Strategy, Legal & Operations

Medicaid audit checklist: How to prepare your senior living organization

Medicaid audits often create financial anxiety for senior living organizations, as even small documentation issues can add up quickly once findings are applied across multiple claims. A straightforward audit checklist helps you stay in control by keeping records organized, accurate, and ready when reviewers ask for them. By focusing on the right steps early, facilities can approach audits with confidence and protect their reimbursement revenue.

April 24, 202611 min read Share

If your senior living facility is selected for a Medicaid audit, you have 30 days to submit comprehensive documentation to support the legitimacy and accuracy of your transactions.

This means ensuring that your records can withstand scrutiny and that you can hand over everything the auditor requests. 

Medicaid audits can be anxiety-inducing, as the extrapolation of sample findings can transform minor documentation gaps into significant overpayment demands.

However, with systematic preparation and a clear Medicaid audit checklist, senior living organizations like yours can navigate audits by the Centers for Medicare & Medicaid Services (CMS) confidently while maintaining compliance with federal and state requirements. 

Here’s what we’ll cover:

What triggers a Medicaid audit? 

Some Medicaid audits are random, but often, they’re targeted reviews based on identified red flags, which can include unusually hight billing or billing errors, ownership changes, complaints, or quality concerns.

Let’s take a closer look at some common audit triggers: 

• Patterns of unusually high billing: facilities billing significantly above peer averages for similar services attract scrutiny from state Medicaid agencies and Medicare Administrative Contractors (MACs). 

• Frequent billing errors: high claim denial rates or repeated corrections suggest systematic documentation or coding problems requiring investigation. 

• MDS inconsistencies: discrepancies between Minimum Data Set assessments and clinical documentation raise concerns about proper Patient-Driven Payment Model (PDPM) billing. 

• Ownership changes or restructuring: new leadership, acquisitions, or significant operational changes trigger revalidation reviews and increased oversight. 

• Quality measure concerns: low star ratings, repeated deficiencies, or Special Focus Facility designation will increase the likelihood of payment accuracy reviews. 

• Complaint-based referrals: reports from staff, residents, families, or competitors alleging improper billing can initiate investigations. 

• Statistical outlier identification: data analytics comparing facilities across multiple metrics identify providers whose patterns deviate from norms. 

According to recent CMS audit activity reports, improper payments in the nursing home sector alone have risen nearly 10%, intensifying oversight efforts.

Skilled nursing facilities continue to lead in documentation errors, making proactive compliance systems essential for protecting reimbursement. 

Overview of the Medicaid audit process 

Medicaid audits follow a predictable sequence, and understanding what to expect reduces anxiety and allows for better preparation.

While timelines vary by state and audit type, most audits span 30 to 90 days from notification to final determination. 

These are the five steps you can expect to occur during an audit: 

1. Medicaid audit notification and scope 

The process begins when your facility receives written notification identifying the audit scope, requested documentation, and submission deadlines.

The notification specifies which time period, service types, and sampling methodology will be used.

Most states provide at least 30 days’ notice before the actual audits begin, unless fraud is suspected or urgent health and safety concerns exist. 

You’ll need to review the notification immediately to understand exactly what auditors are requesting and when responses are due. 

2. Document submission and initial review 

Next, you’ll submit the requested records. These typically include resident charts, billing documentation, policies, and financial records, and you’ll be expected to submit them either electronically through state portals or via certified mail.

From there, the auditors will conduct a preliminary review to verify completeness and identify missing documentation. 

Keep in mind that missing or incomplete records trigger follow-up requests. 

Facilities generally receive additional time to provide supplemental documentation, but delays increase the likelihood of claim denials for insufficient evidence. 

3. Desk review or on-site visit 

Auditors analyze submitted documentation through desk reviews conducted remotely or on-site visits to your facility.

They verify that services billed match clinical documentation, treatment plans are appropriate, and coding accurately reflects the care provided. 

During on-site visits, auditors may interview staff, observe operations, and request access to electronic health records systems. 

Designate a knowledgeable staff member as the primary audit contact to ensure consistent communication. 

4. Preliminary findings and provider response 

Auditors issue preliminary findings identifying discrepancies, overpayments, and compliance concerns.

Facilities receive detailed explanations of identified issues and calculated overpayment amounts based on sample extrapolation. 

You typically have 30 to 60 days to respond to preliminary findings with additional documentation, clarifications, or rebuttals.

This response period is a critical opportunity to correct misunderstandings before final determinations. 

5. Final determination and corrective actions 

After reviewing provider responses, auditors issue their final determinations outlining confirmed overpayments, required refunds, and necessary corrective actions.

Facilities can appeal final determinations through administrative hearing processes, though timelines for filing appeals are strict. 

Corrective action plans may require policy revisions, staff training, improved documentation practices, or implementation of compliance monitoring systems. 

Medicaid audit requirements: Key documents and data you need 

Organized, complete records form the foundation of a successful audit defense.

Senior living facilities must maintain comprehensive documentation for five to seven years, depending on state requirements and payer contracts. 

Essential document categories include: 

• Resident admission and assessment records: initial assessments, care plans, quarterly reviews, MDS submissions, and discharge summaries demonstrating medical necessity and appropriate level of care.

• Clinical documentation: physician orders, progress notes, nursing assessments, therapy evaluations, medication administration records, and treatment documentation supporting all billed services.

• Billing and coding records: itemized claims, Current Procedural Terminology (CPT) and International Classification of Diseases (ICD) codes, remittance advices, explanations of benefits, and documentation linking each billed service to clinical records. 

• Authorizations and certifications: prior authorization approvals, physician certifications and recertifications, consent forms, and authorization renewals. 

• Staff credentials and training: professional licenses, certifications, competency evaluations, initial training records, annual continuing education, and personnel files for all staff providing billable services.

• Policies and procedures: current compliance policies, billing procedures, documentation standards, and evidence of regular policy reviews and updates.

• Financial records: cost reports, budget documentation, accounts receivable aging, payment reconciliations, and audit trails connecting financial statements to clinical services.

Digital organization with standardized naming conventions, logical folder structures, and indexed searchable files streamlines audit responses.

Maintain both original records and organized copies to avoid disrupting ongoing operations during document submission. 

Steps to create your Medicaid audit checklist 

A systematic Medicaid audit checklist transforms overwhelming preparation into manageable tasks. Use these five steps to build audit-readiness into routine operations: 

1. Gather financial and patient records 

Compile comprehensive documentation organized by resident, date of service, and billing period.

Create master spreadsheets linking resident identifiers to service dates, billed amounts, and document locations. 

Ensure both electronic and paper records are accessible, properly secured, and backed up. 

Investing in searchable digital document management systems is recommended, as they dramatically reduce the time spent locating specific records when auditors make requests.

This is because they allow you to tag records with multiple identifiers, including the resident name, medical record number, date of service, and service type, so you can retrieve documentation quickly regardless of how auditors reference it. 

2. Verify billing codes and treatment documentation 

Cross-check every billed service against clinical documentation to confirm accuracy:  

• Match CPT codes to physician orders and treatment notes. 

• Verify that ICD diagnosis codes support medical necessity for services provided. 

• Review modifier use to ensure proper application. 

Conduct sample audits on your own by using the same methodology that Medicaid auditors employ.

For instance, try pulling random claims from different time periods and different payers to help identify systematic errors before external auditors discover them. 

3. Check signatures and authorizations 

Verify that all required signatures, dates, and credentials appear on clinical documentation.

Confirm that physician orders are signed and dated within required timeframes, and check to ensure that prior authorizations were obtained before services were provided and remained current throughout treatment periods. 

Missing signatures represent one of the most common and most preventable audit findings.

Implementing real-time signature verification systems that flag unsigned documentation immediately can prevent gaps from being discovered months later during audits. 

4. Prepare internal control reviews 

Document your facility’s internal quality assurance activities. 

Maintain records of chart audits, billing reviews, coding accuracy assessments, and compliance committee meetings. Keep logs of identified issues and corrective actions taken. 

Demonstrating ongoing compliance monitoring shows auditors your facility takes regulatory requirements seriously and actively works to prevent errors rather than simply responding after problems surface. 

5. Maintain up-to-date policies and staff training 

Ensure compliance policies reflect current federal regulations, state requirements, and CMS audit protocols.

Document all staff training on billing compliance, documentation standards, and regulatory changes, and schedule annual compliance refreshers and targeted training when new requirements take effect. 

It’s always best practice to maintain training attendance records, testing results, and competency evaluations under normal circumstances.

But when auditors question why errors occurred, being able to show that your facility has a solid training program can help mitigate findings by demonstrating good-faith compliance efforts. 

What are the best practices to stay compliant with CMS audit protocols?

Some of the most important best practices for CMS compliance include carrying out regular internal audits, tracking billing patterns and key metrics, keeping thorough records, staying up-to-date with CMS guidance, and creating audit-ready systems.

Proactive compliance reduces audit risk and builds accountability systems that protect your organization long-term. 

Here’s a more detailed breakdown of key best practices to consider: 

• Conducting quarterly internal audits: regular self-audits using CMS methodologies identify vulnerabilities before external reviewers find them. Focus audits on high-risk areas like MDS accuracy, therapy documentation, and new admission billing. 

• Monitoring billing patterns: track key metrics including average length of stay, case mix index, therapy utilization rates, and claim denial percentages. Investigate significant deviations from facility norms or peer benchmarks. 

• Staying current with CMS guidance: subscribe to CMS updates, MAC newsletters, and state Medicaid bulletins. Assign compliance staff to monitor regulatory changes and disseminate relevant updates to clinical and billing teams. 

• Documenting medical necessity thoroughly: make sure that clinical records clearly articulate why services were provided, how they relate to treatment goals, and what outcomes resulted. Vague documentation invites auditor skepticism. 

• Implementing strong segregation of duties: separate clinical documentation, coding, billing, and oversight functions to prevent conflicts of interest and ensure independent verification of accuracy. 

• Creating audit-ready document systems: organize records assuming they’ll be reviewed. If locating documentation for internal purposes proves difficult, imagine the challenge during time-pressured audit responses. 

• Establishing compliance committees: regular compliance meetings with representatives from clinical, financial, and administrative teams promote coordinated oversight and prompt issue resolution. 

• Maintaining Business Associate Agreements: verify current BAAs with all vendors accessing protected health information, including Electronic Health Records system providers, billing companies, and consultants. 

These habits transform compliance from reactive scrambling into an embedded organizational culture that naturally produces audit-ready documentation. 

What are the common mistakes to avoid during a Medicaid audit? 

Common mistakes that you’ll want to avoid during an audit include missing submission deadlines, chaotic, contradictory, or insufficient documentation, and failing to respond to preliminary findings.

Understanding frequent pitfalls can help you avoid preventable problems that worsen audit outcomes: 

• Delaying responses or missing deadlines: late or incomplete submissions often result in automatic claim denials. Auditors interpret delays as evasiveness or disorganization rather than normal operational constraints. 

• Submitting disorganized documentation: providing hundreds of unsorted pages forces auditors to piece together your story. Well-organized, clearly labeled submissions with cover sheets and indices demonstrate professionalism and can increase the likelihood of favorable reviews. 

• Failing to respond to preliminary findings: some facilities view preliminary findings as final determinations and don’t submit rebuttal responses. This silence forfeits opportunities to clarify misunderstandings or provide additional supporting evidence. 

• Providing contradictory information: inconsistencies between clinical documentation and responses to auditor questions raise red flags. Ensure all staff involved in audit responses communicate and align their information. 

• Overlooking extrapolation methodology challenges: when auditors use sampling and extrapolation, scrutinize their statistical methods. Improper sampling frames, incorrect calculations, or flawed assumptions can be challenged through appeals. 

• Neglecting to document corrective actions: when audits identify legitimate issues, thoroughly document remediation efforts. Future audits reviewing the same areas will expect evidence of corrections. 

Treat Medicaid audits as learning opportunities. Even audits with minimal findings reveal areas for strengthening internal controls and documentation practices. 

Final thoughts 

Medicaid audits represent significant compliance events that require systematic preparation and ongoing vigilance.

By understanding audit triggers, maintaining organized documentation, and implementing proactive compliance systems, senior living facilities like yours can approach audits with confidence rather than fear. 

Don’t let manual record-keeping and disconnected systems make audit preparation unnecessarily difficult. 

Senior living accounting software designed for health care organizations streamlines compliance through automation, centralized documentation, and comprehensive audit trails.

Sage Intacct provides HIPAA-compliant systems with advanced audit trail capabilities that track every transaction, built-in controls that prevent common billing errors, and real-time reporting that identifies potential compliance issues before audits begin.

With role-based access permissions, automated documentation workflows, and integration with clinical systems, specialized accounting platforms transform audit preparation from reactive scrambling into routine operational readiness. 

Medicaid audit FAQs