March 19, 2026 admin
FREE CASE EVALUATION

Prominently Featured In:

CNN
Netflix
Newsweek
Business Insider
Time

What Should I Do When a Commercial Insurance Carrier Wants to Audit My Patient Charts?

The Letter Has Already Decided Something

The audit is not the beginning. By the time the letter arrives from the carrier’s Program Integrity or Special Investigations Unit requesting thirty or sixty or ninety patient charts, the carrier has already constructed a statistical portrait of your practice, compared your prescribing volume against every other provider in your specialty and region, and determined that the portrait contains an irregularity worth examining with clinical records in hand. The letter is not a question. It is a confirmation of a question the carrier answered internally before the envelope was sealed.

One does not receive an audit notification because a claims analyst selected a name at random from the provider directory. Commercial carriers deploy algorithmic surveillance across their networks, measuring claim frequency, diagnostic clustering, controlled substance volume, and the ratio of new patient encounters to established patient visits. When a physician’s profile deviates from the carrier’s proprietary peer benchmarks (and the specific thresholds that trigger an audit are never disclosed to the provider, never published in the provider manual, and never subject to independent review), the deviation generates an internal referral. The audit letter follows. What preceded the letter is a determination that your practice warrants scrutiny.

Your Provider Agreement Already Answered the Question

The right to audit is contractual. When you credentialed with the carrier and executed the provider participation agreement, you consented to periodic audits of clinical records, billing documentation, and coding accuracy. The relevant clause appears in Section 4 or Section 7 or Section 12 of an agreement that runs forty to seventy pages and that most physicians sign on the day they are told their credentialing has been approved, between the second and third patients of the afternoon. The clause permits the carrier to request records, to conduct on-site or desk audits, to retain third-party auditing firms, and to extrapolate findings from a sample of reviewed charts to the full population of claims submitted during the audit period.

You agreed to this. The question is not whether you must respond. You must. The question is how you respond, and in what sequence, and with what protections in place before the first chart leaves your office.

The Carrier Employs Former Federal Agents

The composition of a commercial carrier’s Special Investigations Unit is not what most physicians expect. The individuals reviewing your charts or directing the review of your charts are, in a significant number of cases, former investigators from the FBI, the DEA’s Diversion Control Division, the Office of Inspector General, or state Medicaid Fraud Control Units. They were recruited by the carrier precisely because they possess the training, the investigative methodology, and the professional networks that connect private insurance fraud detection to federal law enforcement. An SIU analyst who identifies what the carrier characterizes as a credible allegation of fraud is required, under the fraud prevention plans mandated by state insurance regulators, to refer the matter to the appropriate law enforcement agency within thirty days of that determination.

And the determination of what constitutes a credible allegation is made by the carrier. Not by you. Not by a neutral adjudicator. The same entity that initiated the audit, selected the charts, and chose the auditing criteria also decides whether the audit findings warrant a referral to the United States Attorney’s Office.

What the Audit Measures and What It Conceals

The stated purpose of the audit is medical necessity review or coding accuracy verification. The carrier will request clinical records for a defined set of patients and a defined period, typically three to six years. A third-party auditing firm or the carrier’s own clinical reviewers will assess whether the documentation in the chart supports the diagnosis codes billed, whether the level of service coded is consistent with the clinical encounter documented, and whether the medical necessity standard the carrier applies was satisfied by the treatment rendered.

This is the visible architecture of the audit. Beneath it operates a secondary analysis the carrier does not describe in the audit letter. The carrier is also examining the relationship between your prescribing patterns and the prescribing patterns of the other physicians in your network, the percentage of your patient panel receiving controlled substances, the duration of controlled substance therapy across your patient base, the frequency with which your patients present to emergency departments or are prescribed naloxone, and whether your billing patterns correlate with patterns the carrier’s fraud models have identified in prior cases that resulted in criminal referrals. The carrier does not inform you that this secondary analysis is occurring. The audit letter describes a chart review. The carrier is conducting an investigation.

You are preparing for a documentation audit. The carrier may be preparing a referral.

Do Not Respond Before You Understand the Risk

We have represented physicians who received audit letters and responded within forty-eight hours, producing every chart requested with a detailed cover letter explaining their clinical methodology, their patient population, their approach to pain management, and the reasons their prescribing volume exceeded regional averages. The cover letter was written without counsel. It was thorough, articulate, and sincere. It became Exhibit 14 in a federal indictment eighteen months later, because the government treated it not as a physician’s explanation but as a pre-investigation statement that could be compared, line by line, against patient records, PDMP data, and pharmacy dispensing logs the physician had never seen.

But the impulse to explain is not the gravest error. The gravest error is altering records. A physician who receives an audit notification and reviews the requested charts will, in some cases, identify documentation that was sufficient at the time of the encounter but appears insufficient under the retrospective scrutiny of an audit. The temptation to supplement a chart note, to add a line of clinical reasoning that was present in the physician’s mind but absent from the record, is a temptation that transforms a civil audit into a criminal matter. The Office of Inspector General treats the post-notification amendment of medical records as falsification. The original documentation deficiency was a reimbursement problem. The amendment is a felony.

FREE CONSULTATION

Need Help With Your Case?

Don't face criminal charges alone. Our experienced defense attorneys are ready to fight for your rights and freedom.

  • 100% Confidential
  • Response Within 1 Hour
  • No Obligation Consultation

Or call us directly:

(212) 300-5196

The Sequence That Protects You

Contact counsel before you produce a single page. Not after you have reviewed the charts yourself. Not after you have discussed the audit with your office manager or your billing company. Before. The reason is structural, not procedural. An internal review of the charts requested by the carrier, conducted under the direction and at the instruction of legal counsel, is protected by the attorney-client privilege. The same review, conducted by the physician or the physician’s staff without counsel’s involvement, is not. If the audit escalates to a federal investigation, the government can compel production of your unprivileged internal review, including every note you made, every deficiency you identified, every concern you documented about your own records. The government cannot compel production of a privileged review. This distinction is the difference between identifying your vulnerabilities for your own defense and identifying them for the prosecution.

Counsel will evaluate the audit request against the specific terms of your provider agreement, determine whether the scope of the carrier’s request is authorized by the agreement or exceeds it, identify the applicable state and federal timelines for response, and assess whether the audit presents indicators of a concurrent or anticipated law enforcement referral. In nine controlled substance audit matters we have handled since 2024, the carrier had already communicated with a law enforcement agency before the physician responded to the audit letter in four of them. The physician did not know. The audit letter did not say.

Extrapolation Is Where the Numbers Become Severe

If the carrier’s review identifies overpayments in the sample of charts audited, the carrier will, in most cases, extrapolate those findings across the full universe of claims you submitted during the audit period. A sample of forty charts producing an average overpayment of $387 per chart, applied to a universe of 2,200 claims over a four-year audit period, generates a recoupment demand of $851,400. The extrapolation methodology is governed by the carrier’s internal statistical standards, not by federal evidentiary rules. The provider agreement you signed authorizes this methodology. The appeal rights you possess under the agreement permit you to challenge the extrapolation, but the challenge must address the statistical validity of the sample, the methodology of the extrapolation, and the clinical determinations underlying each individual chart finding.

The physician who responds to an extrapolated demand without counsel typically focuses on the clinical merits of individual chart determinations. That focus is necessary but insufficient. The statistical methodology is where extrapolated demands are reduced or overturned, and challenging that methodology requires expertise in biostatistics that most healthcare attorneys retain through expert consultants.

The Referral You Will Not See

I have written elsewhere about the indicators that a medical practice is under federal investigation. What distinguishes the insurance audit from other forms of scrutiny is that the audit itself functions as both the investigation and the mechanism for generating evidence that a separate investigation will use. The charts you produce in response to the audit request become part of the carrier’s file. The carrier’s file, including your charts, your billing records, and your response to any overpayment demand, is the file the carrier transmits to the DEA or the OIG or the FBI when it makes a referral. You supplied the evidence. You supplied it voluntarily, pursuant to your contractual obligations, without the protections that would attend a grand jury subpoena or a search warrant.

The Supreme Court held in Ruan v. United States that a physician charged under the Controlled Substances Act may assert a good-faith defense, and that the government must prove beyond a reasonable doubt that the physician knew or intended that the prescribing fell outside the bounds of professional practice. That holding protects physicians at trial. It does not protect them during the audit, which occurs years before any criminal charge and which generates the documentary record on which the charge will be built. The defense that matters at the audit stage is not a legal defense. It is the decision to respond in a manner that preserves every defense the law provides, rather than in a manner that forecloses them.

Todd Spodek
DEFENSE TEAM SPOTLIGHT

Todd Spodek

Lead Attorney & Founder

Featured on Netflix's "Inventing Anna," Todd Spodek brings decades of high-stakes criminal defense experience. His aggressive approach has secured dismissals and acquittals in cases others deemed unwinnable.

NY Bar Admitted Multi-State Licensed Federal Courts
Meet the Full Team

What the Audit Cannot Compel

The provider agreement requires you to produce records. It does not require you to produce statements, explanations, narratives, or admissions. A physician who submits the requested charts has satisfied the contractual obligation. A physician who submits the requested charts accompanied by a letter explaining clinical decisions, describing the patient population, or justifying prescribing patterns has gone beyond the contractual obligation and has produced a document that the carrier, and any law enforcement agency to which the carrier refers the matter, will treat as a voluntary statement.

The agreement does not require you to submit to an interview with the carrier’s SIU investigators. If the carrier requests an interview, the request should be declined until counsel can assess the purpose of the interview, the scope of the carrier’s investigation, and whether the interview is being requested in connection with a fraud referral that has already been made or is anticipated. The right to decline an interview is not adversarial. It is the same right that every provider agreement implicitly preserves by limiting the cooperation requirement to the production of records.

Nor does the agreement require you to waive any privilege. Communications between you and your attorney regarding the audit, the internal review of charts, and the strategy for responding to the carrier’s findings are privileged. The carrier cannot require you to disclose the substance of those communications as a condition of the audit. If the carrier’s audit letter or subsequent correspondence requests information that would require the disclosure of privileged material, the request exceeds the carrier’s contractual authority.

The Conversation Before the Response

A commercial insurance audit of patient charts is a contractual event that occurs within a regulatory environment in which the carrier maintains relationships with every federal agency that investigates healthcare fraud. The audit may conclude with no adverse finding. It may conclude with a modest recoupment demand. It may conclude with a referral that initiates an investigation consuming years of the physician’s professional life. The physician who treats the audit as an administrative inconvenience and the physician who treats it as a potential federal matter will respond in materially different ways. Only one of those responses preserves every protection the law affords.

A consultation with counsel experienced in insurance audit defense and DEA regulatory matters is where the response acquires its architecture. The consultation precedes the response. It precedes the internal review. It precedes every decision the physician will make about the audit, because each of those decisions carries consequences that are invisible at the time they are made and irrevocable once the carrier has the charts in hand.

Share This Article:
Todd Spodek
ABOUT THE AUTHOR

Todd Spodek

Managing Partner

With decades of experience in high-stakes federal criminal defense, Todd Spodek has built a reputation for aggressive, strategic representation. Featured on Netflix's "Inventing Anna," he has successfully defended clients facing federal charges, white-collar allegations, and complex criminal cases in federal courts nationwide.

Bar Admissions: New York State Bar New Jersey State Bar U.S. District Court, SDNY U.S. District Court, EDNY
View Attorney Profile

Related Articles

Federal Lawyers By The Numbers

36 Cases Handled This Year and counting
15,536+ Total Clients Served since 2005
95% Case Success Rate dismissals & reduced charges
50+ Years Combined Experience in criminal defense

Data as of February 2026

URGENT

Take Control of Your Situation

Our team is standing by to discuss your legal options

Talk to an Attorney Now (212) 300-5196

Get Advice From An Experienced Criminal Defense Lawyer

All You Have To Do Is Call (212) 300-5196 To Receive Your Free Case Evaluation.

Free Consultation (212) 300-5196