate, rejection rate, clean claim rate, first-pass resolution rate, charge lag, submission lag, days in AR, AR over 60 and 90 days, write-offs, payment posting lag, patient balance aging, and appeal success rate where the clinic tracks it.

The point of this first data pull is not to build a large dashboard. It is to find the pressure points before the claim review begins. A clinic may discover that its total denial rate looks manageable, while one payer is driving most authorization denials.

Another may find that AR over 90 days is tied to a small group of high-value procedures. Another may see that claims are being submitted quickly, but payment posting is slow, causing patient balances to move late. Totals give the headline, but segmentation gives the answer.

The audit data should be broken down by:

• Payer
• Provider
• Location
• Specialty
• Service line
• Denial reason
• Claim age
• Claim value
• Patient balance category
• Write-off category

This matters because a billing audit becomes useful only when it can point to a specific workflow issue. A 10% denial rate tells the clinic that claims are failing. A denial pattern showing authorization failures from one payer on imaging claims tells the clinic what to fix. A high AR number tells the clinic money is stuck. AR split by payer, service line, denial reason, and next action tells the team where to act.

Once the data is visible, the claim review becomes sharper. The audit team can sample the right mix of paid, denied, rejected, high-dollar, old AR, patient-balance, corrected, appealed, and written-off claims instead of reviewing whatever is easiest to pull. That is how the audit moves from guesswork to diagnosis.

Choose a Sample That Shows the Real Workflow

A billing audit does not need to review every claim to be useful, but it does need a sample that reflects how the clinic actually works. If the sample only includes denied claims, the audit will over-focus on failures. If it only includes paid claims, it may miss the places where money is delayed, underpaid, written off, or pushed into avoidable follow-up.

A strong sample gives the clinic a mixed view: claims that moved cleanly, claims that failed, claims that aged, claims that needed correction, and claims where the payer paid but may not have paid correctly. The uploaded draft rightly notes that paid claims, denied claims, rejected claims, high-dollar claims, old AR, authorization-linked claims, patient-balance claims, appeals, corrected claims, and write-offs should all be considered in the audit sample.

For most clinics, the sample should include a practical mix such as:

• Paid claims, to understand what is working.
• Denied claims, to identify where the process breaks.
• Rejected claims, to check submission and clearinghouse issues.
• High-dollar claims, because small errors here create larger financial impact.
• Claims over 60 or 90 days in AR, to see where follow-up is slowing.
• Claims requiring authorization, because these often expose pre-visit control gaps.
• Patient-balance claims, to check whether responsibility was moved correctly.
• Corrected claims and appeals, to review recovery discipline.
• Recently written-off claims, to test whether write-offs were avoidable.

The sample size should match the clinic’s volume and the audit goal. A small clinic may start with 25 to 50 claims. A larger or multi-specialty practice may need 100 or more across payers, providers, locations, and service lines. The goal is not to create a perfect research sample. The goal is to see enough real claims to spot repeated workflow patterns.

If five different claims show authorization numbers being stored outside the billing system, the audit has found a process issue. If multiple old AR claims trace back to clearinghouse rejections that sat for days, the problem is no longer anecdotal. If paid claims show underpayments that were posted without review, the clinic may be losing money even where the dashboard says “paid.”

A good sample should also reflect the clinic’s actual risk. A physical therapy clinic should include claims with visit limits, authorization periods, progress notes, and patient balances. A dermatology clinic should include procedure claims, modifier-sensitive claims, pathology-linked services, and claims with lesion documentation. A cardiology or orthopedic clinic should include diagnostic testing, imaging, procedures, and authorization-heavy claims.

A primary care clinic should include E/M visits, preventive visits, chronic-care visits, payer-specific screening rules, and claims with patient responsibility. The audit becomes more useful when the sample mirrors the places where the clinic is most likely to lose time, money, or control.

Once the sample is chosen, the audit should follow the same path for each claim. What happened at scheduling? Was eligibility checked? Was authorization needed? Did the provider document on time? Did the code match the record? Did the claim pass edits?

Did the payer pay, deny, pend, or underpay? Was payment posted correctly? Was the patient balance handled clearly? Repeating the same questions across a mixed sample helps the clinic separate one-off errors from patterns that need a workflow fix.

Trace Each Claim From Appointment to Final Resolution

Once the audit has the data and the sample, the real work begins: follow each claim from the first appointment detail to the final account status. This is where the audit stops being a spreadsheet review and starts showing how the clinic actually works. The draft’s current sequence is right: the audit should move through scheduling, eligibility, authorization, documentation, coding, submission, payer response, payment posting, and patient billing because the same claim can pick up risk at any of these points.

Start with the appointment. Was the visit type captured correctly? Was the right payer entered? Was eligibility checked close enough to the date of service? Did the service require a referral, authorization, visit-limit check, or patient-responsibility discussion? This matters because a claim can look like a billing problem weeks later even though the first weak detail entered the system before the patient was seen.

Then move to the visit and documentation. Was the provider note completed on time? Did it support the diagnosis, procedure, service level, medical necessity, orders, signatures, time, laterality, units, or treatment details where required? A note that is clinically understandable may still be weak for coding or payer review, so the audit should check whether the record gave the coder enough support before the claim moved forward.

Coding should then be reviewed against the record, not just against the claim result. Were the ICD-10-CM, CPT, HCPCS, modifiers, units, laterality, and place of service supported by the documentation? Did the diagnosis support the procedure? Was a payer-specific rule relevant? Did the coder need to query the provider, and if yes, how long did the query take to resolve? A paid claim can still carry coding risk, and a denied claim can still have correct coding if the real issue was authorization, eligibility, or payer policy.

After coding, the audit should check submission and payer response. Did the claim pass scrubber and clearinghouse edits? If it was rejected, how quickly was it corrected? Was it sent to the right payer? Was timely filing protected? When the payer responded, was the claim paid, denied, pended, underpaid, or applied to deductible? If denied, was the root cause identified, was the appeal filed on time, and was the outcome tracked?

Finally, review payment posting and patient billing. Was the payment posted to the right account and date of service? Were contractual adjustments accurate? Was any underpayment flagged? Was patient responsibility assigned correctly? Was the statement sent at the right time and explained clearly enough to avoid confusion? This last stage matters because a clinic can win the claim and still lose control if posting, adjustments, secondary billing, refunds, or patient balances are handled poorly.

A simple audit trail can look like this:

Claim stage	What the audit should check
Appointment	Visit type, payer, eligibility, referral, authorization, visit limits
Documentation	Timeliness, completeness, medical necessity, orders, signatures, procedure details
Coding	ICD-10-CM, CPT, HCPCS, modifiers, units, place of service, diagnosis support
Submission	Scrubber edits, clearinghouse acceptance, rejection correction, payer selection
Payer response	Payment, denial, pending status, underpayment, deductible, appeal action
Posting and patient billing	Adjustments, patient responsibility, secondary billing, statement timing, refunds

The value of this claim-by-claim tracing is that it shows patterns. One claim with a missing authorization may be an isolated miss. Ten claims with authorization numbers stored outside the billing system point to a workflow problem. One late provider note may be normal.

Repeated charge lag from the same provider or service line needs a fix. A good audit does not just ask whether the claim was paid. It asks where the claim slowed down, where risk entered, and what needs to change before the next claim follows the same path.

Audit Intake and Eligibility First

A medical billing audit should look at intake early because many claim problems begin before the provider sees the patient. If the wrong payer is selected, the member ID is outdated, the date of birth does not match the payer record, secondary insurance is missing, or coordination of benefits is unclear, the claim can fail even when the clinical care, coding, and billing follow-up are all handled well. The draft rightly treats intake as a front-end control point, because bad patient or payer data can damage the claim before it ever reaches coding or submission.

The audit should check whether the clinic is verifying patient and insurance details close enough to the date of service. This matters because insurance can change between visits, especially for recurring care, therapy, chronic care, procedures, or patients with more than one payer.

A patient may bring an old card, assume coverage is active, forget a secondary plan, or miss a payer change after an employer update. The clinic’s workflow has to catch those changes before the claim is built on weak information. Experian Health’s 2025 State of Claims findings are relevant here because the report identifies missing or inaccurate data and incomplete or inaccurate patient registration data as major denial drivers.

The intake audit should stay practical and check the details that usually break claims:

• Was eligibility checked before the visit?
• Was the correct payer and plan selected?
• Was the insurance card updated where needed?
• Was the member ID entered correctly?
• Did the patient’s name and date of birth match the payer record?
• Was secondary insurance captured?
• Was coordination of benefits checked?
• Was the guarantor information correct?
• Was any referral requirement reviewed?
• Was patient responsibility explained where possible?
• Did any later denial trace back to intake?

The most useful part of this review is connecting the intake record to the final claim outcome. If eligibility denials, wrong-payer submissions, coordination-of-benefits issues, or patient-balance disputes keep appearing later, the audit should not treat them as isolated billing cleanups.

It should trace them back to the point where the clinic first captured or failed to validate the information. A front-desk error may look small at check-in, but once it becomes a rejection, denial, payer call, corrected claim, or patient complaint, it has already become expensive.

A strong intake audit should therefore answer one plain question: is the clinic protecting the claim before the visit starts? If the answer is no, the fix is usually not a large system overhaul. It may be a tighter eligibility check for recurring visits, a required insurance-card update for high-risk services, a payer-specific referral prompt, or a clearer rule for secondary insurance and coordination of benefits. The front end does not need to become slower. It needs to become more reliable at catching the details that billing teams otherwise spend days repairing later.

Audit Prior Authorization and Referrals

Prior authorization deserves its own audit because it is one of the easiest places for a clinic to lose time even when the service, documentation, and coding are otherwise sound. The audit should not stop at asking whether authorization existed.

It should check whether the authorization actually matched the claim that was submitted. A clinic may have approval on file and still face a denial if the approved code, provider, facility, date range, visit count, units, or authorization number does not line up with the final claim.

The review should compare the authorization record against the claim at a practical level:

• Payer
• Patient
• Provider
• Facility or service location
• Approved CPT or HCPCS codes
• Date range
• Number of visits
• Units
• Authorization number
• Expiration date
• Service actually performed
• Claim actually submitted

This is where many audits find the real problem. The clinic may have obtained authorization, but the approval may cover a different code, a shorter date range, fewer visits, a different provider, or a different service location. In daily operations, that feels like an admin mismatch. In the payer’s system, it becomes a denial, a delay, or a records request.

The audit should also check where authorization information is stored. If approval details are sitting in emails, scanned PDFs, spreadsheets, handwritten notes, payer portals, or individual staff memory, the billing team may not see them when the claim is created. Authorization details should sit inside the billing or practice-management system in a standard field, close enough to the claim that the person submitting or reviewing the account can verify it quickly.

Referrals need the same treatment. Some clinics check referrals loosely because the visit feels routine or the patient has been seen before. That is where errors enter. The audit should confirm whether referral rules were checked before the visit, whether the referral was valid for the service and provider, whether the date range covered the appointment, and whether the referral details were visible to billing before submission.

A clean authorization audit should answer one central question: did the clinic turn payer approval into claim-ready information? If the answer is no, the fix is usually operational. Build authorization checks into scheduling for high-risk services, store approval details in one standard place, flag expiring authorizations before visits continue, and review authorization-linked denials every month by payer, provider, service line, and preventability. This keeps the audit focused on control, not paperwork.

Audit Provider Documentation

Provider documentation should be reviewed early because coding, claim support, medical necessity, and payer review all depend on what the note actually says. A claim can look like a billing problem later, but the audit may show that the real weakness began in the medical record: the note was signed late, the diagnosis was too vague, the procedure details were incomplete, the time element was missing, or the documentation did not clearly support the service billed. The audit should look at both quality and timeliness, because late notes create charge lag and weak notes create coding queries, denials, downcoding, or audit risk.

The documentation review should answer a few practical questions:

• Was the note signed and completed within the clinic’s expected timeframe?
• Did the note support the diagnosis code?
• Did it support the procedure, service, or E/M level billed?
• Was medical necessity clear?
• Were required orders, signatures, procedure details, time, units, laterality, severity, location, or dosage captured where needed?
• Did the coder need to query the provider?
• If a query was sent, how long did the provider take to respond?

This review should not turn into a provider-blame exercise. The point is to find the documentation gaps that repeatedly slow claims down or make them harder to defend. If dermatology procedure claims are often held because lesion size and location are missing, the fix may be a better procedure-note prompt.

If physical therapy claims are denied because progress notes are vague, the fix may be clearer functional documentation. If E/M claims are frequently queried, the clinic may need focused education on medical decision-making, time, and diagnosis support.

CMS’s own E/M guidance is a useful reminder here: it links improper payments to incorrect coding and insufficient documentation, which makes documentation quality a payment and compliance issue, not just a charting preference.
A good audit should also separate late documentation from weak documentation.

A provider may write accurate notes but sign them two or three days late, creating charge lag even when coding is straightforward. Another provider may complete notes quickly but leave coders without enough support for the selected service level. These are different problems and need different fixes. One needs a documentation timeline. The other needs clearer note structure, specialty-specific prompts, or a better query process.

The best documentation audit produces specific, usable feedback. “Improve documentation” is too vague to change behavior. “Add lesion size and location to dermatology procedure notes,” “document functional progress for therapy visits,” “capture time when time is used for E/M coding,” or “include clinical rationale for diagnostic testing” gives providers something they can actually act on. That is where the audit becomes useful: it connects documentation habits to claim speed, denial risk, coding accuracy, and payment control.

Audit Coding Accuracy

Coding accuracy should be audited against the medical record, not just against whether the payer paid or denied the claim. A paid claim can still carry coding risk if the documentation does not support the diagnosis, procedure, modifier, units, place of service, or E/M level selected.

A denied claim can also be coded correctly if the real issue sits in eligibility, authorization, payer policy, or missing documentation. The audit should separate these possibilities instead of treating every paid claim as clean and every denied claim as wrong.

The coding review should check the basics first:

• Were ICD-10-CM diagnosis codes supported by the record?
• Were CPT or HCPCS codes supported by the documented service?
• Were modifiers correct and supported?
• Were units, laterality, and place of service accurate?
• Did the diagnosis support medical necessity?
• Were bundling edits or payer-specific coding rules relevant?
• Were E/M levels supported by documentation?
• Were outdated or incorrect codes used?

E/M coding deserves closer attention because it is high-volume and sensitive to documentation quality. If a provider bills a higher-level visit, the note should support the medical decision-making, time, risk, diagnosis support, or other required criteria. The audit should not only ask whether the E/M code was paid. It should ask whether the record can defend that code if reviewed later.

The most useful part of a coding audit is finding the source of the error. If the code is wrong even though the note is clear, the issue may be coder training, payer-specific guidance, or review quality. If the coder struggled because the note was vague, the issue is documentation support. If the code was correct but the claim was denied for authorization, the issue sits outside coding. This distinction keeps the audit fair and useful.

A good coding audit should leave the clinic with a short list of practical fixes: provider documentation prompts, coder education, modifier checks, payer-specific coding rules, E/M review for selected providers, or second-level review for high-risk claims. The goal is not to slow every claim. It is to make sure the codes going out are supported, defensible, and clean enough to reduce denials, underpayments, and audit exposure.

Audit Claim Submission and Rejections

Claim submission is where the clinic finds out whether the earlier parts of the workflow were clean enough to reach the payer. A claim may look ready inside the practice-management system, but it still has to pass scrubber rules, clearinghouse edits, payer ID checks, required field validation, modifier logic, timely filing controls, and payer-specific submission rules. If it fails at this stage, the clinic has not yet reached true payer review. The claim is still stuck at the gate.

The audit should check how many claims were submitted during the period, how many were accepted by the clearinghouse, how many were rejected, and how quickly rejected claims were corrected. This matters because rejected claims often create hidden delay.

A team may believe claims are “going out” every day, while a portion of those claims are sitting unresolved because of a missing field, invalid member ID, wrong payer ID, missing modifier, provider mismatch, formatting issue, or place-of-service problem.

The submission audit should focus on a few practical questions:

• Did the claim pass scrubber and clearinghouse edits?
• Was the correct payer selected?
• Were payer IDs, member IDs, provider details, and required fields accurate?
• Were modifiers, units, place of service, and authorization details included where needed?
• How long did rejected claims sit before correction?
• Were recurring rejection reasons traced back to intake, coding, charge entry, or payer setup?
• Was timely filing protected, especially for rejected or resubmitted claims?

This part of the audit often produces quick wins because many rejection patterns are fixable. If the same payer ID issue keeps returning, the payer setup may need correction. If member ID formatting causes repeated rejections, intake or eligibility workflow needs a tighter check. If missing modifiers are common, the coding or claim-validation step needs review. If rejected claims sit for several days before anyone works them, the problem is queue ownership.

The audit should also separate submission speed from submission quality. Fast submission looks good only when claims are accepted cleanly. If claims are pushed out quickly and then return through the rejection queue, the clinic has only moved the delay from one step to another. A better submission process sends claims out on time, catches predictable errors before payer review, and makes sure every rejection has an owner, a correction path, and a same-day or next-day working rhythm.

Audit Denials by Root Cause

Denial review is usually the part everyone expects from a billing audit, but the review becomes useful only when the clinic looks beyond the denial count. A payer reason code can tell the team what happened at the claim level, but it may not show where the preventable failure began. An eligibility denial may trace back to intake. An authorization denial may trace back to scheduling or pre-certification.

A medical-necessity denial may trace back to documentation, diagnosis support, or payer policy. A timely filing denial may trace back to charge lag, clearinghouse rejection delays, or weak follow-up. The uploaded draft is right to frame denial review around root cause, payer, provider, service line, dollar value, and preventability, because that is where the audit starts showing what the clinic can actually fix.

A practical denial audit should separate the payer’s stated reason from the clinic’s workflow source. Those two are often related, but they are not always the same. A payer may deny a claim for authorization, while the clinic’s real issue is that authorization numbers are stored in emails instead of the billing system.

A payer may deny for medical necessity, while the audit shows that the provider note did not clearly explain the clinical rationale. A payer may reject eligibility, while the front-end problem was an old insurance plan that was copied forward without verification.

A simple root-cause view can look like this:

Denial category	What the audit should check	Likely workflow source
Eligibility	Coverage date, payer, member ID, coordination of benefits, secondary insurance	Intake and verification
Authorization	Approval number, date range, CPT/HCPCS, provider, facility, visit count, units	Scheduling and pre-certification
Medical necessity	Diagnosis support, clinical rationale, payer policy, documentation quality	Provider documentation and coding
Coding	CPT, ICD-10-CM, modifiers, units, bundling edits, payer rules	Coding review
Timely filing	Submission date, rejection history, payer deadline, resubmission trail	Charge lag and claim tracking
Duplicate claim	Claim status, corrected-claim indicator, resubmission reason	AR follow-up
Records request	Request date, documents sent, deadline, proof of submission	Documentation response workflow
Non-covered service	Plan limits, exclusions, benefits verification, patient communication	Intake and patient communication
Underpayment	Allowed amount, contract terms, payer adjustment, posting logic	Payment posting and contract review

The audit should also mark which denials were preventable. This matters because not every denial deserves the same operational energy. Some are payer-driven, some are recoverable through appeal, and some are created by repeat internal gaps that should have been caught before submission. A clinic will get more value from reducing repeat, preventable, high-dollar denials than from spreading equal attention across every denial category.

The final output should be a short list of patterns, not a long spreadsheet nobody reads. For example: authorization denials are concentrated in imaging claims from two payers; eligibility denials are mostly linked to recurring patients whose coverage was not rechecked; medical-necessity denials are tied to weak documentation for a specific service line; timely filing denials started as clearinghouse rejections that sat unresolved.

Once the pattern is this clear, the fix becomes obvious enough to assign. That is the point of a denial audit: it should tell the clinic which part of the workflow allowed the denial to happen, and what has to change before the next claim follows the same path.

Audit Payment Posting and Adjustments

Payment posting deserves a serious place in the audit because a claim can be paid and still be handled incorrectly. A payer may send money, but the amount may not match the contract, the adjustment may be wrong, the denial code may be posted poorly, the secondary claim may not be triggered, or patient responsibility may be moved forward before the account is truly ready. When posting is weak, the clinic may not see the problem immediately because the claim no longer looks unpaid. The money has arrived, yet the account may still be wrong.

The audit should check whether payments were posted to the correct patient, date of service, provider, and claim line. It should also review whether contractual adjustments were applied correctly, whether denial and remark codes were captured in a way the team can use later, whether underpayments were flagged, whether overpayments and refunds were handled properly, and whether write-offs followed policy instead of becoming a convenient way to close difficult accounts.

A practical payment posting audit should ask:

• Was payment posted to the correct account and date of service?
• Were contractual adjustments accurate?
• Were denial and remark codes entered correctly?
• Was patient responsibility assigned only after payer adjudication?
• Were underpayments compared against expected allowed amounts?
• Were secondary claims triggered where needed?
• Were refunds, overpayments, and credits reviewed properly?
• Were write-offs approved under policy?
• Was posting completed quickly enough to avoid patient billing delay?

Underpayment review is especially important because it is easy to miss. A claim can show as paid, the account can move forward, and the team may never notice that the payer allowed less than expected. If the practice does not compare payer payments against contract terms or expected allowed amounts, revenue can leak quietly through small underpayments across many claims. That is why “paid” should never be the end of the audit question. The better question is whether the claim was paid correctly.

Payment posting also affects patient trust. If adjustments are wrong or patient responsibility is moved too early, the patient may receive a bill that does not reflect the final payer decision. If posting is delayed, the patient may receive a statement long after the visit, when the balance feels confusing or unexpected. A strong audit checks posting accuracy, posting speed, adjustment logic, underpayment review, and patient-balance movement together because they are part of the same financial handoff.

Audit Patient Billing and Collections

Patient billing should be part of the audit because the revenue cycle does not end when the payer responds. The account is only truly clean when payer responsibility has been resolved, payment has been posted correctly, patient responsibility is accurate, and the patient receives a bill that is timely and understandable.

If balances are moved too early, patients may be billed for amounts still under appeal or still pending with secondary insurance. If balances are moved too late, the bill arrives weeks after the visit, when the patient no longer remembers the details and the balance feels harder to explain.

The audit should check whether patient balances are being handled with the same discipline as payer claims. The key questions are simple:

• Was patient responsibility based on final payer adjudication?
• Were deductible, copay, and coinsurance amounts posted correctly?
• Was secondary insurance billed before the patient received a statement?
• Was the statement sent at the right time?
• Was the balance explained clearly?
• Were patients billed for amounts still under appeal?
• Were refunds and credits handled correctly?
• Were old patient balances followed up consistently?
• Were financial policies applied the same way across accounts?

This part of the audit often shows why patients are calling, disputing balances, delaying payment, or losing trust. A confusing bill may look like a collections issue, but the audit may show that the real problem began earlier in payment posting, adjustment logic, secondary billing, or payer follow-up. If the account is not clean before the statement goes out, the patient becomes the person forced to question it.

A strong patient-billing audit should therefore connect the final statement back to the full claim history. Did the insurance process correctly? Was the adjustment right? Was the patient balance valid? Was secondary coverage checked? Was the bill sent too early or too late?

Did the statement explain what insurance paid and why the remaining balance exists? Once the audit answers those questions, patient billing becomes less about chasing balances and more about sending accurate, understandable bills at the right time.

Build a Simple Audit Scorecard

A billing audit should not end as a long narrative report that everyone agrees with and nobody acts on. The findings need to be turned into a simple scorecard that shows which parts of the revenue cycle are working, which ones need attention, and which ones are creating real risk.

A basic green, yellow, and red rating is enough, as long as the score reflects actual claim evidence rather than general opinion. The draft already points to the right audit areas: intake accuracy, authorization control, documentation quality, coding accuracy, claim submission, denial management, payment posting, patient billing, reporting, and ownership.

A practical scorecard can look like this:

Audit area	What the score should reflect
Intake accuracy	Correct patient details, payer selection, eligibility checks, COB, insurance updates
Authorization control	PA checks, approval matching, expiration tracking, units, visits, service-location match
Documentation quality	Timeliness, completeness, medical necessity, diagnosis support, procedure detail
Coding accuracy	ICD-10-CM, CPT, HCPCS, modifiers, units, E/M support, payer-specific rules
Claim submission	Scrubber performance, clearinghouse acceptance, rejection correction time
Denial management	Root-cause tracking, appeal timing, preventability, recovery rate
Payment posting	Accurate posting, adjustment review, underpayment detection, secondary billing triggers
Patient billing	Correct balances, statement timing, clear communication, refund handling
Reporting	Useful metrics by payer, provider, service line, denial reason, and AR age
Ownership	Clear responsibility for each step, escalation path, and follow-up deadline

The scorecard should make weak areas visible without drowning the clinic in detail. A red score for authorization control should immediately tell leadership that approvals are missing, mismatched, expired, or sitting outside the billing system.

A yellow score for documentation quality may show that notes are mostly complete but still creating coder queries or charge lag. A green score for claim submission should mean claims are accepted cleanly and rejections are being worked quickly, not just that claims are being sent.

The value of the scorecard is that it forces the audit to move from observation to priority. If everything is written as a paragraph, every issue can sound equally important. Once the clinic sees two red areas and three yellow areas, the next step becomes clearer.

The action plan should focus first on the points creating the most preventable denials, delayed cash, underpayments, patient confusion, or compliance exposure. A good scorecard does not solve the problem by itself, but it shows the clinic where to start.

Create an Action Plan

A billing audit is useful only when the findings turn into specific changes. If the final output is a long list of observations, the clinic may understand the problem better but still keep working the same way. The action plan should separate findings into three simple categories: issues to fix now, issues to monitor, and workflow problems that need redesign. The uploaded draft uses the same practical structure, and that is the right approach because every finding needs an owner, deadline, affected workflow step, tracking metric, expected result, and follow-up review date.

A “fix now” item is specific and correctable, such as updating a payer ID, changing an EHR template, fixing a claim-scrubber rule, clearing an old rejection queue, or moving authorization numbers into a standard billing-system field. A “monitor” item needs regular tracking before the clinic decides whether a deeper process change is required, such as denial rates for one payer, provider note completion time, query volume, appeal success rate, or underpayment trends.

A “redesign” item points to a broken handoff, such as no clear authorization owner, weak eligibility verification, no provider query process, payment posting without underpayment review, or denial work handled only by claim age.

A simple action-plan table can look like this:

Finding	Fix	Owner	Metric
Authorization denials rising for imaging claims	Add imaging PA check at scheduling and store authorization number in the billing system	Scheduling lead	Authorization denial rate
E/M claims frequently queried	Give providers a short documentation refresher and review weekly query patterns	Clinical lead	Query rate and charge lag
Rejections sit for 5-7 days	Work rejection queue daily before noon	Billing lead	Rejection correction time
Underpayments not flagged	Compare payer payments against expected allowed amounts	Payment posting lead	Underpayment recovery
Patient balances sent late	Review payment posting lag and statement release timing weekly	Billing manager	Patient billing lag

The key is to keep the action plan small enough to execute. A clinic does not need to fix every weakness in the first month. It should prioritize the issues causing the most preventable denials, delayed cash, underpayments, patient confusion, or compliance exposure. If the audit finds ten problems, leadership should pick the two or three that matter most, assign owners, set dates, and recheck the same metrics after 30, 60, or 90 days.

This is where the audit moves from diagnosis to control. “Billing is slow” becomes “rejections are sitting too long.” “Denials are increasing” becomes “authorization checks for imaging are failing before the visit.” “Providers need better notes” becomes “procedure documentation is missing the details coders need.” Once the finding is written that clearly, the clinic can act on it without turning the audit into another report nobody uses.

How Often Should a Practice Audit Billing?

The right audit rhythm depends on claim volume, specialty risk, payer mix, and the problems the practice is seeing, but most clinics do not need to wait for a major revenue issue before reviewing billing. A practical approach is to run small monthly checks, deeper quarterly reviews, and one broader annual audit.

The uploaded draft already gives the right cadence: monthly mini-audits for denials, rejections, charge lag, and AR aging; quarterly process audits for intake, authorization, coding, documentation, and payment posting; and an annual deep audit for coding accuracy, compliance risk, payer performance, write-offs, patient billing, and reporting.

A useful audit rhythm can look like this:

• Monthly: denials, rejections, charge lag, AR aging, high-value unpaid claims, and repeat payer issues.
• Quarterly: intake accuracy, eligibility checks, prior authorization, documentation quality, coding support, claim submission, and payment posting.
• Annually: coding accuracy, compliance risk, write-off patterns, payer performance, underpayments, patient billing, reporting quality, and ownership gaps.
• Targeted audit: whenever denials spike, payer rules change, a new provider joins, a new service line launches, AR over 90 days grows, or billing work is moved to remote or outsourced support.

Small clinics do not need a formal audit department to do this well. Even a monthly review of 25 to 50 claims can reveal useful patterns if the same questions are asked each time. Were eligibility and authorization checked before the visit?

Was documentation completed on time? Did the code match the record? Did the claim pass edits? Was the denial preventable? Was payment posted correctly? Was the patient balance valid? Repeating that review gives the practice a clearer view of where claims are slowing, denying, underpaying, or being repaired too often.

The mistake is treating audits as annual cleanup exercises. By the time a clinic waits a full year to review denials, old AR, underpayments, or write-offs, many of those claims are already difficult to recover. Monthly and quarterly audits keep the process closer to the actual work. They help the practice catch small issues while they are still fixable, before they become routine leakage.

A Real Workflow Example: Auditing a Slow-Reimbursement Clinic

Consider a four-provider specialty clinic where cash flow has become uneven and AR over 90 days keeps rising. The team’s first assumption is that the payer mix has become harder, which may be partly true, but the audit starts with data rather than instinct.

Once the numbers are reviewed, the picture becomes more specific: denials are not unusually high across the board, but authorization denials and clearinghouse rejections are creating most of the delay, and charge lag is higher for one provider because notes are often closed three to four days after the visit. The original draft captures this example well because it shows the value of moving from a vague complaint, “cash is slow,” to visible workflow issues.

The clinic then reviews a sample of 60 claims across paid claims, denied claims, rejected claims, high-dollar claims, and accounts sitting in AR over 90 days. Three patterns appear. First, authorization numbers are being obtained, but some are stored in email instead of a standard field in the billing system, which means the billing team does not always see the approval when the claim is created.

Second, clearinghouse rejections are being worked only twice a week, so simple errors sit for days before payer review even begins. Third, one provider’s documentation is clinically understandable but often misses the procedural detail coders need, which creates queries and slows charge entry.

The action plan is deliberately practical. Authorization numbers must be entered into the billing system before the service. Rejections must be worked daily instead of twice a week. The provider gets a short documentation checklist for the procedures causing the most holds and denials.

The billing manager then tracks three metrics for the next 60 days: authorization denial rate, rejection correction time, and charge lag. This matters because the audit does not try to fix everything at once. It identifies the few points where claims are repeatedly losing time and assigns a clear owner to each fix.

The payer did not suddenly become easier. The clinic became more controlled. That is what a good billing audit should do. It should turn a broad frustration into a few visible facts: approvals are not always claim-ready, rejected claims are sitting too long, and one provider’s notes need better billing support. Once the clinic can name the problem at that level, improvement becomes realistic. The audit is no longer a report about what went wrong. It becomes a working map for where the next claim should move differently.

FAQs

1. What is a medical billing audit?

A medical billing audit is a structured review of how a claim moves through the clinic, from scheduling and intake to coding, submission, payer response, payment posting, denial follow-up, and patient billing. The point is to see whether claims are accurate, properly supported, submitted cleanly, paid correctly, and followed up on time.

A good audit also shows where the process is leaking time or money, such as weak eligibility checks, missing authorizations, late documentation, rejected claims, underpayments, or patient balances that are being handled too early or too late.

2. What should a clinic check first in a billing audit?

Start with the data, then move to the front end. The basic data should show denial rate, rejection rate, clean claim rate, charge lag, days in AR, AR over 60 or 90 days, write-offs, payment posting lag, and payer patterns. After that, intake and eligibility should be reviewed early because many billing problems begin before the patient is seen. Wrong insurance, old payer details, missing secondary coverage, referral gaps, or weak eligibility checks can create denials weeks later.

3. How many claims should be reviewed in a billing audit?

The sample depends on the clinic’s size and the purpose of the audit. A small clinic can often begin with 25 to 50 claims. A larger or multi-specialty practice may need 100 or more across payers, providers, service lines, and locations.

The sample should not include only denials. It should include paid claims, denied claims, rejected claims, high-dollar claims, old AR, authorization-linked claims, patient-balance accounts, corrected claims, appeals, and recent write-offs. Paid claims are useful too because a claim can be paid and still be underpaid, posted incorrectly, or weak from a compliance point of view.

4. How do you audit intake and eligibility?

Review whether the clinic captured the correct patient and payer details before the visit. Check the patient name, date of birth, member ID, payer, plan, guarantor, secondary insurance, coordination of benefits, referral requirements, and eligibility verification timing. The audit should also trace later denials back to intake. If eligibility denials, wrong-payer submissions, or coordination-of-benefits issues keep appearing, the front-end workflow needs a tighter checkpoint.

5. How do you audit prior authorization?

Prior authorization should be checked against the final claim, not just marked as “obtained.” The audit should confirm that the authorization matches the patient, payer, provider, facility, CPT or HCPCS code, date range, visit count, units, authorization number, expiration date, service performed, and claim submitted.

Many authorization denials happen because one detail does not match. The audit should also check where authorization details are stored. If they sit in emails, scanned documents, spreadsheets, or payer portals instead of the billing system, the billing team may miss them during claim creation.

6. How do you audit provider documentation?

The audit should check whether the provider note was completed on time and whether it supports the billed service. That includes diagnosis support, procedure detail, E/M level, medical necessity, required orders, signatures, time, units, laterality, severity, location, dosage, or treatment details where relevant. The goal is not to criticize providers for imperfect notes. The goal is to identify documentation habits that create charge lag, coding queries, downcoding, denials, or audit risk.

7. How do you audit coding accuracy?

Compare the codes on the claim with the medical record. Check ICD-10-CM diagnosis codes, CPT or HCPCS codes, modifiers, units, laterality, place of service, E/M level, medical necessity, bundling edits, and payer-specific rules. A paid claim can still be coded incorrectly, so the audit should not rely only on payer outcome. The real question is whether the code accurately reflects the documented service and whether the record can defend it if reviewed later.

8. How should denials be audited?

Denials should be grouped by root cause, not only by payer reason code. The audit should separate eligibility, authorization, medical necessity, coding, documentation, timely filing, duplicate claims, records requests, non-covered services, and underpayments. Then each category should be traced back to the workflow source.

Authorization denials may point to scheduling or pre-certification. Medical-necessity denials may point to documentation and diagnosis support. Timely filing denials may point to charge lag, rejected claims, or weak follow-up. The useful output is not a denial count. It is a list of preventable patterns the clinic can fix.

9. Why should payment posting be included in a billing audit?

Because a paid claim can still be wrong. Payments may be posted to the wrong account, contractual adjustments may be inaccurate, underpayments may be missed, secondary claims may not be triggered, patient responsibility may be assigned incorrectly, and write-offs may be used to close accounts that should have been reviewed. The audit should ask one simple question after every payer payment: was it paid correctly? That protects revenue and also prevents incorrect patient balances.

10. How often should a clinic audit its billing process?

Most clinics should use a simple rhythm: monthly mini-audits for denials, rejections, charge lag, high-value unpaid claims, and AR aging; quarterly process audits for intake, authorization, documentation, coding, claim submission, and payment posting; and an annual deeper audit for coding accuracy, compliance risk, write-offs, payer performance, underpayments, reporting, and patient billing.

Targeted audits should also happen when denials spike, payer rules change, a new provider joins, a new service line launches, AR over 90 days grows, or billing is moved to remote or outsourced support.

11. Can a small clinic audit billing without hiring a consultant?

Yes. A small clinic can run a useful internal audit by selecting a reasonable claim sample and tracing each claim from appointment booking to final payment or denial. The clinic should use the same checklist every time: intake, eligibility, authorization, documentation, coding, submission, payer response, payment posting, and patient billing. A consultant may help with deeper coding, compliance, or payer-contract review, but many workflow issues can be found internally if the clinic reviews claims honestly and follows the same process.

12. What should happen after a billing audit?

The audit should end with an action plan, not just a findings document. Each finding should have an owner, deadline, workflow step, tracking metric, expected result, and follow-up date. For example, if authorization denials are rising for imaging claims, the fix may be to add a prior authorization check at scheduling and store the approval number in the billing system. If rejections sit for five days, the fix may be daily rejection work before noon. The audit only matters if it changes how the next claim moves.