Medicare Billing Audit: How to Stop Underpayments and Denials Before They Cost You

What is a Medicare Billing Audit?

A Medicare billing audit is a systematic review of medical claims, coding accuracy, clinical documentation, and reimbursement data to ensure compliance with CMS regulations, identify underpayments, and reduce billing errors.

It evaluates whether the services billed are:

• Properly documented
• Medically necessary
• Correctly coded using CPT and ICD-10
• Paid according to the Medicare Physician Fee Schedule

Regular Medicare audits help practices prevent denials, recover lost revenue, and reduce compliance risk.

There is a number sitting inside most Medicare billing operations that nobody has calculated. It is the amount being lost each month to underpayments that were never caught, denials that were never worked, and coding patterns that trigger audits nobody saw coming. Some practices have a rough sense of their denial rate. Far fewer know how much Medicare is paying them below the contracted rate on correctly coded claims. Almost none have a documented audit process that they run on a scheduled basis.

That gap is expensive. The American Medical Association puts physician practice revenue loss from billing inefficiencies at tens of thousands of dollars per physician per year. A significant chunk of that is Medicare-specific, because Medicare billing has its own rules, its own documentation requirements, its own modifier logic, and its own audit contractors who spend their entire working day looking for patterns that indicate improper payments.

Running your own Medicare billing audit before someone else runs one for you is not defensive accounting. It is how practices find money they are already earning but not collecting, fix patterns that would have eventually drawn external scrutiny, and keep their revenue cycle running the way it should. This guide covers why internal Medicare audits matter, what they should examine, and how to run one that actually produces actionable results.

Why Medicare Billing Gets Messier Than Other Payers

Medicare is not just another commercial payer with a slightly different fee schedule. The rules governing Medicare billing are federal regulations. Violations are not contract disputes. They are potentially False Claims Act. That distinction matters because the stakes attached to billing errors are higher with Medicare than with any commercial payer, and the audit infrastructure CMS has built reflects that.

Recovery Audit Contractors, MAC pre-payment reviews, OIG audits, CERT audits, and Unified Program Integrity Contractors all exist specifically to identify Medicare billing errors. They work from data. They look for statistical outliers, billing patterns that differ significantly from peer benchmarks, high volumes of certain modifiers, unusual procedure-to-diagnosis combinations, and claims where documentation does not support the service billed.

Most practices find out they are on one of these entities’ radar when a request for medical records arrives in the mail. By then, the review is already in motion. Running an internal audit first, on your own timeline, gives the practice the chance to identify and voluntarily correct issues before that letter arrives, which is a very different legal and financial position than responding to an external audit after the fact.

Types of Medicare Audits You Should Know

Medicare audits are conducted by multiple entities, each focusing on different aspects of billing accuracy and compliance.

Recovery Audit Contractor (RAC) Audits

RAC audits identify improper payments, including both overpayments and underpayments, using data-driven analysis.

Medicare Administrative Contractor (MAC) Audits

MACs perform pre-payment and post-payment reviews to ensure claims meet coverage and documentation requirements.

CERT (Comprehensive Error Rate Testing) Audits

CERT audits measure the accuracy of Medicare payments and identify national error rates.

Office of Inspector General (OIG) Audits

OIG audits focus on detecting fraud, abuse, and systemic billing issues across providers.

Each audit type uses data patterns, making internal audits critical for early detection.

Key Entities Involved in Medicare Billing Audits

Understanding Medicare audits requires familiarity with the organizations and systems involved in claim processing and compliance.

Centers for Medicare & Medicaid Services (CMS)

The federal agency that establishes billing rules, reimbursement policies, and compliance standards.

Medicare Administrative Contractors (MACs)

Regional contractors responsible for processing claims and conducting audits.

Recovery Audit Contractors (RACs)

Entities that identify improper payments using data analysis.

Office of Inspector General (OIG)

Government body responsible for detecting fraud and enforcing compliance.

CERT Program

Measures the accuracy of Medicare payments and identifies error trends.

What a Medicare Billing Audit Actually Looks At

An internal Medicare billing audit is not a random check of a few claims. A well-structured audit examines specific areas that are known to generate errors, and it does so with enough sample size to identify patterns rather than isolated mistakes. Here is what the audit should cover.

You can also follow a structured medical billing audit checklist to ensure every step of the audit process is completed accurately and consistently.

E/M Level Distribution

Pull your evaluation and management code distribution for the last 12 months. Look at what percentage of your established patient office visits were billed at each level from 99211 through 99215. Compare that distribution against the national benchmark for your specialty, which CMS publishes in the Physician Fee Schedule data and which specialty societies often publish for their members.

If your practice is billing 99214 or 99215 at rates significantly above the national benchmark for your specialty, that is a flag. It does not necessarily mean the billing is wrong. High-complexity practices see higher-acuity patients. But it means the documentation supporting those higher-level visits needs to be airtight, because statistically anomalous billing patterns are exactly what automated screening systems are designed to detect.

Equally important: if your E/M distribution is heavily weighted toward lower-level codes when your patient population is genuinely complex, you may be leaving legitimate revenue behind through systematic undercoding. Both problems are worth finding.

High-Volume CPT Codes

Identify the 15 to 20 CPT codes that account for the largest share of your Medicare claims volume. For each one, pull a sample of 10 to 15 claims and compare the code billed against the documentation in the corresponding medical record.

You are checking three things. First, does the documentation support the code billed? Not in a general way. Specifically: does the note contain the elements that the code’s descriptor requires? Second, is the ICD-10 diagnosis code on the claim clinically consistent with the procedure performed? Third, are the modifiers applied correctly? A high-volume procedure with a consistently misapplied modifier is a systematic billing problem that affects every claim in that group.

Modifier Usage

Modifier 25 is the most frequently misused modifier in physician billing. When your audit pulls claims where Modifier 25 was appended to an E/M code on the same day as a procedure, check whether the documentation clearly shows a separately identifiable E/M service. A physician who bills a 99213 with Modifier 25 alongside every minor procedure, regardless of whether a genuinely distinct E/M occurred, is creating a billing pattern that looks like systematic Modifier 25 abuse.

Modifier 59 and the X modifiers deserve similar scrutiny. When two codes that NCCI would normally bundle are being billed together, the modifier justifying separate payment needs to be backed by documentation showing the services were genuinely distinct. A sample review of your top 10 modifier 59 code pairings will tell you whether those modifiers are being applied with appropriate clinical support or as a workaround to pass bundling edits.

Documentation to Code Accuracy

This is the core of any billing audit. Pull a sample of claims, find the corresponding medical records, and read them. Does the note support the code? Neither does the code seem reasonable given the patient’s condition. Does the actual documentation support the specific code billed?

For E/M codes under the 2021 guidelines, the note needs to either document the total time spent or reflect a level of medical decision-making that corresponds to the billed code. For procedure codes, the operative or procedure note needs to describe what was done in enough detail to confirm the specific CPT code was the right one. For diagnostic codes, the physician needs to have documented the diagnosis, not just a lab value or an imaging finding.

Key Medicare Billing Rules You Must Follow

Medicare billing is governed by strict federal regulations that directly impact claim approval and reimbursement.

Medical Necessity

Services must be medically necessary and supported by documentation aligned with CMS coverage policies.

Documentation Requirements

Every billed service must be supported by complete and accurate clinical documentation.

Correct Coding Standards

CPT and ICD-10 codes must accurately reflect the services performed and diagnoses treated.

NCCI Edits and Modifier Usage

National Correct Coding Initiative (NCCI) edits prevent improper code combinations, and modifiers must be used correctly to justify exceptions.

Violating these rules increases the risk of denials, audits, and financial penalties.

Underpayments: The Side of the Audit Nobody Talks About

Most conversations about billing audits focus on finding overcoding and compliance risk. But internal audits are just as valuable for finding underpayments, and there are more of them than most practices realize.

Medicare pays based on its fee schedule, and the fee schedule is locality-adjusted. If your practice management system has the wrong locality code, or if it is applying outdated payment rates, claims may be processed correctly, but paying at incorrect amounts. This is a setup and maintenance issue, not a coding issue, but it affects every claim submitted.

More commonly, underpayments occur when Medicare applies a payment reduction that the practice does not notice. A multiple procedure reduction was applied incorrectly. A bilateral modifier was appended, but the bilateral rate was not applied. A global surgery payment where Medicare incorrectly bundled a separately billable service. These discrepancies sit in the payment posting data and are only visible if someone is comparing what was paid against what should have been paid.

How to Check for Underpayments

The check involves pulling the allowed amounts from your EOBs or ERA data and comparing them against the Medicare Physician Fee Schedule for your locality. The CMS Medicare Physician Fee Schedule lookup tool at cms.gov allows providers to search by CPT code and geographic area to confirm the correct allowed amount. When the allowed amount on your remittance is lower than the published fee schedule rate for your locality, that is an underpayment.

Track these discrepancies by payer and by code. A single underpayment on one claim is likely a processing error worth appealing. Twenty underpayments on the same CPT code from the same Medicare contractor over three months is a systematic problem worth escalating formally to your MAC’s provider relations department with documented evidence.

Many of these issues originate earlier in the process, such as claim rejections in medical billing.

How Often Should a Medicare Billing Audit Run?

There is no single right answer to audit frequency, but there are wrong answers. Running an audit once at implementation and never again is one of them. Annual audits catch some things but miss the systematic errors that build up over months.

A practical cadence for most practices is a focused quarterly review covering high-volume codes and modifiers, combined with a broader annual audit that examines E/M distribution, documentation accuracy across all service types, and underpayment reconciliation. Practices with higher Medicare volume or higher audit risk profiles, specialty practices in oncology, cardiology, surgery, and pain management, for example, should run more frequent focused reviews.

When Medicare publishes its annual Physician Fee Schedule final rule, that is also a trigger for an audit review. Fee schedule changes, new covered services, updated NCCI edits, and revised coverage criteria all affect whether existing billing patterns remain compliant. What was correct billing in October may generate denials in January if nobody reviewed the changes.

What to Do With Audit Findings

Overcoding Findings

When an internal audit identifies a pattern of overcoding, the response depends on the scope and nature of the finding. Isolated errors corrected going forward require updated coder and physician education and a process fix. Systematic overcoding that has been occurring over months or years at significant dollar volume may require voluntary self-disclosure to CMS through the OIG’s Self-Disclosure Protocol or through the MAC’s voluntary refund process.

The decision about voluntary refund versus internal correction is not one to make without legal counsel familiar with Medicare compliance. The OIG’s guidance on voluntary disclosure is clear that self-reporting and refunding overpayments before a government investigation begins is treated very differently from being found in an audit. The 60-day rule under the False Claims Act requires that identified overpayments be reported and returned within 60 days of identification. Ignoring a known overpayment after identifying it in an internal audit is not an option.

Undercoding and Missed Revenue Findings

When the audit finds legitimate undercoding, meaning the documentation supports a higher level of service than was billed, the fix is education. Physicians who consistently underbill either do not understand the documentation requirements for the higher codes, or they are deliberately selecting lower codes out of fear of audits. Both situations cost the practice money and neither protects from audits in any real way.

Correcting undercoding going forward is straightforward. Going back and amending claims that were undercoded is more complicated and generally not worth the administrative cost for individual claim adjustments. The priority is getting the coding right on future encounters.

Documentation Gaps

Documentation gaps found in the audit require physician-specific feedback. Not a general staff email about documentation. A review of the specific note types that are falling short, what elements are missing, and what the physician needs to add to bring the documentation in line with what the code requires. Many physicians underestimate how specifically their notes need to address medical decision-making complexity, time, or procedure detail. Targeted physician education with concrete examples from their own notes is what actually changes documentation behavior.

Medicare Billing Audit Checklist

• Review E/M code distribution
• Validate high-volume CPT codes
• Audit modifier usage (25, 59, X modifiers)
• Compare documentation vs codes
• Identify underpayments vs. fee schedule
• Monitor denial patterns
• Review AR and follow-ups 

Conclusion

A Medicare billing audit is not about finding things to be afraid of. It is about knowing what is happening inside your revenue cycle before someone else finds out first. The practices that run regular internal audits collect more of what they earn, fix problems when they are small, and face external reviews from a position of documented compliance rather than scrambling to surprise. The time investment is real. So is the return.

Stop Revenue Leakage Before It Impacts Your Bottom Line

Medicare billing errors, underpayments, and unnoticed compliance risks don’t just delay revenue—they quietly reduce it over time.

At Medhasty Medical Billing Services, our billing experts analyze your claims, identify hidden revenue gaps, and implement proven processes to improve accuracy, reduce denials, and maximize reimbursements.

Our team processes thousands of claims monthly, giving us direct insight into billing errors and underpayment trends across multiple medical billing specialties.

Request a customized Medicare billing audit and uncover revenue you may already be losing.

FAQs About Medicare Billing Audits

What is a Medicare audit?

A Medicare audit is a review of claims and documentation to ensure compliance with CMS guidelines and identify billing errors or improper payments.

How long does a Medicare audit take?

A Medicare audit can take anywhere from a few weeks to several months, depending on the audit type and the number of claims being reviewed.

What triggers a Medicare audit?

Common triggers include abnormal billing patterns, excessive use of modifiers, high-level coding distributions, and inconsistencies in documentation.

What happens after a Medicare audit?

After an audit, providers may receive payment adjustments, requests for refunds, or recommendations for corrective action.

What are the types of Medicare audits?

Medicare audits include RAC, MAC, CERT, and OIG audits, each focusing on identifying improper payments, compliance issues, and billing accuracy.

What are common Medicare billing errors found in audits?

Common errors include incorrect coding, insufficient documentation, misuse of modifiers, and failure to meet medical necessity requirements.