OASIS-E2 Audit Triggers: What CMS, MACs, and RACs Are Watching

Why OASIS-E2 Audit Risk Is Higher Than You Think

OASIS-E2 went into effect in 2026, and audit activity is following a familiar pattern. CMS, Medicare Administrative Contractors (MACs), Recovery Audit Contractors (RACs), and state survey agencies all use data analytics to identify outlier home health agencies. Agencies that haven’t fully adapted to OASIS-E2 documentation requirements are now at elevated audit risk.

The good news: every audit trigger has a corresponding internal control. This post breaks down what auditors are actually watching, the most common OASIS-E2 errors that lead to denials, and the QA workflows that keep agencies out of trouble.

For the comprehensive compliance reference, see the OASIS-E2 Compliance Guide.

The 8 Most Common OASIS-E2 Audit Triggers

1. Outlier Billing Patterns

The single most common audit trigger: average payment per 30-day period significantly higher than peer agencies in your geographic region. CMS uses geographic and case-mix-adjusted comparisons to flag outliers.

If your post-OASIS-E2 PDGM payments shift substantially upward without a corresponding case-mix change, expect questions. This is one reason baseline measurement before OASIS-E2 implementation is so critical — without it, you can’t explain a payment shift.

2. Unusually High Functional Impairment Scoring

Section GG functional assessment drives the High functional level under PDGM. Agencies that score the High functional level dramatically more often than peers attract scrutiny — particularly when the patient narrative doesn’t clearly support High-level functional impairment.

3. Documentation-OASIS Mismatch

The single most common audit citation: clinical narrative inconsistent with OASIS responses. Examples:

• Patient described in narrative as ambulating independently, but Section GG scored as requiring substantial assistance
• Wound described as healing well in narrative, but OASIS coded as deteriorating
• Patient described as cognitively intact, but BIMS scored at moderately impaired

Auditors don’t need to be clinicians to spot these contradictions — they’re trained to look for them.

4. ICD-10 / OASIS Misalignment

Primary diagnosis code that doesn’t fit the OASIS clinical group. Under PDGM, the clinical group is determined by the principal diagnosis. If your primary diagnosis is GI bleeding but the OASIS narrative is about wound care, you’ve got a mismatch — and likely a denial.

5. Patient Complaints

Patient complaints to state survey agencies trigger investigations that often expand to OASIS documentation review. A complaint that starts about scheduling can quickly become a comprehensive OASIS audit.

6. Prior Survey Deficiencies

Agencies with recent CoP deficiencies face increased scrutiny on subsequent surveys. State surveyors validate OASIS documentation as part of compliance review, and patterns of OASIS errors compound across survey cycles.

7. Whistleblower / Employee Complaints

OIG hotline complaints from current or former employees are taken seriously. Disgruntled employees who report systemic OASIS coding issues frequently trigger comprehensive audits.

8. TPE (Targeted Probe and Educate) Reviews

Your MAC may select your agency for TPE based on data-driven targeting. TPE involves chart review of 20–40 claims, with the goal of identifying improper billing patterns. Agencies that pass TPE move on; agencies that fail face progressively stricter review cycles.

The Top OASIS-E2 Errors That Lead to Denials

Based on patterns from MAC and RAC reviews — and refined by what’s surfacing during OASIS-E2 implementation:

Section GG Functional Scoring Inconsistencies

Patient described as ambulating in the narrative but scored as requiring substantial assistance in Section GG. The most expensive single error category — both because it’s common and because it directly drives PDGM functional impairment level.

Missing or Incomplete SDOH Responses

Items skipped or marked “patient declined” without documented attempts. OASIS-E2 expanded SDOH items, and surveyors are now actively checking for completeness.

BIMS / PHQ Administration Errors

Items completed without following standardized administration guidance. BIMS and PHQ-2/9 require specific administration procedures — clinicians who “estimate” the score from clinical impression rather than actually administering the screening will eventually get caught.

Timing Errors

SOC assessments completed outside the 5-day window, or Discharge OASIS submitted late. CMS submission timing rules are unforgiving.

Internal M-Item Contradictions

Responses that logically conflict with each other. Example: patient marked as fully oriented but also marked as having severe cognitive impairment.

OASIS-to-ICD-10 Misalignment

Coded diagnoses that don’t support the OASIS clinical group classification.

Documentation That Doesn’t Support Functional Scoring

The most common ADR (Additional Documentation Request) finding. The visit narrative needs to clearly describe the functional ability that’s reflected in the OASIS scoring.

What Auditors Actually Look At

When a MAC or RAC reviews your OASIS-E2 documentation, they typically request:

1. The complete OASIS assessment for the period in question
2. The clinical narrative for the same visit
3. Physician orders and care plan documents
4. Medication records
5. Therapy notes (if applicable)
6. Discharge summary (if applicable)
7. Communication notes between disciplines

The auditor then cross-references all of this against the OASIS responses. Inconsistencies — even minor ones — become talking points for denial or recoupment.

Building an OASIS-E2 Audit-Resistant Workflow

The agencies that minimize audit risk all do the same things:

1. Real-Time QA Instead of Sample-Based Review

Manual QA review can cover maybe 10–15% of charts. Real-time AI QA reviews 100% of charts. The math works out: every chart that passes through real-time QA has been checked against documentation consistency rules, SDOH completeness, BIMS administration, and PDGM scoring sanity. This is what Lime’s automated OASIS QA does.

2. Documentation-OASIS Cross-Validation

QA workflows should compare visit narrative to OASIS responses for consistency before submission. The narrative should clearly describe the functional ability, cognitive status, and SDOH situation reflected in the OASIS scoring. AI can flag mismatches automatically.

3. Audit Trail for Every Edit

Every change to an OASIS response should be logged with timestamp, user, and rationale. When an ADR comes in, you need to be able to demonstrate how the assessment was developed. This is part of CMS Conditions of Participation §484.110.

4. Quarterly Internal Audits

Sample-based review of submitted OASIS data with feedback to clinicians. Identify patterns and provide targeted education before patterns become audit findings.

5. ADR / Audit Response Procedures

Documented playbook for responding to additional documentation requests. The first ADR an agency gets is often badly handled because there’s no procedure — by the third ADR, agencies have figured out a workflow. Skip the learning curve.

6. Annual Clinician Recompetency

CMS doesn’t mandate a specific recompetency frequency, but most state surveyors expect documented annual training. Plan 2–4 hours per clinician per year.

The Conditions of Participation Connection

Medicare CoPs for home health agencies (42 CFR §484) include requirements directly tied to OASIS:

• §484.55 Comprehensive Assessment of Patients — requires comprehensive patient assessment at SOC, completed by an RN (or qualified therapist for therapy-only cases)
• §484.45 Reporting OASIS Information — requires accurate, complete, and timely OASIS submission
• §484.110 Clinical Records — requires documentation that supports the assessment

State surveyors evaluate OASIS-E2 documentation during routine surveys, complaint investigations, and validation surveys. Deficiencies range from Standard Level (no penalty) to Condition Level (potentially threatening Medicare certification).

The Quality Reporting Program Risk

Beyond audit risk, OASIS-E2 compliance affects your participation in the Home Health Quality Reporting Program (HH QRP). Failure to submit complete and accurate OASIS-E2 data triggers a 2 percentage-point reduction to your annual market basket update — a direct hit to revenue that compounds over years.

What to Do This Week

If you haven’t yet:

1. Review the OASIS-E2 Compliance Guide for the complete framework.
2. Audit your current QA workflow against the OASIS-E2 item set. Do your QA rules cover refined Section GG, SDOH, and BIMS items?
3. Pull baseline metrics — current OASIS error rate, average PDGM payment per 30-day period, denial rate. You can’t improve what you don’t measure.
4. Review your last 5 ADR responses. What patterns emerged? Are those patterns now likely to repeat under OASIS-E2?
5. Book a 30-minute call if you want to see how AI-powered real-time QA review can shift your audit posture from reactive to proactive.

The Bottom Line

OASIS-E2 audit risk isn’t theoretical. CMS, MACs, and RACs are actively reviewing post-OASIS-E2 submissions for the documentation patterns described above. Agencies that maintain strong QA workflows, real-time AI review, and consistent documentation-OASIS alignment minimize this risk. Agencies that don’t will be on the receiving end of ADRs, denials, and recoupment demands within the next 12 months.

The choice is upstream prevention or downstream cleanup. Upstream is dramatically cheaper.