Residency Advisor
The fear of getting audited is doing more to crush new private practices than the actual audits.
You’re not crazy for being scared. You finished residency, survived hospital nonsense, and now you’re supposed to open a practice while imagining the IRS, CMS, state medical board, and every three-letter agency you’ve ever heard of waiting to pounce the second you send your first bill.
Let’s talk about how likely audits actually are, what realistically triggers them, and how much of your fear is valid vs just your brain doing its usual worst‑case‑scenario Olympics.
The uncomfortable truth: yes, you can be audited… but it’s not as inevitable as it feels
I’ve watched new attendings delay opening their practice for years because they’re convinced, deep down, they’ll mess up a code or a form and lose everything.
Here’s the part no one tells you: the system is built around catching patterns, not sniping one random new doctor quietly seeing 12 patients a day in a two-room office.
Are you 100% safe? No.
Are you as exposed as your brain is telling you at 2 a.m.? Also no.
Think of audits like this:
Most new practices never get a full-blown, life‑ruining audit in their first few years. Many get minor requests, chart reviews, or pre‑payment reviews. Annoying? Yes. Practice‑ending? Usually not.
To ground this a bit, here’s a rough way to think about comparative risk—not exact numbers, but very realistic patterns I’ve seen in real life:
| Situation | Relative Risk of Attention |
|---|---|
| Normal billing, average volumes | Low |
| Very high billing vs peers | High |
| Lots of high-level codes (99214/99215) | Moderate–High |
| Repeated patient/competitor complaints | High |
| Clean billing + compliance help | Very Low |
You’re not flipping a switch labeled “open practice → instant audit.” You’re entering a world where scrutiny exists, but it’s largely pattern‑driven and complaint‑driven.
Who’s actually watching you? (And how scared should you be of each?)
Your anxiety probably lumps everything into one big monster. “Regulatory trouble.” Let’s separate the monsters.
1. Payers (Medicare, Medicaid, Commercial Insurances)
These are the ones most people mean when they talk about “audits.”
Medicare and Medicaid are data nerds. They compare you to your peers: same specialty, same region, similar patient population. If you look drastically different, a flag can go up.
Common ways they look at you:
- Are you using way more level 4/5 codes than peers?
- Are you billing unusual combinations (e.g., lots of E/M + procedures together)?
- Are your volumes unrealistic (like 80+ “face‑to‑face” encounters every day)?
- Are you suddenly billing a lot of something lucrative (e.g., certain injections, infusions, tests) out of nowhere?
Commercial payers behave similarly, but they’re more variable. Some are aggressive, some barely move.
So how likely is a new practice to get payer attention early on?
Honestly? If your volumes are low and your coding is conservative, your risk is pretty low. Early on, they don’t have enough data to call you an outlier unless you’re doing something wildly off.
2. State Medical Board
This is the one that hits the deepest fear: “I’ll lose my license.”
They’re not sitting around proactively analyzing your billing data. They usually show up when:
- A patient files a complaint
- A colleague or staff member reports you
- A hospital or payer refers them due to concern about quality, impairment, or fraud
- There’s a serious adverse outcome and someone is angry enough to escalate
Here’s the key: the medical board is more about clinical behavior, professionalism, impairment, and safety. They’re not the primary actors for routine billing audits. Can billing issues eventually lead to board trouble? Yes. But it’s usually after someone else has already made noise.
3. The IRS
This is more “tax audit” than “medical audit,” but your brain probably doesn’t care about the distinction at 1 a.m.
IRS audits for small professional practices are statistically not very common, but when they happen, they’re about:
- Underreporting income
- Sloppy or nonexistent bookkeeping
- Aggressive deductions with no documentation
None of that is specific to doctors. It’s just… business owner stuff.
4. OSHA, HIPAA, and Random Alphabet Soup
These feel scarier in your head than they often are in reality.
Most HIPAA “audits” in small practices come after:
- A complaint (a patient, a disgruntled employee)
- A reported breach (lost laptop, fax to wrong number, etc.)
OSHA? Usually triggered by:
- A complaint
- A serious injury event
- Or you completely ignoring basic safety standards
In other words: they’re not knocking on day one just because you opened.
The triggers you think cause audits vs the ones that actually do
Your brain’s version:
“If I miscode a visit once, I’ll get audited, they’ll say it’s fraud, and I’ll lose everything.”
Reality is dumber and more boring. Audits are mostly about patterns, not one-off mistakes.
Let me be blunt about the big triggers I’ve seen:
Being a statistical outlier
You’re consistently above your peers on:- Level of service (always billing 99215s)
- Number of visits per day
- Number of procedures per patient
- Use of certain high‑dollar codes
Sudden spikes in billing patterns
You go from modest billing to massive amounts of some lucrative service all at once.Lots of complaints
Multiple patients or staff say:- “They billed me for visits I never had.”
- “They billed tests I never got.”
- “They pressured me into unnecessary services.”
Sloppy or copied documentation
Same note for every patient. No clear MDM. Cut‑and‑paste disasters. Templates that don’t match what actually happened.Working with shady billers or management companies
This one is huge and underrated. I’ve seen more new docs get pulled into trouble because they outsourced billing to someone who “knew how to maximize revenue” and actually just knew how to piss off payers.
On the other hand, the tiny things you’re obsessing over:
- You accidentally used 25 modifier incorrectly once
- You miscounted ROS on one chart
- You clicked 99214 instead of 99213 a few times in your first month
Those are not what sinks a practice. That’s normal error territory, not fraud territory.
How often do new practices actually get audited?
There isn’t a single clean statistic that says, “X% of new practices get audited in 2 years.” But based on what I’ve seen across specialties:
Most new outpatient practices will see some form of payer review or records request within the first few years. That might be:
- A pre‑payment review on a small batch of claims
- A request for chart notes supporting specific codes
- A post‑payment review of selected services
That’s a hassle. It’s stressful. But it’s not necessarily a death sentence.
To give your anxious brain something visual to hold onto:
| Category | Value |
|---|---|
| No extra review | 40 |
| Limited chart requests | 35 |
| Pre-payment review | 20 |
| Full audit | 5 |
Is that exact? No. But that distribution is very close to what I’ve watched play out informally.
Notice: the majority is either no extra review or small chart checks. Full audits? Rare, especially early, unless you’re doing something that looks extreme.
What actually happens if they do audit you?
This is the other horror movie your brain runs: men in suits, doors kicked in, handcuffs, your name on the news.
Most real audits are painfully anticlimactic. They send a letter. They request specific charts. They may hold or recoup payments. You (or your attorney/compliance person) respond. There’s back and forth. Sometimes over months.
The common outcomes:
- They say, “You supported these; these others are down‑coded; you owe us back $X.”
- They may put you on a form of “education + monitoring” — more eyes on your future claims for a while.
- They may flag you in their system as someone to check in on again.
Nuclear outcomes like:
- Accusations of fraud
- Referral to law enforcement
- Exclusion from Medicare/Medicaid
Those usually come after clear, repeated, egregious patterns — not messy rookie charting.
Concrete ways to lower your audit risk without losing your mind
Let’s get tactical, because that’s usually what calms the worst anxiety: “Here is what I can actually do.”
1. Stop trying to be a coding hero in year one
You don’t need to squeeze every nickel out of every visit in your first year. Slight undercoding is not ideal long‑term, but it’s a million times better than aggressive overcoding with weak documentation.
If you’re not sure a visit really justifies level 4/5? Code it lower.
You can get more sophisticated later as your documentation and coding skills sharpen.
2. Get someone competent to review your patterns early
Pay for a coding/compliance consultant to:
- Look at a sample of your notes and claims
- Compare your level distribution to benchmarks for your specialty
- Flag obvious issues before a payer does
It’s not cheap, but compared to the mental load you’re carrying, it’s honestly priceless.
3. Pick your biller very carefully
If a billing service or practice manager says things like:
- “We know how to maximize billing; we’ll get you way more than your peers”
- “Don’t worry about the details, we’ll handle everything”
- “Everyone does it this way”
Run.
You want boring, meticulous, slightly annoying billers who:
- Ask you to document more
- Push back when codes don’t match notes
- Talk about compliance like it actually matters
4. Clean, honest documentation beats fancy templates
Your goal with charting from an audit standpoint is simple:
If a stranger reads this chart 2 years from now, can they clearly see:
- Why the patient came in
- What you thought might be going on
- What you did and why
- Why the level of service you billed made sense
Forget perfection. Think “defensible.”
5. Don’t ignore letters
This one’s obvious, but I’ve seen people do it. A payer sends you:
- “Request for medical records”
- “Notice of review”
- “Overpayment demand”
Your anxiety says, “Avoid, avoid, avoid.” You toss it in a pile. Time passes. That’s when things escalate.
Open the thing. Loop in your biller. If it’s more than a tiny issue, loop in a healthcare attorney. Respond on time. Document everything.
The part no one says: some anxiety is actually protective
You being worried about audits? That’s not entirely bad.
The overconfident, “no one will ever check this” people are the ones who get crushed when a payer finally does look. They’ve been sloppy for years.
Your anxiety makes you:
- Double‑check your codes
- Ask questions
- Document more thoroughly
- Think twice before listening to some sketchy revenue‑maximizer
The goal isn’t to feel zero fear. It’s to keep it at “this makes me careful,” not “this paralyzes me into not opening or not billing honestly for what I do.”
A quick visual reality check: where your energy should go
](https://cdn.residencyadvisor.com/images/articles_svg/chart-where-new-practice-anxiety-goes-vs-where-risk-actu-3096.svg "Where New Practice Anxiety Goes vs Where Risk Actually Is")
| Category | Value |
|---|---|
| Tiny coding errors | 35 |
| One-off chart mistakes | 25 |
| Documentation patterns | 15 |
| Billing pattern outliers | 15 |
| [Staff/biller issues](https://residencyadvisor.com/resources/starting-private-practice/what-if-my-first-staff-hire-is-a-disaster-recovery-plans-for-new-owners) | 10 |
Most new docs obsess over tiny coding errors and one‑off mistakes. The real long‑term risk lives in patterns and people: your overall documentation habits, your overall billing distribution, and who you trust with your claims.
You can start small and still be safe
You don’t have to open your doors with a perfect compliance program and 200‑page manual.
For a brand‑new solo or small group practice, I’d want you to at least have:
- A basic written compliance policy (even if it’s 5–10 pages and evolving)
- A coding/billing review within your first 6–12 months
- A biller or staff who’s been walked through “we do not play games with codes”
- A plan for record requests (who pulls charts, who responds, who tracks deadlines)
You can grow the rest over time. You’re allowed to build this gradually without being reckless.
FAQ (you’re probably still worrying about these)
1. Can one honest mistake really get me accused of fraud?
No. Fraud requires intent or at least reckless disregard. One or a few honest mistakes, especially early on, are basically expected. Patterns of repeated, obvious overbilling with no supporting documentation for years? Different story. Your anxious brain is shrinking “pattern over years” into “clicked wrong code once.”
2. Are new practices more likely to be audited just because they’re new?
Not usually. If anything, your low early volumes make you less interesting from a data standpoint. Payers need enough claims to see a pattern. You’re riskier if, as you grow, your billing looks very different from your peers or suddenly spikes in certain high‑revenue areas.
3. Will asking a coding consultant or healthcare attorney for help “put me on the radar”?
No. That’s not how this works. They’re not reporting you just because you asked questions. If anything, having documented evidence that you sought compliance advice makes you look more responsible if your charts are ever reviewed later.
4. Should I avoid certain codes or services because they’re “audit magnets”?
Some codes do draw more scrutiny (high‑level E/M, certain procedures, chronic care management, some infusions). That doesn’t mean you should never use them. It means: only bill them when they’re clearly appropriate, and document them like someone skeptical will read them later. Avoiding necessary services out of fear is not better medicine and won’t save you if your patterns are still weird.
5. What’s the one thing I can do this month that will most reduce my audit anxiety?
Pick 10–20 recent charts, sit down with a coder or billing‑savvy colleague, and have them walk through your codes vs documentation. Get real feedback on where you’re solid and where you’re vulnerable. Vague fear hates specific information. Once you see what’s actually there, you’ll know whether you need a few tweaks or a bigger overhaul—and either way, you’re not just sitting in the dark.
Bottom line:
You’re not crazy for being afraid. Audits exist. People do get burned. But most of the horror stories involve long‑term patterns, arrogance, or willful blindness—not a careful new doc trying to build an honest practice.
If you (1) stay slightly conservative early, (2) get real eyes on your coding and patterns, and (3) choose boring, ethical billers over “revenue ninjas,” you’re already miles away from the real danger zone.
