HEDIS Insider: Reporting, Audits and Innovation in Action
For Healthcare Innovators, Strategists and Care Leaders
Recap & What’s Next
Welcome Back!
This is Part 2 of our two-part series on HEDIS and continues the conversation from our earlier post on STAR Ratings. If you missed that, you can catch up here.
In Part 1, we unpacked what HEDIS is, who defines it and how measures are built and sampled. You can read it here.
What you will learn in this guide:
HEDIS Reporting & Audits
Why is Audit important?
Audits ensure reported data reflects real care
Plans with >5% error rates must disclose and correct
Audit outcomes influence public ratings and accreditation
Data governance and quality are non-negotiables for high-performing plans
Step-to-step Process
1. Collect Patient Data
Health plans start by collecting data from:
Claims and encounter records
Medical records and EHRs
Pharmacy and lab data
This data helps determine how well the plan is performing on quality measures like preventive care, screenings and chronic disease management.
2. Complete the HOQ
The Healthcare Organization Questionnaire (HOQ):
Is an online form required by NCQA
Collects basic info about your plan and products
Must be completed to access submission tools like IDSS
3. Submit the Patient-Level Detail File
Medicare plans must also send a PLD file to CMS. This includes:
Demographic information (age, gender, etc.)
Clinical data (diagnoses, treatment history)
Utilization data (services received, hospital admissions)
Quality measures relevant to HEDIS (like preventive screenings, management of chronic conditions)
PLD file must be complete and accurate as it forms the basis of your HEDIS rates.
4. Use the IDSS Portal
The Interactive Data Submission System (IDSS) is NCQA’s platform where plans:
Upload non-survey HEDIS data (using XML templates)
Run checks to catch errors
Finalize data for audit and public reporting
5. Draw Your Sample
For some measures, instead of reviewing all records, you will:
Select a sample of eligible Members
Prepare an oversample list
Review charts only if data isn’t found in claims
6. Undergo the HEDIS Compliance Audit
Auditors assess how your plan:
Collects and processes data
Handles supplemental and chart-based information
Calculates measure rates
A. Pre-Audit Phase
1. Contract & Timeline
Define audit scope (measures, products, sites)
Set annual deadlines using HEDIS Volume 5
2. Survey Sample Frame Validation
Confirm Initial Population and data layout
Use a certified survey vendor
Auditor completes the Healthcare Organization Questionnaire (HOQ)
3. Roadmap Submission
Submit annual roadmap of data sources, systems and processes
Ensure compliance with IS and HD standards
4. Source Code Review
Use NCQA-certified logic with assigned GUIDs
Non-certified logic must pass auditor review
5. Supplemental Data Validation
Standard data: Structured, coded, format-compliant
Non-standard data: Requires extra documentation
All supplemental data must be validated
6. Medical Record Review (MRR)
Conducted off-site
Validates abstraction tools and hybrid compliance
7. Data Submission Validation
Auditors test 16 cases per measure
Plans may fix errors and resubmit
Determines if hybrid or admin-only reporting is allowed
B. Audit Phase
1. Opening Meeting
Plan presents data approach and recent improvements
Auditors explain audit scope and schedule
2. Audit Activities
Interviews, system checks, file reviews
Validate policies, claims and enrollments
Observe processes and data traceability
3. Data Queries
Run at least four required queries (like demographics, data accuracy)
Customize to your systems and data sources
Example - Overall Demographics, Data Loading Checks, Audit Review Drill-Down, Negative Case Checks, Cross-Measure Checks, Mapping Results.
4. Data Completeness Review
Compare preliminary vs. final rates
Identify any delays, gaps or inconsistencies
5. Closing Conference
Auditors share initial findings
Flag unreportable measures
Outline follow-ups and deadlines
7. Submit Final Data & Audit Results
Once your data passes validation:
Lock data in IDSS
Submit final rates to NCQA via IDSS
Auditors issue a final report confirming compliance and data quality
Who’s involved in the process?
Health Plan: Manages the data, submissions and audit readiness
Licensed Organization: Oversees audit execution
Certified HEDIS Auditors: Review data and validate compliance
Measure & Survey Vendors: Help with rate calculations and CAHPS survey results
NCQA: Receives and reviews all final data
Common Roadblocks to Strong HEDIS Score
1. Data & Claims Barriers
Third-Party Liability (TPL): Claims not submitted due to outside insurance.
Incomplete or Incorrect Coding on Claims (CPT, ICDs, etc.)
Provider Specialty Not Counted: Provider type doesn’t meet measure requirements.
2. Access & Enrollment Barriers
Lack of Continuous Enrollment: Member doesn’t meet eligibility timeline.
Limited Access for Preventive Services: Difficulty getting timely appointments.
New Member Appointment Delays: Access issues for new members on provider panels.
3. Documentation Barriers
Poor Chart Documentation: Services are done but not recorded.
Incomplete Measure Components: Partial care (like only 1 dose of a 2-dose vaccine).
4. Continuity of Care Barriers
Incorrect Primary Member Provider (PMP) Assignment: Member linked to the wrong provider.
Missing Medical History: Records not transferred when PMP changes.
How HEDIS can drive innovation or impact across roles?
For Clinicians & Care leaders
HEDIS performance directly impacts STAR Ratings and physician reimbursement.
Low scores mean lower revenue and higher admin burden.
Strong HEDIS results support better tools, care delivery and plan sustainability.
Even small HEDIS gains (0.2–0.4 STAR lift) can unlock major bonuses and benefits.
Plans seek partners who can prove measurable HEDIS-driven ROI.
For Product Builders & Health Tech Innovators
Product Opportunity comes with quality improvement. So, can your product bridge one of the gaps in care delivery to make meaningful impact?
Game Changing Opportunities:
Embedded EHR alerts to close care gaps in real time
Predictive analytics (including SDOH) to enable proactive care
API-first architecture for fast, flexible product innovation
Efficient NCQA-ready quality reporting
Built-in patient engagement tools (like reminders, messaging)
Secure, FHIR-native data exchange for interoperability
Closed-loop coordination across teams and systems
Continuous performance insights to drive improvement
For Strategic & Policy Makers
Align provider networks with high-performing plans.
Influence broker commission strategies to support enrollment into quality plans.
Support digital transformation as a core part of your organization’s growth strategy.
The Tech Layer: Powering Quality with Data and Interoperability
We are seeing a shift from paper to precision in HEDIS reporting:
With better data pipelines, audits shift from reactive to proactive. What’s now possible?
Clinical Decision Support (CDS): EHR alerts tied to HEDIS gaps
Embedded HEDIS Checklists: Integrated into annual wellness workflows
Monthly Scorecards: Instead of yearly updates, providers get real-time feedback
NCQA’s Evolving Strategy
Digital Measures Expansion: More digital-first HEDIS measures across domains
STAR Rating Changes: Expect tighter integration of CAHPS, HOS and digital quality metrics
In short, plans and vendors must invest now in data interoperability, FHIR integration and digital abstraction tools to stay competitive.
What’s Coming in the Next Edition?
In our next newsletter, we will explore how FHIR is transforming healthcare data exchange, replacing legacy systems, enhancing interoperability and driving improvements in quality, innovation and care delivery. Stay tuned!
Want to discuss a topic or have suggestions? I would love to hear from you!