10 vital questions about audits and reporting in mental health and substance use care organizations

Audits and reporting can feel like a heavy weight on your shoulders; when an audit notice arrives, it’s easy to feel a surge of anxiety. Are your notes in order? Is your billing compliant? What if you missed something?

We get it. These are complex, high-stakes processes, but they don’t have to be a source of constant stress. To help demystify the world of audits and reporting, we sat down with an expert. We asked Patrick Warncke, a Senior Solutions Engineer at Ensora Health, to answer the top 10 questions that keep practice leaders up at night. With over a decade of experience in healthcare technology and a deep understanding of the challenges behavioral health organizations face, Patrick offers practical, straightforward advice to help you feel more confident and prepared.

Here’s what he had to say:

1. What are the most common challenges during an audit?

The number one challenge, by far, is documentation. It’s often small, innocent errors that cause the biggest headaches. An auditor might find that a session note doesn’t have enough detail to justify the billing code used. Or, a clinician might have billed for a 60-minute session but forgot to update the schedule from the original 30-minute appointment.

These simple mistakes can lead to a lot of wasted time, energy, and even financial penalties. While most issues are unintentional, auditors are also on the lookout for patterns of fraud, like consistently using high-level billing codes without detailed notes to back them up.

2. How has inaccurate reporting actually impacted agencies?

Inaccurate reporting can have serious consequences. Patrick has heard from organizations who came to him after their previous systems produced faulty reports. When a report submitted to a state or federal agency is wrong, it has to be retracted and manually redone, which is a major operational drain.

Beyond the hassle, these errors can lead to monetary penalties and, just as importantly, a loss of trust with regulatory bodies. Getting a reputation for sloppy reporting can put your organization under a microscope, leading to more frequent and intense scrutiny down the line.

3. What are the key components of an effective reporting system?

An effective reporting system should do more than just spit out data. It needs to provide clear, actionable insights. First, it must offer accurate financial reporting, especially for tracking accounts receivable. Knowing exactly what you’re owed and following up in time is key to avoiding lost revenue due to timely filing limits.

Second, it should help with caseload management. A good system allows you to see if one clinician is overloaded with 25 weekly clients while another has just 10. This helps you balance workloads and ensure no one is stretched too thin, which could compromise care quality. Finally, visual reports with graphs and charts are much easier to understand than spreadsheets full of numbers. The ability to filter reports by clinician, payer, or date range is also crucial for meaningful analysis.

4. How can we ensure HIPAA compliance while reporting?

Maintaining HIPAA compliance is non-negotiable, but it gets tricky when you need to export and share data. Sending reports or any protected health information (PHI) through standard email is a major risk. Unless your email service is specifically encrypted for HIPAA, you should avoid it.

The best practice is to use secure channels, like a client portal, for any communication involving sensitive information. When you do export data, make sure it’s saved to a secure, encrypted server—not just a personal laptop or tablet. For larger organizations, having clear, established protocols for data handling is essential for keeping everyone on the same page and client data safe.

5. What role does technology play in improving audit readiness?

Technology is a game-changer for audit readiness. Many organizations are still using paper, which is simply not efficient or scalable. Fumbling through a filing cabinet to find notes for an audit is a nightmare. An Electronic Health Record (EHR) system makes this process incredibly simple. You can pull all the necessary documentation with just a few clicks.

Modern EHRs also have features designed to improve accuracy. For example, some systems now include AI-powered tools that can take a clinician’s messy, shorthand notes and automatically format them into a professional, structured progress note. This not only saves time but also produces the kind of clean, detailed documentation that auditors love to see.

6. What are the best practices for training staff on documentation?

For larger organizations, training is a team effort. The best approach is to have a structured supervision process. Have your clinical director or senior managers review the notes of new hires for a set period. This ensures they learn your organization’s standards from day one. It’s about mentorship, not micromanagement.

Providing resources is also helpful. Access to training videos or tools like the Wiley Practice Planners can give clinicians, especially those new to the field, a solid framework for how to document different problems. The goal is to build a culture where accurate documentation is seen as a core professional skill.

7. How often should we conduct internal audits?

Think of internal audits as a friendly dress rehearsal for the real thing. They help you catch issues before an external auditor does. The frequency depends on your organization, but doing them regularly is a good habit. You can use your EHR to run reports that pull progress notes for a specific staff member over a certain period of time.

The focus should be on making sure the narrative in the note fully supports the service that was billed. More importantly, these internal reviews should be transparent. Let your staff know that audits are a normal part of your quality improvement process. This creates a culture of accountability and continuous growth, rather than one where people feel like they’re being watched for mistakes.

8. What’s your advice for preparing for a first external audit?

The best advice is simple: be honest. Don’t try to hide anything. Auditors are trained to find discrepancies, and trying to cover something up will only make things worse. Just give them exactly what they ask for, promptly and professionally.

If you’ve been doing your due diligence with internal audits and maintaining good documentation hygiene, you should be in a good position. The preparation happens in the day-to-day work, not in a last-minute scramble.

9. How can we balance detailed reporting with staff time constraints?

This is a tough balancing act. In a large organization, you might have the luxury of a dedicated data analyst or administrative staff who handle the bulk of the reporting. But often, these tasks fall on people who are already wearing multiple hats.

Technology is the best way to ease this burden. A good EHR and practice management system automates many reporting functions, saving countless hours of manual work. For the financial piece, services like Revenue Cycle Management (RCM) can be a huge help. An RCM partner can proactively handle billing, collections, and financial reporting, freeing up your team to focus on other priorities.

10. What regulatory trends should we be aware of?

The regulatory landscape is always shifting, which can be hard to keep up with. Federal changes, usually from CMS, are often a bit easier to track. State regulations are the tricky ones. They can vary widely and sometimes change with little notice—or even retroactively.

Your best bet is to subscribe to reliable industry resources. Publications like Open Minds are great for staying on top of legislative changes. It’s also wise to find and subscribe to updates directly from your state’s health department or regulatory board. Being proactive about staying informed is the only way to avoid being caught off guard.

Conclusion 

Navigating regulatory changes can undoubtedly be challenging, and staying informed and proactive is essential. By leveraging trusted industry resources and maintaining direct communication with state authorities, you can ensure compliance and avoid unexpected issues. Preparation and vigilance are key to successfully managing these complexities.