You submit a claim for a level 3 established patient visit (CPT 99213). The documentation supports a level 2 visit (CPT 99212). Or you bill for a comprehensive echocardiogram when a limited study was medically necessary. This is upcoding and it is one of the fastest ways to invite a federal audit, pay massive fines, and potentially lose your ability to bill Medicare and Medicaid.
Unlike downcoding, which costs you revenue, upcoding can cost you everything. The Department of Justice (DOJ) and the Office of Inspector General (OIG) actively pursue upcoding cases, often resulting in multi-million dollar settlements. In 2024 alone, several major health systems paid tens of millions to resolve upcoding allegations.
In this guide, we’ll explain exactly what upcoding is, how it differs from downcoding, real-world examples that led to massive penalties, the legal risks you face, and most importantly how to prevent it in your practice.
What Is Upcoding in Medical Billing?
Upcoding occurs when a healthcare provider submits a billing code for a more severe, complex, or expensive service or diagnosis than what was actually documented or medically necessary. It can be accidental resulting from a coder’s misunderstanding of guidelines or intentional fraud. Either way, the consequences are severe.
The RAND Corporation defines upcoding as “the coding of a patient to a higher complexity level than they would be if payment were unrelated to complexity”. In simpler terms, it means making a patient look sicker than they are, or a procedure more complex than it really was, to get a higher reimbursement.
Common examples of upcoding include:
- Billing a level 5 evaluation and management (E/M) service (e.g., 99215) for a minor patient problem that only required a level 3 visit
- Reporting a diagnosis of chronic bronchitis when the patient actually has acute bronchitis
- Coding for excision of a 2.5 cm skin lesion when the lesion actually measured only 1 cm
- Billing for a name-brand medication when generic medication was used
Upcoding is not just an ethical violation it is considered healthcare fraud under federal law and can trigger investigations under the False Claims Act (FCA) .
Upcoding vs. Downcoding: Key Differences
Understanding the distinction between upcoding and downcoding is essential for any billing professional. While both represent coding inaccuracies, they move in opposite directions and carry different risks.
| Aspect | Upcoding | Downcoding |
| Definition | Billing a higher-level code than supported by documentation | Billing a lower-level code than the service actually warranted |
| Financial Impact | Overpayment; practice receives more than it should | Underpayment; practice loses legitimate revenue |
| Compliance Risk | Very high can trigger FCA investigations, fines, and exclusion | Moderate often results from conservative billing or documentation gaps |
| Legal Classification | May be considered fraud (especially if intentional) | Usually not considered fraud, but violates NCCI guidelines |
| Payer Response | Audits, recoupments, penalties, and potential criminal charges | Lower reimbursement; possible pattern warnings |
Downcoding is often a defensive strategy providers purposely undercode to avoid audits. However, the National Correct Coding Initiative (NCCI) explicitly states: “Physicians must avoid downcoding. If a HCPCS/CPT code exists that describes the services performed, the physician must report this code”. Downcoding can harm patients (by under-documenting a diagnosis) and represents a compliance risk equal to that of upcoding.
Real-World Upcoding Examples and Settlements
Upcoding is not a theoretical risk. The DOJ and OIG regularly pursue and settle upcoding cases for millions of dollars. Below are three recent, high-profile examples.
1. Prime Healthcare $65 Million Settlement
In 2018, Prime Healthcare Services and its CEO agreed to pay $65 million to resolve False Claims Act allegations. The government alleged that from 2006 through 2013, Prime engaged in a deliberate corporate-driven scheme to admit Medicare beneficiaries as inpatients when their symptoms should have been managed in a less costly outpatient or observation setting.
The settlement also resolved allegations that Prime falsified patient diagnoses, including complications and comorbidities, to increase Medicare reimbursement. The lesson: upcoding admissions and diagnoses can lead to nine-figure penalties.
2. UCHealth $23 Million Settlement
In November 2024, University of Colorado Health (UCHealth) paid $23 million to settle a False Claims Act lawsuit alleging upcoding of emergency department visits. The case was notable because UCHealth’s billing system used an automated coding rule that defaulted to the highest-level E/M code (CPT 99285) whenever the number of vital sign checks exceeded the patient’s length of stay in the ED.
The DOJ contended that this rule did not satisfy CPT requirements and did not reasonably reflect the facility resources used. A certified coding specialist who worked at UCHealth filed the whistleblower complaint. The takeaway: even automated or AI-driven coding rules must comply with official standards and employees will report violations.
3. Blue Cross Blue Shield Study AI-Driven Upcoding
A 2026 report published by Blue Shield of California found a significant increase in cases coded for acute posthemorrhagic anemia a serious condition that typically signals severe blood loss requiring blood transfusion. The report suggested that AI-assisted coding tools may be driving upcoding by flagging conditions that aren’t fully supported by documentation.
This highlights a growing concern: as more practices adopt AI coding assistants, the risk of inadvertent upcoding increases. Providers must verify that their technology applies coding standards correctly.
The Risks of Upcoding: Financial, Legal, and Reputational
Upcoding carries consequences that extend far beyond a simple repayment demand.
Legal and Financial Penalties
Under the False Claims Act, a provider found guilty of upcoding can be penalized up to three times the government’s loss, plus an additional $11,000 per false claim. Penalties add up quickly because each individual claim for payment can be a separate ground for liability.
In addition to FCA penalties, the OIG can impose civil monetary penalties of up to $50,000 per false record or statement. Providers may also be excluded from participating in Medicare, Medicaid, and other federal healthcare programs effectively ending their ability to serve millions of patients.
Whistleblower Exposure
The False Claims Act includes a qui tam (whistleblower) provision that allows private individuals to file lawsuits on behalf of the government. Whistleblowers can receive up to 30% of any recovery. Common whistleblowers include ex-business partners, current or former employees, competitors, and even patients. In the UCHealth case, a certified coding specialist who worked at the hospital filed the complaint.
Reputational Damage
Even if a practice avoids exclusion, being named in a DOJ settlement severely damages reputation. Patients lose trust. Referring physicians hesitate to send patients. And the organization’s standing within the medical community suffers sometimes permanently.
Increased Scrutiny and Operational Burden
Once a provider is flagged for upcoding, insurance companies and regulatory bodies increase scrutiny on all claims. Denial rates rise. Payments slow down as payers perform thorough assessments on every claim. Administrative costs balloon due to frequent audits and staff burden.
How to Prevent Upcoding in Your Practice
Prevention is far better than defending against an audit or whistleblower lawsuit. Implement these seven strategies to keep your practice compliant.
1. Conduct Regular Internal Audits
Periodic self-audits are the single most effective way to detect and eliminate upcoding. The OIG recommends auditing 20 records per provider, every six months, to pinpoint inconsistencies between provider documentation and the codes reported. The goal is to ensure that documentation guidelines are met and that services, procedures, and diagnoses are supported at the level they are billed.
2. Train Providers and Coders Continuously
Many upcoding errors stem from a lack of training, not malicious intent. Schedule regular training sessions on:
- Correct E/M level selection based on medical decision making (MDM) or time
- Proper use of modifiers
- Payer-specific coding guidelines
- Documentation requirements for medical necessity
The American Medical Association’s Journal of Ethics suggests that medical education and training is the ideal time to familiarize future physicians with upcoding and other fraudulent billing practices.
3. Verify Automated Coding Rules
If your practice uses automated coding tools or AI-assisted software, verify that the underlying logic applies official coding standards correctly. The UCHealth case demonstrates that automated rules, even those implemented by large health systems can violate CPT guidelines and trigger FCA liability.
4. Establish Clear Documentation Guidelines
Ensure every medical record includes:
- Specific, detailed chief complaint and history of present illness
- Relevant review of systems and past medical history
- Physical exam findings (not just “normal”)
- Medical decision making: diagnoses considered, data reviewed, risk level
- Time spent (if billing based on time)
Documentation should be unambiguous to an auditor, not just to the treating provider.
5. Implement a Compliance Program
A comprehensive compliance program aligned with OIG guidance is essential. Key elements include:
- Written policies and procedures
- Designated compliance officer
- Regular training and education
- Open lines of communication for reporting concerns
- Enforcement of disciplinary standards
- Prompt response to detected violations
6. Use Coding Validation Software
Advanced coding tools can flag potential upcoding risks before claims are submitted. Look for software that:
- Compares billed codes to documentation
- Checks for inconsistencies between diagnosis and procedure
- Highlights outlier billing patterns
- Integrates payer-specific rules
7. Monitor Billing Patterns and Outlier Alerts
Payers and CMS routinely analyze billing patterns to identify “high outliers” providers who bill a significantly higher percentage of high-level codes than their peers. Monitor your own data:
- Track the distribution of E/M levels by provider
- Compare your patterns to specialty benchmarks
- Investigate any provider whose coding profile deviates significantly from peers
If a payer or CMS flags your practice as an outlier, be prepared to justify your coding with supporting documentation.
What to Do If You Discover Upcoding
If an internal audit reveals upcoding whether accidental or intentional you must act immediately.
- Quantify the overpayment Determine which claims were overpaid and by how much.
- Repay within 60 days Under the Affordable Care Act, providers must repay identified overpayments to Medicare and Medicaid within 60 days or face additional penalties.
- Use the OIG Self-Disclosure Protocol Providers can voluntarily disclose billing errors to the OIG through the Self-Disclosure Protocol. This often results in reduced penalties compared to waiting for a government investigation.
- Consult legal counsel Upcoding allegations can lead to criminal charges. Engage healthcare compliance counsel immediately.
- Correct the root cause Fix the documentation, coding, or billing process that led to the error.
Final Thoughts
Upcoding is not a victimless crime. It defrauds government healthcare programs, inflates insurance premiums, and exposes your practice to devastating financial and legal consequences. Whether the upcoding is accidental or intentional, the government holds providers accountable.
The best defense is a strong offense: regular internal audits, continuous training, verified coding tools, and a culture of compliance. By prioritizing accuracy over revenue maximization, you protect your practice, your reputation, and your patients.
Key takeaways:
- Upcoding means billing for a higher-level service or diagnosis than documented.
- Penalties include treble damages, $11,000–$50,000 per false claim, and possible exclusion from federal programs.
- Real-world settlements exceed $65 million.
- Whistleblowers often employees can receive up to 30% of recoveries.
- Prevent upcoding through audits, training, documentation standards, and compliance programs.
- If you discover upcoding, repay overpayments within 60 days and consider OIG self-disclosure.
Frequently Asked Questions
1. What is upcoding in medical billing?
Upcoding means billing a higher-level code than the documentation or medical necessity supports. For example, billing a level 5 office visit when the patient’s condition only required a level 3. Upcoding can be accidental or intentional – but either way, it’s considered healthcare fraud.
2. What is the difference between upcoding and downcoding?
Upcoding increases reimbursement (you get paid more than you should). Downcoding decreases reimbursement (you get paid less). Upcoding carries severe legal risks, including False Claims Act penalties, fines, and even jail time. Downcoding is less risky but still hurts revenue.
3. What are the penalties for upcoding?
Under the False Claims Act, providers can be fined up to three times the government’s loss plus an additional $11,000 per false claim. Civil monetary penalties can reach $50,000 per false record. In extreme cases, providers may be excluded from Medicare and Medicaid or face criminal charges.
4. Can upcoding happen accidentally?
Yes. Many upcoding cases result from poor documentation, misunderstanding of coding guidelines, or overly aggressive billing software. However, the government does not distinguish between accidental and intentional – both can trigger audits, recoupments, and penalties. Good faith errors can be corrected through self-disclosure.
5. How can I prevent upcoding in my practice?
Conduct regular internal audits (e.g., 20 records per provider every six months). Train providers and coders on correct E/M level selection. Verify that automated coding rules comply with official guidelines. Establish clear documentation standards. Monitor billing patterns for outliers. And implement a formal compliance program.
6. What should I do if I discover upcoding in my practice?
Act immediately. Quantify the overpayment. Repay Medicare or Medicaid within 60 days (required by law). Consider using the OIG Self-Disclosure Protocol to voluntarily report the error – this often reduces penalties. Consult a healthcare compliance attorney. Then fix the root cause to prevent recurrence.
Looking for more compliance and revenue cycle insights? Subscribe to the Med Revenue Hub newsletter for expert guidance on medical billing, coding compliance, and fraud prevention.
