Coding Audit Findings That Trigger Payer Recoupments, and How to Get Ahead of Them
A regional health system in the Midwest received a RAC demand letter in 2023 for $4.2 million. The underlying error rate in their sampled records was 9.4 percent. That number sounds manageable until extrapolation enters the picture, and suddenly a few hundred miscoded charts become a seven-figure repayment obligation. The revenue had already been posted, spent, and counted in the budget.
Recoupments are not a billing problem. They are a pattern-recognition problem. Payers and Recovery Audit Contractors look for predictable coding behaviors that consistently produce overpayments, and they have years of claims data to guide their targeting. The patterns they find almost always existed long before the audit letter arrived. A proactive internal audit finds those same patterns first, when correcting them costs almost nothing compared to defending them under a payer's timeline.
The Six Findings That Generate the Most Recoupment Activity
E/M Level Not Supported by Documentation
Evaluation and management coding is the single largest source of RAC and MAC overpayment findings. CMS's 2024 Comprehensive Error Rate Testing (CERT) report identified improper payments tied to E/M services as a leading contributor to the estimated $51.3 billion Medicare Fee-for-Service improper payment total. The specific failure is almost always the same: a level 4 or level 5 office visit (99214 or 99215) is billed, but the documentation does not support the medical decision-making complexity or the total time recorded.
Auditors look at whether the number and complexity of problems, the amount or complexity of data reviewed, and the risk of complications align with what was billed. When the note is thin, generic, or copied from a prior encounter, the E/M level collapses on review.
Modifier Misuse, Especially 25 and 59
Modifier 25 is appended to an E/M service to indicate a significant, separately identifiable service was provided on the same day as a procedure. Modifier 59 signals a distinct procedural service not normally reported together with another code. Both are legitimate. Both are heavily abused.
OIG Work Plans have flagged modifier 25 repeatedly, and for good reason. When a practice bills a 99213 or 99214 alongside a minor procedure on every single patient encounter, auditors notice the pattern. The question they ask is whether the E/M was truly separate and medically necessary, or whether it was appended reflexively to add revenue to a procedure visit. Modifier 59 misuse surfaces when providers use it to bypass NCCI edits that exist for a specific clinical reason, not because the edit was wrong but because the services genuinely were not distinct.
Unbundling Against NCCI Edits
The National Correct Coding Initiative exists because certain code combinations are clinically inseparable. Billing them as separate charges is unbundling, and payers recover those overpayments routinely. The most common examples involve surgical procedures where component steps are billed individually rather than under the comprehensive code, and laboratory panels where individual analytes are billed when a panel code covers them.
This is an area where a coding quality audit catches issues that claim scrubbers sometimes miss, particularly when a modifier is used to override an edit that should not have been overridden.
Medical Necessity Not Met
A service can be coded perfectly and still trigger a recoupment if the payer determines it was not medically necessary for that patient on that date. This happens most frequently with inpatient admissions that auditors reclassify to observation, with high-cost imaging ordered without documented clinical indicators, and with certain diagnostic tests ordered outside of payer-specific coverage policies.
The documentation gap here is distinct from an E/M gap. The service may have been clinically appropriate, but the physician note does not articulate the reasoning that meets the payer's Local Coverage Determination. A medical necessity review before claims go out is far less expensive than an appeal process after a recoupment demand arrives.
Cloned or Insufficient Documentation
Copy-forward functionality in EHR systems was meant to save physician time. It became one of the most reliable audit triggers in existence. When a patient presents with the same chief complaint and receives a note that is word-for-word identical to the prior three visits, auditors treat that documentation as unsupported regardless of what level was billed. CMS has been explicit on this point: documentation must reflect the specific encounter.
Insufficient documentation is a related but separate problem. A note that says "patient doing well, continue current medications" cannot support a 99214. The medical decision-making elements must be visible in the record.
Time-Based Coding Without Supporting Time Statements
Since the 2021 E/M guideline changes, total time has become a valid basis for selecting an office visit level. That change opened a legitimate pathway for many providers. It also opened an audit pathway, because some providers began billing time-based codes without actually documenting total time spent. For a 99215 billed on total time, the note must state the total time, and it must be 55 minutes or more on that date of service. An auditor who sees a 99215 with no time documentation and a thin MDM note has everything needed to issue a recoupment.
How Extrapolation Turns a Small Error Rate Into a Large Demand
This is the mechanism most revenue cycle directors underestimate. A RAC or MAC auditor does not review every claim. They review a statistically valid sample, typically 100 to 200 records, calculate the overpayment rate in that sample, and then project that rate across all claims submitted in the review period, which can span three years.
An 8 percent error rate on a sample might represent $18,000 in the sampled records. Applied to $3 million in claims submitted over the look-back period, the extrapolated demand becomes $240,000. The math is simple and the legal basis for it is well established. Providers who contest extrapolation face a high burden of proof, and most do not succeed unless they can demonstrate the sample was statistically flawed.
The practical implication is that a small, recurring coding pattern that feels inconsequential month to month becomes catastrophic when a payer finds it first.
Defensive Appeals Versus Proactive Auditing
Most organizations do not think about coding accuracy until a denial or demand letter forces the issue. At that point, the organization is in an appeals posture: reactive, expensive, and limited. The appeal process for a RAC demand can take 12 to 18 months, requires physician and compliance staff time, outside counsel in significant cases, and still results in partial or full repayment more often than not.
A proactive audit posture runs the same analysis the payer would run, before the payer does. It identifies the patterns, quantifies the financial exposure, corrects the documentation or coding practices going forward, and in some cases supports a voluntary self-disclosure that reduces penalty exposure under the OIG's guidelines.
The cost comparison is not subtle. An internal audit with a qualified third party costs a fraction of a single successful recoupment demand, and it produces documentation that demonstrates a functioning compliance program, which matters if a payer later investigates the same period.
Download the free Denial Prevention Checklist to see the specific documentation and coding checkpoints your team should be reviewing before claims submission, organized by the exact categories RAC and MAC auditors prioritize.
Audit Frequency and Sample Size
There is no universal regulatory requirement for how often providers must audit their own coding, but OIG compliance guidance and the American Health Information Management Association both recommend at minimum a quarterly review for high-volume service lines. Monthly sampling makes sense for any specialty or code category that has appeared on an OIG Work Plan or that shows denial patterns in your own accounts receivable data.
Sample size depends on volume. For a physician group billing fewer than 200 claims per month in a given code category, a sample of 30 records provides statistically meaningful data. For higher volume settings, a sample of 50 to 100 records per provider per quarter is standard. The goal is not to review everything. The goal is to detect systematic patterns before they accumulate into a material liability.
Organizations managing physician coding (ProFee) across multiple specialties often find that a rolling monthly sample by department is more practical than a large annual review, because it catches drift in real time rather than retrospectively.
Who Should Not Audit Their Own Work
Coders should not audit the claims they coded. Billers should not audit the encounters they billed. This is not a statement about individual integrity. It is a statement about structural bias. People who produced the work have a natural tendency to interpret ambiguous documentation in the direction they already coded it, and they often lack visibility into the payer-specific coverage policies and audit targeting patterns that an external reviewer brings.
Compliance officers who are also responsible for coding operations face a similar conflict. The person determining whether a problem exists should not be the same person whose department produced the problem.
The decision about whether to build an internal QA function or engage an external firm is worth examining carefully. There is a detailed analysis at build vs buy a coding QA function that walks through the cost and capability tradeoffs for organizations at different scales. For many mid-sized practices and regional systems, the combination of a small internal compliance team and an external audit partner for periodic independent review is the right answer.
The Compliance and Financial Case for Independent Review
An independent coding review serves two functions simultaneously. Financially, it identifies the specific patterns that create recoupment exposure and allows the organization to correct them before a payer's look-back period captures them. Compliance-wise, it demonstrates that the organization has a functioning internal audit mechanism, which is a core element of an effective compliance program under OIG guidance.
That compliance record matters more than most CFOs realize. In the event of a government investigation or a False Claims Act allegation, an organization that can show regular independent audits, documented corrective actions, and coder education in response to findings is in a materially different position than one that cannot. The audits are not just about recovering revenue from coding errors. They are about demonstrating that the organization takes its billing obligations seriously.
Recoupments target predictable patterns. Those patterns are findable before a payer finds them. The cost of finding them yourself is almost always lower than the cost of explaining them to a RAC contractor.
To see how MedCodex Health structures an independent coding review for organizations concerned about RAC exposure, visit our coding quality audit service page and schedule a scoping call with our team.