The Fiduciary Cost of Waiting 90 Days to Audit Claims

TABLE OF CONTENTS

Waiting 90 days to review claims increases both financial and operational risk. As recovery windows narrow, providers become less likely to return overpayments. Meanwhile, recurring billing and adjudication errors can continue across thousands of claims before they are detected.

The delay not only increases potential losses but also leaves plan sponsors with less documentation demonstrating ongoing oversight of plan expenditures and vendor performance.

A distribution company with 600 employees did not review its healthcare claims until its annual audit. By then, a provider had been overcharging for infusion therapy for five months, and the health plan paid the higher amount on every claim during that period.

Because no one was monitoring claims regularly, the problem continued unnoticed and the losses kept growing. Plan sponsors are expected to take reasonable steps to protect plan funds. Waiting months to review claims can allow small errors to turn into significant costs.

Key Takeaways

A 90-day audit delay allows claims errors to accumulate for three months before they are reviewed, increasing both financial losses and recovery challenges.

ERISA Section 404 requires ongoing prudent oversight of plan assets, not a once-a-year compliance exercise.

Recovering overpayments becomes increasingly difficult as contractual lookback periods expire and state prompt-pay protections narrow available recovery options.

Department of Labor enforcement efforts are increasingly focused on the timing and frequency of claims oversight, not merely whether an audit program exists.

Reducing the audit cycle to 30 days or less can significantly decrease claims leakage while strengthening fiduciary protection.

The effectiveness of a claims audit program is determined not only by what it finds, but also by how quickly it finds it. Shorter review cycles improve recovery outcomes, reduce ongoing leakage and create a stronger record of prudent fiduciary oversight.

What "Waiting 90 Days" Actually Means for a Self-Funded Plan

A 90-day audit cycle means that for every dollar paid in error, the plan sponsor has no visibility into the mistake for up to three months. Most plan sponsors think of a quarterly or annual audit as standard practice, even responsible practice. The assumption is that claims get checked eventually, so the system works.

The reality is that "eventually" is doing a lot of work in that sentence. A TPA processing claims for a 600-life plan might process 2,000 to 4,000 claims per month. Over 90 days, that is 6,000 to 12,000 claims that go entirely unreviewed by anyone outside the TPA's own internal quality process. Errors do not wait politely for the audit calendar. They compound.

The Government Accountability Office has documented that improper payments in health benefit programs are persistent precisely because detection systems are not built to catch errors close to the point of payment. A self-funded plan operating on a 90-day or annual review cycle is replicating that same structural weakness inside its own claims oversight.

Why the 90-Day Gap Exists in the First Place

The 90-day audit lag exists because it was built around TPA reporting cycles, not around fiduciary risk. Several structural habits keep this delay in place across the industry.

Legacy Contract Design

Many administrative services only (ASO) agreements were written years ago when quarterly reporting was the technical norm. TPAs batch claims data into quarterly files because that matched their internal reporting infrastructure, not because it served the plan sponsor's oversight needs.

Data Access Friction

Some TPAs charge additional fees for more frequent claims data extracts, or simply do not offer a faster cadence as a standard service tier. Plan sponsors who never ask for a 30-day data feed never learn that one is possible.

Underestimating compounding risk

A single duplicate payment or repricing error rarely alarms anyone. The risk is not the individual error. It is the same error repeating across every claim that matches the same billing pattern for as long as nobody is looking.

The Real Cost of a 90-Day Blind Spot

The financial cost of a 90-day audit delay scales with claims volume in a way that catches most plan sponsors off guard. Consider a self-funded plan with $9 million in annual claims spend, which is roughly $750,000 per month. A billing error affecting just 2% of claims volume that goes undetected for a full quarter represents $45,000 in overpayments before anyone even opens an audit file.

Now extend the timeline. If the same plan operates on an annual cycle instead of quarterly, that same 2% error rate compounds to $180,000 before review. The The Healthcare Financial Management Association has reported that hospitals lose an average of 4.8% of net revenue to claim denials, and other industry estimates for self-funded claims processing errors range higher still.

The fiduciary cost runs alongside the financial cost. ERISA Section 404(a)(1) requires fiduciaries to act with the care, skill, prudence, and diligence that a prudent person familiar with such matters would use under similar circumstances. A plan sponsor who can produce evidence of monthly claims monitoring has a materially stronger position in a DOL inquiry than one who can only show an annual review. Documented frequency matters because intent and diligence are judged by process, not by outcome alone.

What's Actually Happening Behind the Scenes During the Gap

Error Patterns Repeat Before Anyone Notices

A single coding error from a provider's billing system rarely appears once. If a provider's software misapplies a modifier code or a TPA's adjudication engine mishandles a specific procedure code, that same error recurs on every matching claim until someone catches it. Ninety days gives that pattern three full months to multiply.

Provider Dispute Windows Start Closing

Most state prompt-pay statutes and provider contracts establish specific windows during which a payer can dispute or recoup a payment without escalated friction. As days pass, providers gain stronger legal footing to resist repayment demands, citing reliance on the original payment and administrative finality. A claim flagged at day 15 is a different negotiation than the same claim flagged at day 95.

Dependent Eligibility Drift Goes Unchecked

Life events such as divorce, a dependent aging out, or a spouse gaining other coverage do not pause for the audit calendar. A 90-day gap means a plan can pay three additional months of claims for someone who became ineligible on day one of the quarter, with no mechanism catching it until the cycle closes.

Stop-Loss Reporting Misalignment

Self-funded plans with stop-loss coverage typically need to report large claims promptly to remain compliant with notice provisions in the stop-loss contract. A 90-day internal audit cycle can mean large claims are not flagged for stop-loss notification within the carrier's required timeframe, risking a denied or reduced reimbursement on a catastrophic claim.

Fiduciary Documentation Gaps Widen

Every quarter without a documented review is a quarter without evidence that the plan exercised the procedural prudence ERISA requires. DOL investigators reviewing a plan's fiduciary process look for a paper trail. A 90-day gap, repeated across multiple plan years, creates a pattern of sparse documentation that is difficult to explain after the fact.

Why an Annual or Quarterly Cadence Isn't Enough

A quarterly or annual audit cycle was adequate when claims data was difficult to access. It is not adequate now that near real-time data feeds exist. The table below compares the standard cadence against a tighter monitoring model.

Factor	90-Day / Annual Cadence	30-Day or Continuous Cadence
Time Before Error Detection	Up to 90 days (or 365 days for annual audits)	30 days or less
Claims Exposed Before Review	6,000 to 12,000+ claims per cycle (mid-size plan)	2,000 to 4,000 claims per cycle
Provider Dispute Friction	High (lookback windows narrowing)	Lower (claims still fresh)
Dependent Eligibility Exposure	Up to one full quarter of ineligible claims	One month maximum
Stop-Loss Notification Risk	Elevated for large claims missed mid-quarter	Minimal, large claims flagged immediately
Fiduciary Documentation Strength	Sparse, quarterly snapshots	Continuous, monthly evidence trail
DOL Audit Defensibility	Moderate	Strong

How to Fix It: Shortening the Audit Cycle

Request Monthly Claims Data

Obtain an 837 or 835 transaction file from your TPA on a 30-day cadence rather than quarterly. More frequent access reduces the time between payment and review.

Create a Written Monitoring Policy

Define how often claims are reviewed, what data is examined and who is responsible. A documented policy provides evidence of prudent fiduciary oversight.

Review High-Dollar Claims Faster

Establish accelerated review for claims above a defined threshold, commonly $25,000 to $50,000, to improve accuracy and support stop-loss reporting requirements.

Integrate Eligibility Verification

Incorporate dependent eligibility checks into monthly payroll and enrollment workflows rather than relying solely on periodic audits.

Strengthen Contract Language

Clearly define data formats, delivery schedules, audit rights and fees within your TPA agreement rather than relying on broad cooperation language.

Assign Clear Ownership

Designate a responsible individual and establish a recurring review meeting. Audit programs are most effective when accountability is clearly assigned.

Shortening the audit cycle is not simply an operational improvement. It reduces financial leakage, improves recovery rates and creates a stronger record of ongoing fiduciary oversight.

Red Flags That Signal Your Plan Is Exposed

Your current TPA contract specifies quarterly or annual data delivery with no faster option available.

Your most recent claims audit findings cover a period that ended more than 60 days ago.

No one on your internal team can immediately identify when the last claims review was completed.

Your plan documents contain no written claims monitoring policy or defined audit cadence.

Large claims have been reported to your stop-loss carrier after the contractual notification deadline at least once.

Your broker's stewardship report is the only claims review your organization receives throughout the year.

Dependent eligibility verification occurs on an ad hoc basis rather than through a recurring review schedule.

If three or more of these statements describe your plan, your claims oversight process is likely operating with significant delays. Shortening the review cycle, formalizing monitoring procedures and increasing data visibility can substantially reduce both financial leakage and fiduciary exposure.

The ROI of Moving to a Shorter Audit Cycle

Shortening the audit cycle from 90 days to 30 days or less produces a measurable reduction in both recoverable loss and ongoing exposure. Independent claims integrity data suggests that catching an error within 30 days of payment results in recovery rates roughly two to three times higher than catching the same error after 90 days, largely because provider dispute friction and statutory lookback limits have not yet hardened.

On a plan with $9 million in annual claims spend and a conservative 3% error rate, that is $270,000 in identifiable overpayments per year. Shifting from annual to monthly review does not eliminate errors, but it shrinks the average exposure window from 180 days (the midpoint of an annual cycle) to roughly 15 days (the midpoint of a monthly cycle). That alone can convert a six-figure annual loss into a five-figure one.

The fiduciary protection value compounds over time. A documented monthly review process, sustained over multiple plan years, builds a defensible record of prudent process under ERISA Section 404. The Department of Labor's Meeting Your Fiduciary Responsibilities guidance emphasizes that fiduciaries are judged on the process they followed, not simply the financial outcome. A consistent, frequent, well-documented audit cadence is one of the clearest ways to demonstrate that process.

Conclusion: The Calendar Is Not a Fiduciary Strategy

Waiting 90 days to audit claims is a scheduling habit, not a deliberate risk decision, and that distinction matters under ERISA. Plan sponsors who have never questioned their audit cadence are not negligent by intent. They are simply operating on a calendar inherited from TPA reporting defaults and broker stewardship cycles that were never designed with fiduciary exposure in mind.

The fix does not require new technology budgets or a TPA switch. It requires a written policy, a faster data feed, and a named owner who reviews claims monthly instead of quarterly. The dollar savings are real and the fiduciary protection compounds every plan year the new cadence holds.

Start by asking your TPA one question this week: how quickly can we get claims data, and how often are we currently reviewing it. The gap between those two answers is your fiduciary exposure.

Frequently Asked Questions

What does ERISA require regarding claims audit frequency?

‍ERISA does not specify an exact audit frequency. Section 404(a)(1) requires fiduciaries to act with the care, skill, prudence, and diligence of a prudent person managing similar matters, which courts and the Department of Labor interpret as an ongoing obligation rather than a once-a-year exercise. The absence of a specific number does not mean infrequent review satisfies the standard.

How much does a 90-day audit delay typically cost a self-funded plan?

‍The cost scales with claims volume and the underlying error rate. A plan with $9 million in annual claims spend and a 3% error rate can accumulate roughly $67,500 in unreviewed overpayments over a single 90-day quarter before any audit begins, based on standard industry error-rate benchmarks from claims integrity sources.

Is a quarterly claims audit considered sufficient under ERISA?

‍There is no bright-line rule stating that quarterly review satisfies fiduciary duty. The Department of Labor evaluates the totality of a plan's prudent process, including frequency, documentation, and follow-through on identified errors. A quarterly cadence with strong documentation may be defensible, but a monthly or near-continuous cadence offers a stronger position.

What is the difference between a claims audit and ongoing claims monitoring?

‍A claims audit is typically a discrete, periodic review of a defined claims population, often tied to an annual or quarterly cycle. Claims monitoring refers to a continuous or near-continuous process that reviews claims data on a rolling basis, closer to the point of payment, which reduces the window during which errors go undetected.

Can a plan sponsor be held personally liable for failing to audit claims promptly?

‍Named fiduciaries, including HR leaders or finance executives who exercise discretionary authority over plan administration, can face personal liability under ERISA Section 409 for breaches of fiduciary duty. Failing to establish a reasonable claims monitoring process is a factor courts and the DOL consider when evaluating whether a breach occurred.

How do stop-loss notification requirements relate to audit timing?

‍Stop-loss contracts typically require prompt notification of large or catastrophic claims, often within a specified number of days from the claim reaching a certain dollar threshold. A 90-day internal audit cycle can cause large claims to be flagged for stop-loss reporting later than the contract requires, risking reduced or denied reimbursement on the claim.

What is a reasonable target audit cadence for a self-funded plan with 100 or more employees?

‍Most claims integrity consultants and TPA performance benchmarks recommend monthly review of claims data at minimum, with concurrent or near-real-time review for claims above a defined high-dollar threshold. Plans below 500 employees may reasonably start with monthly review and layer in more frequent high-dollar claim flags as the program matures.

Does shortening the audit cycle require switching TPAs?

‍No. Most plan sponsors can shorten their audit cycle by renegotiating data delivery terms within their existing TPA contract or by adding an independent claims monitoring vendor that integrates with the current TPA's claims feed. Switching TPAs is rarely necessary and introduces its own transition risk.

‍

The Fiduciary Cost of Delayed Claims Audit