Marketing Lead & Content Strategist · Jul 2026 · 9 min read
HIPAA-compliant · 13 years in NJ
The forensic RCM audit: identifying the 5% revenue leakage your software misses
Most practices lose 3% to 5% of net revenue every year to billing failures that never show up as denials. HFMA calls it revenue leakage. MGMA's January 2026 polling confirms it: 48% of medical group leaders say denials and appeals are their biggest revenue cycle leak, but the other 52% points to front-end errors, coding gaps, charge posting mistakes, and weak follow-up. A forensic RCM audit revenue leakage review goes deeper than your clearinghouse dashboard. It traces every dollar from encounter to deposit and finds the ones that disappeared between steps.
Your billing software reports clean claim rates and days in AR. Those metrics are real. They're also incomplete. Revenue leakage is the money that never enters the system in the first place: unbilled charges, payer underpayments you don't catch, write-offs that should have been appeals, and coding downgrades that cost you $30 per claim across 10,000 claims a year.
Key takeaways
HFMA estimates healthcare organizations lose 3–5% of net revenue to leakage annually, with some practices exceeding 10% when front-end errors and underpayments compound.
Up to 80% of denied claims are never reworked (MGMA 2026 polling), turning recoverable revenue into permanent write-offs.
46% of all denials trace back to intake errors: wrong demographics, missed eligibility checks, or skipped prior authorizations.
A forensic audit examines 5 specific leak points that standard billing dashboards ignore entirely.
Practices with clean claim rates above 95% can still have significant leakage from payer underpayments and unbilled charges.
What is a forensic RCM audit?
A forensic RCM audit is a line-by-line review of your revenue cycle from patient scheduling through final payment posting. It goes past the metrics your PM system tracks (days in AR, denial rate, clean claim rate) and into the transactions your reports don't flag.
Standard billing software catches claims that bounce. It catches timely filing deadlines. It does not catch the $12 underpayment on a contracted rate that happens 400 times a month. It does not catch the injection your MA documented in the chart but nobody coded. It does not catch the modifier your biller dropped because the payer's edit logic changed last quarter.
That's the gap a forensic audit fills. It's manual, granular, and built around a simple question: did we collect every dollar we earned?
A medical billing audit flags where claims go wrong. A forensic audit asks a harder question: what about the revenue that never became a claim?
Why standard reports miss revenue leakage
Your clearinghouse gives you a rejection rate. Your PM system shows collections by provider. Your aging report shows claims past 60 days. All of those reports measure claims you already submitted.
Revenue leakage happens before submission. The charge that was never posted. The eligibility check that didn't happen until the patient was already roomed. The E/M level that got downcoded because the provider's note template doesn't support level 5 documentation.
MGMA's January 2026 survey broke down where group practice leaders see leakage:
Source
% of leaders citing it
Denials and appeals
48%
Front-end errors (eligibility, demographics)
23%
Billing and collections
14%
Coding accuracy
13%
Charge posting
2%
The first row is visible. Your dashboard tracks it. The other four rows represent the 52% of leakage that lives outside your standard reports. Practices running revenue cycle management on autopilot tend to focus on denials and miss the rest.
The 5 hidden leak points a forensic audit catches
1. Payer underpayments against contracted rates
Every payer contract specifies a fee schedule. Every EOB should match it. In practice, payers adjust reimbursement through bundling edits, silent modifiers, and fee schedule updates that take effect mid-quarter. A forensic audit pulls a random sample of 200–500 EOBs and compares each payment line to the contracted rate. Discrepancies of $5–$30 per claim are common. Across a year, that's $15,000 to $90,000 in unrecovered revenue for a 5-physician group.
The fix: build a quarterly reconciliation process. Pull your top 20 CPT codes by volume, compare paid amounts to contracted rates, and dispute every shortfall.
2. Unbilled and undercoded charges
This is the biggest silent leak. Providers perform services that never make it into the billing system. The flu shot that got administered but not coded. The prolonged visit add-on that the provider forgot to select. The E/M level that should have been a 99215 but got billed as 99214 because the documentation wasn't structured to support it.
MGMA data shows coding accounts for 13% of reported leakage. The real number is higher, because practices can't report what they don't know they missed.
A forensic audit cross-references clinical documentation against billed charges for a sample period. Any procedure documented but not billed is recovered revenue. Any E/M visit where documentation supports a higher level is a coding opportunity.
Practices billing internal medicine and family medicine are especially vulnerable here. High visit volume combined with template-based notes creates systematic undercoding.
3. Write-offs that should have been appeals
Industry data shows that up to 80% of denied claims are never reworked. Some of those are legitimate: duplicate claims, non-covered services, patient responsibility after benefits. But a significant portion are recoverable denials that got written off because nobody had time to appeal.
A forensic audit pulls your write-off register and categorizes every entry. Write-offs from contractual adjustments are expected. Write-offs from denial codes CO-4, CO-16, CO-18, or CO-197 need a second look. Many of those resolve with a corrected claim or a documented appeal.
If your denial rate is above the industry average of 12%, your write-off register holds recoverable dollars. Review how your team handles claim denials and whether preventable denials are getting the follow-up they deserve.
4. Front-end eligibility and authorization failures
46% of all denials trace back to front-end intake errors (HFMA). Wrong subscriber ID. Expired coverage the front desk didn't verify. A referral that was required but never obtained.
These aren't coding errors. They're process errors. A forensic audit examines a sample of denied claims to determine how many originated from information that was wrong at registration. If the number is above 20%, the fix isn't in billing, it's in intake workflow.
Practices with multiple locations and high patient volume, especially group practices handling credentialing across several providers, often see front-end leakage scale with volume. More providers, more payer panels, more chances for eligibility gaps.
5. Timely filing losses
Every payer has a filing deadline. Medicare gives you 12 months. Most commercial payers allow 90 to 180 days. Horizon BCBS of New Jersey, for example, requires claims within 180 calendar days from date of service.
Claims that miss the window are permanently lost. A forensic audit checks your aging buckets for claims approaching deadline and flags any that crossed it without a documented exception. It also looks for patterns: if one payer consistently shows late filings, the root cause is usually a workflow bottleneck between clinical documentation and charge entry.
How much revenue leakage is normal?
HFMA's benchmark is 3–5% of net revenue for a well-managed practice. That means a group collecting $4 million annually is losing $120,000 to $200,000 to leakage that nobody is tracking.
Poorly managed cycles leak more. Some organizations report losses up to 10% of annual revenue when front-end errors, underpayments, and unbilled charges compound. For a practice bringing in $6 million, that's $600,000 walking out the door.
Here's how to benchmark your own performance:
Metric
High-performing
Acceptable
Needs audit
Clean claim rate
95%+
90–94%
Below 90%
Days in AR
Under 30
31–40
Over 40
Denial rate
Under 5%
5–10%
Over 10%
Net collection rate
96%+
93–95%
Below 93%
If you're hitting "acceptable" on all four but still feel like collections lag behind production, leakage is the likely explanation. The revenue integrity tool can help you pinpoint where dollars are slipping through.
How to run a forensic RCM audit in your practice
You don't need to audit everything at once. Start with a 90-day sample and focus on the highest-impact areas:
Step 1: Pull a charge capture sample. Pick 2 weeks of clinical encounters. Cross-reference every documented service against billed charges. Flag anything documented but not billed.
Step 2: Reconcile top CPT codes against contracts. Take your 20 highest-volume codes. Compare the paid amount on 50 EOBs per code to your contracted rate. Calculate the variance.
Step 3: Audit your write-off register. Pull 3 months of write-offs. Categorize each by denial code. Separate contractual adjustments from potentially recoverable denials. Calculate the dollar value of denials that were written off without appeal.
Step 4: Review front-end denial root causes. Take your last 100 denials. How many cite eligibility, authorization, or demographic errors? If the number exceeds 30%, the intake process needs work.
Step 5: Check timely filing compliance. Run an aging report filtered by claims approaching 120 days. Count how many are commercial claims with 180-day deadlines. Those need immediate attention.
When to bring in outside help
If your practice has fewer than 3 billing staff, running a forensic audit internally means pulling people off collections to do analysis. The math doesn't work. You lose more in delayed follow-up than you gain in audit findings.
Outside RCM firms bring two things your team probably doesn't have: benchmark data from hundreds of practices (so they know what "normal" leakage looks like for your specialty and size) and the staffing to do the audit without disrupting daily billing operations.
The 70% of hospitals that now outsource some portion of RCM (HFMA 2026) aren't doing it because they can't hire. They're doing it because the complexity of payer rules, modifier logic, and AI-driven claim edits has outpaced what a small billing team can manage while also posting charges, working AR, and answering patient calls.
For medical billing services that include forensic audit capability, the payoff is usually visible within the first 60 days. Recovered underpayments, corrected coding patterns, and plugged front-end leaks compound over time.
Your billing software shows you the revenue cycle. A forensic audit shows you the gaps in it.
If your practice collects between $2 million and $10 million annually, there's a high probability that $60,000 to $500,000 in recoverable revenue is sitting in unbilled charges, payer underpayments, and written-off denials right now.
You can find it yourself with the 5-step audit above. Or you can schedule a complimentary revenue analysis and let us find it for you.