Both government and private payers continue to aggressively monitor providers to prevent and recover overpayments. This is evidenced by the fact that the number of audits conducted in recent years has increased dramatically. A negative audit finding can result in the need to repay five- and seven-figure amounts.
Types of Audits
Private Payer Audits
Private payer audits take two forms: 1) informal reviews and 2) formal audits. These audits can be the result of actual allegations or evidence of non-compliance, or they can be random, in which general compliance is assessed. The procedure for such audits is typically determined by contract or the payer’s provider handbook and in accordance with applicable state law. Prepayment reviews may be conducted, in which the sufficiency of a claim—and its supporting documentation—is determined before payment is made to the provider. Post-payment reviews can also be performed, during which claims are analyzed after the provider has been paid to determine if an overpayment was made.
The Centers for Medicare and Medicaid Services (CMS) is the agency responsible for Medicare audits. These audits can take one of three forms:
- Comprehensive Error Rate Testing (CERT) audits—These typically focus on providers who provide high-cost items or services, have high volume and/or have atypical billing or coding practices.
- Recovery Audit Contractor’s Program (RAC) audits—These are performed by private contractors who are paid on a percentage of the amount of the improper payment discovered.
- Zone Program Integrity Contractor (ZPIC) audits—These are performed by CMS contractors and are the most serious of the three audit types. Contractors mine the provider’s data for compliance with Medicare coverage and coding policies and investigate fraud, and may prepare cases for civil or criminal referral to CMS or law enforcement agencies.
Medicaid audits focus on compliance with both CMS and state regulations, and investigate fraud. Any instances of fraud that are found will be reported to the state attorney general.
The primary focus of audits in recent years has been medical necessity. Much of this audit activity is associated with payer concerns about specific fraud and abuse issues. Payers may be tipped off to such issues due to consistent billing by a provider for high volumes of certain high-level services, high volumes of evaluation and management services or by consistent referrals of patients for certain testing.
During audits, payers require documentation of medical necessity. However, private payers often have arbitrary and vague guidelines for defining and determining medical necessity, particularly when dealing with physicians or ordering clinicians. This causes frustration among providers, who often question what role private payers play in determining medical necessity. The definition of medical necessity can vary by payer—and within payer—depending on the underlying plan. Therefore, it is critical that providers read their payer contracts and policy and coverage manuals carefully. When in doubt, it is best to confirm requirements with the payer.
Regardless of the definition, medical necessity is a precondition to coverage. The criteria to establish medical necessity can be different from one setting to another because each payer has the ability to establish its own criteria. However, government and private payers generally require proof that the services were reasonable and necessary to diagnose or treat a patient’s condition. To prove this, providers should document the diagnosis for all procedures performed and all diagnostic tests ordered. In the case of repeat procedures, providers should clearly note the outcome of the previous procedure and the basis for reordering.
The best way to ensure compliance and readiness when an audit comes is to develop and implement a compliance plan well in advance of any audit. Regular and periodic training and education should be conducted regarding audit response obligations and responsibilities. An audit response plan should be implemented to ensure key deadlines are met. As always, the key to compliance is to conduct periodic self-audits or independent audits in order to proactively identify issues and mitigate their impact.
Responding to Audit Requests
All audit requests should be taken very seriously. Payers often follow what other payers are doing. Therefore, a problem audit with one payer can cause other payers to initiate their own audits. For this reason, it is critical to respond appropriately to each audit request. Auditors often check only a few billing records. If errors are found, they will then extrapolate and may penalize providers.
If a provider receives an audit request, it is important to carefully review the audit request and supply everything reasonably requested. If it is not possible to gather the requested material before the auditor’s deadline, an extension should be requested. If possible, all requested information should be submitted to the auditor at one time. This is important because if any information is missing, the case can be denied. Also, additional time often is not granted to resubmit any information that was not included earlier.
As previously stated, audits are part of an extrapolation process. If an auditor finds a significant error rate in its review of a handful of charts and determines that certain medical information is missing, the auditor will then look back at all the CPT codes involved over the previous two years to calculate the overpayment made to the provider.
When responding to an audit request, providers must be thorough, clear, and concise. All necessary information should be submitted with the response. The response and supporting documentation should be submitted in a manner that allows the payer or contractor to quickly review the information and understand the provider’s arguments. It should clearly state what measures the provider has already taken to stop existing problems and prevent additional issues in the future. That being said, providers should not hesitate to address procedural, legal, or factual flaws in the auditor’s position.
Preparation and periodic compliance training are the best ways to ensure a smooth audit experience with minimal infractions. Unfavorable results can be very difficult to reverse without resorting to an administrative law judge, the Department of Insurance, litigation or lobbying efforts. Therefore, the more training and protections a provider can provide now, the less damaging and expensive an audit will be.
Reprinted with permission from the American College of Rheumatology.
Steven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via e-mail at firstname.lastname@example.org.