How to Prepare Your Home Care Agency for a Medicaid Audit

Is Your Home Care Agency Audit-Ready? Here's How to Find Out Before the State Does

Caregiver with elderly patient at home — Photo by RDNE Stock project via Pexels

The letter arrives with little warning. A state auditor requests documentation for hundreds of claims stretching back two years. Your billing coordinator scrambles for paper timesheets. A caregiver who left eight months ago is unreachable. And suddenly, tens of thousands of dollars in reimbursements are at risk of being recouped — money your agency has already spent on payroll, rent, and operations.

Medicaid audits are a reality for virtually every home care agency that accepts Medicaid funding. Whether it's a routine review, a Unified Program Integrity Contractor (UPIC) audit, or a Comprehensive Error Rate Testing (CERT) audit, the stakes are high. According to the Office of Inspector General (OIG), improper Medicaid payments total tens of billions of dollars annually — and state and federal agencies are under constant pressure to recover them. Your agency doesn't have to be doing anything wrong to get caught in the crosshairs.

The good news? Audits don't have to be catastrophic. With the right systems and habits in place, you can walk into any audit with confidence. This guide will walk you through exactly how to prepare your home care agency — before you ever receive that letter.

Understand What Auditors Are Looking For

Home care professional assisting patient — Photo by RDNE Stock project via Pexels

Before you can prepare, you need to know what auditors are actually reviewing. Medicaid auditors are primarily focused on whether your agency billed for services that were:

Actually delivered to eligible recipients
Authorized under a valid plan of care
Performed by qualified, properly credentialed caregivers
Documented in accordance with state-specific requirements
Billed at the correct rate and duration

Common audit triggers include unusual billing patterns, high visit volumes, claims that don't align with Electronic Visit Verification (EVV) data, caregiver credential gaps, and complaints from clients or employees. Understanding these red flags lets you proactively address vulnerabilities before they become findings.

The Foundation of Audit Readiness: Documentation

Compassionate care hands — Photo by RDNE Stock project via Pexels

If there's one universal truth about Medicaid audits, it's this: if it isn't documented, it didn't happen. Auditors cannot give your agency credit for services that lack proper supporting documentation — even if you know those services were delivered. Here's what your documentation infrastructure needs to cover:

Plans of Care (POC)

Every client receiving Medicaid-funded home care must have a current, physician-approved or assessor-approved plan of care on file. Auditors will check that:

The POC was signed before services began
It covers the specific tasks your caregivers performed
It was updated whenever the client's needs changed
Authorization dates align with billing dates

A single claim billed outside of an active authorization period can trigger a request for repayment. Build a recurring review process into your monthly operations to catch expiring POCs before they lapse.

Caregiver Records and Credentials

Auditors will verify that the caregivers who delivered services were authorized to do so. This means your files need to contain:

Current CPR and first aid certifications
State-required training completions and competency assessments
Background check records (within state-required timeframes)
TB test results and health screenings where required
I-9 and employment eligibility documentation
Any required state certifications (HHA, CNA, etc.)

Don't wait until a credential expires. Set automated reminders — or use a platform that tracks these expiration dates for you — so you're never caught with an uncredentialed caregiver delivering billable services.

Visit Records and EVV Data

Thanks to the 21st Century Cures Act, Electronic Visit Verification is now mandatory for Medicaid personal care and home health services in all 50 states. EVV data — including visit timestamps, GPS location, and caregiver identity — has become a central piece of audit evidence.

Auditors will cross-reference your billed claims against your EVV records. Discrepancies between the two are serious red flags. Common issues include:

Billed hours that don't match EVV-recorded hours
Visits logged at locations inconsistent with the client's home address
Missing clock-in or clock-out events
Caregiver ID mismatches

Platforms like BridgeCare OS integrate EVV directly with scheduling and billing, so your records are consistent across every system automatically. This eliminates the data entry gaps that create audit vulnerabilities.

Conduct Internal Pre-Audit Reviews Regularly

One of the most powerful things you can do for home care audit preparation is to audit yourself — regularly, before the state does. Many agencies only look at their documentation when something goes wrong. The agencies that survive audits with minimal findings are the ones running ongoing internal reviews.

Monthly Billing Reconciliation

At least once a month, pull a sample of claims and verify that each one is supported by:

An active authorization covering the service date
EVV data or a signed visit note confirming the visit occurred
A qualified caregiver on record for that visit
The correct billing code, rate, and units

Catching errors at the claim level before submission is dramatically cheaper than recovering from a post-payment audit finding.

Quarterly Compliance Audits

Every quarter, do a deeper dive into a representative sample of client files. Check that plans of care are current, caregiver credentials are valid, and incident reports have been properly filed and followed up on. Assign a specific person — or a small team — ownership of this process so it actually happens.

Annual Policy Review

Medicaid rules change. State waiver programs update their requirements. What was compliant two years ago may not be compliant today. Schedule an annual review of your compliance policies and update your staff training accordingly. Document that training took place — training logs are often requested during audits.

Organize Your Audit Response Infrastructure

Even with perfect documentation, an audit can become chaotic if your agency isn't organized. When an auditor requests 200 records within 30 days, how quickly can your team respond?

Centralize Your Records

Paper-based agencies consistently struggle more during audits than those with digital record management. If your client files, caregiver credentials, and billing records are scattered across filing cabinets, email inboxes, and spreadsheets, retrieval is slow — and things get missed.

Moving to a centralized, cloud-based home care management system means every record is searchable, time-stamped, and accessible to authorized staff in seconds. This alone can dramatically reduce the stress of responding to document requests.

Designate an Audit Response Lead

Identify one person — usually your compliance officer, administrator, or operations director — as the primary point of contact for any audit. This person should:

Be the sole communicator with the auditing agency
Coordinate internal document gathering
Maintain a log of all requests and responses
Know when to bring in a healthcare attorney or consultant

Having a clear chain of command prevents miscommunication and ensures nothing slips through the cracks during the high-pressure audit window.

Consult Legal Counsel Before You Respond

This cannot be overstated: before you submit a single document to an auditor, consult with a healthcare attorney familiar with Medicaid regulations in your state. What you say — and what you voluntarily provide beyond what's requested — can shape the outcome of the audit significantly. An attorney can help you respond accurately and strategically without unnecessarily expanding the scope of the review.

Build a Culture of Compliance Year-Round

The agencies that are truly audit-ready aren't scrambling to prepare when a notice arrives. They've built compliance into their day-to-day culture. That means:

Training caregivers on documentation standards from day one — and refreshing that training regularly
Making it easy to do the right thing — simple EVV tools, clear visit note templates, and accessible policy documents reduce the chance of careless errors
Rewarding compliance — recognize caregivers and staff who consistently submit accurate, complete documentation
Creating a safe reporting environment — staff should feel comfortable flagging potential errors or irregularities internally rather than hoping no one notices

"Compliance isn't a one-time project. It's a practice. The agencies that thrive long-term are the ones that treat it as an ongoing discipline, not a checkbox."

Red Flags to Fix Before an Audit Finds Them

Do a quick internal scan for these common audit findings and address them proactively:

Stale authorizations: Claims billed after an authorization expired — even by a day — can be denied
Unsigned visit notes: Notes that lack caregiver or supervisor signatures may be considered incomplete
Duplicate billing: Two claims for the same client, same date, same service — a serious compliance issue
Missing progress notes: Some states require periodic documented assessments of client progress
Overlapping caregiver schedules: A caregiver clocked in at two locations simultaneously is an instant red flag
Inconsistent mileage or travel billing: If your agency bills for travel time, ensure those records are airtight

How Technology Can Protect Your Agency

Modern home care management platforms are designed with compliance in mind. The right software doesn't just make your agency more efficient — it creates a built-in paper trail that holds up under scrutiny. Automated EVV, real-time billing validation, credential tracking alerts, and audit-ready reporting aren't luxuries anymore. For agencies billing Medicaid, they're necessities.

If your current systems can't generate a complete visit history, cross-referenced with authorizations and caregiver credentials, in minutes — it may be time to upgrade. BridgeCare OS was built specifically for home care agencies who want the confidence that comes from having everything in one place, from EVV and billing to caregiver records and family communication.

Conclusion: Don't Wait for the Letter

A Medicaid audit doesn't have to mean financial disaster or operational chaos. But that outcome depends entirely on how prepared your agency is before the auditor ever makes contact. By building strong documentation practices, running regular internal reviews, organizing your records for fast retrieval, and leveraging technology to close compliance gaps, you can face any audit from a position of strength.

The best time to prepare for a Medicaid audit was the day you enrolled your first Medicaid client. The second best time is today. Review your systems, identify your vulnerabilities, and start closing the gaps — because the agencies that survive audits are simply the ones that never stopped preparing for them.

#medicaid audit #home care audit preparation #compliance #evv #home care billing

Ready to modernize your home care agency?

BridgeCare OS unites scheduling, EVV, billing, and family transparency on one platform. Start your 14-day free trial — no credit card required.

Start Free Trial →