Category Archives: Post-Payment Reviews
There Is No Law to Be Perfect in Medicare; Just Self-Disclose!
We all know that there is no law, regulation or statute that medical records supporting payment by Medicare or Medicaid must be perfect. There is no mandatory 100% compliant standard. Because humans err. In light of the ongoing financial strain brought about by the pandemic and the constraints imposed by Congress on Medicaid coverage disenrollments, State Medicaid agencies are poised to explore additional audits to manage increasing Medicaid expenditures. Recent developments, such as additional flexibilities granted by CMS, suggest a shifting landscape in how States respond to these challenges.
Anticipating a more assertive approach by States in dealing with service providers, potential measures could include rate cuts and enhanced scrutiny through service audits. This prompts a crucial examination of States’ and providers’ rights under federal Medicaid law to audit service provisions and recover overpayments, a legally intricate and noteworthy domain.
Medicaid RAC Audits are governed by 42 CFR 455 Subpart F—Medicaid Recovery Audit Contractors Program. Other Medicaid alleged overpayments are dictated by 42 CFR Chapter 433.

To establish a foundational understanding, it’s essential to consider the mandate imposed by Congress in section 1902(a)(30)(A) of the Social Security Act. States are required to incorporate provisions in their Medicaid plans to “safeguard against unnecessary utilization of … care and services.” This underscores the federal interest in ensuring responsible use of matching funds, given the federal government’s financial contribution to the program.
A landmark case illustrating the complexities of this mandate is the 1999 decision by the Supreme Judicial Court of Massachusetts in Massachusetts Eye and Ear Infirmary v. Commissioner of Medical Assistance. The court evaluated Massachusetts Medicaid’s retrospective utilization review policy, emphasizing the need for meaningful definitions of terms like “inpatient” and “outpatient” to avoid arbitrary penalties on providers.
Moving to the realm of overpayments, CMS regulations, specifically at 42 C.F.R. § 433.316, provide guidance on how States should proceed when identifying overpayments. The regulations recommend written notification to providers, with states having the discretion to choose whether to notify in cases of suspected fraud. Furthermore, States are required to take “reasonable actions” based on state collections law to recoup overpayments, with a one-year timeframe to return the federal share of identified overpayments to CMS.
Determining when a State “discovers” an overpayment is a critical aspect outlined in the regulations. The discovery is pegged to specific events, such as the state contacting the provider, the provider notifying the state, formal initiation of recoupment, or a federal official identifying the overpayment. Significantly, the regulations focus more on CMS’s relationship with the state than on the state’s relationship with providers.
Recent legal precedents, such as the Wisconsin Supreme Court’s decision in Professional Home Care Providers v. Wisconsin Department of Health Services, underscore the need for states to operate within the bounds of their granted authority. In this case, the court rejected a Medicaid agency’s “perfection” policy, emphasizing that state law must align with CMS regulations in overseeing overpayment recovery.
As States grapple with revenue shortfalls exacerbated by the pandemic, the potential for increased efforts to recoup overpayments from providers looms large. Legal challenges, exemplified by recent decisions in Massachusetts and Wisconsin, underscore the delicate balance States must strike in these endeavors, emphasizing the limits within which they must operate as they navigate the complex terrain of Medicaid law and financial constraints.
Expect audits. Be ready to defend yourself. Self audits are so important. If you self audit and find a problem and self-disclose, you will not receive penalties. Self-disclosures are key. When I told a group of law students this key information, one asked, has you told a client to self-disclose and they refused? To which I said yes. One time. A female doctor informed me that she falsified 7 medical records, I said that she should disclose. She screamed at me in her language, fired me, and hired a new attorney and withheld the information about falsifying records.
She is jail currently.
RAC Audits Are BOO-Very Scary, and, Sometimes, Are DEAD wrong!
For Monitor Monday, today, October 30, 2023, I dressed up as a RAC auditor. BOO!!! I get a spooky 13.5% commission for overzealous auditing tactics. RAC auditors come in every shape and size, color or gender.

In my experience, RACs are garishly incorrect in their assessments. I will reveal three, real life examples where these audit contractors accused healthcare providers of owing money but were found to be dead wrong:
Example 1 – Medical Necessity quibbles:
In a haunting case involving a hospital, the RAC alleged that certain cardiac procedures were billed inappropriately, citing concerns about the medical necessity of these services. They claimed the hospital should refund a repugnant amount for these procedures. However, upon closer examination and an appeal process, it was revealed that the services were indeed medically necessary and aligned with the standard protocols. The ghastly RAC’s accusation was disproven, and the hospital was not required to return any funds. Spine-tingling!
Example 2 – Improper Coding of Diagnosis:
A healthcare provider, particularly a large physician group, was accused by the RAC of using suspicious, improper diagnostic codes, leading to overbilling for certain services provided to Medicare and Medicaid beneficiaries. After a thorough internal audit, it was determined that the codes used were accurate and supported by the patient’s medical records. The RAC’s allegations were unfounded, and no repayment was required. Suspicious. A haunting reminder to spook audits.
Example 3 – Alleged Duplicate Billing:
In a murderous case involving a nursing facility, the RAC identified what they believed were instances of duplicate billing for certain procedures and services. Upon further review, it was revealed that the billing discrepancies were due to the RAC’s misunderstanding of the facility’s billing processes. Mysterious. The facility provided evidence showcasing that the billed services were distinct and not duplicates. Consequently, the RAC’s claim was refuted, and no repayment was deemed necessary. Suspicious.
These examples underscore the critical need for providers to have robust internal compliance measures in place. While RACs serve a vital purpose in identifying billing errors, they are not infallible. Providers need to be equipped to challenge these audit findings, ensuring they are based on accurate and comprehensive information.
It’s crucial for healthcare providers to engage in a proactive approach by conducting their internal audits, maintaining accurate documentation, and being prepared to challenge RAC determinations when necessary. These efforts not only protect providers from unwarranted financial obligations but also ensure that Medicare and Medicaid funds are appropriately allocated.
In conclusion, the relationship between RACs, healthcare providers, and government healthcare programs is complex. The examples provided demonstrate that while RACs play a critical role in safeguarding the integrity of Medicare and Medicaid, their findings are not always accurate. Providers must be diligent in ensuring their billing practices align with regulations and be prepared to contest any erroneous audit findings to maintain fiscal stability and fair reimbursement for services rendered.
Happy Halloween!!!!
RAC Audits: If It Walks Like a Duck and Quacks Like a Duck, It Is a Duck!
Today, I am going to talk about RAC audits. I know what you are thinking…don’t you always talk about RACs? Of course, you are going to talk about RAC audits. No. Today, I’m taking this blog in a different direction.
I want to talk about secret, hidden RAC audits. As you are aware, the federal regulations limit RACs from going back more than 3 years to audit claims. Juxtapose the UPICs, TPEs, SMRCs, MACs, OIG, and even State Medicaid agencies. Everyone, but the RACs are allowed more than a 3-year lookback period. Some, like OIG, have long lookback periods. Coincidentally, when a company responds to an RFP or a request for proposal from CMS to act as CMS’ vendor to conduct Medicare audits on America’s Medicare providers, a clause in the proposed contract between CMS and the vendor is highly argued or negotiated. Which clause in the vendor’s contract is most negotiated? I will tell you. The clause that states that the vendor is a RAC is most negotiated. Because if the vendor is called a UPIC instead of a RAC, the vendor has a longer lookback period. Being called a UPIC, suddenly, becomes a commodity. There are no laws mandating UPICs to a 3-year lookback period. All of a sudden, it is not hip to be a RAC.
Look into it. Do your research. The contracts are public record. Ask for Cotiviti’s contracts with CMS. Notice I said contracts, not contract. What I have realized over time is that a vendor may be hired by CMS to be a RAC auditor, but, once the vendor realizes the limit of 3 years, it goes back to CMS and asks if it can be considered an UPIC. Why? A UPIC can do everything that a RAC does; however, it gets an additional 3 years to lookback at claims and that means money. Cha-ching! Even Dr. Ron Hirsh commented today on RACMonitor about this story, which I presented this morning at 10:00am, as I present every Monday morning, live, on the national podcast RACMonitor , hosted by Chuck Buck and produced by MedLearn. If you want to listen to the podcast, click the following link: Nelson Mullins – Monitor Mondays Podcast Featuring Knicole Emanuel; Defeating Statistical Extrapolations, Expansion of Medicaid RACs, IPPS Final Rule, Smart Hospitals, and Physician Advisors Episodes
The podcast is also on video, but I don’t know how to view that. If you do, you would see my baby duck Biscuit on the screen. He joined me this morning to talk about, “What Walks Like a Duck and Quacks Like a Duck, Must be a Duck.” Dr. Hirsh commented that companies like Cotiviti have many, many contracts deeming Cotiviti many different acronyms. If you get a letter from Cotiviti, do not assume it is acting as a RAC. Instead, ask for the contract which allows Cotiviti to do what it purports to want to do.
I’ve noticed this trend in real life, but only for 10-20 individual cases, maybe 30. I have not had the time to draft a FOYIA request, and, quite frankly, my name on a FOYIA request nowadays result in a response that says, something to the effect of, use discovery instead. Even though my personal experiences should not be extrapolated across the country because that would be inappropriate and judgmental, I will give an example and you may extrapolate or not. There is a company that has been doing RAC audits in NC for the last 5-8 years. It is called Public Consulting Group (“PCG”). PCG and I go way back. If you are a longtime listener of RACMonitor, you will recall that Ed Roche and I presented numerous podcasts about the debacle in NM in 2013. The State of NM put 15 Medicaid providers who constituted 87.6% of the BH providers in NM at the time. The consequences were catastrophic; thousands were out of BH services overnight. There is even a documentary about the unraveling of BH in NM in 2013. The reason that these 15 BH providers were put out of business overnight was because of a NM vendor called PCG. PCG issued a report to NM after conducting Medicaid audits on these 15 BH facilities, which accused the 15 facilities of fraud. In 2013, PCG was considered a RAC per contract. Today, when I have a case against PCG and make the 3-year lookback period argument, I get a retort that it’s not a RAC. Instead it’s a UPIC.
To which I say, if it walks like a duck and talks like a duck, it is a duck.

What To Do When Your Doctor Fails To Doctor?
Not everyone loves their job. Not everyone has a job. Not everyone does their job. And that includes doctors and lawyers. Not all doctors and lawyers do their jobs well. When a doctor fails to doctor, where does the liability lie? On the facility? On the hospital?
That is exactly what happened in one of my cases. My client, an inpatient substance abuse facility, hired a physician. Upon hire, the doctor signed an employment agreement that stated that he or she would perform the role as a doctor/medical director for the facility. Years passed. There were no complaints, so the executive committee was under the impression that the doctor was fulfilling his duties. The members certainly had no reason to suspect that the doctor was not doctoring according to the employment contract. No, they assumed that a doctor would doctor.
Then a RAC audit happened. As you are well aware, RAC audits go back three years. The facility received a Tentative Notice of Overpayment from the RAC alleging the facility owed almost $10 million. I was hired, and I conducted a review of the facility, its policies, and interviewed all staff. It came to light that the doctor did not review the results of urinalysis tests. Remember, this is a substance abuse facility. Urine tests are essential. The Medicaid recipients provided the samples; they peed in a cup. The labs were ordered. The doctor has a standing order for definitive and presumptive urinalysis tests. The doctor has sole access to the test results electronically. We discovered, much to our horror, that the doctor never looked at the results. For the past three years, she has never informed any patient that they were or were not positive or negative for any substance. In my mind, reviewing the urinalysis results goes hand in hand with substance abuse therapy.
Here, we discovered a breakdown in the facility, but that breakdown was one person not doing his or her job. Sadly for him or her, we – the facility – were able to use the doctor’s failure to doctor to our advantage. We appealed the $10 million alleged overpayment. Our primary defense was throwing the doctor under the bus, and we had every right to do so. Who would have expected your medical director failing to direct or review pertinent tests. In the world of law, respondeat superior, normally, is the general rule. In Latin, respondeat superior means that the superior or the boss or the owner is responsible for those underneath them. In this case, the facility is the superior and the doctor is the inferior, so you would expect the facility to bear any liability of its employees. But, not here. Not in this case. The doctor failed to meet expectations of the job. By not reviewing urinalysis test results, the doctor veered enough off the track to relieve liability from the facility. The doctor’s inactions were the direct cause of the accusation of owing $10 million. The administrative law judge (“ALJ”) agreed. After terminating the doctor, we contemplated suing the physician for damages. However, since we won the alleged overpayment case, we did not do so.
SNFs Are on the Medicare Chopping Block! Caveat!
Every skilled nursing facility in the US will be subject to a five-claim audit starting THIS WEEK as regulators try to better assess and root out improper payments. Blah. Blah. Blah. The former is the first sentence in an article that is giving warning to skilled nursing facilities (“SNF”). But, we all know that PROPER PAYMENTS get caught in the wide net cast for improper payments. Innocent people get accused of crimes. Health care providers get accused of Medicare and Medicaid fraud or, at least, abhorrent billing.
The Centers for Medicare & Medicaid Services (“CMS”) announced the nationwide audits, which will be conducted by Medicare Administrative Contractors (“MACs”) on a rolling basis, with the MAC in every region required to pull five Medicare Part A claims from every facility they cover and review them for potential errors.
The results will lead to alleged overpayments, credible allegations of fraud, submittals to the OIG, and False Claims Act (“FCA”) penalties. The effort follows an HHS report that found skilled nursing facilities had the highest rate of improper payments, with nearly a quarter of those tied to insufficient documentation.
Most of the rest of my blog (except for what is important) is cut and pasted from the article (since I am not a journalist and cannot procure quotes):
“We haven’t seen anything like this in the recent past, at least not in the last 10 years,” said Stacy Baker, OTR/L, RAC-CT, director of audit services for Proactive LTC Consulting. “But it’s no surprise to see this sector-wide probe and educate. Looking back on Medicare FFS improper payment data, we’ve never seen SNF improper payment rates this high, and nearly doubling since the 2021 report.”

That rate stood at 15.1% in 2022, almost double the 7.79% rate in 2021. A CMS report blamed missing case-mix group component documentation. Baker billed the new initiative as an attempt to improve poor billing practices that emerged with the implementation of the Patient Driven Payment Model.
But the improper payments can’t be attributed to PDPM alone, said Alicia Cantinieri BSN, vice president of MDS policy and education for Zimmet Healthcare Services.
“That’s probably not the whole reason,” she said on a webinar earlier this month.
She noted that risk areas that could move providers to the front of the audit process include past performance, such as a history of additional documentation requests (“ADR”); frequent errors in Section GG, which sets payment rates for physical therapy, occupational and nursing groups; diagnoses without medical record to support MDS inclusion; and even illegible RN signatures. I bolded “even illegible RN signatures” because I cannot tell you how many times I have seen denials by auditors because they couldn’t read someone’s signature, and, therefore, could not verify their license. Have auditors heard of a phone?
The reviews will be conducted on a prepayment basis unless the provider requests post-payment review due to a financial burden. Holy cow! See blog, blog, and blog.
“Keep in mind, there’s lots of low-hanging fruit for payment error aside from PDPM accuracy, such as but not limited to, compliant SNF Certs and Recerts and physician oversight regs,” Baker added. “These components should be included in the Triple Check process as well.”
The CMG for each HIPPS code also must be clearly supported to validate the claim.
The MACs will complete one round of probe and educate for every provider, instead of that usual potential three rounds, as per their traditional TPE program.
It is a good idea for providers to start analyzing data and conducting internal self-audits.
TIPS for an effective ADR response:
- SECURE AN ATTORNEY WHO SPECIALIZES IN THIS TYPE OF LEGAL WORK.
- Develop a process and team now. Assign responsibilities for tasks such as, but not limited to: identifying ADR requests, ensuring timely response to deadlines are met, pulling together medical records and documents required to support the HIPPS code, and reviewing the packet for completeness.
- Make copies. Never ever, ever, ever send originals.
- Organize documentation to make the contractor’s review easy, labeling critical sections such as physician orders, MDS assessments, Section GG documentation and more.
- Allow sufficient time for your lawyers and hired experts, both with clinical and MDS coding expertise, to review the claims and documentation for accuracy. If your attorney believes that your documentation has concerning issues, it is best to SELF-DISCLOSE. Self-disclosure can prevent penalties; whereas if you are caught, penalties will ensue.
E/M Codes and When You Should NOT Fire Your Attorney!
Lately, I have been inundated with Medicare and Medicaid health care providers getting audited for E/M codes. I know Dr. Hirsh has spoken often about the perils of e/m codes. The thing about e/m codes is that everyone uses them. Hospitals, family physicians, urgent care centers, specialists, like cardiologists. Obviously, for a specialist, like cardiology, the higher level codes will be more common. A 99214 will be common compared to a generalist like a primary care physician, where a 99213 may be more common.

Here’s a little secret: the difference between a 99214 and 99213 is subjective. It’s so subjective that I have seen auditors who are hired by private companies to audit on behalf of CMS and are financially incentivized to find fault find 100% error rates. Who finds a 100% error rate? Not one claim out of 150 was compliant. Then, I come in and hire the best independent auditors or coders. There are generally two companies that I always use. The independent auditors are so good. Most importantly, they come in and find a much more probable error rate of almost zero.
Hiring an independent, expert coder to ensure that the RAC, MAC, UPIC, or TPE audits accurately is always part of my defense.
Recently, I learned what I should have known a long time ago, but is essential for our listeners to know. If your medical malpractice is with The Doctors Company, for free, you get $25k of – what TDC calls – Medi-Guard or regulatory compliance protection. In other words, you get audited by a UPIC and are informed that you owe an alleged $5 million, extrapolated, of course, you get $25k to pay an attorney for defense. Sadly, $25k will not come close to paying your whole defense, but it’s a start. No one scoffs at “free” money.
When accused of an alleged overpayment, placed on prepayment review, or accused of a credible allegation of fraud, your reimbursements could be in imminent danger of being suspended or recouped. It is imperative for the health care provider to stay apprised of what penalties they are facing. You want to know: “best case scenario and worst case scenario.”
And, providers, be cognizant of the gravity of your situation. Infringement of the false claims act can result in high penalties or jail, depending on the circumstances and the provider’s attorney. I had a client, who is an M.D. psychiatrist. She asked me what is the worst penalty possible. I am blunt and honest, apparently to a fault. I didn’t miss a beat. “Jail,” I said. She was horrified, called her insurance company, and requested a new attorney. TDC refused to fire me, so the doctor said that she will draft the self-disclosure herself. She also said that she submitted the falsified documents to the UPIC, so she was confident that the UPIC would not notice, but see below, time stamps are a bitch.
When I told the doctor that we needed to self-disclose to OIG because she had some Medicare claims, she screamed, “No! No! NO!” It was a video call and my sound wasn’t up loud, and I just watch her on the screen with her face all contorted and her mouth getting really big, then contract, then get really big, then contract, then get really big and then even bigger. The expert certified coder was present for the call, and he called me afterward asking me: “What was that?” And his wife, who overheard, said, “OMG. I would have lashed out.” I kept my cool. Honestly, I just felt bad for her because I can see the writing on the wall.
Obviously, a new attorney is not going to change the outcome. She falsified 17 dates of service because she wanted the service notes to be “perfect.” Well, providers, there is no such thing as perfect and changing diagnoses and CPT codes and adding details to the notes that, supposedly, you remember from a month ago is not ok.
I did feel bad for her for leaving me. I could have gotten her off without any penalties.

You see, English is not her first language. She misinterpreted an email from the UPIC and thought it said that you can fix any errors before submitting the documents. She fabricated 17 claims before I was hired instructed her to stop. I had a solid defense prepared. I was going to hire an independent auditor to audit her 147 claims with the 17 falsified claims. I would have hoped for a low error rate. Then, I would have conducted a self-audit and self-disclosed the fabrications to the UPIC with the explanation that it was a nonintentional harmless error that we are admitting. Self-disclosure can, sometimes, save you from penalties! However, if she doesn’t self-disclose, she will be caught. Unbeknownst to her, on page 6 of the service notes, it is time and date stamped. It revealed on what day she changed the data and what data she changed. Those of you who would also terminate your attorney because you think you can get by with the fraud without anyone noticing, think hard about whether you would like to suffer the worst penalty – jail – or have your attorney be honest and upfront and get you off without penalties by following the rules and self-disclosing any problems uncovered.
I have no idea what will happen to the doctor, but had she stayed with me, she would have escaped without penalty. When not to fire your attorney!
Ding Dong! PHE Is Dead!!!
The federal Public Health Emergency (PHE) for COVID-19, declared under Section 319 of the Public Health Service (PHS) Act, is expiring at the end of the day on May 11, 2023, today! This is huge. There have been thousands of exceptions and waivers due to COVID throughout the last 2 1/2 years. But on the end of the day on May 11, 2023…POOF….

Most exceptions or waivers will immediately cease.
The Department claims it has been working closely with partners—including Governors; state, local, Tribal, and territorial agencies; industry; and advocates—to ensure an orderly transition out of the COVID PHE.
Yesterday, HHS released a Fact Sheet. It is quite extensive, as it should be considering the amount of regulatory compliance changes that will happen overnight!
Since January 2021, COVID deaths have declined by 95% and hospitalizations are down nearly 91%.
There are some flexibilities and actions that will not be affected on May 11.
Access to COVID vaccinations and certain treatments, such as Paxlovid and Lagevrio, will generally not be affected.
At the end of the PHE on May 11, Americans will continue to be able to access COVID vaccines at no cost, just as they have during the COVID PHE. People will also continue to be able to access COVID treatments just as they have during the COVID PHE.
At some point, the federal government will no longer purchase or distribute COVID vaccines and treatments, payment, coverage, and access may change.
On April 18, 2023, HHS announced the “HHS Bridge Access Program for COVID-19 Vaccines and Treatments.” to maintain broad access to vaccines and treatments for uninsured Americans after the transition to the traditional health care market. For those with most types of private insurance, COVID vaccines recommended by the Advisory Committee on Immunization Practices (ACIP) are a preventive health service and will be fully covered without a co-pay when provided by an in-network provider. Currently, COVID vaccinations are covered under Medicare Part B without cost sharing, and this will continue. Medicare Advantage plans must also cover COVID vaccinations in-network without cost sharing, and this will continue. Medicaid will continue to cover COVID vaccinations without a co-pay or cost sharing through September 30, 2024, and will generally cover ACIP-recommended vaccines for most beneficiaries thereafter.
After the transition to the traditional health care market, out-of-pocket expenses for certain treatments, such as Paxlovid and Lagevrio, may change, depending on an individual’s health care coverage, similar to costs that one may experience for other covered drugs. Medicaid programs will continue to cover COVID treatments without cost sharing through September 30, 2024. After that, coverage and cost sharing may vary by state.
Major telehealth flexibilities will not be affected. The vast majority of current Medicare telehealth flexibilities that people with Medicare—particularly those in rural areas and others who struggle to find access to care—have come to rely upon throughout the PHE, will remain in place through December 2024. Plus, States already have significant flexibility with respect to covering and paying for Medicaid services delivered via telehealth. This flexibility was available prior to the COVID PHE and will continue to be available after the COVID PHE ends.
What will be affected by the end of the COVID-19 PHE:
Many COVID PHE flexibilities and policies have already been made permanent or otherwise extended for some time, with others expiring after May 11.
Certain Medicare and Medicaid waivers and broad flexibilities for health care providers are no longer necessary and will end. During the COVID PHE, CMS used a combination of emergency authority waivers, regulations, and sub-regulatory guidance to ensure and expand access to care and to give health care providers the flexibilities needed to help keep people safe. States, hospitals, nursing homes, and others are currently operating under hundreds of these waivers that affect care delivery and payment and that are integrated into patient care and provider systems. Many of these waivers and flexibilities were necessary to expand facility capacity for the health care system and to allow the health care system to weather the heightened strain created by COVID-19; given the current state of COVID-19, this excess capacity is no longer necessary.
For Medicaid, some additional COVID PHE waivers and flexibilities will end on May 11, while others will remain in place for six months following the end of the COVID PHE. But many of the Medicaid waivers and flexibilities, including those that support home and community-based services, are available for states to continue beyond the COVID PHE, if they choose to do so. For example, States have used COVID PHE-related flexibilities to increase the number of individuals served under a waiver, expand provider qualifications, and other flexibilities. Many of these options may be extended beyond the PHE.
Coverage for COVID-19 testing will change.
State Medicaid programs must provide coverage without cost sharing for COVID testing until the last day of the first calendar quarter that begins one year after the last day of the PHE. That means with the PHE ending on May 11, 2023, this mandatory coverage will end on September 30, 2024, after which coverage may vary by state.
The requirement for private insurance companies to cover COVID tests without cost sharing, both for OTC and laboratory tests, will end at the expiration of the PHE.
Certain COVID data reporting and surveillance will change. CDC COVID data surveillance has been a cornerstone of our response, and during the PHE, HHS had the authority to require lab test reporting for COVID. At the end of the COVID-19 PHE, HHS will no longer have this express authority to require this data from labs, which will affect the reporting of negative test results and impact the ability to calculate percent positivity for COVID tests in some jurisdictions. Hospital data reporting will continue as required by the CMS conditions of participation through April 30, 2024, but reporting will be reduced from the current daily reporting to weekly.
FDA’s ability to detect shortages of critical devices related to COVID-19 will be more limited. While FDA will still maintain its authority to detect and address other potential medical product shortages, it is seeking congressional authorization to extend the requirement for device manufacturers to notify FDA of interruptions and discontinuances of critical devices outside of a PHE which will strengthen the ability of FDA to help prevent or mitigate device shortages.
Public Readiness and Emergency Preparedness (PREP) Act liability protections will be amended. On April 14, 2023, HHS Secretary Becerra mailed all the governors announcing his intention to amend the PREP Act declaration to extend certain important protections that will continue to facilitate access to convenient and timely COVID vaccines, treatments, and tests for individuals.
More changes are occurring than what I can write in one, little blogpost. Know that auditors will be knocking on your doors, asking for dates of service during the PHE. Be sure to research the policies and exceptions that were pertinent during those DOS. This is imperative for defending yourself against auditors knocking on your doors.
And, as always, lawyer-up fast!
And just like the Wicked With of the West, DING DONG! The PHE is dead.
Medicare Extrapolation Under 50% Error Rate? No Extrapolation ALLOWED!
Earlier this year, I reported on the new extrapolation rules for all audits, including RAC, UPIC, TPE, CERT, etc. You know, that alphabet soup. The biggest change was that no extrapolation may be run if the error rate is under 50%. This was an exciting and unexpected new protection for health care providers. Now I have seen it in action and want to tell you about it.

A client of mine, an internal medicine facility in Alabama, received a notice of overpayment for over $3 million. This is the first case in which I saw the 50% error rate rule in action. Normally, I always tell clients that the first two levels of appeals are rubber-stamps. In other words, don’t expect to win. The QIC and the entity that conducted the audit saying you owe money are not going to overturn themselves. However, in this case, we were “partially favorable” at the QIC level. “Partially favorable” normally means mostly unfavorable. However, the partially favorable decision took the error rate from over 50% to under 50%. We re-grouped. Obviously, we were going to appeal because the new extrapolation was still over $1 million. However, before our ALJ hearing, we received correspondence from Palmetto that said our overpayment was $0. Confused, we wrote to the ALJ pointing out that Palmetto said our balance was zero. The Judge wrote back saying that, certainly, the money has already been recouped and the practice would get a refund if he reversed the denials.” “Ok,” we said and attended a telephonic hearing. We were unsuccessful at the hearing, and the ALJ upheld an alleged overpayment of over $1 million. We argued that the extrapolation should be thrown out due to the error rate being under 50%. The Judge still ruled against us, saying that CMS has the right to extrapolate, and the courts have upheld CMS’ ability to extrapolate. Ok, but what about the NEW RULE?
Later, we contacted Palmetto to confirm what the zero-balance meant. The letter read as if we did not owe anything, yet we had an ALJ decision mandating us to pay over a $1million. There was serious juxtaposition. After many hours of chasing answers on hold with multiple telephone answerers of Palmetto, we learned that, apparently, because the error rate dropped below 50% after the QIC level, Palmetto “wrote off” the nominal balance. Since an extrapolation was no longer allowed, the miniscule amount that Palmetto thought we owed wasn’t enough to pursue. However, the letter sent to us from Palmetto did not explain, “hey, we are writing off your overpayment because the error rate fell below 50%.” No, it was vague. We didn’t even know if it were true.
It took us reaching out to Palmetto and getting an email confirmation that Palmetto had written off the alleged overpayment due to the error rate dropping. Even the ALJ misinterpreted the letter, which tells me that Palmetto should revise its notices of write offs.
If Palmetto unilaterally dismisses or writes off any balance that is allegedly owed, the letter should explicitly explain this. Because providers and attorneys are not accustomed to receiving correspondence from a MAC, CMS, Palmetto, or any other auditing entity with GOOD NEWS. If we get GOOD NEWS from an auditing entity, that correspondence should be explicit.
Regardless, this was a huge win for me and my client, who was positively ecstatic with the outcome. Tune in next week, during which I will tell a story of how we battled successfully a qui tam action against a facility of 9 specialists due to a disgruntled employee who tried to blow the whistle on my specialists and their facility…falsely!
Preparing for Post-PHE Medicare and Medicaid Audits
Hello and happy RACMonitor Monday! As the nation forges ahead in the wake of the COVID-19 pandemic, the audits continue after that brief hiatus in March 2020. Recovery Audit Contractors (RACs), UPICs, and other auditors are dutifully reviewing claims on a post-payment basis. However, since COVID, there is a staffing shortage, which have many provider facilities scrambling on a normal basis. Throw in an audit of 150 claims and you’ve got serious souff-laying.
Yes, audit preparation has changed since COVID. Now you have more to do to prepare. Audits create more work when you have less staff. Well, suck it up sippy-cup because post-PHE audits are here.
The most important pre-audit preparation is knowing the COVID exceptions germane to your health care services. During PHE over the last two years, there has been a firehose of regulatory exceptions. You need to use these exceptions to your advantage because, let’s face it, the exceptions made regulatory compliance easier. For the period of time during which the exceptions applied, you didn’t have to get some signatures, meet face-to-face, have supervision, or what not. The dates during which these exceptions apply is also pertinent. I suggest creating a folder for all the COVID exceptions that apply to your facility. While I would like to assume that whatever lawyer that you hire, because, yes, you need to hire a lawyer, would know all the COVID exceptions – or, at least, know to research them, you never know. It only benefits you to be prepared.
Any medical provider that submits claims to a government program may be subject to a Medicare or Medicaid audit. Just because you have been audited in the past, doesn’t change the fact that you may be audited again in the future. RAC audits are not one-time or intermittent reviews and can be triggered by anything from an innocent documentation error to outright fraud. I get that questions a lot: This is my 3rd audit. At what point is this harassment. I’ve never researched the answer to that question, but I would venture that auditors get tons of latitude. So, don’t be that provider that is low-hanging fruit and simply pays post-payment reviews.
While reduced staff, high patient loads or other challenges may be bogging down your team, it’s important to remember that timeliness is crucial for CMS audit responses.
Locating the corresponding medical records and information can be a hassle at the best of times, but there are a few key things your organization can do to better prepare for a RAC Audit:
According to CMS, if selected for review, providers should discuss with their contractor any COVID-19-related hardships they are experiencing that could affect audit response timeliness. CMS notes that all reviews will be conducted in accordance with statutory and regulatory provisions, as well as related billing and coding requirements. Waivers and flexibilities will also be applied if they were in place on the dates of service for any claims potentially selected for review.
Ensure that the auditor has the appropriate contact information for requesting audit-related documentation. With so many changes to hospitals teams, it’s important to make sure that auditors’ requests for medical records are actually making it to the correct person or team in a timely manner.
Provide your internal audit review teams with proper access to data and other software tools like those used to ensure timely electronic audit responses. With a mix of teams working from home and in the office, it’s a good idea to make sure that teams handling Additional Documentation Requests (ADRs) and audit responses have the necessary access to the data they will need to respond to requests.
Review and document any changes to your audit review team processes.
Meet with your teams to ensure they fully understand the processes and are poised to respond within the required timeframes.
Successfully completing these audits in a timely manner is made much easier when the above processes and steps are in place.
PRF Audits: If You Did Not Report or Use Properly, You May Have a Recoupment!
Hello, my blog readers. Over the last two weeks, I have joined Nelson Mullins in the Raleigh office, attended Nelson Mullins’ healthcare retreat in Charlotte, and attended the Long Term and Post-Acute Care Law and Compliance conference in New Orleans, LA. It has been quite a whirlwind! I also appeared on RACMonitor, as I do every Monitor Monday.
Joining Nelson Mullins has been fantastic. There is a deep bench of health care attorneys, so now I am able to offer my clients all legal services they may need.

Today I am writing about provider relief funds (“PRF”) audits because, folks, PRF audits are HERE. If providers failed to report their PRF or used the funds for non-allowable items having nothing to do with COVID, HHS and OIG may recoup the funds.
An allowable expense under the PRF must be used to prevent, prepare for, and respond to coronavirus. PRF recipients must follow their basis of accounting (e.g., cash, accrual, or modified accrual) to determine expenses. The cited expenses, as well as losses, must not have been reimbursed from other sources and other sources must not be obligated to reimburse them.
Many providers were recipients of provider relief funds or PRF during the COVID pandemic. If providers received these funds there were reporting requirements and use requirements. Now audits are being conducted to ensure the funds’ proper use and reporting. Audits are being rolled out on two different fronts: (1) HHS; and (2) HRSA – or Health Resources Services Administration.
On Feb. 25, 2022, the American Institute of Certified Public Accountants’ (AICPA) Government Audit Quality Center (GAQC) provided long-awaited guidance to for-profit healthcare organizations that are subject to the Provider Relief Fund (PRF) audit requirements. The guidance came in the form of a practice aid entitled HHS Audit Requirements for For-Profit Entities with Awards from the Provider Relief Fund Program and Other HHS Programs. Its goal is to provide clarity to for-profit healthcare entities that expend $750,000 or more in federal awards in a given reporting period, which includes the PRF and other federal awards included in the Assistance Listing but excludes Paycheck Protection Program funds. Based on the practice aid, here is a summary of audit options available to for-profit entities to meet the audit compliance requirements of the U.S. DHHS.
- Uniform Guidance Audits
- Single Audit – A single audit requires an audit of both the financial statements under Generally Accepted Government Auditing Standards (GAGAS) and a compliance audit under Uniform Guidance. The compliance audit requires testing compliance with any major program(s) as defined by Uniform Guidance as well as obtaining an understanding of internal control over compliance and testing the internal control over compliance for each major program identified. The results are two auditor’s reports: one on the financial statements and one on compliance and internal controls over compliance. This option is necessary if federal regulations require a financial statement audit. This option is available to entities with funding from multiple programs from any federal agency.
- Program-Specific Audit – The program-specific audit is similar to the single audit except that it removes the financial statement audit requirement. Therefore, tests of compliance, an understanding of internal control over compliance, and testing internal control over compliance are required for this engagement. A schedule of a specific element of a financial statement would be prepared. The results are two auditor’s reports: one on the schedule of a specific element of a financial statement (the PRF funding) and one on compliance and internal controls over compliance. This option is only available if the entity has funding under one HHS program, such as the PRF.
- Financial-Related Audit Under GAGAS – A financial-related audit under GAGAS requires an audit to be conducted on only one schedule of a specific element of the financial statements. This option is only available if all federal funds expended during the period were from HHS programs. The schedule (the HHS Schedule) would include all federal awards from HHS, including the PRF. It does not require an audit of the financial statements or any testing of internal controls over compliance. It does require compliance testing, but no opinion on compliance is issued. The result is an auditor’s report only on the HHS Schedule.
There are 4 reporting periods per year that will be audited. Reporting for the 2023 4th period is going on now. Providers who received a PRF (General or Targeted) exceeding $10,000 in the aggregate, from July 1, 2021, to December 31, 2021, are required to report on their use of funds during RP4. The deadline to submit a report is March 31, 2023.
There is an appeal process if you receive a Final Repayment Notice. Once you receive a Final Repayment Notice, you have 60 days to either pay or appeal.
- Providers who do not take one of these actions within 60 days of HRSA’s Final Repayment Notice may be referred by HRSA to the HHS Program Support Center (PSC) for the initiation of debt collection activities.
- PSC, in coordination with the U.S. Department of Treasury, will issue formal debt collection letters to all providers that HRSA refers for debt collection. At this point, PSC and Treasury will take over all debt collection communications with referred providers. Debt collection activities may include accrual of interest, penalties, and recovery of funds by offsetting other Federal payments allocated to the entity.
HRSA cannot establish payment plans for outstanding debts. Once the repayment amount has been referred to PSC and becomes official debt, providers can apply for repayment plans directly with PSC.