Category Archives: Medicaid Audits
CMS Published 2023 Medicare/caid Health Care Providers’ Audit Process
THE CENTER FOR MEDICARE AND MEDICAID SERVICES (“CMS”) 2023 Program Audit Process Overview came out recently. The report is published by the Division of Audit Operations. CMS will send engagement letters to initiate routine audits beginning February 2023 through July 2023. Engagement letters for ad hoc audits may be sent at any time throughout the year. The program areas for the 2023 audits include:
- CDAG: Part D Coverage Determinations, Appeals, and Grievances
- CPE: Compliance Program Effectiveness
- FA: Part D Formulary and Benefit Administration
- MMP-SARAG: Medicare-Medicaid Plan Service Authorization Requests, Appeals, and Grievances
- MMPCC: Medicare-Medicaid Plan Care Coordination
- ODAG: Part C Organization Determinations, Appeals, and Grievances
- SNPCC: Special Needs Plans Care Coordination
The Program Audit Process document is only 13 pages. Yet, it is supposed to set forth the rules that the auditors must abide by in 2023. My question is – what if they don’t. What if the auditors fail to follow proper procedure.
For example, similarly to last year, an audit consists of 4 phases.
- Audit engagement and universe submission
- Audit field work
- Audit reporting
- Audit validation and close out
I would like to add another phase. Phase 5 is appeal.
According to the Report, and this is a quote: “the Audit Engagement and Universe Submission (which is the 1st stage) is a six-week period prior to the field work portion of the audit. During this phase, a Sponsoring organization is notified that it has been selected for a program audit and is required to submit the requested data, which is outlined in the respective Program Audit Protocol and Data Request document.” My question is: The sponsoring organization? CMS is referring to the provider who getting audited as a sponsoring organization. And why does CMS call the provider who is getting audited sponsoring? Is it because after the audit the sponsoring organization will be paying in recoupments?
It is interesting that the first phase “Audit Engagement and Universe Submission,” lasts 6 weeks. At this point, I want to know, does the provider know that the facility has been targeted for an audit? As an attorney, I get to see the process in the aftermath. Folks call me in distress because they got the results of an audit and disagree. I have never had the opportunity to be involved from the get go. So, if any of y’all receive a notice of an audit, please call me. I won’t charge you. I just would love the experience of walking through an audit from the get go. I think it would make me better at my job.
In other news, as you know, CMS may issue civil money penalties to providers for alleged noncompliance. Other penalties exist as well, which may or may not be worse that civil penalties. On January 23, 2023, CMS published a correction that Total Longterm Care, Inc. d/b/a InnovAge Colorado PACE (InnovAge CO) corrected its violations. In 2021, CMS had suspended its ability to re-enroll. Another facility was imposed with pre-payment review, which means that the facility must submit claims to an auditor prior to receiving reimbursements. Pre-payment review is probably the worse penalty in existence. A client of mine was told yesterday that pre-payment review is imminent. The only recourse for pre-payment review is a federal or State injunction Staying the suspension of reimbursements. You cannot appeal being placed on pre-payment review. But you do have a chance to Stay the suspension. The suspension makes no sense to me. It’s as if the government is saying that you are guilty before an ability to prove innocence.
Medicare Auditors Fail to Follow the Jimmo Settlement
Auditors are not lawyers. Some auditors do not even possess the clinical background of the services they are auditing. In this blog, I am concentrating on the lack of legal licenses. Because the standards to which auditors need to hold providers to are not only found in the Medicare Provider Manuals, regulations, NCDs and LCDs. Oh, no… To add even more spice to the spice cabinet, common law court cases also create and amend Medicare and Medicaid policies.
For example, the Jimmo v. Selebius settlement agreement dictates the standards for skilled nursing and skilled therapy in skilled nursing facilities, home health, and outpatient therapy settings and importantly holds that coverage does not turn on the presence or absence of a beneficiary’s potential for improvement.
The Jimmo settlement dictates that:
“Specifically, in accordance with the settlement agreement, the manual revisions clarify that coverage of skilled nursing and skilled therapy services in the skilled nursing facility (SNF), home health (HH), and outpatient therapy (OPT) settings “…does not turn on the presence or absence of a beneficiary’s potential for improvement, but rather on the beneficiary’s need for skilled care.” Skilled care may be necessary to improve a patient’s current condition, to maintain the patient’s current condition, or to prevent or slow further deterioration of the patient’s condition.”
This Jimmo standard – not requiring a potential for improvement – is essential for diseases that are lifelong and debilitating, like Multiple Sclerosis (“MS”). For beneficiaries suffering from MS, skilled therapy is essential to prevent regression.
I have reviewed numerous audits by UPICs, in particular, which have failed to follow the Jimmo settlement standard and denied 100% of my provider-client’s claims. 100%. All for failure to demonstrate potential for improvement for MS patients. It’s ludicrous until you stop and remember that auditors are not lawyers. This Jimmo standard is found in a settlement agreement from January 2013. While we will win on appeal, it costs providers money valuable money when auditors apply the wrong standards.
The amounts in controversy are generally high due to extrapolations, which is when the UPIC samples a low number of claims, determines an error rate and extrapolates that error rate across the universe. When the error rate is falsely 100%, the extrapolation tends to be high.
While an expectation of improvement could be a reasonable criterion to consider when evaluating, for example, a claim in which the goal of treatment is restoring a prior capability, Medicare policy has long recognized that there may also be specific instances where no improvement is expected but skilled care is, nevertheless, required in order to prevent or slow deterioration and maintain a beneficiary at the maximum practicable level of function. For example, in the regulations at 42 CFR 409.32(c), the level of care criteria for SNF coverage specify that the “. . . restoration potential of a patient is not the deciding factor in determining whether skilled services are needed. Even if full recovery or medical improvement is not possible, a patient may need skilled services to prevent further deterioration or preserve current capabilities.” The auditors should understand this and be trained on the proper standards. The Medicare statute and regulations have never supported the imposition of an “Improvement Standard” rule-of-thumb in determining whether skilled care is required to prevent or slow deterioration in a patient’s condition.
When you are audited by an auditor whether it be a RAC, MAC or UPIC, make sure the auditors are applying the correct standards. Remember, the auditors aren’t attorneys or doctors.
CMS: Broaden the Definition of “Medically Necessary” Germane to Dental Services!
Dental services do not, historically, “gel-well” with Medicare and Medicaid. In fact, most dentists do not accept Medicare and Medicaid, and, quite frankly, I do not blame them. Accepting Medicare and/or Medicaid comes with accepting the fact that your dental practice can – and will – be audited by CMS or your State government at-will, at any time, for any reason. Your dental practice can be raided at any time by any federal agency, including the FBI, DOJ, OIG, alleging civil and criminal violations when you, as a dentist, had no clue that your medical records could be used against you, if not up to snuff…according to the governmental auditor. Perhaps more dentists would accept Medicare and/or Medicaid patients if the definition of “medically necessary” is broadened. More incentive to accept government programs is always good.
Dental benefits are covered by Medicare only in limited circumstances, and many people on Medicare do not have any dental coverage at all unless they pay for a Medicare Advantage (“MA”) plan. However, Medicare and Medicaid could cover more dental services if Congress or CMS broadens the definition of “medical necessity.” But, even with MA, the scope of dental benefits, when covered, varies widely and is often quite limited, which can result in high out-of-pocket costs among those with expensive dental needs.
Medicare and/or Medicaid will determine whether a dental service is essential – or “medically necessary” – for a beneficiary’s exasperating, primary medical condition. Congress has fallen short on expanding the legal definition of “medical necessary” regarding dental services for Medicare and Medicaid recipients.
In a June 29, 2022, letter to CMS Administrator Chiquita Brooks-LaSure, more than 100 members of the U.S. House of Representatives pled with CMS to expand its definition of “medically necessary” dental care. Lawmakers highlighted the serious issues stemming from the lack of access to affordable dental care. I do not know if you recall, but, in 2013-ish, I blogged about a young, African American boy, named Deamonte, who died in the emergency room from an abscessed tooth that ruptured, when that abscessed tooth could have been remedied by a dentist for a few hundred dollars. See blog.
Nearly half of Medicare beneficiaries (47%), or 24 million people, do not have dental coverage, as of 2019.
Almost half of all Medicare beneficiaries did not have a dental visit within the past year (47%), with higher rates among those who are Black (68%) or Hispanic (61%), have low incomes (73%), or who are in fair or poor health (63%), as of 2018.
In 2021, 94% of Medicare Advantage enrollees in individual plans (plans open for general enrollment), or 16.6 million enrollees, are in a plan that offers access to some dental coverage.
To those dentists or dental surgeons who do accept Medicare and/or Medicaid – THANK YOU!
Medicare and/or Medicaid audits for dental services, while not fun to deal with, are easily defensible…most of the time. A few years ago Medicaid sought to recoup money from dentists who provided services to women believed to be pregnant when the pregnancy was over. See blog. I thought it was absolutely ridiculous that your dentist has the burden to ensure a woman is or is not pregnant. I feel as though many dentists could be slapped by asking. Plus, the services were rendered, so a dentist should not have to pay to provide services.
Warning for Acute Care Hospitals: You’re a Target for Overpayment Audits
Today I want to talk about upcoming Medicare audits targeted toward Acute Care Hospitals.
In September 2022, OIG reported that “Medicare Part B Overpaid Critical Access Hospitals and Docs for Same Services.” OIG Reports are blinking signs that flash the future Medicare audits to come. This is a brief blog so be sure to tune in on December 8th for the RACMonitor webinar: Warning for Acute Care Hospitals: You’re a Target for Overpayment Audits. I will be presenting on this topic in much more depth. It is a 60-minute webinar.
For OIG’s report regarding the ACHs, OIG audited 40,026 Medicare Part B claims, with half submitted by critical access hospitals and the rest submitted by health care practitioners for the same services provided to beneficiaries on the same dates of service (“DOS”). OIG studied claims from March 1, 2018, to Feb. 28, 2021, and found almost 100% noncompliance, which constituted almost $1million in overpayments to providers.
According to the OIG Report, CMS didn’t have a system to edit claims to prevent and detect any duplicate claims, as in the services billed by an acute hospital and by a physician elsewhere. Even if the physician reassigned his/her rights to reimbursement to the ACH.
As you know, a critical access hospital cannot bill Part B for any outpatient services delivered by a health care practitioner unless that provider reassigns the claim to the facility, which then bills Part B. However, OIG’s audit found that providers billed and got reimbursed for services they did perform but reassigned their billing rights to the critical access hospital.
The question is – why did the physicians get reimbursed even if they assigned their rights to reimbursement away? At some point, CMS needs to take responsibility as to the lack having a system to catch these alleged overpayments. If the physicians were reimbursed and had no reason to know that they were getting reimbursed for services that they assigned to an ACH, there is an equitable argument that CMS cannot take back money based on its own error and no intent by the physician.
On a different note, I wanted to give a shout out to ASMAC, which is the American Society of Medical Association Counsel; Attorneys Advocating for America’s Physicians. It is comprised of general counsels (GCs) of health care entities and presidents of State Medical Societies. ASMAC’s topics at conferences are cutting-edge in our industry of defending health care providers, interesting, and on-point by experts in the fields. I was to present there last week in Hawaii on extrapolations in Medicare and Medicaid provider audits. Thankfully, all their conferences are not in Hawaii; that is too far of a trip for someone on the East Coast. But you should look into the association, if ASMAC sounds like it would benefit you or you could benefit them, join.
The Ugly Truth about Medicare Provider Appeals
Extrapolated audits are the worst.
These audits under sample and over extrapolate – almost to the point that some audits allege that you owe more than you were paid. How is that fair in our judicial system? I mean, our country was founded on “due process.” That means you have a right to life, liberty, and the pursuit of happiness. If the government attempts to pursue your reimbursements at all, much less a greater amount than what you received, you are required notice and a hearing.
Not to mention that OIG conducted a Report back in 2020 that identified numerous mistakes in the extrapolations. The Report stated: “CMS did not always provide sufficient guidance and oversight to ensure that these reviews were performed in a consistent manner.” I don’t know about you, but that is disconcerting to me. It also stated that “The test was associated with at least $42 million in extrapolated overpayments that were overturned in fiscal years 2017 and 2018. If CMS did not intend that the contractors use this procedure, these extrapolations should not have been overturned. Conversely, if CMS intended that contractors use this procedure, it is possible that other extrapolations should have been overturned but were not.“
I have undergone hundreds of Medicare and Medicaid audits with extrapolations. You defend against these audits twofold: 1) by hiring an expert statistician to debunk the extrapolation; and 2) by using the provider as an expert clinician to discredit the denials. However, I am always dismayed…maybe that’s not the right word…flabbergasted that no one ever shows up on the other side. It is as if CMS via whatever contractor conducted the extrapolated audit believes that their audit needs no one to prove its veracity. As if we attorneys and providers should just accept their findings as truth, and they get the benefit of NOT hiring a lawyer and NOT showing up to ALJ trials.
In the above picture, the side with the money is CMS. The empty side is the provider.
In normal trials, as you know, there are two opposing sides: a Plaintiff and a Defendant, although in administrative law it’s called a Petitioner and a Respondent. Medicaid provider appeals also have two opponents. However, in Medicare provider appeals, there is only one side: YOU. An ALJ will appear, but no auditor to defend the merits of the alleged overpayment that you, as a provider, are accused of owing.
In normal trials, if a party fails to appear, the Judge will almost automatically rule against the non-appearing party. Why isn’t it the same for Medicare provider appeals? If a Medicare provider appears to dispute an alleged audit, the Judge does not rule automatically in favor of the provider. Quite the opposite quite frankly. The CMS Rules, which apply to all venues under the purview of CMS, which includes the ALJ level and the Medicare Appeals Council level, are crafted against providers, it seems. Regardless the Rules create a procedure in which providers, not the auditors, are forced to retain counsel, which costs money, retain a statistician in cases of extrapolations, which costs money, go through years of appeals through 5 levels, all of which the CMS Rules apply. Real law doesn’t apply until the district court level, which is a 6th level – and 8 years later.
Any providers reading, who retain lobbyists, this Medicare appeal process needs to change legislatively.
My Halloween blog from Yesterday: Medicare Dollars Vanish!
Happy Halloween. This year I am dressing as Freddy Krueger and my daughter, who is 17, says, “that’s so 80’s.” I guess some younger kids will just think I’m a spooky lady in a green and red sweater with knives for fingers. In honor of Halloween, I would like to tell you three ghost stories, of Medicare money that has vanished never to be found.
First, a ghoulish report from OIG states that CMS has not done enough to recoup Medicare payments found in 12 hospitals. Nothing like a report saying “CMS isn’t getting enough money” to make CMS “trick or treat” with more audits. According to the OIG report, CMS is short staffed, like almost every employer in America. Apparently, CMS claims to have too many phantoms instead of employees to track down every dollar, which I must say, makes me superstitious. If CMS is claiming to not have enough resources to track down money that has been targeted at 12 hospitals, how is it conducting the other audits nation-wide?
Among the 12 hospitals, supposedly, there is an eerie $82 million allegedly owed to CMS.
OIG recommended recouping all the money, but, according to OIG, CMS has provided insufficient information. Specifically, CMS did not provide information on the status of appeals hospitals levied against OIG’s overpayment findings. CMS didn’t provide information on the reason for the appeal or status of the action. Personally, I am just happy the hospitals appealed.
The second ghost story entails CMS’ continual audit of providers, especially the Medicare Advantage plans, which are nightmares. CMS has agreed to release the audits of 90 MA plans conducted between 2011 and 2013. These records are expected to demonstrate more than $600 million in MA overpayments due to alleged upcoding. Chilling!
Finally, a NC hospital system, Atrium Health, publicly announced that in 2019 it provided $640 million to Medicare patients that were never paid for. You would think this spine chilling unless you knew the tax breaks associated with the charity. But for the same year that Atrium’s website says it recorded the $640 million loss on Medicare, the hospital system claimed $82 million in profits from Medicare and an additional $37.2 million in profits from Medicare Advantage in a federally required financial document. Sleight of hand and hocus pocus!
Can Medicare/caid Auditors Double-Dip?
The issue today is whether health care auditors can double-dip. In other words, if a provider has two concurrent audits, can the audits overlap? Can two audits scrutinize one date of service (“DOS”) for the same consumer. It certainly doesn’t seem fair. Five years ago, CMS first compiled a list of services that the newly implemented RAC program was to audit. It’s been 5 years with the RAC program. What is it about the RAC program that stands out from the other auditor abbreviations?
We’re talking about Cotiviti and Performant Recovery; you know the players. The Recovery Audit Program’s mission is to reduce Medicare improper payments through the efficient detection and collection of overpayments, the identification of underpayments and the implementation of actions that will prevent future improper payments.
RACs review claims on a post-payment basis. The RACs detect and correct past improper payments so that CMS and Carriers, and MACs can implement actions that will prevent future improper payments.
RACs are also held to different regulations than the other audit abbreviations. 42 CFR Subpart F dictates the Medicaid RACs. Whereas the Medicare program is run by 42 CFR Subchapter B.
The auditors themselves are usually certified coders or LPNs.
As most of you know, I present on RACMonitor every week with a distinguished panel of experts. Last week, a listener asked whether 2 separate auditors could audit the same record. Dr. Ronald Hirsh’s response was: yes, a CERT can audit a chart that another reviewer is auditing if it is part of a random sample. I agree with Dr. Hirsh. When a random sample is taken, then the auditors, by definition, have no idea what claims will be pulled, nor would the CERT have any knowledge of other contemporaneous and overlapping audits. But what about multiple RAC audits? I do believe that the RACs should not overlap its own audits. Personally, I don’t like the idea of one claim being audited more than once. What if the two auditing companies make differing determinations? What if CERT calls a claim compliant and the RAC denies the claim? The provider surely should not pay back a claim twice.
I believe Ed Roche presented on this issue a few weeks ago, and he called it double-dipping.
This doesn’t seem fair. What Dr. Hirsh did not address in his response to the listener was that, even if a CERT is allowed to double-dip via the rules or policies, there could be case law saying otherwise.
I did a quick search on Westlaw to see if there were any cases where the auditor was accused of double-dipping. It was not a comprehensive search by any means, but I did not see any cases where auditors were accused of double-dipping. I did see a few cases where hospitals were accused of double-dipping by collecting DSH payments to cover costs that had already been reimbursed, which seems like a topic for another day.
Post-COVID Medicare/caid Rules Matter!
How many times have we panelists talked about COVID and COVID exceptions to the regulatory rules? How many times have we warned providers that the exceptions will expire at the end of public health emergency (“PHE”)? Well, it’s coming. The COVID PHE is still in effect for America, but some States have lifted their PHE status. NC’s state of emergency expired August 15, 2022. In Montana, the state of emergency ended June 30, 2021.
What does that mean? When America’s PHE expires, so does also all the exceptions. When your particular State’s PHE ends, so do the PHE exceptions your particular State allowed. This is imperative to ALL Medicare and Medicaid audits by whatever alphabet soup is knocking on your door. As well you know, auditors don’t always get it right. Add in confusion due to COVID exceptions…which apply in which State and which expired?
Last week, CMS released fact sheets summarizing the current status of Medicare and Medicaid COVID waivers and exceptions by provider type. The fact sheets include information about which waivers and flexibilities have already been terminated, have been made permanent or will end at the end of the COVID-19 public health emergency. Unless specifically stated, all exceptions expire at the end of PHE, which is in the process of winding down.
I decided to review a fact sheet to determine how useful it was. I chose for provider type – hospitals. The fact sheet is entitled, “Hospitals and CAH (including swing beds, DPUs), ASCs and CMHCs.” It is 28 pages. The fact sheets are must reads for all providers. When you play chess the rules matter. When you accept Medicare and/or Medicaid, the rules matter. And these fact sheets are the rules.
The fact sheets cover telehealth and reimbursement rates. The hospital fact sheet covers hospitals without walls, off-site patient screening, paperwork requirements, physical environment requirements, which waivers will or will not expire at the end of PHE, and much more. I would say these fact sheets, for whichever type of provider you are – are mandatory reads. The fact sheets may not be absolutely encompassing, but they are summaries for you, all in one spot, organized for ease of reading. Thank you, CMS, for gathering this info and putting it all in one spot.
Senators Question RAC Audits!
I have presented on RACMonitor, I think, for 3 years. I’d have to ask Chuck Buck to be exact. Over the last three years, I have tried my best to get the message out – RAC Auditors do not know what they are doing. Always appeal the decisions. – I feel like on my blog and on RACMonitor I have screamed this message until I was blue in the face.
Apparently, a couple Senators have taken notice. Or their constituents complained enough. Senators Tim Scott and Rick Scott drafted a letter to the Comptroller of America. A comptroller is a “controller” of financial affairs for the Country. The comptroller is the police of our tax dollars.
A few months ago, Senators Tim and Rick Scott wrote the U.S. Comptroller and complained about RAC auditors.
It was a letter that was short and sweet. It asked three questions.
It asked:
- How have states used the Medicaid RAC program to address strategic program integrity needs, including audits of managed care, and what are the lessons learned?
- What steps do the states and the Centers for Medicare & Medicaid Services (CMS) take to coordinate state Medicaid RAC program audits and other program integrity efforts? This includes existing Medicaid integrity programs such as the Unified Program Integrity Contractors, Payment Error Rate Measurement program, state auditors and Medicaid Fraud Control Units.
- How do states and CMS oversee the Medicaid RAC program and what mechanisms are in place to appropriately refer suspected cases of fraud?
As for the first question, RACs do address strategic PI needs – the very reason for their existence is to detect supposed fraud, waste, and abuse (“FWA”) by Medicaid providers. I’d like to hear the Comptroller’s answer.
As for the second question, they asked whether the States and CMS coordinate State Medicaid RAC audits. I don’t really care if the States and CMS coordinate State Medicaid RAC audits. So, I don’t care whether I hear the Comptroller’s answer to this.
The third question – “how do States and CMS oversee the Medicaid RAC program and what mechanisms are in place to detect FWA by Medicaid providers?” – I want to know that answer! I can tell the Comptroller the answer. The RAC Auditors are not supervised or overseen. If they were, they would audit differently; not try to find errors in every single audit conducted.
Maybe it’s time to get our Senators involved. While we’re at it, let’s talk about the Medicare provider appeal process, which is broken.
Medicare Provider Appeals: The Ghost Auditor
In litigation, there are two opposing sides, like football. It wouldn’t be much of a game if one side didn’t show up. In Medicare provider appeals, only one side shows up and I am asking – how is that fair? Let me explain:
You, as a provider receive a notice of Medicare overpayment in the mail. NGS or Palmetto or whoever claims you owe $4 million dollars. Of course the amount is extrapolated.
You decide to appeal. The first level is a redetermination at the Medicare Administrative Contractor. It is a desk review; you do not have the opportunity to question the other side. It’s just a 2nd look at the audit. The second level is the same as the first but performed by a QIC, and it’s called a reconsideration. The third level you finally get before an administrative law judge. Here, you envision the auditor presenting its evidence in support of why you owe $4 million dollars, and you presenting evidence and support that you don’t owe the money.
You would be wrong.
The auditors may participate in an ALJ Hearing. However, in my experience, the auditors never show up. They don’t provide evidence that their extrapolation was accurate or that their clinical findings are precise. No one substantiates the allegation that you owe $4 million. Instead, you get a soliloquy of why you don’t owe the money. The Judge may ask you questions, but you won’t be cross examined nor will you have the opportunity to cross examine the auditor.
The Medicare provider appeal process flies in the face of America’s judicial system. Our rules allow the accused to confront the accuser. At no time during your Medicare appeal do you get to challenge the auditor nor does the auditor have to back up his or her work. The audits are accepted as true without any verification.
This process needs to be amended. Medicare auditors should have to prove that their audits are accurate. They should have to prove that the documents didn’t support the claim billed and why. They should not be allowed to hide behind generic, cut-and-pasted denials without having to explain their reasoning, if there were any.
This nonsensical, three-ring-circle is why providers refuse to accept Medicare.
In 2020, one percent of non-pediatric physicians formally opted out of Medicare. Most of those opting out were psychiatrists – 42%.
This just goes to show you, qualifying for Medicare doesn’t guarantee that providers will accept you. It’s only going to get worse unless we change the appeal process for providers.
