Hospitals that switched coding vendors primarily on price saved an average of $1.20 per chart and then watched their denial rate climb three to five percentage points within six months. That math never works out. Yet most RFPs still open with "what is your per-chart rate?" and close with a spreadsheet comparison that tells you almost nothing about what will actually happen to your revenue.
This post is a working checklist. Take it into your next vendor call and ask every question on it. A vendor that hedges, deflects, or cannot produce documentation for any of these items is telling you something important.
Why Most Coding RFPs Ask the Wrong Questions
Price per chart is visible and easy to compare. Denial rates, audit findings, and remediation timelines are harder to quantify in a proposal, so buyers rarely demand them. Vendors know this. The cheap vendor is cheap because something is being cut, and it is almost never the sales team.
What gets cut is coder quality, audit infrastructure, or both. A vendor billing you $1.80 per chart for outpatient visits may be using offshore coders with no specialty training, no encoder subscription, and no internal QA beyond a cursory pass rate review. You will not see the damage until your payer starts kicking back claims at volume. By then you have signed a 12-month contract and your denial management team is drowning.
The checklist below reframes the evaluation around the things that actually determine whether a coding partner protects or erodes your net revenue. Before you get on a vendor call, run your current baseline numbers through our free Coding Outsourcing ROI Calculator so you know exactly what you are risking and what you need to protect.
Accuracy: The Floor Is 95 Percent, But the Methodology Matters More
AAPC and AHIMA both cite 95 percent as the generally accepted minimum accuracy threshold for production coders. Most vendors will quote you a number at or above 95 percent in their proposal. That number is nearly meaningless without context.
Ask these specific questions
- How is accuracy calculated? Is it per code, per claim, or per encounter? Per-encounter measurement is more stringent. Vendors quoting per-code accuracy can look cleaner on paper than they actually are.
- Who performs the accuracy audits? An internal QA team auditing their own coders is not independent verification. Ask whether a third-party coding quality audit is part of the engagement structure or available separately.
- How frequently are audits run? Monthly is a reasonable baseline. Quarterly is too slow to catch a problem before it becomes a denial pattern.
- Is there a contractual accuracy guarantee? If a vendor guarantees 95 percent, ask what happens when they miss it. A guarantee without a remediation process and a financial remedy is decorative language.
Get the vendor's last three audit reports if they will share them. Legitimate operations have them and are usually willing to provide a redacted version under NDA.
Coder Credentials: Who Is Actually Touching Your Charts
This section is where proposals get creative. A vendor may list impressive credentials on their leadership team while routing your high-complexity inpatient cases to newly credentialed coders or offshore staff with no specialty background.
What to verify
Ask for the credential mix of the coders who will work your specific account, not the company's overall workforce. AAPC's CPC and AHIMA's RHIA or CCS are the relevant benchmarks for outpatient and inpatient work respectively. A coder handling inpatient coding for a cardiology service line should carry inpatient certification and documented experience in that specialty. Generic coding experience does not transfer cleanly across service lines.
Ask these questions directly:
- What certifications do the coders assigned to my account hold?
- How many years of specialty experience do they have in my specific service lines?
- What is your coder-to-QA auditor ratio?
- What happens when my assigned coder leaves? What is your backfill timeline and process?
Turnover is a real problem in production coding environments. A vendor that cannot answer the backfill question clearly has probably not thought through it carefully enough.
Security and Compliance: PHI Has No Margin for Ambiguity
A signed BAA is not compliance. It is the starting point. Ask where your PHI is actually stored, who can access it, and under what conditions it crosses any national border.
The offshore question
Offshore coding is not automatically disqualifying. Some offshore teams are well-credentialed and operate under rigorous security controls. But your payer contracts, state regulations, and board risk tolerance may constrain your options regardless of vendor quality. You need to know the answer before you are two months into an implementation.
Ask specifically:
- Where are your coders physically located? Are any located outside the United States?
- Where is PHI stored? Is it hosted on US-based servers under HIPAA-compliant infrastructure?
- Can coders access PHI from personal devices or unsecured networks?
- What is your breach notification protocol and timeline?
- When was your last HIPAA security risk assessment, and can you share the executive summary?
Vendors with mature compliance programs answer these questions without hesitation. Vendors that treat security questions as an obstacle are showing you their culture.
Turnaround Time and Surge Capacity
Standard turnaround time for most outpatient coding is 24 to 48 hours. Inpatient cases typically run 48 to 72 hours. Get these commitments in the contract, not just the proposal.
The harder question is surge capacity. Your volume is not flat. Flu season, trauma spikes, a competing hospital closing down, a large physician group acquisition: any of these events can push your coding volume 30 to 50 percent above baseline with very little warning. Ask the vendor how they handle that.
- Do they have a bench of trained coders they can deploy quickly, or will they onboard contractors who have never seen your EHR?
- What is the realistic ramp time from contract signature to full production? Vendors who say two weeks for a complex inpatient environment are not being honest with you.
- Is there a volume cap in the contract below which SLA protections do not apply?
For a detailed breakdown of how volume assumptions affect total cost of engagement, the post on what coding outsourcing actually costs is worth reading before you finalize any pricing discussion.
Pricing Transparency: What Is Actually Included
Per-chart pricing looks clean until you see the addenda. Common exclusions that vendors may bill separately include encoder access, denial rework, payer-specific coding edits, physician query management, and audit reports. A quote of $2.10 per chart that excludes denial support and query management may cost more than a $2.80 all-in quote when you total the actual engagement.
The questions that expose the real price
- Is encoder access (3M, Optum, or equivalent) included, or billed separately?
- Are coding audits included in the per-chart rate or priced as an add-on?
- Is denial rework included? If not, what is the billing model for that work?
- Is physician query management included for inpatient cases?
- Are there volume minimums, and what happens contractually if you fall below them?
For outpatient coding specifically, make sure the rate covers the full range of CPT and ICD-10 coding complexity for your specialty mix. A flat per-chart rate applied equally to a 99213 and a complex surgical case is a warning sign that the vendor has not thought through your account carefully.
References and the Pilot: Non-Negotiable Steps
References should be current, relevant, and reachable. Ask for two or three clients of similar size and specialty mix who have been live with the vendor for at least 12 months. Then call them. Ask specifically about what went wrong in the first 90 days and how the vendor responded. Every implementation has friction. The question is whether the vendor fixed problems or deflected them.
Run a pilot before committing
A pilot of 200 to 500 charts, either paid or free depending on what you negotiate, is the most reliable evaluation tool available to you. Give the vendor a representative sample of your volume, including your hardest cases, not your easy ones. Have your internal team or a third-party auditor score the results. Look at accuracy by coder, not just aggregate accuracy. Look at turnaround time under real conditions. Look at how they handle cases where documentation is ambiguous.
A vendor that will not do a pilot on a meaningful sample size is a vendor that does not want you to see their actual production quality before you sign. That tells you what you need to know.
The Checklist Summary
Bring these items to every vendor evaluation conversation:
- Accuracy methodology, audit frequency, independence of auditor, and contractual guarantee with remediation terms
- Credentials and specialty experience of the coders assigned to your specific account
- Coder backfill process and timeline when staff turns over
- PHI storage location, access controls, offshore vs. onshore coder locations, and breach notification protocol
- Turnaround time SLAs in the contract, surge capacity plan, and ramp timeline
- All-in pricing with explicit list of what is included and excluded
- Current references with at least 12 months of live production history
- Pilot offer with a representative sample, scored independently
Any vendor that cannot provide clear, documented answers to this list during the sales process will not perform better once they have your contract signed.
To see how your current denial rate, coder FTE costs, and volume profile affect the financial case for outsourcing, start with the free Coding Outsourcing ROI Calculator before your next vendor conversation.
If you want an independent opinion on what your current coding program is actually producing, contact MedCodex Health to schedule a coding quality audit and get a clear baseline before you evaluate anyone else.