Audits are an important part of a compliance program and help monitor compliance obligations, identify non-compliance, and quantify overpayments. But, planning the audit is often just as important as the audit itself. One of the most important steps in the pre-audit planning process is selecting the audit sample.
Sampling is used when it is cost-prohibitive or unrealistic to review every piece of data for a particular issue. For example, if you’re auditing claims submitted for a particular service, it’s unlikely you have the resources to review every claim submitted for that service. Even if you can, other important elements or risk mitigation strategies in your compliance work plan may suffer as a result. Selecting an audit sample that gives you reasonable confidence it’s relevant to the issue being audited is key to ensuring the audit achieves its intended goal.
For most issues, especially those you are proactively auditing, your audit can start with a probe sample. A probe sample is a relatively small data set used to determine the error rate. If an audit of the probe sample reveals the error rate is insignificant, the audit can typically conclude without further inquiry. There is no hard and fast rule on what is considered an “insignificant” error rate, and it may vary depending on the issue and data subset you’re auditing. A good rule of thumb, however, is five percent (5%) or less, meaning if the error rate is more than five percent (5%) further inquiry is needed.
The size of the probe sample will vary depending on what’s being audited; however, a minimum sample size of between 30 and 50 is often recommended due to prior OIG guidance. You want to ensure you capture data from all individuals, payers, and service types involved in the particular issue you’re auditing. For example, if you’re auditing claims submitted on behalf of individual providers, the OIG has previously recommended starting with five to ten records per federal government healthcare payer per individual provider or at least five claims per service type. The size of the data set may also be higher if the issue being audited is identified as “high risk”.
After you have determined the sample size, it’s important you select the data set in a randomized manner. How the sample is selected will likely depend on what you are auditing. Randomized number generators are sometimes used in this process, assuming the data set can be assigned numbers from which to pull the sample.
If your probe sample reveals an error rate that’s not insignificant, further analysis is needed which will likely involve reviewing a much larger sample, or in some cases if feasible, all data items involved. This is especially the case if the identified error results in an overpayment since the organization has an obligation to investigate and return overpayments. If you are using an external auditor, they will likely guide you in this process. If you’re performing this audit internally, you should contact your legal counsel or outside audit consultants for additional guidance.
Selecting the sample is only one of several factors you must consider before you start an audit. Our podcast this week discusses the importance of pre-audit planning and five important questions to answer before you start your audit.