Chapter 4: Evaluation Processes, Investigations, and Noncompliance Response

Resource: Sample Compliance Program Audit Plan

Audit Subject



Lead Person Responsible


Projected Timing

Medical Necessity of Diagnostic CT and MRI

To determine compliance with CMS guidelines including physician order, place of service, prior authorization, documentation requirements, specificity of exam, etc.

Small physician practice may be 100% prospective review with large organizations at 10% prospective review



1st Quarter

Exclusion Review of Employees, Contractors, Vendors

To validate that exclusion review is being performed at hire and every 30 days on physicians, employees, contractors, vendors

100% review of exclusion monitoring reports for past 12 months; validate a random sample of exclusion reviews reported



1st Quarter

Evaluation & Management Documentation & Coding

To determine compliance with E/M coding guidelines.

Retrospective review of medical records with DOS January 1-March 31, 20xx

Statistically valid random sample



2nd Quarter

Physician Contract Review

To assess compliance with Stark and/or Anti-Kickback Statute; to assess compliance with terms of contract; to review physician compensation

Small physician practice – all contracts. Large organization – random sample


Compliance and Legal

3rd Quarter

HIPAA Privacy & Security Measures Implemented for Telehealth

To determine if provider is using approved telehealth platform; to determine whether a BAA exists; to determine if informed consent for telemedicine was obtained from the patient; to determine whether a system for monitoring communications containing ePHI have been implemented; to determine whether only authorized users have access to ePHI

Statistically valid random sample


Privacy and Compliance

4th Quarter

This document is only available to subscribers. Please log in or purchase access.