For years, compliance wasn’t prioritized because the system rewarded speed and volume over documentation depth. That used to be fine until audits started asking tougher questions.
Many organizations still teach that any one letter of MEAT is enough to prove compliant documentation. But if an audit lands on a note that says only “stable” or “monitor,” will it hold up?
Maybe.
But “maybe” isn’t a compliance strategy, and certainly not a safe one.
Especially when we consider CMS and its fame for not being clear on its RADV audit guidelines. So now, it’s not only about whether a diagnosis exists, it’s about how well it’s supported. And as audits tighten, “showing something” isn’t the same as proving compliance.
Because in value-based care, one letter of MEAT isn’t enough anymore.
The Problem with “One Letter is Enough”
There was a time when chart reviewers were told to “just make sure there’s at least one letter of MEAT.” That culture wasn’t built on malice; it came from survival. Documentation requirements grew faster than most systems could adapt, and as long as something was written, it passed.
But that leniency is gone. CMS no longer rewards minimal effort. Payers are using AI to flag weak evidence at scale, and what once looked “good enough” now invites clawbacks.
If your documentation only mentions monitoring, without showing why it matters, you’re not compliant, you’re vulnerable.
RADV auditors follow a defined set of rules when reviewing documentation. These rules include basic requirements like patient identification, provider signature, and date of service. But one rule is less defined and far more powerful:
All codes must be assigned “according to the ICD-10-CM guidelines.”
At first glance, this sounds routine. The ICD-10-CM guidelines are mostly technical, including exclusions, seventh-character rules, and the use of terms like “and” or “with”. Yet hidden within these guidelines are a few lines that open the door for an auditor to perform a more clinical analysis.
Several sections of the ICD-10-CM guidelines give auditors authority to assess the clinical significance of a diagnosis. For example:
- Section I.B.16: “There must be a cause-and-effect relationship between the care provided and the condition, and the documentation must support that the condition is clinically significant.”
- Section I.B.16 (continued): “Code assignment is based on the provider’s documentation of the relationship between the condition and the care or procedure, unless otherwise instructed by the classification.”
- Section IV.C: “For accurate reporting of ICD-10-CM diagnosis codes, the documentation should describe the patient’s condition, using terminology which includes specific diagnoses as well as symptoms, problems, or reasons for the encounter.”
In short, auditors are not just checking if a diagnosis is mentioned. They are allowed to review a note and decide whether the documentation present demonstrates that the condition is clinically significant and is being actively managed.
You may think this is insane, but consider the situation of people getting audited and fined for coding chronic past strokes as acute. The RADV audit guidelines say that as long as there is an appropriate date, signature, etc, the note and code should be valid. So, how do these companies get into trouble? Because an auditor determined that the condition was not clinically supported or not clinically significant.
So the real danger comes from the following: how does an auditor determine if a diagnosis is supported?
We don’t know.
The gray zone of auditor subjectivity
Here’s where it gets complicated. CMS allows auditors to create their own internal guidelines, as long as they document them, stay consistent, and share them with CMS.
These guidelines will vary from auditor to auditor, are internal, and not public. The names of the auditors and contractors are also hidden; you cannot see them, question them, or contact the auditors directly. This means interpretations can vary widely:
-
- One auditor may accept a diagnosis that has been “stable” for three years.
- Another may reject it, arguing that “stable” means the condition is not actively managed.
- One might find “monitor” sufficient, while another may consider long-term monitoring without intervention as not clinically significant.
So, two auditors could look at the same note and reach opposite conclusions, both within the rules.
Subjectivity is what leads to confusion, frustration, and clawbacks.
Organizations are often penalized not because the diagnosis is wrong, but because an auditor decided the documentation did not prove active management or clinical relevance.
That’s how some groups end up losing revenue for conditions like chronic stroke sequelae. Even with dates and signatures intact, the audit may still fail if the note doesn’t show why the condition matters to the current care plan.
One auditor might approve a condition whose plan has just been “stable” for the last 3 years. Another auditor might say you are not actively treating it, so you are coding it just for reimbursement. One auditor might say a condition that just says “monitor” is appropriate, but another might say that if you are just monitoring for long periods of time, the condition is not clinically significant.
So how do you protect yourself?
Auditors won’t warn you, so check your documentation before they do
You’ll never get a memo announcing your turn. You’ll hear the rumors first, a neighboring group facing clawbacks, a colleague whispering that “CMS is reviewing hypertension codes,” a payer suddenly asking for additional records.
By then, it’s too late to fix patterns or retrain documentation habits. Compliance isn’t built in reaction; it’s built in prevention.
The most effective organizations treat every note as if it’s already under audit. They standardize review criteria, make MEAT visible in workflows, and give clinicians feedback in real time, before a code ever leaves the chart.
When prevention becomes muscle memory, compliance becomes culture.
How to Protect Your Organization
The safest approach is to strengthen your documentation until it can withstand any auditor’s interpretation.
Here’s what that looks like:
1. Include evaluative language
Don’t just say “stable.” Add context: “Stable on current therapy, continue monitoring labs quarterly.”
2. Show logic for diagnoses
For new conditions, include reasoning: “New diagnosis of hypertension based on repeated readings above 140/90.”
3. Cover multiple MEAT elements when possible
Use as many components as naturally apply: monitoring trends, evaluating results, assessing impact, and treating as needed.
4. Document clinical significance clearly
Make sure it’s obvious why the condition matters for that encounter or care plan.
These 4 ways make sure your documentation is robust enough to stand up to any variation in auditors. We, at DoctusTech, encourage all practices to follow these industry standards to give themselves the best chance to pass an audit.
The only reliable protection is comprehensive documentation that shows the provider’s active role in managing the condition.
When your notes tell the full clinical story, you are not only audit-ready, you’re also reinforcing better patient care.
If your organization is still relying on “one letter is enough,” it’s time to evolve. The first proof that it’s not enough won’t come as a warning; it’ll come as an overpayment notice.
See how DoctusTech helps health systems turn documentation from compliance risk into audit readiness. Book a demo today