About the HEDIS Compliance Audit

The NCQA HEDIS® Compliance Audit™ indicates whether an organization has capabilities for processing medical, member and provider information as a foundation for accurate and automated performance measurement, including HEDIS reporting. The audit addresses an organization’s:

  • Information practices and control procedures.
  • Sampling methods and procedures.
  • Data integrity.
  • Compliance with HEDIS specifications.
  • Analytic file production.
  • Reporting and documentation.

Choosing an Audit Organization

Only certified HEDIS Compliance Auditors working for, or contracted with, licensed organizations are eligible to complete HEDIS Compliance Audits.

About the Audit

There are two parts to a HEDIS Compliance Audit:

Part 1: Information System Capabilities. The first part of the audit is a review of an organization’s overall information systems capabilities for collecting, storing, analyzing and reporting health information. The plan must:

  • Process medical, member and provider information as a foundation for accurate HEDIS reporting.
  • Demonstrate effective systems, information practices and control procedures for producing and using information in core business functions.

Part 2: HEDIS Specifications Standards. The auditor learns the organization’s information systems and designs appropriate verification audit steps for specific HEDIS measures. The second part of the audit addresses compliance with conventional reporting practices and HEDIS specifications for the following domains:

  • Effectiveness of Care.
  • Access/Availability of Care.
  • Experience of Care.
  • Utilization and Risk Adjusted Utilization.
  • Health Plan Descriptive Information.
  • Measures Collected Using Electronic Clinical Data Systems.

Audit Results

The final report contains the plan’s results for measures audited and includes one of the following outcomes:

  • R (reportable). A reportable rate was submitted for the measure.
  • NA (small denominator). The organization followed the specifications, but the denominator was too small to report a valid rate.
  • NB (benefit not offered). The organization did not offer the health benefit required by the measure (e.g., mental health, chemical dependency).
  • NR (not reported). The organization chose not to report the measure.
  • NQ (not required). The plan was not required to report the measure.
  • BR (biased rate). The calculated rate was materially biased.
  • UN (unaudited). The organization chose to report a measure that is not required to be audited. This result only applies when permitted by NCQA only a limited set of measures.
  • Save

    Save your favorite pages and receive notifications whenever they’re updated.

    You will be prompted to log in to your NCQA account.

  • Email

    Share this page with a friend or colleague by Email.

    We do not share your information with third parties.

  • Print

    Print this page.