Introduction: Audits Aren’t Always a Surprise
Most providers think of a DEA or state medical board audit as a sudden, unannounced event.
In reality, there are usually warning signs—and even when there aren’t, you can still be prepared.
The goal isn’t to “get ready” when the audit letter arrives.
The goal is to stay ready so your records, policies, and workflows can withstand scrutiny at any time.
Why Audits Happen
- Random Selection
Some audits are part of routine oversight. - Data Red Flags (Red Flags to Regulators Not Necessarily Providers)
- Unusually high prescribing volume compared to peers.
- Frequent high-dose prescriptions.
- Patterns in Prescription Monitoring Program (PMP) data.
- Unusually high prescribing volume compared to peers.
- Complaints
- From patients, staff, pharmacists, or other providers.
- From patients, staff, pharmacists, or other providers.
- Related Investigations
- If a patient is involved in a criminal case or overdose, your prescribing may come under review.
- If a patient is involved in a criminal case or overdose, your prescribing may come under review.
The Core Areas Auditors Examine
- Policies and Procedures – Do you have written protocols for controlled substance prescribing and monitoring?
- Medical Records – Are they complete, accurate, and compliant?
- PMP Checks – Are they documented and done as required?
- Urine Drug Testing – Is it being used appropriately and documented? Discrepancies addressed?
- Pill Counts – Are discrepancies investigated and recorded?
- Visit Frequency – Does it match patient risk level and policy?
- Inventory (if dispensing) – For practices that store or dispense medications on-site.
Steps to Prepare Before the Audit
1. Conduct an Internal Compliance Audit
- Review recent charts for controlled substance patients.
- Ensure monitoring actions are documented and dated.
2. Update Policies and Procedures
- Align with current DEA, state board, and payer requirements.
- Make sure staff know where to find them.
3. Train Your Team
- Everyone should understand their role during an audit.
- Designate a point of contact for the auditor.
4. Organize Records
- Keep PMP reports, UDT results, and CSAs easy to retrieve.
- Ensure consistency between paper and EHR records.
5. Review Red Flag Patients
- Address any outliers or high-dose cases proactively.
- Document the clinical rationale for any deviations from standard practice.
What to Do When the Auditor Arrives
- Be Professional and Courteous – The tone you set matters.
- Provide Requested Documents Promptly – Avoid delays that could be interpreted as disorganization or obstruction.
- Answer Questions Honestly but Concisely – Stick to the facts; avoid speculation.
- Keep Copies of Everything You Provide – Maintain your own audit trail.
After the Audit
- Review Findings Carefully – Understand any citations or recommendations.
- Create a Corrective Action Plan – Address deficiencies quickly and document the changes.
- Train Staff on Lessons Learned – Use the audit as an opportunity to strengthen your systems.
Common Pitfalls to Avoid
- Incomplete Documentation – Even if you did the right thing, lack of proof can be as damaging as actual noncompliance.
- Policy-Procedure Mismatch – Having a policy you don’t follow can be worse than having no policy at all.
- Poor Staff Communication – Staff who don’t understand audit protocols can inadvertently create problems.
Final Thoughts: Treat Compliance as a Daily Practice
The providers who pass audits with minimal disruption are the ones who treat compliance as a routine, not an event.
Regular self-audits, up-to-date policies, and well-trained staff make audits less stressful and more predictable.
The best time to prepare for an audit was yesterday. The next best time is today.
About the Author
Douglas J. Jorgensen, DO, CPC, FAAO, FACOFP
Dr. Doug is a physician, consultant, and national educator on healthcare compliance, controlled substance prescribing, and regulatory readiness. He helps practices design systems that keep them audit-ready year-round.
