Category Archives: Medicare Administrative Contractor
Preparing for Post-PHE Medicare and Medicaid Audits
Hello and happy RACMonitor Monday! As the nation forges ahead in the wake of the COVID-19 pandemic, the audits continue after that brief hiatus in March 2020. Recovery Audit Contractors (RACs), UPICs, and other auditors are dutifully reviewing claims on a post-payment basis. However, since COVID, there is a staffing shortage, which have many provider facilities scrambling on a normal basis. Throw in an audit of 150 claims and you’ve got serious souff-laying.
Yes, audit preparation has changed since COVID. Now you have more to do to prepare. Audits create more work when you have less staff. Well, suck it up sippy-cup because post-PHE audits are here.
The most important pre-audit preparation is knowing the COVID exceptions germane to your health care services. During PHE over the last two years, there has been a firehose of regulatory exceptions. You need to use these exceptions to your advantage because, let’s face it, the exceptions made regulatory compliance easier. For the period of time during which the exceptions applied, you didn’t have to get some signatures, meet face-to-face, have supervision, or what not. The dates during which these exceptions apply is also pertinent. I suggest creating a folder for all the COVID exceptions that apply to your facility. While I would like to assume that whatever lawyer that you hire, because, yes, you need to hire a lawyer, would know all the COVID exceptions – or, at least, know to research them, you never know. It only benefits you to be prepared.
Any medical provider that submits claims to a government program may be subject to a Medicare or Medicaid audit. Just because you have been audited in the past, doesn’t change the fact that you may be audited again in the future. RAC audits are not one-time or intermittent reviews and can be triggered by anything from an innocent documentation error to outright fraud. I get that questions a lot: This is my 3rd audit. At what point is this harassment. I’ve never researched the answer to that question, but I would venture that auditors get tons of latitude. So, don’t be that provider that is low-hanging fruit and simply pays post-payment reviews.
While reduced staff, high patient loads or other challenges may be bogging down your team, it’s important to remember that timeliness is crucial for CMS audit responses.
Locating the corresponding medical records and information can be a hassle at the best of times, but there are a few key things your organization can do to better prepare for a RAC Audit:
According to CMS, if selected for review, providers should discuss with their contractor any COVID-19-related hardships they are experiencing that could affect audit response timeliness. CMS notes that all reviews will be conducted in accordance with statutory and regulatory provisions, as well as related billing and coding requirements. Waivers and flexibilities will also be applied if they were in place on the dates of service for any claims potentially selected for review.
Ensure that the auditor has the appropriate contact information for requesting audit-related documentation. With so many changes to hospitals teams, it’s important to make sure that auditors’ requests for medical records are actually making it to the correct person or team in a timely manner.
Provide your internal audit review teams with proper access to data and other software tools like those used to ensure timely electronic audit responses. With a mix of teams working from home and in the office, it’s a good idea to make sure that teams handling Additional Documentation Requests (ADRs) and audit responses have the necessary access to the data they will need to respond to requests.
Review and document any changes to your audit review team processes.
Meet with your teams to ensure they fully understand the processes and are poised to respond within the required timeframes.
Successfully completing these audits in a timely manner is made much easier when the above processes and steps are in place.
Medicare Provider Appeals: The Ghost Auditor
In litigation, there are two opposing sides, like football. It wouldn’t be much of a game if one side didn’t show up. In Medicare provider appeals, only one side shows up and I am asking – how is that fair? Let me explain:
You, as a provider receive a notice of Medicare overpayment in the mail. NGS or Palmetto or whoever claims you owe $4 million dollars. Of course the amount is extrapolated.
You decide to appeal. The first level is a redetermination at the Medicare Administrative Contractor. It is a desk review; you do not have the opportunity to question the other side. It’s just a 2nd look at the audit. The second level is the same as the first but performed by a QIC, and it’s called a reconsideration. The third level you finally get before an administrative law judge. Here, you envision the auditor presenting its evidence in support of why you owe $4 million dollars, and you presenting evidence and support that you don’t owe the money.
You would be wrong.
The auditors may participate in an ALJ Hearing. However, in my experience, the auditors never show up. They don’t provide evidence that their extrapolation was accurate or that their clinical findings are precise. No one substantiates the allegation that you owe $4 million. Instead, you get a soliloquy of why you don’t owe the money. The Judge may ask you questions, but you won’t be cross examined nor will you have the opportunity to cross examine the auditor.
The Medicare provider appeal process flies in the face of America’s judicial system. Our rules allow the accused to confront the accuser. At no time during your Medicare appeal do you get to challenge the auditor nor does the auditor have to back up his or her work. The audits are accepted as true without any verification.
This process needs to be amended. Medicare auditors should have to prove that their audits are accurate. They should have to prove that the documents didn’t support the claim billed and why. They should not be allowed to hide behind generic, cut-and-pasted denials without having to explain their reasoning, if there were any.
This nonsensical, three-ring-circle is why providers refuse to accept Medicare.
In 2020, one percent of non-pediatric physicians formally opted out of Medicare. Most of those opting out were psychiatrists – 42%.
This just goes to show you, qualifying for Medicare doesn’t guarantee that providers will accept you. It’s only going to get worse unless we change the appeal process for providers.
Questions Answered about RAC Provider Audits
Today I’m going to answer a few inquiries about recovery audit contractor (“RAC”) audits from providers. A question that I get often is: “Do I have to submit the same medical records to my Medicare Administrative Contractor (“MAC”) that I submit to a RAC for an audit?” The answer is “No.” Providers are not required to submit medical records to the MAC if submitted to a RAC, but doing so is encouraged by most MACs. There is no requirement that you submit to the MAC what you submit to RACs. This makes sense because the MACs and the RACs have disparate job duties. One of the MACs, Palmetto, instructs providers to send records sent to a RAC directly to the Palmetto GBA Appeals Department. Why send the records for a RAC audit to a MAC appeals department? Are they forecasting your intentions? The instruction is nonsensical unless ulterior motives exist.
RAC audits are separate from mundane MAC issues. They are distinct. Quite frankly, your MAC shouldn’t even be aware of your audit. (Why is it their business?) Yet, many times I see the MACs cc-ed on correspondence. Often, I feel like it’s a conspiracy – and you’re not invited. You get audited, and everyone is notified. It’s as if you are guilty before any trial.
I also get this question for appeals – “Do I need to send the medical records again? I already sent them for the initial review. Why do I need to send the same documents for appeal?” I get it – making copies of medical records is time-consuming. It also costs money. Paper and ink don’t grow on trees. The answer is “Yes.” This may come as a shock, but sometimes documents are misplaced or lost. Auditors are humans, and mistakes occur. Just like, providers are humans, and 100% Medicare regulatory compliance is not required…people make mistakes; those mistakes shouldn’t cause financial ruin.
“Do the results of a RAC audit get sent to your MAC?” The answer is “Yes.” Penalties penalize you in the future. You have to disclose penalties, and the auditors can and will use the information against you. The more penalties you have paid in the past clear demonstrate that you suffer from abhorrent billing practices.
In fact, Medicare post-payment audits are estimated to have risen over 900 percent over the last five years. Medicare provider audits take money from providers and give to the auditors. If you are an auditor, you uncover bad results or you aren’t good at your job.
Politicians see audits as a financial win and a plus for their platform. Reducing fraud, waste, and abuse is a fantastic platform. Everyone gets on board, and votes increase.
Appealing your RAC audits is essential, but you have to understand that you won’t get a fair deal. The Medicare provider appeals process is an uphill battle for providers. And your MACs will be informed.
The first two levels, redeterminations and reconsiderations are, basically, rubber-stamps on the first determination.
The third level is the before an administrative law judge (ALJ), and is the first appeal level that is before an independent tribunal.
Moving to the False Claims Act, which is the ugly step-sister to regulatory non-compliance and overpayments. The government and qui tam relators filed 801 new cases in 2022. That number is down from the unprecedented heights reached in 2020 (when there were a record 922 new FCA cases), but is consistent with the pace otherwise set over the past decade, reflecting the upward trend in FCA activity by qui tam relators and the government since the 2009 amendments to the statute.
See the chart below for reference:

Audit the Medicare Payors…It’s Not Always the Providers That Commit Fraud
Today, I am going to write about America’s managed care problem. We always talk about providers getting audited. It is about time that the payors get audited. In particular, for Medicaid, States contract with managed care organizations, which are prepaid, and, for Medicare, Medicare Advantage companies, which are prepaid.
Managed care in Medicare is MA organizations. Managed care in Medicaid is MCOs. These MCOs and MAs need to be held accountable for the misuse of funds.
Today, capitated, managed care is the dominant way in which states deliver services to Medicaid enrollees. And MA is becoming the dominant way to receive Medicare.

Under these prepaid programs, these private companies are paid a flat fee per month depending on the number of consumers to provide whatever care is required for patients based on age, gender, geography and health risk factors. The more diagnoses a person has, the more the company is prepaid. To compensate plans and providers for potential costs of care for individual patients with long-term conditions such as diabetes, heart disease or cancer, Medicare boosts the monthly payment to Medicare Advantage plans under a “risk adjustment” for each additional condition. The system differs from the traditional “fee for service” payment, in which Medicare pays hospitals and doctors directly each time they provide a service.
If companies add more risk adjustment codes to a Medicare Advantage beneficiary’s medical record to receive higher payment — but don’t spend money on the additional care — they make more money. Same as MCOs denying care or terminating providers, the tax dollars line the executive pockets instead of reimbursing providers for providing medically necessary care.
Maybe the answer is remaining with the fee-for service model. Prepaying entities creates a financial incentive to bolster beneficiaries’ health problems then cross your fingers that the health problems never come to fruition either because the beneficiary remains healthy or the health problem was fabricated.
MCOs and MA companies must be supervised by the single agency. These companies cannot have the ability to refuse medically necessary services or terminate provider at will for whatever reason with no repercussions. It’s not fair to the recipients or providers. Maybe it’s time to switch our telescopic lens from auditing providers to auditing MCOs and MAs. Let’s get these RAC, ZPIC, and TPE auditors focused on the stewards of our tax dollars, the prepaid entities.
42 CFR §431.10 dictates a single state agency for Medicaid, which is the Department in each State. CMS is the single agency in Medicare. CMS and State Departments are ultimately responsible for the private MCOs and MAs, but really are allowing these companies autonomy to the deficit of our tax dollars.
If you recall, earlier this year, The American Hospital Association urged the Justice Department to use its authority under the False Claims Act to create a fraud task force to investigate commercial insurers that routinely deny patients access to services. This was due to the April 2022 OIG report that “Some Medicare Advantage Organization Denials of Prior Authorization Requests Raise Concerns about Beneficiary Access to Medically Necessary Care.”
Instead of audits of providers or concurrently in audits of providers, we need to audit the payors. Both MCOs and MAs. What’s good for the goose is good for the gander.
Auditing Medicare Advantage Organizations – About Time!
The American Hospital Association (“AHA”) is asking the Department of Justice (DOJ) to look into health insurance companies that routinely deny patients access to care and payments to providers. I’d like a task force as well. This is exactly the problem I have witnessed with managed care organizations or MCOs. In traditional Medicare and Medicaid, MCOs are prepaid and make profit by denying consumers medical care, terminating provider contracts, and not paying providers for care rendered. Congress created the same scenario with Medicare Advantage. Individuals can elect coverage through private insurance plans. While MA has been wildly successful and popular, the AHA is complaining that too many people are getting denied services.
An OIG report that was published in April cites MAOs as denying services for beneficiaries. We are always talking about providers getting audited, it is about time that the companies that are gateways for providers getting reimbursed and beneficiaries getting medically necessary services are likewise audited for denying services. It seems ironic that providers are audited for potentially billing for too many services and these gateway, third party reimbursement companies are audited for providing too few services – or denying too many prior authorizations. But if the MCO or MAO deny medical services, then the money that would have been paid to the provider stays in their pocket.
The OIG report found that many MAOs delay or deny services despite those services meeting Medicare prior authorization criteria, approximately 13-18%. Almost a 20% wrongful denial rate. When these MAOs get tax payer money for a Medicare beneficiary and deny services those tax dollars stay in the MAO’s pockets.
Supposedly MAOs approve the vast majority of requests for services and payment, they issue millions of denials each year, and OIG’s audit of MAOs has highlighted widespread and persistent problems related to inappropriate denials of services and payment. As enrollment in Medicare Advantage continues to grow, MAOs play an increasingly critical role in ensuring that Medicare beneficiaries have access to medically necessary covered services and that providers are reimbursed appropriately.
According to the OIG report, MAOs denied prior authorization and payment requests that met Medicare coverage rules by: (1) using MAO clinical criteria that are not contained in Medicare coverage rules; (2) requesting unnecessary documentation; and (3) making manual review errors and system errors.
Personally, I am fed up with these private, insurance companies denying services and keeping our tax dollars. It is about time the insurance companies are audited.
New Report Points to More Audits of Hospitals
Hospitals across the nation are seeing lower profits, and it’s all because of a sudden, tsunami of Medicare and Medicaid provider audits. Whether it be RAC, MAC, UPIC, or Program Integrity, hospital audits are rampant. Billing errors, especially ‘supposed bundling,’ are causing a high rate of insurance claims denials, hurting the finances of hospitals and providers.
A recent report from American Hospital Association (AHA) found “Under an optimistic scenario, hospitals would lose $53 billion in revenue this year. Under a more pessimistic scenario, hospitals would lose $122 billion thanks to a $64 billion decline in outpatient revenue”*[1]
The “Health Care Auditing and Revenue Integrity—2021 Benchmarking and Trends Report” is an insider’s look at billing and claims issues but reveals insights into health care costs trends and why administrative issues continue to play an outsize role in the nation’s high costs in this area. The data used covers 900+ facilities, 50,000 providers, 1500 coders, and 700 auditors – what could go wrong?

According to the report,
- 40% of COVID-19-related charges were denied and 40% of professional outpatient audits for COVID-19 and 20% of hospital inpatient audits failed.
- Undercoding poses a significant revenue risk, with audits indicating the average value of underpayment is $3,200 for a hospital claim and $64 for a professional claim.
- Overcoding remains problematic, with Medicare Advantage plans and payers under scrutiny for expensive inpatient medical necessity claims, drug charges, and clinical documentation to justify the final reimbursement.
- Missing modifiers resulted in an average denied amount of $900 for hospital outpatient claims, $690 for inpatient claims, and $170 for professional claims.
- 33% of charges submitted with hierarchical condition category (HCC) codes were initially denied by payers, highlighting increased scrutiny of complex inpatient stays and higher financial risk exposure to hospitals.
The top fields being audited were diagnoses, present on admission indicator, diagnosis position, CPT/HCPCS coding, units billed, and date of service. The average outcome from the audits was 70.5% satisfactory. So, as a whole, they got a ‘C’.
While this report did not in it of itself lead to any alleged overpayments and recoupments, guess who else is reading this audit and salivating like Pavlov’s dogs? The RACs, MACs, UPICs, and all other alphabet soup auditors. The 900 facilities and 50,000 health care providers need to be prepared for audits with consequences. Get those legal defenses ready!!!!
[1] * https://www.fiercehealthcare.com/hospitals/kaufman-hall-hospitals-close-between-53-and-122b-year-due-to-pandemic
Audits Surge with Medicare Advantage and TPE Audits Increased!
Everyone knows about audits of health care providers. But what about the billing companies? Or a data-analytics company? In a complaint filed last week, a New York data-mining company DxID is accused of allegedly helping a Medicare Advantage program game federal billing regulations in a way that enabled the plan to overcharge for patient treatment. As you know, Medicare Advantage plans are paid more for sicker patients. Supposedly, DxID combed medical records for “missed” diagnoses. For example, adding major depression to an otherwise happy consumer. A few years ago, I won an injunction for a provider who 100% relied on the billing company to bill. Because this company aggressively upcoded, we used the victims’ rights statutes in the SSA to defend the provider. And it worked. Providers often forget about the safety net found in the victims’ rights statutes if they wholly rely on a billing company.
This DXID complaint cites medical conditions that it says either were exaggerated or weren’t supported by the medical records, such as billing for treating allegedly unsupported claims for renal failure, the most severe form of chronic kidney disease. The Justice Department is seeking treble damages in the False Claims Act suit, plus an unspecified civil penalty for each violation of the law.
Medicare Advantage has been the target of multiple government investigations, Justice Department and whistleblower lawsuits and Medicare audits. One 2020 report estimated improper payments to the plans topped $16 billion the previous year. In July, the Justice Department consolidated six such cases against Kaiser Permanente health plans. In August, California-based Sutter Health agreed to pay $90 million to settle a similar fraud case. Previous settlements have totaled more than $300 million.
Breaking news: Targeted Probe and Educate audits (TPE) resumed September 1, 2021. Due to COVID, TPE audits had been suspended. Unlike recovery audits, the stated goal of TPE audits is to help providers reduce claim denials and appeals with one-on-one education focused on the documentation and coding of the services they provide. TPE audits are conducted by MACs. While originally limited in scope to hospital inpatient admissions and home health claims, CMS expanded the program to allow MACs to perform TPE audits of all Medicare providers for all items and services billed to Medicare. Beware the TPE audits; they are not as friendly as they purport. A TPE audit can result in a 100 percent prepay review, extrapolation, referral to a Recovery Auditor, or other action, so a carefully crafted response to a TPE audit is critical.
The TPE audit process begins when a provider receives a “Notice of Review” letter from the MAC which states the reasons the provider has been selected for review and requests 20-40 records be produced. Once the records are produced, the MAC will review the 20-40 claims against the supporting medical records and send the provider a letter detailing the results of their review. If the claims are found to be compliant, the TPE audit ends and the provider cannot be selected for review again for a year unless the MAC detects significant changes in provider billing. However, if the claims are found not to be compliant, the MAC will invite the provider to a one-on-one education session specific to the provider’s documentation and coding practices. The provider is then given 45 days to make changes and a second round of 20-40 records will be requested with dates of service no earlier than 45 days after the one-on-one education.
The provider will be given three rounds of TPE to pass. Do not use all three rounds; get it right the first time. If the provider fails pass after three rounds, they will be referred to CMS for further action. With MA, TPE, and audits of data-analytics companies ramping up, 2022 is going to be an audit frenzy.
Medicare Payment Parity: More Confusing Audits
Every time a regulation is revised, Medicare and Medicaid audits are altered…sometimes in the providers’ favor, most times not. Since COVID, payment parity has created a large discrepancy in reimbursement rates for Medicare across the country.
Payment parity is a State-specific, Governor decision depending on whether your State is red or blue.
Payment parity laws require that health care providers are reimbursed the same amount for telehealth visits as in-person visits. During the ongoing, pandemic, or PHE, many states implemented temporary payment parity through the end of the PHE. Now, many States are implementing payment parity on a permanent basis. As portrayed in the below picture. As of August 2021, 18 States have implemented policies requiring payment parity, 5 States have payment parity in place with caveats, and 27 States have no payment parity.

On the federal level, H.R. 4748: Helping Every American Link To Healthcare Act of 2021 was introduced July 28, 2021. HR 4748 allows providers to furnish telehealth services using any non-public facing audio or video communication product during the 7-year period beginning the last day of the public health emergency. Yay. But that doesn’t help parity payments.
For example, NY is one of the states that has passed no parity regulation, temporary or permanent. However, the Governor signed an Executive Order mandating parity between telehealth and physical services. Much to the chagrin of the providers, the managed long-term care organizations reduced the Medicare and Medicaid reimbursements for social adult day care centers drastically claiming that the overhead cost of rendering virtual services is so much lower., which is really not even accurate. You have to ensure that your consumers all have access to technology. About four-in-ten adults with lower incomes do not have home broadband services (43%) or a desktop or laptop computer (41%). And a majority of Americans with lower incomes are not tablet owners.
Amidst all this confusion on reimbursement rates, last week, HHS released $25.5 billion on provider relief funds and promised increased audits. Smaller providers will be reimbursed at a higher rate than larger ones, the department said. Which leads me tov think: and perhaps be audited disproportionately more.
The first deadline for providers to report how they used grants they have already received is coming up at the end of September, but HHS on Friday announced a two-month grace period. HHS has hired several firms to conduct audits on the program.
Remember on June 3, 2021, CMS announced that MACs could begin conducting post-payment reviews for dates of service on or after March 1, 2020. Essentially, auditors can review any DOS with or without PHE exceptions applicable, but the PHE exceptions (i.e., waivers and flexibilities) continue, as the PHE was extended another 90 days and likely will be again through the end of this year.
I’m currently defending an audit spanning a 4-month period of June 2020 – September 2020. Interestingly, even during the short, 4 month, period, some exceptions apply to half the claims. While other apply to all the claims. It can get tricky fast. Now imagine the auditors feebly trying to remain up to speed with the latest policy changes or COVID exceptions.
Here, in NC, there was a short period of time during which physician signatures may not even be required for many services.
In addition to the MAC and SMRC audits, the RAC has shown an increase in audit activities, as have the UPICs and most state Medicaid plans. Commercial plan audits have also been on the rise, though they were under no directive to cease or slow audit functions at any time during the PHE.
Lastly, audit contractors have increasingly hinted to the use of six-year, lookback audits as a means for providers that have received improper payments to refund overpayments due. This 6- year lookback is the maximum lookback period unless fraud is alleged. It is important to note that the recoupments are not allowed once you appeal, so appeal!