The Centers for Medicare & Medicaid Services (“CMS”) has modified the additional documentation request (“ADR”) limits for the Medicare Fee-for-Service Recovery Audit Contractor (“RAC”) program for suppliers. Yet, one of our listeners informed me that CMS has found a “work around” from the RAC ADR limits. She said, “There is the nationwide Supplemental Medical Review Contractor (“SMRC”) audits and now nationwide Quality Improvement Organizations (“QIO”) contract audits. These contracts came about after the Congressional limits on number of audits by the RAC.” Dr. Hirsh retorted, “But SMRC and QIO are not paid contingency fee. So, they are “different” audits. RACs are evil; SMRC and QIO have a few redeeming qualities.” I completely agree with Dr. Hirsh. But her point is well taken – SMRCs and QIOs follow different rules than RACs, so of course the SMRCs and QIOs have distinct ADR limits.
This is similar to the lookback periods. The lookback period varies depending on the acronym: RAC, MAC, or UPIC. RACs’ lookback period is 3 years, yet other acronyms get longer periods. I think what Dr. Hirsh is saying is right, because RACs are paid by contingency instead of a contracted rate, we have to limit the RACs authority because they are already incentivized the find problems., plus they are allowed to extrapolate. The RACs already have too much leash.
So, what are the RAC ADR limits?
Well, interestingly they just changed in April 2022. These limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular Healthcare Common Procedure Coding System (HCPCS) policy group. The policy groups are available on the pricing, coding analysis, and coding (PDAC), website. Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
I wanted to go into the SMRCs and QIOs’ ADR limits to see whether they are are following THEIR rules, but I’m out of time for today. I’ll research the SMRCs and QIOs ADR limits for next week and I will have an answer for you.
Apparently, CMS also must undergo audits and it did, but I am not sure I believe the results. But that would be par for the course; I generally don’t find any audit results to be accurate. OIG audited CMS. OIG tried to verify that CMS actually collected all the funds from alleged Medicare overpayments. According to the audit, OIG was able to verify that verify that CMS had collected $120 million of the $498 million in overpayments. CMS told auditors that it has collected $272 million but auditors said the agency failed to properly document the recovery of $152 million.
Without question, when there is a Medicare alleged overpayment and the provider appeals, you have 5 levels of appeal. The first two levels, redetermination and reconsideration, are basically rubber stamp approval of the original decision. But after the 2nd level, rubber stamp and before you go to the third level, recoupment begins of the alleged amount owed, even though you haven’t completed litigation AND you may receive a decision at the third level that the money is not owed. Nonetheless, the recoupment begins.
In my experience, I have never had an instance that CMS forgot to prematurely recoup. I’m sure if there were instances of CMS forgetting to prematurely recoup the provider were ecstatic. Elated. But they were also probably nervous as heck, because we all know that, eventually, the government gets its money.
In fact, one of the recommendations from CMS’ audit, was that OIG suggested that CMS revise 42 CFR §405.980, which is the federal regulation that allows for reopening initial determinations, redeterminations, reconsiderations, decisions, and reviews. The regulation already allows QICs, ALJs, the contractor – anyone who makes decisions about Medicare audits – the ability to reopen a decision already made. There are time frames for doing so.
For example, “A party may request that a contractor reopen its initial determination or redetermination within 1 year from the date of the initial determination or redetermination for any reason.” 42 CFR 405.980(c)(1). Although I’ve never understood this section. Why would a party request its audit to be reopened instead of just appealing to the next level? I doubt reopening an initial determination would yield better results. But really the purpose of §405.980 is that the government can choose to reopen a decision and, later on, after you think you won your case and owe nothing, this regulation allows them to change their mind.
This just goes to show you, the laws are written in favor of the government. It truly is a David and Goliath battle.
I have presented on RACMonitor, I think, for 3 years. I’d have to ask Chuck Buck to be exact. Over the last three years, I have tried my best to get the message out – RAC Auditors do not know what they are doing. Always appeal the decisions. – I feel like on my blog and on RACMonitor I have screamed this message until I was blue in the face.
Apparently, a couple Senators have taken notice. Or their constituents complained enough. Senators Tim Scott and Rick Scott drafted a letter to the Comptroller of America. A comptroller is a “controller” of financial affairs for the Country. The comptroller is the police of our tax dollars.
A few months ago, Senators Tim and Rick Scott wrote the U.S. Comptroller and complained about RAC auditors.
It was a letter that was short and sweet. It asked three questions.
- How have states used the Medicaid RAC program to address strategic program integrity needs, including audits of managed care, and what are the lessons learned?
- What steps do the states and the Centers for Medicare & Medicaid Services (CMS) take to coordinate state Medicaid RAC program audits and other program integrity efforts? This includes existing Medicaid integrity programs such as the Unified Program Integrity Contractors, Payment Error Rate Measurement program, state auditors and Medicaid Fraud Control Units.
- How do states and CMS oversee the Medicaid RAC program and what mechanisms are in place to appropriately refer suspected cases of fraud?
As for the first question, RACs do address strategic PI needs – the very reason for their existence is to detect supposed fraud, waste, and abuse (“FWA”) by Medicaid providers. I’d like to hear the Comptroller’s answer.
As for the second question, they asked whether the States and CMS coordinate State Medicaid RAC audits. I don’t really care if the States and CMS coordinate State Medicaid RAC audits. So, I don’t care whether I hear the Comptroller’s answer to this.
The third question – “how do States and CMS oversee the Medicaid RAC program and what mechanisms are in place to detect FWA by Medicaid providers?” – I want to know that answer! I can tell the Comptroller the answer. The RAC Auditors are not supervised or overseen. If they were, they would audit differently; not try to find errors in every single audit conducted.
Maybe it’s time to get our Senators involved. While we’re at it, let’s talk about the Medicare provider appeal process, which is broken.
In litigation, there are two opposing sides, like football. It wouldn’t be much of a game if one side didn’t show up. In Medicare provider appeals, only one side shows up and I am asking – how is that fair? Let me explain:
You, as a provider receive a notice of Medicare overpayment in the mail. NGS or Palmetto or whoever claims you owe $4 million dollars. Of course the amount is extrapolated.
You decide to appeal. The first level is a redetermination at the Medicare Administrative Contractor. It is a desk review; you do not have the opportunity to question the other side. It’s just a 2nd look at the audit. The second level is the same as the first but performed by a QIC, and it’s called a reconsideration. The third level you finally get before an administrative law judge. Here, you envision the auditor presenting its evidence in support of why you owe $4 million dollars, and you presenting evidence and support that you don’t owe the money.
You would be wrong.
The auditors may participate in an ALJ Hearing. However, in my experience, the auditors never show up. They don’t provide evidence that their extrapolation was accurate or that their clinical findings are precise. No one substantiates the allegation that you owe $4 million. Instead, you get a soliloquy of why you don’t owe the money. The Judge may ask you questions, but you won’t be cross examined nor will you have the opportunity to cross examine the auditor.
The Medicare provider appeal process flies in the face of America’s judicial system. Our rules allow the accused to confront the accuser. At no time during your Medicare appeal do you get to challenge the auditor nor does the auditor have to back up his or her work. The audits are accepted as true without any verification.
This process needs to be amended. Medicare auditors should have to prove that their audits are accurate. They should have to prove that the documents didn’t support the claim billed and why. They should not be allowed to hide behind generic, cut-and-pasted denials without having to explain their reasoning, if there were any.
This nonsensical, three-ring-circle is why providers refuse to accept Medicare.
In 2020, one percent of non-pediatric physicians formally opted out of Medicare. Most of those opting out were psychiatrists – 42%.
This just goes to show you, qualifying for Medicare doesn’t guarantee that providers will accept you. It’s only going to get worse unless we change the appeal process for providers.
Today I’m going to answer a few inquiries about recovery audit contractor (“RAC”) audits from providers. A question that I get often is: “Do I have to submit the same medical records to my Medicare Administrative Contractor (“MAC”) that I submit to a RAC for an audit?” The answer is “No.” Providers are not required to submit medical records to the MAC if submitted to a RAC, but doing so is encouraged by most MACs. There is no requirement that you submit to the MAC what you submit to RACs. This makes sense because the MACs and the RACs have disparate job duties. One of the MACs, Palmetto, instructs providers to send records sent to a RAC directly to the Palmetto GBA Appeals Department. Why send the records for a RAC audit to a MAC appeals department? Are they forecasting your intentions? The instruction is nonsensical unless ulterior motives exist.
RAC audits are separate from mundane MAC issues. They are distinct. Quite frankly, your MAC shouldn’t even be aware of your audit. (Why is it their business?) Yet, many times I see the MACs cc-ed on correspondence. Often, I feel like it’s a conspiracy – and you’re not invited. You get audited, and everyone is notified. It’s as if you are guilty before any trial.
I also get this question for appeals – “Do I need to send the medical records again? I already sent them for the initial review. Why do I need to send the same documents for appeal?” I get it – making copies of medical records is time-consuming. It also costs money. Paper and ink don’t grow on trees. The answer is “Yes.” This may come as a shock, but sometimes documents are misplaced or lost. Auditors are humans, and mistakes occur. Just like, providers are humans, and 100% Medicare regulatory compliance is not required…people make mistakes; those mistakes shouldn’t cause financial ruin.
“Do the results of a RAC audit get sent to your MAC?” The answer is “Yes.” Penalties penalize you in the future. You have to disclose penalties, and the auditors can and will use the information against you. The more penalties you have paid in the past clear demonstrate that you suffer from abhorrent billing practices.
In fact, Medicare post-payment audits are estimated to have risen over 900 percent over the last five years. Medicare provider audits take money from providers and give to the auditors. If you are an auditor, you uncover bad results or you aren’t good at your job.
Politicians see audits as a financial win and a plus for their platform. Reducing fraud, waste, and abuse is a fantastic platform. Everyone gets on board, and votes increase.
Appealing your RAC audits is essential, but you have to understand that you won’t get a fair deal. The Medicare provider appeals process is an uphill battle for providers. And your MACs will be informed.
The first two levels, redeterminations and reconsiderations are, basically, rubber-stamps on the first determination.
The third level is the before an administrative law judge (ALJ), and is the first appeal level that is before an independent tribunal.
Moving to the False Claims Act, which is the ugly step-sister to regulatory non-compliance and overpayments. The government and qui tam relators filed 801 new cases in 2022. That number is down from the unprecedented heights reached in 2020 (when there were a record 922 new FCA cases), but is consistent with the pace otherwise set over the past decade, reflecting the upward trend in FCA activity by qui tam relators and the government since the 2009 amendments to the statute.
See the chart below for reference:
Attorney Ryan Hargrave joined the Practus Health Care Litigation team on June 1, 2022. Ryan comes from a career of litigation in the State of North Carolina. He began his career in 2016 as a Prosecutor for the State of North Carolina, Guilford County. There he gained valuable experience from which he used as he moved to defending clients. He served as the Lead Trial Attorney at Triad Legal Group before joining Graystar Legal as the Senior Associate Attorney.
Ryan obtained his undergraduate degree at Presbyterian College in Clinton, SC., where he received a B.A. in Political Science and a minor in Biology. Ryan has always had a keen interest in health care which has followed him throughout his career. He is locally known as the “Drug Lawyer” for his focus in the defense of drug-related crimes. He has a reputable proficiency in Cannabis Law, Criminal Law, and Civil Law across State and Federal Courts. Ryan has extensive trial experience that he brings to the Health Care Litigation team at Practus.
Ryan lives in North Carolina with his family, spending his time working out, making financial investments, and beginning his non-profit business, “Colored Money”. His non-profit will focus on teaching young boys and girls the value of money as a vehicle to achieve wealth, making smart investments, and how to achieve financial freedom. He is a big Georgia football fan and even has an English Bulldog that could serve as the team’s mascot.
Note from me:
I expect Ryan to dovetail and expand my Medicare and Medicaid regulatory compliance practice because his litigation experience will directly help me in litigation natters, but, also, his criminal litigation experience will also allow us to represent more White Collar Crime clients, including Medicare and Medicaid fraud accusations, False Claims Act, Stark, and Anti-Kickback alleged violations.
We are happy that he is here!
Lack of medical necessity is one of the leading reasons for denials during RAC, MAC, TPE, and UPIC audits. However, case law dictates that the treating physician should be allowed deference with the decision that medical necessity exists because the Medicare and/or Medicaid auditor never had the privilege to see the recipient.
However, recent ALJ decisions have gone against case law. How is that possible? CMS creates “Rules” – I say that in air quotes – these Rules are not promulgated, but are binding on anyone under CMS’ umbrella. Guess what? That includes the ALJs for Medicare appeals. As an example, the “treating physician” Rule is law based on case law. Juxtapose, CMS’ Ruling 93-l. It states that no presumptive weight should be assigned to a treating physician’s medical opinion in determining the medical necessity of inpatient hospital and skilled nursing facility services. The Ruling adds parenthetically that the Ruling does not “by omission or implication” endorse the application of the treating physician rule to services not addressed in the Ruling. So, we get a decision from an ALJ that dismisses the treating physician rule.
The ALJ decision actually said: Accordingly, I find that the treating physician rule, standing alone, provides no basis for coverage.
This ALJ went against the law but followed CMS Rulings.
CMS Rulings, however, are not binding. CMS Rulings aren’t even law. Yet the CMS Rulings, according to CMS, are binding onto the entities that are under the CMS umbrella. This means that the Medicare appeals process, which include the redeterminations, the reconsiderations, the ALJ decisions, and the Medicare Appeals Councils’ decisions are all dictated by these non-law, CMS Rulings, which fly in the face of actual law. ALJs uphold extrapolations based on CMS Rulings because they have to. But once you get to a federal district court judge, who are not bound by CMS, non-law, rulings, you get a real Judge’s decision, and most extrapolations are thrown out if the error rate is under 50%.
Basically, if you are a Medicare provider, you have to jump through the hoops of 4 levels of appeals that is not dictated by law, but by an administration that is rewarded for taking money from providers on the pretense of FWA. Most providers do not have the financial means to make it to the 5th level of appeal. So, CMS wins by default.
Folks, create a legal fund for your provider entity. You have got to appeal and be able to afford it. That is the only way that we can change the disproportionately unfair Medicare appeal process that providers must endure now.
Today, I am going to write about America’s managed care problem. We always talk about providers getting audited. It is about time that the payors get audited. In particular, for Medicaid, States contract with managed care organizations, which are prepaid, and, for Medicare, Medicare Advantage companies, which are prepaid.
Managed care in Medicare is MA organizations. Managed care in Medicaid is MCOs. These MCOs and MAs need to be held accountable for the misuse of funds.
Today, capitated, managed care is the dominant way in which states deliver services to Medicaid enrollees. And MA is becoming the dominant way to receive Medicare.
Under these prepaid programs, these private companies are paid a flat fee per month depending on the number of consumers to provide whatever care is required for patients based on age, gender, geography and health risk factors. The more diagnoses a person has, the more the company is prepaid. To compensate plans and providers for potential costs of care for individual patients with long-term conditions such as diabetes, heart disease or cancer, Medicare boosts the monthly payment to Medicare Advantage plans under a “risk adjustment” for each additional condition. The system differs from the traditional “fee for service” payment, in which Medicare pays hospitals and doctors directly each time they provide a service.
If companies add more risk adjustment codes to a Medicare Advantage beneficiary’s medical record to receive higher payment — but don’t spend money on the additional care — they make more money. Same as MCOs denying care or terminating providers, the tax dollars line the executive pockets instead of reimbursing providers for providing medically necessary care.
Maybe the answer is remaining with the fee-for service model. Prepaying entities creates a financial incentive to bolster beneficiaries’ health problems then cross your fingers that the health problems never come to fruition either because the beneficiary remains healthy or the health problem was fabricated.
MCOs and MA companies must be supervised by the single agency. These companies cannot have the ability to refuse medically necessary services or terminate provider at will for whatever reason with no repercussions. It’s not fair to the recipients or providers. Maybe it’s time to switch our telescopic lens from auditing providers to auditing MCOs and MAs. Let’s get these RAC, ZPIC, and TPE auditors focused on the stewards of our tax dollars, the prepaid entities.
42 CFR §431.10 dictates a single state agency for Medicaid, which is the Department in each State. CMS is the single agency in Medicare. CMS and State Departments are ultimately responsible for the private MCOs and MAs, but really are allowing these companies autonomy to the deficit of our tax dollars.
If you recall, earlier this year, The American Hospital Association urged the Justice Department to use its authority under the False Claims Act to create a fraud task force to investigate commercial insurers that routinely deny patients access to services. This was due to the April 2022 OIG report that “Some Medicare Advantage Organization Denials of Prior Authorization Requests Raise Concerns about Beneficiary Access to Medically Necessary Care.”
Instead of audits of providers or concurrently in audits of providers, we need to audit the payors. Both MCOs and MAs. What’s good for the goose is good for the gander.
The American Hospital Association (“AHA”) is asking the Department of Justice (DOJ) to look into health insurance companies that routinely deny patients access to care and payments to providers. I’d like a task force as well. This is exactly the problem I have witnessed with managed care organizations or MCOs. In traditional Medicare and Medicaid, MCOs are prepaid and make profit by denying consumers medical care, terminating provider contracts, and not paying providers for care rendered. Congress created the same scenario with Medicare Advantage. Individuals can elect coverage through private insurance plans. While MA has been wildly successful and popular, the AHA is complaining that too many people are getting denied services.
An OIG report that was published in April cites MAOs as denying services for beneficiaries. We are always talking about providers getting audited, it is about time that the companies that are gateways for providers getting reimbursed and beneficiaries getting medically necessary services are likewise audited for denying services. It seems ironic that providers are audited for potentially billing for too many services and these gateway, third party reimbursement companies are audited for providing too few services – or denying too many prior authorizations. But if the MCO or MAO deny medical services, then the money that would have been paid to the provider stays in their pocket.
The OIG report found that many MAOs delay or deny services despite those services meeting Medicare prior authorization criteria, approximately 13-18%. Almost a 20% wrongful denial rate. When these MAOs get tax payer money for a Medicare beneficiary and deny services those tax dollars stay in the MAO’s pockets.
Supposedly MAOs approve the vast majority of requests for services and payment, they issue millions of denials each year, and OIG’s audit of MAOs has highlighted widespread and persistent problems related to inappropriate denials of services and payment. As enrollment in Medicare Advantage continues to grow, MAOs play an increasingly critical role in ensuring that Medicare beneficiaries have access to medically necessary covered services and that providers are reimbursed appropriately.
According to the OIG report, MAOs denied prior authorization and payment requests that met Medicare coverage rules by: (1) using MAO clinical criteria that are not contained in Medicare coverage rules; (2) requesting unnecessary documentation; and (3) making manual review errors and system errors.
Personally, I am fed up with these private, insurance companies denying services and keeping our tax dollars. It is about time the insurance companies are audited.
If you could light a torch to a Molotov Cocktail and a bunch of newspapers, you could not make a bigger explosion in my head than a recent Decision from a Medicare administrative law judge (“ALJ”). The extrapolation was upheld, despite an expert statistician citing its shortcomings, based on a CMS Ruling, which is neither law nor precedent. The Decision reminded me of the new Firestarter movie because everything is up in flames. Drew Barrymore would be proud.
I find it very lazy of the government to rely on sampling and extrapolations, especially in light that no witness testifies to its accuracy.
Because this ALJ relied so heavily on CMS Rulings, I wanted to do a little detective work as to whether CMS Rulings are binding or even law. First, I logged onto Westlaw to search for “CMS Ruling” in any case in any jurisdiction in America. Nothing. Not one case ever mentioned “CMS Ruling.” Ever. (Nor did my law school).
What Is a CMS Ruling?
A CMS Ruling is defined as, “decisions of the Administrator that serve as precedent final opinions and orders and statements of policy and interpretation. They provide clarification and interpretation of complex or ambiguous provisions of the law or regulations relating to Medicare, Medicaid, Utilization and Quality Control Peer Review, private health insurance, and related matters.”
But Are CMS Rulings Law?
No. CMS Rulings are not law. CMS Rulings are not binding on district court judges because district court judges are not part of HHS or CMS. However, the Medicare ALJs are considered part of HHS and CMS; thus the CMS Rulings are binding on Medicare ALJs.
This creates a dichotomy between the “real law” and agency rules. When you read CMS Ruling 86-1, it reads as if there two parties with oppositive views, both presented their arguments, and the Administrator makes a ruling. But the Administrator is not a Judge, but the Ruling reads like a court case. CMS Rulings are not binding on:
- The Supreme Court
- Appellate Courts
- The real world outside of CMS
- District Courts
- The Department of Transportation
- Civil Jurisprudence
- The Department of Education
- Etc. – You get the point.
So why are Medicare providers held subject to penalties based on CMS Rulings, when after the providers appeal their case to district court, that “rule” that was subjected against them (saying they owe $7 million) is rendered moot? Can we say – not fair, equitable, Constitutional, and flies in the face of due process?
The future does not look bright for providers going forward in defending overzealous, erroneous, and misplaced audits. These audits aren’t even backed up by witnesses – seriously, at the ALJ Medicare appeals, there is no statistician testifying to verify the results. Yet some of the ALJs are still upholding these audits.
In the “court case,” which resulted in CMS Ruling 86-1, the provider argued that:
- There is no legal authority in the Medicare statute or regulations for HCFA or its intermediaries to determine overpayments by projecting the findings of a sample of specific claims onto a universe of unspecified beneficiaries and claims.
- Section 1879 of the Social Security Act, 42 U.S.C. 1395pp, contemplates that medical necessity and custodial care coverage determinations will be made only by means of a case-by-case review.
- When sampling is used, providers are not able to bill individual beneficiaries not in the sample group for the services determined to be noncovered.
- Use of a sampling procedure violates the rights of providers to appeal adverse determinations.
- The use of sampling and extrapolation to determine overpayments deprives the provider of due process.
The CMS Ruling 86-1 was decided by Mr. Henry R. Desmarais, Acting Administrator, Health Care Financing Administration in 1986.
Think it should be upheld?