Your Overview of 13 Different Healthcare Audit Types and Functions

Overview of Audit Types and Functions  

With so many audit possibilities in the healthcare space, it’s hard to know what’s what! Here is your rundown of different audit types and functions. 

Commercial Payer Audits 

These are audits initiated by a commercial payer and tend to focus on a particular code group (such as Evaluation and Management (E&M) codes), billing codes, specific billing patterns, adherence to payer rules, or to ensure medical record documentation supports the medical necessity. 

Federal Government Audits  

These are audits initiated by Federal government contract auditors and they tend to focus on Medicare Fee-For-Service billing errors identified in prior studies, such as the Comprehensive Error Rate Testing (CERT) review.   

During this audit, the contractor reviews a random sample of processed claims to determine if the claims meet Medicare’s rules associated with coverage, coding, and billing and includes the supporting medical record documentation. 

Random Audits 

This can be an internal or external audit review and it is an unsystematic audit commonly used in the healthcare auditing process. Random audits provide indicators as to whether a deeper  audit is necessary, thus providing the organization with a proactive approach to addressing potential threats. 

Comprehensive Audits 

If the auditor detects a potential threat after a random audit has been performed, the auditor may conduct a comprehensive audit, which takes a deeper dive into evaluating the practices and processes within the organization. This enables the auditor to detect emerging trends and risks and develop a corrective action plan before larger issues arise. 

Hybrid Audits 

The sample size from the hybrid audit is both random and comprehensive. The hybrid audit provides the auditor with in-depth insight into different types of claims processed and paid. 

Quality Improvement Audits 

A Quality Improvement Audit focuses on patient health and aims to improve the patient experience.  It allows organizations to continually work towards improving the quality of patient care by indicating where they are falling short, thus allowing the organization to implement improvements.   

This process often requires a re-audit and/or closure of the audit cycle to see if a beneficial change has taken place.  A critical question to ask during the quality improvement audit process is: “what are we trying to accomplish?”   

Steps to this audit process would include, but are not limited to: 

  • Identifying a problem 
  • Defining standards and criteria 
  • Collecting data 
  • Analysis of data 
  • Implementing change 
  • Re-audit to validate the effectiveness of the quality improvement measures   

Internal Audits 

Internal audits are often conducted by the organization’s internal auditors to detect emerging trends and risks so the organization can act before larger issues arise. 

External Audit 

Recovery Audit Contractors (RACs) are external auditors. Their mission is to fight against fraud, waste, and abuse and identify improper payments made on claims for services provided to Medicare beneficiaries, such as:  

  • Improper payments for overpayments or underpayments 
  • Payments that were not medically necessary 
  • Payments made for incorrect procedures 
  • Documentation that does not support services billed 
  • Duplicate claims 
  • Claims paid according to outdated fee schedules 
  • Claims that should have been paid by a different health insurance company 

If any of the above-mentioned improper payments are detected, the RAC will: 

  • Send the provider group a Medical Record Request Letter 
  • Depending on records review and determination, the RAC will: 
    • Send the provider group a Demand Letter containing:  
      • The amount of the denial 
      • The method used for calculating the denial 
      • The provider’s option to submit a rebuttal statement 
      • The provider’s appeal rights (which are separate from the rebuttal process) 
      • The demand letter will include recoupment, payment, and interest options for the provider and the associated timelines for a response 

Providers have up to 120 days to file a written appeal after receiving the initial RAC determination; however, if the provider group does not file within the first 30 days, Medicare may begin the recoupment process.  

Clinical Audits 

Clinical audits are an essential part of the quality improvement process in patient care, as this type of audit focuses on improving specific aspects of healthcare in daily practices, preventing poor care, and ensuring that the required standard of healthcare is being adhered to.  

The benefits of clinical audits include, but are not limited to: 

  • Identifying trends 
  • Detecting risks  
  • Assisting in developing and implementing improvement plans  

The Audit Cycle would include: 

  • Identifying an audit topic 
  • Setting the standards of best practice 
  • Collecting data 
  • An analysis of the data to determine if the standards were met 
    • Based upon the response, change could be implemented 
  • Re-audit the process after a given amount of time to assess the overall effectiveness   

Prospective Versus Retrospective Audits

Prospective Audits 

Healthcare provider groups can perform prospective audits, which are done before claims are submitted to the payer.   



  • Control the data collection 
  • Focus on a hypothesis 
  • Compose an assessment of the exposure 
  • Costly 
  • Time-consuming 
  • May be delayed due to organizational bandwidth  

Medicare Administrative Contractors (MACs) often perform prospective audits (a review that is conducted for a targeted specialties and/or services) on claims submitted to see if clinical documentation supports services billed. If the clinical documentation supports the billed codes, the claim will be paid. If not, the claim is found to be invalid and will not be paid. 

Retrospective Audits 

Retrospective audits are performed after the claim has been submitted for reimbursement. 



  • Uncover new insights 
  • Reveal real-life behavior patterns 
  • Allows the organization to conduct an assessment of outcome 
  • Complex issues are detected 
  • There can be a time lag in addressing complicated issues 

Proactive Versus Reactive Audits 

There are many situations you can prepare for – but others require a response instead of a proactive approach. 



  • Proactively auditing all new providers 
  • Audit at-risk providers, which can be issues identified within a specific specialty group 
  • Audit high-dollar procedures 
  • Audit high-volume codes 
  • Audit new ICD-10 and CPT® Codes 


  • Data breach 
  • Low performance scores 
  • A deficient external audit review 
  • Billing reports reflect loss in revenue 
  • Demand letters requesting refunds 
  • Non-compliance  
  • Whistleblower complaint 



Leveraging Audits to Improve Your Programs 

Audits are a crucial way to boost your program’s effectiveness, no matter what type of audit your organization undergoes.  

Once the audit is complete, see what you can learn, implement, and evolve in order to make your next audit even more successful. 


To download this blog post as a pdf, click the button below.

Download the PDF


Questions or Comments?