Three Strategies for Managing HIM Demands During Payer Audits and Reviews

By Greg Ford


In recent years, healthcare organizations have experienced a steady increase in DRG/post-payment audits and Health Effectiveness Data and Information Set (HEDIS)/risk adjustment reviews. According to MRO statistics from 2017 to 2018, overall payer requests increased 70 percent due to a significant upsurge in core categories—DRG audits up 52 percent, HEDIS reviews up 62 percent, and risk adjustment reviews up 80 percent.

This rising volume of requests from payers heightens the burden on HIM to handle the associated release of information (ROI) demands. To better control the surge in payer requests, HIM departments should consider the following three strategies:

  1. Manage time frames
  2. Refine language in managed care agreements
  3. Promote education, communication, and collaboration regarding record access

This article explores each of these strategies and provides practice guidance to HIM departments trying to cope with rising demands for the disclosure of patient information during payer audits and reviews.

Manage Time Frames

Given the recent onslaught of record requests for audits and reviews, HIM professionals must manage those requests along with other day-to-day ROI requests. Knowing the difference between audits and reviews is the first step in determining staff workload and meeting payer deadlines.

Post-payment audits: The goal of these audits is to confirm correct coding on the claim and determine if proper payment was made to the provider. The payer’s intention is to recoup funds on overpaid claims. Prompt attention should be paid to processing these requests.

Payer reviews: HEDIS and Risk Adjustment (Medicare and commercial) reviews do benefit payers, but providers are not subject to negative financial impact and requests should be prioritized accordingly.

Healthcare payers are not always upfront about the varying types of requests or deadlines. Likewise, provider ROI teams may not be educated on guidelines for processing these payer requests—or the flexibility they have in responding. Here are two examples to know:

  • The payer may impose an unrealistic time frame of 10 to 15 days when in reality there’s a broader time frame.
  • HEDIS and risk adjustment reviews are seasonal, allowing more than 30 to 45 days to produce records.

The second strategy for HIM teams to consider is placing updated language in the organization’s managed care agreements.

Refine Language in Managed Care Agreements

An organization’s managed care agreement governs the payer/provider relationship and includes a medical records section that specifies the payer cost to audit a healthcare provider. Unfortunately, the medical records section is often a low priority because the managed care team may not understand the burden on HIM or the financial risk for the entire organization. Some health insurance companies are introducing language that obligates organizations to charge below cost amounts required for the release of medical records.

In many cases, the contract language states “no charge” for all types of medical record copies, including those for audits. Without restrictions that hold payers accountable, large volumes of requests create more work for HIM departments and the cost to produce records shifts to the provider. In our experience, strong language in the medical records section forces the payer to be more selective, which reduces the number of audits for the provider.

Finally, providers need to understand the importance of the language in managed care contracts and promote communication between HIM and managed care teams. One effective practice is to bring the teams together on a regular basis to raise awareness about the types of requests from various payers. We’ve found that communication between managed care and HIM results in stronger contracts and reduced record requests.

Promote Education, Communication, and Collaboration Regarding Record Access

Be aware that some payers are attempting to negotiate direct access to the health system electronic health record (EHR), which poses increased financial and compliance risk. My company recently worked with an organization to evaluate the process for handling risk adjustment reviews. Under pressure from payers and vendors, they had agreed to grant EHR access despite security and compliance concerns.

Through education and best practices, we collaborated to establish rates for release of medical records and reasonable time frames. And due to multiple risks—security, privacy, and patient satisfaction—the decision was made to shut down direct access to the EHR. Risk adjustment reviews are now handled through efficient, cost-effective workflows that alleviate the burden on HIM.

By implementing these three strategies, HIM leaders can better manage payer demands, set realistic payer expectations, and effectively balance their ROI team’s workload in the year ahead.


Greg Ford is director of requester relations and receivables administration at MRO. He serves as a liaison between MRO’s healthcare provider clients and payers requesting large volumes of medical records for purposes of post-payment audits, as well as HEDIS and risk adjustment reviews.

Legal Disclaimer

The views and opinions expressed in this article are those of the author and do not necessarily reflect or represent the views, opinions, or policies of MRO Corporation.

Syndicated from

Translate »
%d bloggers like this: