For a provider of healthcare services, payer audits are always a possibility. Both government and private payers consistently monitor providers to prevent fraud, overpayment, and improper billing or coding procedures. Audits can be nerve wrecking and intimidating, even if a provider is billing correctly. Improper billing can lead to civil and criminal sanctions. To help alleviate some of the tension surrounding the audit process, providers must be proactive and understand what types of audits exist and how to prepare for the possibility. Providers also need to understand how to appropriately respond to an audit.
Providers may be subject to a variety of audit types, depending on the payer. For private (i.e., commercial) payers, the audit can comprise an informal review of a few claims or a formal review of many claims. A private payer audit may occur after a claim is billed but prior to payment. Alternatively, it may occur after a claim is paid to determine whether there was improper billing, such as an overpayment, and whether recoupment is necessary.
For Medicaid audits, the Centers for Medicare & Medicaid Services (CMS) contracts with Audit Medicaid Integrity Contractors (Audit MICs) to examine the billing practices of Medicaid providers. This type of audit often occurs post-payment and focuses on identifying overpayments and noncompliance with Medicaid regulations. If fraud or improper billing is found during this type of audit, the case will be sent to the applicable state’s attorney general, who may choose to prosecute and recoup any overpayments.
Finally, Medicare audits can take three forms. First, a Recovery Audit Contractor’s (RAC) Program audit targets providers who bill under fee-for-service plans. These audits are performed by third-party contractors who are paid a percentage of any payment error found during the review. Second, a Comprehensive Error Rate Testing (CERT) audit focuses on providers who have unusual billing or coding practices, including those who regularly provide high-cost items or services or who have a high volume of tests. Finally, a Zone Program Integrity Contractor (ZPIC) audit is performed by CMS contractors who examine a provider’s data to determine whether the provider is committing any type of fraud. If fraud is found, civil and/or criminal penalties can result.
Because audits often have strict deadlines, keeping organized documentation proactively can minimize timing issues.
Avoid Common Errors
Different types of billing and coding errors or deficiencies could trigger the audits described above. Providers should be proactive to eliminate some of these common mistakes in their practices.
- Lack of or insufficient documentation: A provider should have medical records and documentation organized and available for each patient encounter. If an audit commences, the auditing party may request this documentation. Because audits often have strict deadlines, keeping organized documentation proactively can minimize timing issues during an audit by enabling the provider to quickly respond to the auditor’s requests for documentation.
- Lack of evidence to deem medical necessity: To prevent improper billing, all tests, procedures and services ordered by a provider should be medically necessary to diagnose or treat a patient. It is critical for a provider to have a sound policy for documenting medical necessity for every test, procedure, and service. Medical necessity can often lead to issues during audits, because a provider and a payer may disagree on whether certain tests or procedures are medically necessary. Therefore, it is prudent for a provider not only to understand the payer’s definition of medically necessary, but also to document any test, procedure or service and the basis for rendering it to a specific patient. If the provider has had a prior issue with the payer reimbursing a certain test or service, the provider may want to obtain a prior authorization from the payer before rendering the service to the patient.
- Incorrect coding: A provider must ensure that all claims are billed correctly. Providers should follow the policies and procedures in the payers’ billing and coding policies and manuals. Providers should also enlist a competent person or team to supervise and control all billing operations. This individual or team should be knowledgeable of the complexities of coding issues and should periodically review all payer rules and policies relating to billing and coding. Further, the billing team should regularly check for updates surrounding CPT codes and bundled packages, as coverage of certain tests or services may change and/or be updated without prior notice from the payer.
Billing and coding should be done in a consistent and accurate manner. Additionally, a provider should regularly conduct internal and random audits, either in house or by consulting a third-party audit service. A provider should keep track of denied claims and correct the errors that led to the denials. Finally, a provider should discuss billing and coding regularly with an attorney to ensure they are complying with any updated rules or regulations.
How to Respond
The audits discussed above can arise from allegations of noncompliance with a payer’s billing policies and procedures, but they can also be completely random. The first step after receiving an audit letter is to engage legal counsel. Audits can be extremely burdensome and complicated, so engaging an experienced attorney fluent in billing, coding, and audit procedures is essential. The attorney can identify who is conducting the audit and may be able to determine the reason why the audit is being conducted.
The attorney can also work with the provider to review the audit requests and respond appropriately, ensuring the provider understands how to answer questions properly and determining which questions may be beyond the scope of an audit. It’s important to follow the audit procedures, including meeting any deadlines and producing all reasonable documentation. An experienced attorney can help navigate, streamline, and explain the often complicated process to ensure the best possible results.
Steven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via email at firstname.lastname@example.org.
Reprinted with permission from the American College of Rheumatology.