Client profile
Get free credentialing when you sign up for SimplePractice

How to audit-proof documentation

Headshot of Olivia Pennelle, MSW, CSWA
Olivia Pennelle, MSW, CSWA

Published June 30, 2026

Therapist writing on notepad to create audit-proof documentation for their practice

Summary

  • Create audit-proof documentation by ensuring every progress note demonstrates medical necessity, includes specific interventions, records exact session times, and ties directly to the client's treatment plan goals.

  • Maintain clinical record compliance by using EHR templates that capture required elements including CPT codes, risk assessments, client quotes, signed consent forms, and billing provider credentials.

  • Avoid common documentation errors like copied and pasted notes, vague treatment goals, missing informed consent, and CPT codes that don't match the service type provided.

  • Prepare proactively for audits by conducting self-reviews every three to six months, running weekly EHR reports to catch unsigned notes and billing inaccuracies, and hiring an external auditor annually.

  • Correct audit findings promptly by adding late entry notes or addendums that reference the original date, explain corrections, and include your name, signature, and credentials.

Ensuring clinical record compliance can be stressful for therapists, especially when it comes to Medicare and Medicaid notes. While electronic health records (EHRs) can help audit-proof documentation through built-in note templates, it can be helpful to know which common errors occur and how to avoid them. 

In this article, we provide an overview of what auditors look for, tips to self-audit, and steps to correct findings from insurance audits. 

What auditors look for

The key to creating audit-proof documentation is knowing the specific requirements for your state and insurance providers. However, the Centers for Medicare & Medicaid Services (CMS) is one of the most comprehensive standards for clinical documentation. CMS has specific documentation standards that most auditors look for.

1. Required licensing

  • The person providing the services must be authorized by the state in which they practice to provide them. 

  • The provider named on the progress note must match the same provider making the claim. 

2. Medical necessity

Every billed session must demonstrate that the services provided were medically necessary, including:

  • Interventions used during the session and how they addressed the client’s treatment plan. For example, “CBT: Identified cognitive distortions and demonstrated cognitive restructuring techniques.”

  • Client response to the interventions. For example, “Client felt relieved when they realized they were catastrophizing and noted they felt ‘less anxious.’”

3. Treatment progress

  • Treatment plans must include specific, measurable, achievable, and time-bound goals and objectives that link directly to the client’s diagnosis and treatment goals. 

  • Progress notes should reflect symptoms, behavioral changes, improvements, treatment progress, barriers to progress, and justification for continued sessions (noting the time and date of the next session). Notes may also include a brief MSE

  • Notes should include client quotes about their current symptoms and how the session was helpful. 

  • Progress notes should tie to the treatment plan, goals, and objectives. If using an EHR, you can create a progress template that copies the client’s treatment plan to each session and document their progress towards their goals. 

  • Treatment plans should be reviewed regularly. Specific payers have timelines, like 90 days, but at least every six months. 

4. Risk assessment

Each session must include a note documenting that risk was assessed, safety plans, and any follow-up actions, even if the client is experiencing no changes. For example, “Client is not experiencing SI and no safety concerns were noted. Client has numerous protective factors, including stable housing, employment, and a supportive partner.”

5. Accurate coding

  • Notes should include the correct CPT code for the service provided.

  • Clinicians must record the exact start and end time of the session.

  • Clinicians must use modifiers correctly (such as evaluation and management or interactive complexity).

  • Notes must include the place of service, such as telehealth or office visit. 

6. Note and record quality

  • The client's file should include a record of their informed consent, HIPAA privacy notice, and a signed release of information.

  • Files should contain intake information, including demographic information, treatment history and outcomes, presenting problem, payment information, family history, risk factors, and reason for seeking services.

  • Records should include emergency contact information.

  • Notes should be recorded within 24 to 48 hours and signed by the billing provider (including their credentials).

  • Notes must be legible (if written) and stored in a HIPAA-compliant system.

  • Records must be retained for the appropriate amount of time per state law.

  • Corrections are made when necessary, without erasing original notes, which are dated and initialed. 

  • Clinicians should document any interactions with the client outside of the session. 

  • Ensure claims include the clinician's NPI number and tax ID.

  • Records should include proof of insurance credentialing for the client’s specific insurance.


Common note errors

Clinical record compliance is essential for maintaining accurate clinical records and creating audit-proof documentation that supports billing and medical necessity. Strong documentation also provides clear proof of compliance when records are reviewed for reimbursement purposes. Even experienced clinicians can make documentation errors that may lead to audit findings, billing issues, or gaps in clinical justification. 

What are common note errors found in clinical record reviews? The list below highlights frequent documentation problems that can impact compliance and payment accuracy:

  • Notes are copied and pasted. 

  • Notes are poorly handwritten.

  • Vague or incomplete notes omit critical clinical information. 

  • The CPT code in notes does not match the service type.

  • Notes do not specify the exact start and end times.

  • Notes include non-specific interventions.

  • Notes lack information regarding medical necessity. 

  • Notes lack clinical information.

  • Sessions exceeded the plan frequency without justification.

  • Notes are missing informed consent. 

  • Notes include too much detail. 

  • The client record is missing treatment plans. 

  • There are vague or non-specific treatment goals and objectives.

  • Notes are missing a termination summary or have insufficient detail.

  • Records are not kept securely.

  • Lost records or notes not kept for the required period of time.

How to prepare for an audit

To prepare for an audit and ensure audit-proof documentation, clinicians should take a proactive approach to clinical recordkeeping and compliance. Strong preparation reduces the risk of billing errors, missing documentation, and denied claims while strengthening overall clinical record quality. 

The best way to prepare for an audit is to:

  • Be proactive by ensuring your notes follow the format specified by your payers. You could follow the highest standard for all notes, such as CMS.

  • Use templates in your EHR that include all of the required information for a quality progress note, treatment plan, and assessment.

  • Regularly review your records to ensure:

    • CPT codes and modifiers are accurate.

    • Dates and specific times of the session are recorded.

    • Each note has been signed by the billing provider with their credentials.

    • Client record includes a signed privacy notice, release of information, intake forms, emergency contacts, and treatment plan with SMART goals.

    • Notes include an update on symptoms, demonstrate medical necessity, record interventions, client response, treatment progress, address safety and risk, link to treatment goals and plan, and should be signed promptly.

    • Ensure discharge summaries are complete.

    • Notes are stored securely.

  • Hire an auditor to review your notes annually and make recommendations. 

When to conduct a self-audit

It’s best practice to conduct regular self-audits every three to six months to support clinical record compliance, identify patterns such as unsigned notes and billing inaccuracies, and ensure audit-proof documentation. This should help you be more prepared for an audit. 

You can also run weekly reports through your EHR to catch: 

  • Unsigned notes

  • Treatment plans that may need updating

  • Missing discharge summaries

  • Inaccurate CPT codes or missing times

  • No shows to avoid automatic billing mistakes

  • Documents sent to clients that have not been signed

How to correct findings

There are several ways to correct notes after an audit to maintain clinical record compliance. For example, to reflect a late entry, you would add a new note to the client file, noting the “late entry.” If correcting information, you may add an addendum stating why you are correcting the note, reference the original date, and add the new or corrected information together with your name, signature, and credentials.  

Sources

How SimplePractice streamlines running your practice

SimplePractice is HIPAA-compliant practice management software with everything you need to run your practice built into the platform—from booking and scheduling to insurance and client billing.

If you’ve been considering switching to an EHR system, SimplePractice empowers you to run a fully paperless practice—so you get more time for the things that matter most to you.

Try SimplePractice free for 30 days. No credit card required.


Headshot of Olivia Pennelle, MSW, CSWA

Olivia Pennelle, MSW, CSWA

Olivia Pennelle (aka Liv), MSW, CSWA, is the founder of Tera Collaborations. Liv is an experienced writer, clinical copywriter, and therapist specializing in substance use disorder, mental health, and recovery. Liv identifies as queer and neurodivergent, and works hard to help similarly identifying clients. Liv's work revolves around the intersections between neurodivergence, expansive pathways of substance use and mental recovery, and LGBTQIA+ identities.

simplepractice logo

Sign up for updates

By entering your email address, you are opting-in to receive emails from SimplePractice on its various products, solutions, and/or offerings. Unsubscribe anytime.

Apple StoreGoogle Play
hipaa logohitrust logopci compliant logo

Proudly made in Santa Monica, CA © 2026 SimplePractice, LLC