The Build vs Buy Coding QA Decision Most Growing Practices Get Wrong
A 12-physician multispecialty practice in Ohio discovered during a routine payer audit that its coders had been consistently under-documenting HCC conditions for 18 months. The recoupment demand came to $340,000. Their internal QA process? A monthly spot-check by the same coding team that had produced the claims. Nobody caught the drift because nobody independent was looking.
That story is not unusual. Coding quality assurance is where growing practices either protect their margin or quietly bleed it, and the build-vs-buy decision is more consequential than most revenue cycle leaders treat it. This post lays out a concrete framework for making that call based on volume, specialty risk, in-house seniority, and compliance exposure.
What Coding QA Actually Is and Why Independence Is the Whole Point
Coding QA is not a coder reviewing her own work at the end of the day. It is a structured, statistically defensible process in which a qualified auditor, someone independent of the original coding decision, examines a sample of coded charts against the source documentation and applicable guidelines. The auditor measures accuracy rates, flags patterns, and generates findings that feed back into coder education and process change.
The word "independent" carries real weight here. The fundamental problem with self-auditing is cognitive: the same assumptions that led to the original coding decision are present when the coder reviews that decision. Research published by AHIMA consistently shows that error rates found by external auditors run significantly higher than those found through internal self-review. Coders are not being dishonest. They simply cannot reliably see what they could not see the first time.
Independence also matters for compliance. OIG guidance on voluntary compliance programs explicitly recommends that coding audits be conducted by qualified, independent reviewers. If your QA process uses the same staff who produced the claims, it is not a QA program. It is a confirmation loop.
A genuine QA program includes a defined sample methodology (random, targeted by payer, or risk-stratified by specialty), a scoring rubric tied to CMS guidelines and payer-specific rules, a feedback mechanism to coders, and trending over time to detect drift before it compounds. Coding quality audit services built around this structure give practices a defensible audit trail, which matters enormously when a payer comes asking questions.
The True Cost to Build an Internal QA Function
Let's put numbers on what building looks like.
A senior auditor with CPC or CPMA credentials and five or more years of experience commands between $75,000 and $95,000 in base salary in most US markets, and considerably more in high-cost metros. Add benefits at 25 to 30 percent of salary and you are at $94,000 to $124,000 before you have bought a single tool. Most practices also need encoder or auditing software, which runs $8,000 to $20,000 annually depending on the platform. Annual CEU requirements, specialty-specific education, and guideline update subscriptions add another $2,000 to $4,000 per auditor.
Then there is the sample design problem. A statistically valid audit sample for a single specialty at 95 percent confidence requires 30 to 50 charts per coder per review period at minimum. Designing and executing that across multiple specialties, payers, and code sets is a part-time job by itself. Smaller practices often discover their senior auditor spends 30 percent of her time on administration and sample management rather than actual chart review.
The total annual cost of a properly resourced internal QA function ranges from $105,000 to $150,000 for a single auditor, and that auditor will still carry blind spots in specialties outside her core expertise. A practice doing physician coding (ProFee) across orthopedics, behavioral health, and cardiology simultaneously needs breadth that one senior hire rarely provides.
What Outsourced QA Costs and What You Get
Outsourced coding QA is typically priced one of two ways: per-chart audit rates, which generally run $12 to $30 per chart depending on complexity and specialty, or a monthly retainer for a defined volume and reporting cadence. A mid-sized practice auditing 50 charts per month across two specialties is looking at $600 to $1,500 monthly on a per-chart model, or $1,200 to $2,500 on a retainer that includes trend reporting and coder feedback sessions.
That range, $14,400 to $30,000 annually, is a fraction of the fully loaded internal hire. The tradeoff is that you do not have someone on-site full-time. For most practices below a certain volume threshold, that tradeoff is clearly favorable.
You can use our free Coding Outsourcing ROI Calculator to run your specific numbers, factoring in your current coder headcount, denial rate, and specialty mix.
The Volume Threshold Where Building Makes Sense
The math changes at scale. A hospital outpatient department or a large physician group processing 50,000 or more claims annually across five or more specialties may find that a dedicated internal QA team becomes cost-competitive, especially when you factor in the operational value of having auditors embedded in daily workflow, available for real-time coder questions and payer dispute response.
The general threshold where building starts to compete with buying sits around 30,000 to 40,000 coded encounters per year, assuming you can fully utilize one senior auditor across that volume without leaving gaps in specialty coverage. Below that number, building is almost always more expensive on a per-chart basis and introduces the independence risk described above if the auditor is pulled from the same coding team.
Specialty complexity is a multiplier. A practice doing primarily E&M coding in primary care faces different risk than one doing interventional cardiology or complex surgical services with implant coding, global period tracking, and modifier application. High-complexity specialties warrant more frequent and more expert review regardless of volume.
The Risk of No Formal QA Program
Practices that operate without structured QA do not stay neutral. They drift. Coders develop habits over time, and without external feedback, those habits go uncorrected. The drift is usually not dramatic on any single claim. It is 1.2 units billed instead of 1.0, a modifier applied out of pattern, an HCC condition that should be captured but is not. Individually those errors are invisible. Across 20,000 claims they become either a compliance exposure or a six-figure revenue leak, often both simultaneously.
The audit findings that trigger recoupments from commercial payers and CMS are almost always pattern-based. Payers use statistical outlier detection. A single miscoded claim rarely draws scrutiny. A practice that consistently bills at the 95th percentile for a given procedure code in a given specialty will. And when the payer audit arrives, the absence of any internal QA documentation is itself a red flag that compounds the exposure.
Documentation and coding alignment is also where CDI program support intersects with QA: a coding audit that consistently finds unsupported diagnoses is a CDI problem, not just a coding problem. Treating them separately means fixing the symptom rather than the cause.
The Decision Framework: Four Questions That Settle It
Here is the framework. Answer these four questions honestly and the build-vs-buy decision becomes straightforward.
Question 1: What is your annual coded encounter volume?
Under 15,000 encounters annually: outsource QA. The math does not support an internal hire, and the independence problem is severe at small team sizes. Between 15,000 and 40,000: outsource with a structured retainer and defined reporting cadence. Above 40,000 across five or more specialties: model both options. Building may be competitive at this scale if you can staff for specialty breadth.
Question 2: How complex is your specialty mix?
Single-specialty, lower-complexity practices (primary care, urgent care, straightforward behavioral health) can tolerate quarterly audits and a lighter touch. Multi-specialty or procedurally intensive practices, those handling surgical coding, interventional procedures, or risk-adjusted payer contracts, need monthly audits at minimum. That cadence is difficult to sustain internally without dedicated headcount.
Question 3: Do you have a truly independent senior auditor on staff?
The question is not whether you have a senior coder. The question is whether that person is structurally separated from the coding team whose work she reviews and has CPMA or equivalent auditing credentials rather than coding credentials alone. If the answer is no, you do not have QA. You have a review process with a significant blind spot.
Question 4: What is your compliance exposure?
Practices with Medicare Advantage or Medicaid managed care contracts, participation in value-based payment arrangements, or prior payer audit history carry materially higher compliance risk. For those practices, the cost of inadequate QA is not just a denial rate. It is potential OIG scrutiny, civil monetary penalties, and exclusion. At that risk level, the ROI on outsourced expert review is not a close call.
How Outsourced QA Delivers Independence Without a Full-Time Hire
The structural advantage of outsourced QA is that the auditors have no relationship with the coders whose work they are reviewing. There is no collegial pressure, no office politics, no reluctance to flag the same senior coder's errors for the third consecutive month. The findings are findings, not conversations to manage.
Experienced outsourced QA teams also bring multi-specialty depth that a single internal hire cannot. A firm auditing across dozens of client practices has seen the full range of coding patterns, payer-specific quirks, and compliance risk scenarios. That breadth translates into more accurate benchmarking and faster identification of emerging risk patterns before they become recoupments.
For practices that want to build toward an internal function over time, outsourced QA also provides the baseline data to justify the investment: a year of audit findings, accuracy trend lines, and denial correlation data makes the business case for internal staffing far more concrete than intuition alone.
The Position Worth Taking
Self-auditing by the same team that coded the chart is the weakest option available, and it is the one most practices default to because it feels like QA without requiring a difficult conversation about cost or structure. The build-vs-buy question only matters if you have already ruled out the self-audit default. For practices under 40,000 encounters annually, the build option rarely wins on cost, independence, or specialty coverage. The outsourced model is not a compromise. For most growing practices, it is simply the correct answer.
To see what a structured audit program would cost and recover for your specific practice, contact MedCodex Health through our coding quality audit service page and request a no-obligation assessment.