Compliance Audit Requirements for Healthcare CARES Act Recipients

September 2, 2020 | Authored by Nicholas Fiume CPA

Published September 2, 2020 – The Coronavirus Aid, Relief, and Economic Security (CARES) Act, signed into law in March 2020, and related follow-on legislation appropriated $175 billion of aid to support the American healthcare system.  Most healthcare entities, including hospitals, physician groups, not-for-profit health and human services organizations, dentists, assisted living, home care and behavioral health providers received support targeted at 2% of annual patient service revenues from the Provider Relief Fund (“PRF”) (see blog here –

For a printable copy of this article, please click here.

The funding was rapidly deployed by the Treasury and Department of Health and Human Services (HHS), with the intent to address immediate needs in the healthcare system. In many cases, for Medicare billers, aid was directly deposited without the need to file an application.

The funds were not, however, without strings attached, as the aid was targeted to replace lost revenue and extra expenses related to the Coronavirus pandemic. From the beginning HHS indicated an intent to “audit” the use of the funds after the fact, but the when and the how of that audit process was initially undefined.

Recent FAQ’s, however, point to a path forward – a path similar to the Uniform Grant Guidance audits routinely performed for not-for-profits and local governments (a/k/a “single audits” or, the old name, “(OMB Circular) A-133 audits”). Two FAQ’s recently published on the HHS website of note:

  • Are Provider Relief Fund payments fund payment to non-Federal entities (states, local governments, Indian tribes, institutions of higher education, and nonprofit organizations subject to Single Audit?

Provider Relief Fund General and Targeted Distribution payments (CFDA 93.498) and Uninsured Testing and Treatment reimbursement payments (CFDA 93.461) to non-Federal entities are Federal awards and must be included in determining whether an audit in accordance with 45 CFR Part 75, Subpart F is required (i.e., annual total federal awards expended are $750,000 or more).

Audit reports must be submitted electronically to the Federal Audit Clearinghouse.

  • Are Provider Relief Fund payments to commercial (for-profit) organizations subject to Single Audit in conformance with the requirements under 45 CFR 75 Subpart F?

Commercial organizations that receive $750,000 or more in annual awards have two options under 45 CFR 75.216(d) and 75.501(i): 1) a financial related audit of the award or awards conducted in accordance with Government Auditing Standards; or 2) an audit in conformance with the requirements of 45 CFR 75 Subpart F.

Provider Relief Fund General and Targeted Distribution payments (CFDA 93.498) and Uninsured Testing and Treatment reimbursement payments (CFDA 93.461) must be included in determining whether an audit in accordance in accordance with 45 CFR Subpart F is required (i.e., annual total awards received are $750,000 or more).

Audit reports of commercial organizations must be submitted directly to the U.S. Department of Health and Human Services, Audit Resolution Division at

For Non-Profit Organizations

Many non-profit organizations are already familiar with Single Audits, generally required when they either directly or indirectly (passed through local governments) receive more than $750,000 in federal funds.

If a non-profit organization did not traditionally meet the $750,000 threshold where a Single Audit was required, consider if the receipt of PRF payments would push them over the edge into audit required territory.

For not-for-profits who traditionally do have a single audit requirement, the PRF funds may constitute a new “major program” and/or may change the threshold for categorizing federal programs as “Type A” or “Type B.” The rules around program selection for Single Audit are complex and a planning discussion with your independent CPA early is warranted.

While not directly related to PRF or Single Audits, small not-for-profits which may have traditionally only received a compilation or review report (or no assurance on financial statements at all) may also want to consider if receipt of aid funds has pushed them to need a higher level of assurance. If they exceeded the $750,000 in federal funds for the first time, an audit of their financial statements (not just the federal program compliance) is likely needed. For public charities registered in New York, “bright lines” exist for filing requirements at $25,000 (attachments needed to Form CHAR 500 filed with the Attorney General’s office), $250,000 (a review report from an independent CPA is required) and $500,000 (an audit by an independent CPA is required).

For Commercial Organizations

For many commercial organizations, the concept of a federal “Single Audit” is a foreign one. As an abbreviated explanation, for entities (mostly not-for-profits) that receive multiple federal grants, the idea of a single audit is to avoid overwhelming organizations with multiple audits if each federal agency were to have their own audit process. Entities are thus afforded the ability to contract with their own CPA to do a once a year audit under special rules that broadly cover all federal funds received.

A federal “grant” is different than being paid by the federal government as a vendor or supplier, or the receipt of tax incentives (i.e. paying less vs. actually receiving cash). As such, many commercial organizations, never receive a federal grant – or, if they do, they receive for only one program – which, depending on their grant agreement, may or may not have compliance audit requirements.

The PRF is, however, a government grant, and if a commercial organization received more than $750,000 in such funds, they will require an audit.

The HHS FAQ refers to two options, which really come down to whether PRF is the only federal grant received. If it is, a program-specific audit is allowed covering just that program (this may eliminate the need to have a full financial statement audit performed). If there are multiple sources of federal grants (for example an economic development grant and PRF funds), a Single Audit would cover the multiple awards. Note that a Single Audit typically also requires an audit of the entity’s financial statements.

The Good News

While an audit requirement may not be welcome, to the extent some assurance over compliance was inevitable, the ability to choose your own auditor should be. Compared to the alternative of an IRS or Medicare Inspector General style audit approach, a federal compliance audit or Single Audit performed by your trusted independent CPA can be an opportunity to provide piece of mind – for yourself, the government and the public through a fair and professional mechanism.

* * * * * *

If your organization is facing a first-time audit (of your financial statements, compliance with federal programs, or both), it is important to understand your options, what will be required, and when.

The Healthcare and Not-for-Profit practices of Dopkins & Company are well versed in these types of engagements and our professionals are available to talk.

For more information, contact Nicholas Fiume at

About the Author

Nicholas Fiume CPA

Nick is the Leader of Dopkins Healthcare and Not-for-Profit Practices. He provides assurance and consulting services to clients from a diverse mix of industries, including health care providers, hospitals, health and life insurance, charities and tax exempt organizations, manufacturing and financial services.

Do What You Love.
Love What You Do.

It’s about balance. The variety and quality of the clients, along with access to the latest technology and business information keeps the work interesting.

Learn More
Three Dopkins Employees

Opportunity Awaits

Take your career to the next level at Dopkins

Learn more