A hospital in Texas billed a self-funded employer plan $187,000 for a single inpatient stay. The third-party administrator paid it within 15 days. A post-payment audit later found the bill contained a duplicate room charge, an unbundled surgical code, and a coordination-of-benefits error that a secondary insurer should have covered. Total recoverable overpayment: $41,000. No one had flagged it. No one had looked.
That scenario is not unusual. For most self-funded employers, health plan claims represent the second-largest line item on the income statement. They are also the line item with the least structured oversight.
The Problem: Your Biggest Bill Has No Auditor
Self-funded employers write blank checks to pay health claims, then assume the TPA cashed them correctly.
Consider what happens with every other major corporate expense. Accounts payable audits vendor invoices. Finance reconciles software licenses. Procurement validates purchase orders against contracts. For many companies, a $500 expense report requires two approvals and a receipt scan.
Now consider health claims. A plan with 500 employees might process $6 million in claims annually. The TPA adjudicates those claims using its own system, its own pricing network, and its own quality controls. The employer receives a summary report, pays the funding account, and moves on. The individual claim adjudications are rarely reviewed by anyone outside the TPA.
This is not a flaw in one company's process. It is the industry default.
Why the Problem Exists
The Real Cost of Unmonitored Claims
Claims overpayments cost self-funded plans an estimated 3% to 10% of total annual spend.
HFMA has documented billing errors as pervasive across the provider ecosystem. Milliman's actuarial analyses show inappropriate payments in commercial plans routinely exceed 5% of expenditures when audited.
Apply that to real numbers. A 300-employee plan spending $4.5 million annually could be overpaying $135,000 to $450,000 per year. These are not one-time mistakes. They compound silently until someone looks.
The fiduciary exposure is separate and growing. EBSA increased enforcement actions in 2023 and 2024 targeting plan sponsors who failed to monitor their TPAs. ERISA Section 404(a)(1) requires the care and diligence of a prudent expert. Delegating administration does not delegate liability.
Hiring an accountant does not relieve a CFO of the duty to review the books. The same logic applies here.
What's Actually Happening Behind the Scenes
Claims processing errors fall into predictable categories, and most go undetected because no one is specifically looking for them.
Billing Code Manipulation
Upcoding occurs when a provider bills a higher-complexity service code than the service actually delivered. Unbundling occurs when a provider bills component procedures separately that should be billed as a single bundled code at a lower rate.
Both are common, both are often unintentional, and both result in systematic overpayment. The Office of Inspector General (OIG) has documented upcoding and unbundling as among the most frequent sources of improper payments in federal programs. Commercial plans face the same vulnerabilities.
Duplicate and Resubmitted Claims
A claim is submitted, appears to fail or delay, and is resubmitted. Both versions pay. This category is among the most straightforward to detect and also among the most consistently missed without automated duplicate-detection logic applied at the claim-line level rather than the claim-header level.
Coordination of Benefits Failures
When a member has coverage under two plans, the primary plan pays first and the secondary plan covers remaining eligible expenses. COB failures occur when the primary-payer determination is wrong, when the secondary plan pays as if it were primary, or when the member's coverage under a second plan is unknown to the TPA.
According to the Kaiser Family Foundation, approximately 10% of covered workers have coverage from a source other than their employer. COB errors on that population can be substantial.
Network Repricing Errors
Self-funded plans contract with a carrier or network to reprice claims at negotiated rates. The repricing calculation should reduce the billed amount to the contracted rate.
When the repricing logic is applied to the wrong fee schedule, applied inconsistently, or bypassed for out-of-network claims, the employer pays more than the contracted rate. These errors are nearly invisible on a standard remittance report.
Medical Necessity and Eligibility Errors
Claims are sometimes paid for services that required pre-authorization and did not receive it. Claims are paid for terminated employees or dependents who have aged out of eligibility.
Both categories are preventable with proper eligibility file management and pre-authorization tracking, neither of which employers verify systematically once a TPA is in place.
Why Current Approaches Are Not Enough
The status quo is not a neutral position. Every year without an audit is a year in which recoverable overpayments expire under applicable recovery windows, fiduciary risk accumulates undocumented, and plan costs trend upward without a root-cause explanation.
Red Flags That Signal This Problem Applies to Your Plan
The ROI of Doing It Right
Independent claims auditing consistently returns $3 to $8 for every $1 invested.
Recovery from a retrospective audit typically represents 1% to 3% of audited claim spend. On a $10 million plan, that is $100,000 to $300,000 from a single audit cycle.
TPAs that know their claims will be audited independently process them more carefully. That deterrence effect reduces future errors before they are paid.
The fiduciary protection matters too. The Supreme Court's 2015 decision in Tibble v. Edison International affirmed that fiduciary duties are ongoing. A documented audit program is your evidence of compliance.
Frequently Asked Questions
How common are errors in employer health plan claims?
Industry analyses and actuarial research consistently estimate that 3% to 10% of commercial health plan claims contain a billing or processing error. Not all errors favor the payer. But overpayments to providers and TPAs are documented as the more prevalent direction. Plans that audit systematically almost always find recoverable amounts in excess of audit costs.
Does my TPA already audit claims internally?
Most TPAs perform some internal quality assurance, but internal QA is not the same as an independent audit. The TPA's QA process is designed to measure its own performance against its own standards. An independent audit measures performance against your plan's interests, your contract terms, and external benchmarks. The difference matters financially and legally.
Are we required by law to audit our claims?
ERISA does not specify a mandatory audit frequency. However, ERISA Section 404 requires fiduciaries to manage plan assets with the care of a prudent expert and to monitor service providers on an ongoing basis. Courts and the DOL have found that plan sponsors who never audited their TPA failed to fulfill this duty. An audit program is the clearest evidence of compliance with the monitoring obligation.
What is a realistic claims audit recovery amount?
Recovery rates vary by plan size, audit depth, TPA quality, and how long it has been since the last audit. First-time audits of plans that have never been reviewed independently tend to return more. A reasonable baseline expectation is 1% to 3% of audited claim spend in identified overpayments. A 300-employee plan with $4 million in audited claims might recover $40,000 to $120,000.
How do I get access to my claims data for an audit?
You own your plan's claims data as the plan sponsor. Your TPA is obligated under ERISA and typically under your administrative services agreement to provide it. Request a complete claim-line data extract covering the period you intend to audit. If your TPA charges excessive fees for this extraction or limits the data fields provided, consult your ERISA counsel. The data is yours.
What types of errors does a claims audit typically find?
The most common categories are duplicate payments, unbundled or upcoded procedure codes, coordination-of-benefits failures, network repricing errors, payments for ineligible members or dependents, and claims paid without required pre-authorization. Each category has a distinct detection methodology, which is why auditors use both automated rule-based tools and clinical coding reviewers.
How long does a claims audit take?
A retrospective audit of 12 months of claims data typically takes 60 to 90 days from the time clean data is delivered to the auditor through final reporting. Concurrent review programs, which flag claims in near-real time, can be implemented within 30 to 45 days of contract execution. Timeline depends heavily on data quality and TPA responsiveness.
Can a claims audit damage our relationship with our TPA?
A professional, contractually-grounded audit should not damage a good-faith TPA relationship. TPAs that perform well welcome independent validation because it demonstrates their value. Resistance to auditing is worth noting. Your obligation as plan sponsor runs to plan participants, not to the TPA's comfort. If a TPA treats oversight as adversarial, that response itself warrants a service-provider review.
