A Medicare compliance audit is far easier to survive when you have already done it to yourself first. This guide walks the preparation in order, so the records are in place before anyone asks for them. For how the 80/20 rule and other triggers work, read the Medicare compliance audit guide; for the care-plan documentation that draws scrutiny, see the PSR care-plan post. For the wider billing-compliance picture, see the Medicare and billing compliance pillar. This is the do-it-now procedure.
Before you begin
Get access to your own claiming data: the MBS items your practice and each provider bill most, by volume and by value. Know who bills under each provider number, and have your clinical records system open. The point of preparation is to look at your billing the way an auditor would, so you want the numbers and the notes side by side.
Step 1: Understand what triggers an audit and what it examines
Know how you come to attention before you try to prepare for it. Services Australia uses data-matching to flag billing that sits outside peer norms, and the Professional Services Review handles "inappropriate practice". The clearest hard trigger is the 80/20 rule: billing 80 or more professional attendances on each of 20 or more days in a 12-month period is an automatic, non-discretionary PSR referral.
Understand too that most compliance action is about inadvertent over-servicing and incorrect item selection, not fraud. That is good news: it means the fix is usually better record-keeping and item discipline, not a defence lawyer. Knowing the triggers tells you exactly where to point your self-audit.
Step 2: Self-audit your highest-risk billing
Do not audit everything; audit what auditors audit. Pull your claiming data and look hardest at the items that draw scrutiny: chronic disease management plans, time-tiered consultations (the long-consult items), telehealth, after-hours, and mental health treatment plans. Check your daily service counts against the 80/20 threshold for every provider, so a pattern surfaces in your report rather than in a referral letter.
Compare your billing mix against what is clinically plausible for your patient population. An item billed far more often than peers is not proof of anything, but it is exactly what data-matching flags, so it is where your evidence needs to be strongest.
Step 3: Check the clinical record supports every claim
This is where audits are won or lost. For a sample of your high-risk claims, confirm the clinical note actually justifies the MBS item billed: that the service was provided, that it met the full item descriptor, and that any time requirement for a time-based item is recorded. For care plans, confirm each one is individualised to the patient rather than a template with the name changed, which is the single most common reason a chronic-disease item fails review.
The test an auditor applies is simple: could someone reconstruct, from the note alone, that this exact item was warranted? If the note is thin, the item is at risk regardless of whether the care was good. Fix the records process now, not after a request for repayment.
Step 4: Correct errors and consider a voluntary acknowledgement
If your self-audit finds incorrect claiming, act on it rather than hoping it is not noticed. Identify the affected services, work out the value, and make a voluntary acknowledgement to Services Australia, repaying what was incorrectly claimed. A genuine, proactive disclosure is treated very differently from the same error found in an audit, and it can take a matter out of the escalation path entirely.
Document the error, the cause, and the fix. Showing that you found a problem and corrected it is evidence of a well-run billing system, which is the opposite of the picture that triggers enforcement.
Step 5: Make audit-readiness a standing system
A one-off clean-up before you feel nervous is not preparation; a routine is. Schedule a periodic self-audit (quarterly or six-monthly) of your high-risk items, give everyone who bills regular education on the item descriptors they use, and keep the evidence of both. Put the review dates in your compliance calendar so they happen on schedule rather than when someone remembers.
The aim is that an audit, if it ever comes, is a review of a system you already run, not a scramble. Practices that bill correctly and can show it have nothing to assemble when the letter arrives.
What good looks like
- You know your own 80/20 position for every provider, before anyone else does.
- Your self-audit targets the high-risk items, not a random sample.
- Every sampled claim has a clinical note that justifies the exact item billed.
- Care plans are individualised, not templates with the name swapped.
- Errors are corrected and voluntarily disclosed, and self-audit is a standing routine.
Common mistakes: assuming "we are not committing fraud" means there is nothing to prepare, billing time-based items without recording the time, reusing care-plan templates that read identically across patients, and waiting for an audit instead of self-auditing and disclosing.
Frequently asked questions
What triggers a Medicare compliance audit?
Services Australia data-matching flags billing that sits outside peer patterns, and concerns can be referred to the Professional Services Review. The clearest hard trigger is the 80/20 rule: 80 or more professional attendances on each of 20 or more days in a 12-month period is an automatic PSR referral with no discretion.
What is the 80/20 rule?
It is a "prescribed pattern of services" under the Health Insurance Act. A practitioner who bills 80 or more professional attendance services on each of 20 or more days in any rolling 12-month period is automatically referred to the Professional Services Review. Tracking your own daily service counts is the way to see it coming.
What records do Medicare auditors check?
The clinical record behind the claim. They look for a note that shows the service was provided, met the full MBS item descriptor, and recorded any required time for a time-based item. For chronic-disease items they check that care plans are individualised to the patient rather than generic templates.
Should I voluntarily disclose a Medicare billing error?
Generally yes. A proactive voluntary acknowledgement and repayment is treated far more favourably than the same error found in an audit, and it can keep a matter out of the formal escalation path. Document the error, its cause, and the fix as evidence of a well-run billing system.
How often should we run a Medicare billing self-audit?
Build it into a routine, commonly quarterly or six-monthly, focused on your highest-risk items rather than everything. Pair it with regular billing education for everyone who claims, and keep the records of both, so audit-readiness is a standing system rather than a pre-audit scramble.
Last reviewed