Provider Audit Contractors 1 An Overview of CMS Contractors AHLA Institute on Medicare and Medicaid Payment Issues Ramy Fayed A. Background on Centers for Medicare & Medicaid Services Use of Private Contractors Medicare and Medicaid are expansive services, providing payment for health care services for nearly one in three Americans. These payments amounted to annual expenditures totaling of $962 billion in 2011 for both Medicare and Medicaid, with such numbers projected to grow to a total of $1.96 trillion annually by 2022. 2 With a relatively small staff, CMS' management of such an expansive program would be extremely difficult without the aid of private contractors. Thus, CMS contracts with numerous entities, with sometimes overlapping jurisdiction and functions, to perform its critical tasks. Contractors process claims, field questions regarding coverage of specific procedures, review claims for coding accuracy and medical necessity, conduct audits, and much more. This overview, and the accompanying presentation, outline the various audit functions of some key CMS contractors, which include Medicare Administrative Contractors (MACs), Recovery Audit Contractors (RACs), Zone Program Integrity Contractors (ZPICs), and Comprehensive Error Rate Testing program contractors (CERT contractors). 3 Sometimes referred to as an "alphabet soup" of contractors, this group of private entities work to ensure that the Medicare program can both efficiently meet its obligations (e.g., payment of claims on a timely basis) and to protect the Medicare and Medicaid trust funds (e.g., determining whether claims were paid properly). This outline highlights the functions and scope of these contractors provides guidance regarding working with them and some steps to reduce the likelihood of an audit. B. Assessment of the Enforcement Environment In recent years, CMS contractors have continually ramped up enforcement efforts to protect the integrity of the Medicare program and recoup significant amounts of improper payments (in the form of both recouped overpayments and damages associated with overpayment investigations and settlements). Although this growth is not a new trend, significant issues have affected provider audits over the previous few years. 1 This outline is for informational purposes only and does not constitute legal advice. 2 See CMS' National Health Expenditure Projections 2012-2022, http://www.cms.gov/research- Statistics-Data-and-Systems/Statistics-Trends-and- Reports/NationalHealthExpendData/downloads/proj2012.pdf at Table 3. 3 General information regarding these and other CMS contractors can be found at https://www.cms.gov/outreach-and-education/medicare-learning-network- MLN/MLNProducts/downloads/ContractorEntityGuide_ICN906983.pdf.
Recently, contractors have begun to target enforcement efforts using "predictive modeling," authorized by the Section 4241 of the Small Business Jobs Act of 2010. The Act enabled CMS to employ real-time, pre-payment claims analysis to identify emerging trends of potentially fraudulent activities. CMS has compared the process to analyses already done to prevent financial and credit card fraud. Through this modeling, CMS develops "risk scores" for providers, representing the likelihood of potential fraud. 4 While CMS claims that high risk scores alone do not initiate administrative action (i.e., CMS will not deny claims based on risk scores alone), high risk scores derived from predictive modeling will undoubtedly increase the potential for audit by CMS contractors. While post-payment review continues, CMS is transitioning more and more towards prepayment review by ZPICs, MACs, and RACs to prevent payment for claims that do not meet CMS coverage criteria. Prepayment review although presumably more effective than "pay and chase" likely will have a greater affect on smaller providers who will struggle with the throttling of their cash flow. ZPICs are having an impact on the contractor landscape and with their focus on ferreting out fraud, it creates an additional layer of concern for providers and suppliers. In addition, ZPICs have investigative authority and have been found to make unannounced site visits at facilities and at patients' homes. Interviews with beneficiaries regarding home health services to determine the appropriateness of the care they are receiving and potentially challenging their "home bound" status and thus the appropriateness of home health services, overall. Many providers have also noted increased CMS focus on a number of specific services or classifications of service. For example, providers continue to note a focus on pacemaker implantation, total joint replacement, and spinal fusion. Short stay for chest pain, syncope, gastrointestinal disorders and medical back problems are also frequent targets. Finally, CMS has been pushing forward with plans to consolidate the Medicare and Medicaid program integrity functions into one, new unified contractor named the Unified Program Integrity Contractor (UPIC). CMS has issued a request for information regarding the UPIC program, published July 2013. UPICs will be designed to create a unified program integrity strategy across the Medicare and Medicaid program "integrity continuum." 5 C. Types of Contractors, Jurisdiction, Review, and Tools 1. Medicare Administrative Contractors (a) Overview Since 1996, CMS has contracted with private health insurers to process claims for Medicare beneficiaries. Previously, these entities were distinguished by the Medicare benefits they processed, (i.e., Part A inpatient hospital or Part B physician services, referred to as Fiscal 4 Official CMS guidance regarding predictive modeling is located at https://www.cms.gov/outreachand-education/medicare-learning-network-mln/mlnmattersarticles/downloads/se1133.pdf. 5 See CMS UPIC RFI, available at http://aishealth.com/sites/all/files/upic_proposal.pdf.
Intermediaries and Carriers respectively). Currently, however, these entities are known as Medicare Administrative Contractors (MACs), which serve as the operational contractors between the Medicare Fee-For-Service program and approximately 1.5 million providers enrolled to furnish health care benefits to beneficiaries. These contracts are authorized by Section 1874A of the Social Security Act (42 U.S.C. 1395kk-1). MACs act as the liaison between CMS and providers, performing enrollment, provider education, claims processing, and audits of both problematic provider-specific claims and service-specific claims. (b) Jurisdiction Each MAC's contract provides for a specific jurisdiction. Part A and Part B MACs (A/B MACs) perform the functions necessary to monitor and provide reimbursement for Medicare Parts A and B services furnished to beneficiaries. DME MACs perform functions necessary to monitor and provide reimbursement for durable medical equipment furnished to beneficiaries. The specific jurisdictions and contractors for each type of MAC are set forth below. When CMS first implemented the A/B MACs, there were to be fifteen separate MAC jurisdictions, labeled Jurisdiction 1 through Jurisdiction 15. Currently, CMS is engaged in a consolidation strategy, moving from 15 A/B MAC jurisdictions to 10 A/B MAC jurisdictions. The jurisdictions, as of February 2014, for DME and A/B MACs are set forth on CMS' website. 6 (c) Scope of Review The Medicare Program Integrity Manual, CMS 100-08 governs the review activities of contractors, including MACs. In accordance with PIM Ch. 3.1, MACs analyze claims to determine provider compliance with Medicare coverage, coding, and billing rules, and take appropriate corrective action when providers are found to be non-compliant. A MAC's review scope, however, is limited, as they may not expend federal resources "analyzing provider compliance with Medicare rules that do not affect Medicare payment. Examples of such rules include violations of the conditions of participation (COPs), or coverage or coding errors that do not change the Medicare payment amount." In general, MACs act as the hub for review actions, using data received from other contractors (e.g., errors rates produced by the CERT program, discussed below). 7 (i) Time Period MACs have the authority "to review any claim at any time" 8 to fulfill its obligations. However, CMS acknowledges that resources prohibit review of every claim and thus encourages MACs to establish a problem-focused, outcome based medical review strategy that defines what risks to the Medicare trust fund the specific review is intended to address. 9 6 http://www.cms.gov/medicare/medicare-contracting/medicare-administrative- Contractors/Downloads/MACs-by-State-Feb-2014.pdf 7 PIM Ch. 1.3.1(B). 8 PIM Ch. 3.2.1. 9
(ii) Materials (1) Setting Review Priorities The PIM provides MACs with significant discretion with respect to the types of materials and data it uses to identify areas in need of review and providers it will subject to audits. In general, MACs analyze national claims data and compare that data to their own, local claims data to identify unusual utilization patterns of utilization by providers. 10 Additionally, the PIM authorizes MACs to consider Office of Inspector General and General Accounting Office reports; OIG Fraud Alerts; beneficiary, physician and provider complaints; referrals from quality improvement organizations, CMS components, Medicaid fraud control units, the office of the U.S. Attorney, or other federal programs; materials produced via previous audits or audits performed by other official entities (e.g., State assessments and audits); referrals from medical licensing boards; provider cost reports received from intermediaries; provider statistical and reimbursement system data from intermediaries and MACs; enrollment data; overpayment data; the Common Working File; referrals from other internal/external sources; pricing, data analysis, and coding data; and any other referrals. 11 MACs may even use "newspaper and magazine articles, as well as local and national television and radio programs, highlighting areas of possible abuse," although such materials must not be the main source for leads on fraud cases. 12 (2) Requesting Additional Documentation Once a MAC has initiated pre-payment or post-payment review, the MAC may request additional documentation and are provided with discretion to request additional documentation regarding the beneficiary's condition before and after the service that was provided to him/her. 13 This authority stems from SSA Section 1833(e) (providing that payment may not be made to a provider unless the provider has furnished information necessary to determine amounts due to him or her) and SSA Section 1815(e) (providing that no payments shall be made to a provider unless he or she has furnished such information as the Secretary [of Health and Human Services] may request). 14 Finally, MACs may also request documents from third-parties, including the treating physician, even if the services are being billed by another provider/supplier. 15 (d) Approaches and Tools CMS provides MACs with broad discretion with respect to reasons for selecting targets for audits. Specifically, MACs may select targets for audits due to high volume of services; high cost; dramatic changes in frequency of use; high risk problem-prone areas; and/or Recovery 10 11 12 13 14 15 PIM Ch. 2.4(C). PIM Ch. 2.4(D). PIM Ch. 3.2.3. PIM Ch. 3.2.3.3.
Auditor, CERT, OIG or GAO data demonstrating vulnerabilities. 16 In conducting reviews, MACs may engage in provider-specific reviews or service-specific reviews. (i) Provider Specific Reviews In reviewing claims, CMS encourages MACs to use prepayment and postpayment screening tools or natural language coding software, but cautions MACs from denying a payment for a service simply because the claim fails a single screening tool criterion. 17 MACs may only initiate provider-specific pre-payment review only when there is the "likelihood of sustained or high level or payment error." 18 Thus, when a MAC's analysis indicates that such an error may potentially exist, but it cannot confirm the error without requesting and reviewing documentation associated with the claim(s), MACs are required to select a small "probe" sample of 20-40 of potential problem claims for pre-payment or post-payment review to determine whether the error exists, called "error validation." 19 MACs must use error validation in the following instances: The MAC has identified questionable billing practices (e.g., non-covered, incorrectly coded or incorrectly billed services) through data analysis; The MAC receives alerts from other MACs, Quality Improvement Organizations (QIOs), CERT, Recovery Auditors, OIG/GAO, or internal/external components that warrant review; The MAC receives complaints; or, The MAC validates high volume of services; high cost; dramatic changes in frequency of use; high risk problem-prone areas; and/or Recovery Auditor, CERT, OIG or GAO data demonstrating vulnerabilities. In all cases, MACs are required to document their reasons for selecting providers for error validation, with clear documentation of issues noted, applicable law, and published national or local coverage determinations (governing whether a service was medically reasonable and necessary). 20 With respect to provider-specific audits, MACs may institute both pre-payment review of claims and post-payment review. Pre-payment review must be instituted in accordance with PIM Ch. 3.4. Post-payment review must be instituted in accordance with PIM Ch. 3.5. Importantly, the claims review processes are not academic in nature. Rather, they are designed to determine whether there have been overpayments to providers, due to a billed service's 16 17 18 19 20 PIM Ch. 3.2.1. PIM Ch. 3.2.2.
failure to meet coverage criteria (e.g., reasonableness and necessity) or incorrect coding. 21 Furthermore, any indication of fraud will be forwarded to ZPICs, discussed below. 22 (ii) Service Specific Reviews In addition to provider-specific reviews, MACs may also initiate service-specific reviews to evaluate problematic areas affecting one type of service (e.g., providing tube feedings to home health beneficiaries across three (3) States). 23 MACs must inform providers affected by this review by either an individual letter or by posting on its website the additional documentation required to make determinations. 24 (iii) Complex vs. Non-Complex Review Claims review is broken down into two classes of review - complex and non-complex. During complex medical review, the MAC reviews medical documentation in consultation with nurse and physician reviewers in order to determine the propriety of the claim. 25 Non-complex review, on the other hand involves claims determinations where no medical documentation is submitted by the provider or reviewed by the MAC. 26 Non-complex review is further split into two categories - routine review (requiring some human intervention, but not full blown review of the medical record) and automated review (requiring no human intervention). CMS provides that non-complex review is appropriate when there exists a clear policy for denial, where there is a medically unlikely edit, or where no response is received to an additional documentation request. MACs are encouraged to institute non-complex review whenever possible. 2. Recovery Audit Contractors (a) Overview CMS provides that the Recovery Audit Program's "mission is to identify and correct Medicare improper payments through the efficient detection and collection of overpayments made on claims of health care services provided to Medicare beneficiaries, and the identification of underpayments to providers so that the CMS can implement actions that will prevent future improper payments in all 50 states." The product of a successful demonstration project that 21 PIM Ch. 3.6.2. 22 PIM Ch. 3.3.2.4(J). 23 24 25 See PIM Ch. 3.3.1. CMS provides specific guidance as to the way in which review of the medical record and other documentation should be reviewed during complex review at PIM Ch. 3.3.1.3, 3.3.2, and 3.3.2.1. 26 See PIM Ch. 3.3.1.2.
recovered $992m in overpayments between 2005 and 2008, 27 the program is authorized by SSA Section 1893. Importantly, while a RAC's jurisdiction and authority is not as broad as MACs, RACs work with MACs to provide data on improper payments in the Medicare FFS program, helping MACs to locate problem areas to audit for compliance. The Patient Protection and Affordable Care Act 6411 expanded the RAC program to identify improper payments in Medicare Part D, Medicare Advantage, and Medicaid claims. According to the February 2014 National Recovery Audit Program quarterly newsletter, the program is focusing on medical necessity for cardiovascular procedures in Regions A, B, and C, while the program is focusing on "minor surgery and other treatment billed as inpatient" in Region D. 28 (b) Jurisdiction Each Recovery Audit Contractor is provided with a specific jurisdiction, auditing claims submitted by providers in that jurisdiction. The entities serving as recovery auditors for Regions A-D are as follows: Region A: Performant Recovery Region B: CGI Federal, Inc. Region C: Connolly, Inc. Region D: Health Data Insights, Inc. (c) Scope of Review RACs are provided with a specific Statement of Work, which lays out the review activities. In general, RACs are to perform post-payment review to identify Medicare claims with underpayments or overpayments. Furthermore, after performing such review, RACs are required to support CMS in its contractors with respect to administrative appeals stemming from the RAC's work, and developing plans with MACs to help prevent future incorrect payments. 29 Recently, RACs also began an additional pre-payment review demonstration project. 30 27 See HHS-OIG's report entitled "Medicare Recovery Audit Contractors and CMS's Actions to Address Improper Payments, Referrals of Potential Fraud, and Performance" at 1. (Available at http://oig.hhs.gov/oei/reports/oei-04-11-00680.pdf.) 28 Available at http://www.cms.gov/research-statistics-data-and-systems/monitoring- Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/Downloads/Medicare-FFS- Recovery-Audit-Program-1st-qtr-2014.pdf. 29 See RAC Statement of Work at 1. (Available at http://appealacademy.com/wpcontent/uploads/2013/04/recovery-audit-scope-of-work-2013.pdf.) 30 See http://www.cms.gov/research-statistics-data-and-systems/monitoring-programs/medicare- FFS-Compliance-Programs/Recovery-Audit-Program/RecoveryAuditPrepaymentReview.html.
(i) Time Period SSA 1893(h)(4) provides that RACs may audit any claims for which payment was made during the current fiscal year and up to four fiscal years prior to the current year. However, CMS limited that look-back period to three years. 31 (ii) Materials Like MACs, RACs also possess the authority to request additional documentation to aid in their complex post-payment review of claims. The PIM does not provide any materially different requirements applicable to RAC requests for additional documentation. Thus, like MACs, RACs may request additional medical documentation to support the claim from both the billing provider and third parties. 32 (d) Approaches and Tools As stated above, RACs traditionally focused on post-payment review (with pre-payment review currently under demonstration). Like MACs, RAC reviews are separated into complex and automated review. Unlike MACs, RACs must additionally follow their statements of work in conducting review activities. Thus, RACs have specific guidance applicable them, for example in engaging with outside reviewers in conducting complex medical review. 33 Complex review is also more concretely defined for RACs. The RAC SOW provides that "[c]omplex medical review is used in situations where there is a high probability (but not certainty) that the service is not covered or where no Medicare policy, Medicare article, or Medicare-sanctioned coding guideline exists. Complex copies of medical records will be needed to provide support for the overpayment." 34 Similarly, the RAC SOW contains specific guidance with respect to automated review, providing that "if no certainty exists as to whether the service is covered or correctly coded, the Recovery Auditor shall not use automated review. When making coverage and coding determinations, if no written Medicare policy, Medicare article, or Medicare-sanctioned coding guideline exists, the Recovery Auditor shall not use automated review. 35 Finally, the RAC SOW provides that a RAC may institute "semi-automated review" by identifying billing aberrancies through an automated review of claims data and then requesting additional documentation to support the claims as it was originally billed. If the documentation submitted, if any, fails to support the claim as originally billed, the claim will be forwarded for adjustment to the MAC. 36 31 32 33 34 35 36 42 C.F.R. 455.508(f). PIM Ch. 3.2.3. PIM Ch. 3.3.1.1. RAC SOW at 20. at 21-22.
3. Zone Program Integrity Contractors (a) Overview Zone Program Integrity Contractors (ZPICS) are the successor organization to the Program Safeguard Contractors (PSCs). Unlike MACs and RACs, which have disparate functions, ZPICs have one primary mission - investigate instances of suspected fraud, waste, and abuse. 37 Thus, when a provider receives an audit notice from a ZPIC, it is not a routine matter - the provider is being investigated for fraud. ZPICs work in tandem with MACs, identifying potential instances of fraud for investigation and forwarding any results of such investigations to the MACs for collection of potential overpayments and other government organizations (including the Office of Inspector General) for further sanctions. 38 ZPICs also differ from other contractors in that they may respond directly to complaints from the population, including from patients, providers, employees of providers, law enforcement tips, etc. in determining where to target their review activities. (b) Jurisdiction Like MACs, RACs, and other contractors, ZPICs have jurisdiction only over certain "zones." ZPICs may only investigate allegations and patterns (through data analysis, discussed below) of fraud that occur within its zone. The current zones for ZPICs are set forth on CMS' website. 39 (c) Scope of Review Like MACs, ZPICs are authorized to conduct both pre-payment and post-payment reviews of providers. In addition, ZPICs, as fraud detectors, conduct investigations of alleged fraudulent activities. ZPICs craft their review activities by first analyzing claims data from other CMS contractors, including MAC and RAC data, to provide an entire picture of a beneficiary's claim history. 40 In addition to data from contractors, ZPICs review data from the CMS National Claims History, including data from Medicare Parts A and B, as well as DME, home health and hospice data from the ZPIC's jurisdiction. 41 ZPICs may also initiate an investigation based on an allegation of fraud. 42 While ZPICs are required to evaluate the allegation to determine the severity of the potential fraud, the guidance surrounding ZPICs does not place a threshold on the types of evidence necessary to begin a full blown investigation. 43 Therefore, once a ZPIC has received an allegation of fraud regarding a 37 PIM Ch. 1.7. 38 PIM Ch. 4.2.2. 39 http://www.cms.gov/outreach-and-education/medicare-learning-network- MLN/MLNMattersArticles/downloads/SE1204.pdf 40 PIM Ch. 2.3. 41 42 PIM Ch. 4.7. 43 While ZPICs do coordinate with MACs to determine whether the complaint could be dismissed as an error or misunderstanding, the guidance does not prevent a ZPIC from continuing to investigate the potential fraud. PIM Ch. 4.7.1.
provider, that provider can be subject to any and all investigative techniques at ZPICs' disposal until the ZPIC is satisfied that no fraud has occurred. (i) Time Period The guidance surrounding ZPICs does not provide for a look-back period for ZPIC activities. Rather, the PIM provides, simply, that when ZPICs "receive an allegation of fraud or identify a potentially fraudulent situation, they shall investigate to determine the facts and the magnitude of the alleged fraud." 44 Furthermore, while the rules surrounding reopening of claims (which ZPICs are required to follow 45 ) at 42 C.F.R. 405.980(b) and 405.902 provide for a four-year claims reopening period for good cause but also provides a contractor with the authority to reopen a claim at "any time" if there is reliable evidence that the initial determination was procured by fraud or similar fault. 46 Thus, ZPICs appear to have some latitude in pursuing reopening and recoupment of amounts associated with a claim where there is evidence of fraud. That said, other jurisprudence regarding potential limits on such exposure e.g., limits under the Federal Civil False Claims Act (31 U.S.C. 3729-3733) or under other applicable common law) may limit such efforts. (ii) Materials In addition to having access to national claims data and contractor data to determine areas of probable fraud and abuse, ZPICs may request additional medical records during their investigations. Specifically, ZPICs are provided with the authority to request medical documentation and other evidence that would validate or cast doubt on the validity of the claims submitted. 47 Similarly, during pre-payment and post-payment review, ZPICs may request additional medical documentation maintained by the physician or the provider or supplier/lab/ambulance notes maintained by other entities. (d) Approaches and Tools When conducting both prepayment and post-payment review, ZPICs, like MACs, may engage in both complex and non-complex review. The rules for ZPIC complex and non-complex medical review are not materially different than those for MACs, discussed above. In addition to their authority to conduct pre-payment and post-payment review, ZPICs have a variety of unique and powerful tools to help them accomplish their goals of fraud detection and validation. For example, in addition to review of claims submitted, ZPICs may conduct telephone interviews of beneficiaries; review fraud and abuse history; perform data analysis of the provider's claims data; conduct and review telephone calls and written questionnaires of physicians; perform random validation of physician licensure; review certificates of medical necessity (CNMs); perform analysis of procedures and items based on frequency and cost; perform analysis of local patterns/trends of practice/billing against national and regional trends, 44 45 46 47 PIM Ch. 4.7. PIM Ch. 3.5.1. 42 C.F.R. 405.980(b)(3). PIM Ch. 4.7.1.
beginning with the top 30 national procedures for focused medical review and other kinds of analysis that help to identify cases of fraudulent billings; and initiate "other analysis enhancements to authenticate proper payments." 48 Once the ZPIC has analyzed the data, it may confer with the OIG and determine whether it is reasonable to expend additional resources. If there appears to be a pattern of fraudulent behavior, the ZPIC in coordination with other enforcement agencies will determine whether or not an investigation should be developed for possible referral to the OIG or DOJ. Once the case has been referred, all contact between the ZPIC and the provider is required to cease. 49 Cases are considered closed once the case is referred to a MAC or another ZPIC (due to incorrect referral of the case in the first instance) of if it is closed with administrative action. 50 4. Comprehensive Error Rate Testing contractors (a) Overview The Comprehensive Error Rate Testing (CERT) Program is designed to produce a national FFS improper payment rate applicable to such claims. CERT contractors randomly sample and review Medicare FFS claims to determine whether they were paid properly under Medicare coverage, coding, and billing rules. The results of the CERT Program are published annually in the Health and Human Services (HSS) Agency Financial report and the CMS Financial Report. 51 (b) Jurisdiction Unlike other contractors, the CERT program contractors do not have a specific jurisdiction over which to exercise their authority. Rather, the CERT contractors randomly select claims from the "claims universe file" that is forwarded to the CMS Data Center on a daily basis. Once claims are selected, and after claim payment is processed, the CERT requests information from the appropriate MAC regarding the providers involved with the claim. 52 The CERT contractor is not required to provide notice to providers that their claims have been selected for review, until the CERT requires additional documentation. 53 (c) Scope of Review As provided above, the CERT contractor collects information regarding a random subset of submitted claims after a payment decision has been processed for Medicare Parts A and B and for durable medical equipment, prosthetics, orthotics, and supplies. 48 49 50 51 52 53 PIM Ch. 4.7.1. PIM Ch. 4.7.2. PIM Ch. 12.3. PIM Ch. 12.3.2. PIM Ch. 3.2.2.
(i) Time Period The CERT contractor reviews files contemporaneously with such files' consideration by the MAC. 54 CMS does not provide the CERT contractor with the authority to conduct pre-payment review of claims nor for it to select claims for review that are not within the MAC's current claims processing period. Rather, the CERT evaluates claims after processing to determine whether such claims met the Medicare criteria for payment and whether the MAC appropriately processed such claims. 55 As such, the CERT contractor conducts only "post-payment" review of claims. 56 (ii) Materials Like other contractors, the CERT contractor is provided the authority to request additional documentation in order to conduct medical review of the beneficiary's condition before and after a service. 57 Additionally, the CERT contractor may request information from third parties. Unlike other contractors, the CERT contractor is required to request medical record documentation from the referring provider when documentation adequate to support medical necessity is not produced by the billing provider. 58 (d) Approaches and Tools The CERT contractor is authorized to conduct both complex and non-complex post-payment review. For complex post-payment review, the parameters surrounding review are similar to those of MACs, discussed above. With respect to non-complex review, the process is similar to that used by MACs, but differs in a few material respects. First, the CERT contractor reviews "T-claims," which are claims where no documentation was requested by the MAC and that were automatically denied by the MAC. 59 Once the CERT contractor has reviewed the claims, the CERT contractor notifies MACs regarding claims where the CERT contractor disagreed with the MAC's adjudication. The MAC is then required to adjust the claims in accordance with the CERT contractor's findings and may dispute only one CERT finding per quarter. 60 D. Practical Advice and Steps to Reduce an Audit 1. Reducing Likelihood of and Preparing for an Audit As provided above, contractor audits may generally be triggered by two different sets of circumstances: (1) a provider being an outlier according to certain national metrics (costs, 54 PIM Ch. 12.3. 55 PIM Ch. 12.3.2. 56 The CERT contractor also reviews claims that were not paid to determine whether the MAC correctly denied payment for the claim. 57 PIM CH. 3.2.3. 58 PIM Ch. 3.2.3.3. 59 PIM Ch. 3.3.1.2. 60 PIM Ch. 12.3.3.3.
frequency of using specific services, historical coding problems, etc.) and/or (2) problems with the medical records and documentation used to support claims submitted. While contractors will differ on how these two areas come into play with respect to initiating an audit (e.g., MACs and RACs target providers based on that provider having claims in a "problem area," CERT contractors will randomly sample, and ZPICs will escalate investigations when medical documentation is found to be inadequate), the same basic principles will govern reducing likelihoods of audits and preparing for a provider audit no matter which contractor eventually initiates. First, implementing and monitoring a compliance program focusing on accurate coding of claims is critical to ensuring the appropriateness of claims on the front end submission. Such processes also help improve documentation and compliance with existing coding, standards, NCDs and LCDs and other Medicare program guidance. Frequent internal audits of claims to determine areas of high or unusual utilization will allow a provider to identify problem areas or at least prepare themselves to respond more quickly with documentation in the event of an external audit (e.g., a provider's costs may be high, but their patient mix may also be sicker). Note, however, that contractors are not always restricted to specific types of claims, even when conducting an audit due to a provider's outlier status in one or more categories. Strong compliance and internal audits help better prepare a provider for an external audit and may help improve outcomes in such audits. In addition, regular review of the OIG Work Plan helps identify potential areas for review. As discussed above, many contractors have the right (and obligation) to request additional documentation regarding services that were provided to beneficiaries. Ensuring that these services are documented in accordance with Medicare guidelines (e.g., medical necessity, signature requirements, etc.) will allow for timely responses to contractor inquiries. While timeliness is not a factor in determining the outcome in an audit (with the exception of not meeting contractor deadlines which can result in denial), it can be evidence of a well run organization and may improve the interaction with the contractor. 2. Receiving an Audit Request When receiving an audit request, accuracy and time are in tension. On one hand, it is paramount that all requests be handled within the time period allotted by the contractor. On the other hand, complete and accurate medical records increase the probability that the contractor will find the audited claim is supported by the medical documentation. Thus, beginning documentation assembly immediately and methodically reviewing the documents requested is critically important. Failure to provide records may result in denial of the claims. Once the documentation has been gathered, the provider should review the documentation in light of the Medicare requirements for coverage of the specific service that has been billed, to ensure no records are missing. In addition, consider clinical or legal assistance in reviewing the claims in advance of the submission. Also, to the extent there appears to be an obvious billing
error, the provider may achieve improved results by contacting the contractor and directly addressing the problem, with a solution ready. In addition to retaining copies of the submitted documents, it also helps to utilize a page number system (e.g., Bates numbering) in the submissions. Often times, pages are lost or misplaced by the Contractor and, especially when not numbered, can result in technical denials. In contrast, page numbered submissions clue the contractor in to the possibility that a page may be misplaced on their end when there is a gap in the numbering sequence. Often, they can find the missing pages or can efficiently communicate with the provider regarding the precise page that is missing and help minimize technical denials. To the extent not all documentation is available by the submission deadline, that should be communicated to the contractor and the provider should continue its efforts to locate such documentation. If you cannot submit the documentation before the deadline, some contractors allow for extensions, which should be timely requested. Also, depending on the size of the request and the burden associated with it, some contractors are open to discussions to limit the universe of claims, especially if the records requested are too voluminous to provide within the requested time period. 81929489\V-2