Category Archives: Medicare RAC
Today, I am going to talk about RAC audits. I know what you are thinking…don’t you always talk about RACs? Of course, you are going to talk about RAC audits. No. Today, I’m taking this blog in a different direction.
I want to talk about secret, hidden RAC audits. As you are aware, the federal regulations limit RACs from going back more than 3 years to audit claims. Juxtapose the UPICs, TPEs, SMRCs, MACs, OIG, and even State Medicaid agencies. Everyone, but the RACs are allowed more than a 3-year lookback period. Some, like OIG, have long lookback periods. Coincidentally, when a company responds to an RFP or a request for proposal from CMS to act as CMS’ vendor to conduct Medicare audits on America’s Medicare providers, a clause in the proposed contract between CMS and the vendor is highly argued or negotiated. Which clause in the vendor’s contract is most negotiated? I will tell you. The clause that states that the vendor is a RAC is most negotiated. Because if the vendor is called a UPIC instead of a RAC, the vendor has a longer lookback period. Being called a UPIC, suddenly, becomes a commodity. There are no laws mandating UPICs to a 3-year lookback period. All of a sudden, it is not hip to be a RAC.
Look into it. Do your research. The contracts are public record. Ask for Cotiviti’s contracts with CMS. Notice I said contracts, not contract. What I have realized over time is that a vendor may be hired by CMS to be a RAC auditor, but, once the vendor realizes the limit of 3 years, it goes back to CMS and asks if it can be considered an UPIC. Why? A UPIC can do everything that a RAC does; however, it gets an additional 3 years to lookback at claims and that means money. Cha-ching! Even Dr. Ron Hirsh commented today on RACMonitor about this story, which I presented this morning at 10:00am, as I present every Monday morning, live, on the national podcast RACMonitor , hosted by Chuck Buck and produced by MedLearn. If you want to listen to the podcast, click the following link: Nelson Mullins – Monitor Mondays Podcast Featuring Knicole Emanuel; Defeating Statistical Extrapolations, Expansion of Medicaid RACs, IPPS Final Rule, Smart Hospitals, and Physician Advisors Episodes
The podcast is also on video, but I don’t know how to view that. If you do, you would see my baby duck Biscuit on the screen. He joined me this morning to talk about, “What Walks Like a Duck and Quacks Like a Duck, Must be a Duck.” Dr. Hirsh commented that companies like Cotiviti have many, many contracts deeming Cotiviti many different acronyms. If you get a letter from Cotiviti, do not assume it is acting as a RAC. Instead, ask for the contract which allows Cotiviti to do what it purports to want to do.
I’ve noticed this trend in real life, but only for 10-20 individual cases, maybe 30. I have not had the time to draft a FOYIA request, and, quite frankly, my name on a FOYIA request nowadays result in a response that says, something to the effect of, use discovery instead. Even though my personal experiences should not be extrapolated across the country because that would be inappropriate and judgmental, I will give an example and you may extrapolate or not. There is a company that has been doing RAC audits in NC for the last 5-8 years. It is called Public Consulting Group (“PCG”). PCG and I go way back. If you are a longtime listener of RACMonitor, you will recall that Ed Roche and I presented numerous podcasts about the debacle in NM in 2013. The State of NM put 15 Medicaid providers who constituted 87.6% of the BH providers in NM at the time. The consequences were catastrophic; thousands were out of BH services overnight. There is even a documentary about the unraveling of BH in NM in 2013. The reason that these 15 BH providers were put out of business overnight was because of a NM vendor called PCG. PCG issued a report to NM after conducting Medicaid audits on these 15 BH facilities, which accused the 15 facilities of fraud. In 2013, PCG was considered a RAC per contract. Today, when I have a case against PCG and make the 3-year lookback period argument, I get a retort that it’s not a RAC. Instead it’s a UPIC.
To which I say, if it walks like a duck and talks like a duck, it is a duck.
Not everyone loves their job. Not everyone has a job. Not everyone does their job. And that includes doctors and lawyers. Not all doctors and lawyers do their jobs well. When a doctor fails to doctor, where does the liability lie? On the facility? On the hospital?
That is exactly what happened in one of my cases. My client, an inpatient substance abuse facility, hired a physician. Upon hire, the doctor signed an employment agreement that stated that he or she would perform the role as a doctor/medical director for the facility. Years passed. There were no complaints, so the executive committee was under the impression that the doctor was fulfilling his duties. The members certainly had no reason to suspect that the doctor was not doctoring according to the employment contract. No, they assumed that a doctor would doctor.
Then a RAC audit happened. As you are well aware, RAC audits go back three years. The facility received a Tentative Notice of Overpayment from the RAC alleging the facility owed almost $10 million. I was hired, and I conducted a review of the facility, its policies, and interviewed all staff. It came to light that the doctor did not review the results of urinalysis tests. Remember, this is a substance abuse facility. Urine tests are essential. The Medicaid recipients provided the samples; they peed in a cup. The labs were ordered. The doctor has a standing order for definitive and presumptive urinalysis tests. The doctor has sole access to the test results electronically. We discovered, much to our horror, that the doctor never looked at the results. For the past three years, she has never informed any patient that they were or were not positive or negative for any substance. In my mind, reviewing the urinalysis results goes hand in hand with substance abuse therapy.
Here, we discovered a breakdown in the facility, but that breakdown was one person not doing his or her job. Sadly for him or her, we – the facility – were able to use the doctor’s failure to doctor to our advantage. We appealed the $10 million alleged overpayment. Our primary defense was throwing the doctor under the bus, and we had every right to do so. Who would have expected your medical director failing to direct or review pertinent tests. In the world of law, respondeat superior, normally, is the general rule. In Latin, respondeat superior means that the superior or the boss or the owner is responsible for those underneath them. In this case, the facility is the superior and the doctor is the inferior, so you would expect the facility to bear any liability of its employees. But, not here. Not in this case. The doctor failed to meet expectations of the job. By not reviewing urinalysis test results, the doctor veered enough off the track to relieve liability from the facility. The doctor’s inactions were the direct cause of the accusation of owing $10 million. The administrative law judge (“ALJ”) agreed. After terminating the doctor, we contemplated suing the physician for damages. However, since we won the alleged overpayment case, we did not do so.
Earlier this year, I reported on the new extrapolation rules for all audits, including RAC, UPIC, TPE, CERT, etc. You know, that alphabet soup. The biggest change was that no extrapolation may be run if the error rate is under 50%. This was an exciting and unexpected new protection for health care providers. Now I have seen it in action and want to tell you about it.
A client of mine, an internal medicine facility in Alabama, received a notice of overpayment for over $3 million. This is the first case in which I saw the 50% error rate rule in action. Normally, I always tell clients that the first two levels of appeals are rubber-stamps. In other words, don’t expect to win. The QIC and the entity that conducted the audit saying you owe money are not going to overturn themselves. However, in this case, we were “partially favorable” at the QIC level. “Partially favorable” normally means mostly unfavorable. However, the partially favorable decision took the error rate from over 50% to under 50%. We re-grouped. Obviously, we were going to appeal because the new extrapolation was still over $1 million. However, before our ALJ hearing, we received correspondence from Palmetto that said our overpayment was $0. Confused, we wrote to the ALJ pointing out that Palmetto said our balance was zero. The Judge wrote back saying that, certainly, the money has already been recouped and the practice would get a refund if he reversed the denials.” “Ok,” we said and attended a telephonic hearing. We were unsuccessful at the hearing, and the ALJ upheld an alleged overpayment of over $1 million. We argued that the extrapolation should be thrown out due to the error rate being under 50%. The Judge still ruled against us, saying that CMS has the right to extrapolate, and the courts have upheld CMS’ ability to extrapolate. Ok, but what about the NEW RULE?
Later, we contacted Palmetto to confirm what the zero-balance meant. The letter read as if we did not owe anything, yet we had an ALJ decision mandating us to pay over a $1million. There was serious juxtaposition. After many hours of chasing answers on hold with multiple telephone answerers of Palmetto, we learned that, apparently, because the error rate dropped below 50% after the QIC level, Palmetto “wrote off” the nominal balance. Since an extrapolation was no longer allowed, the miniscule amount that Palmetto thought we owed wasn’t enough to pursue. However, the letter sent to us from Palmetto did not explain, “hey, we are writing off your overpayment because the error rate fell below 50%.” No, it was vague. We didn’t even know if it were true.
It took us reaching out to Palmetto and getting an email confirmation that Palmetto had written off the alleged overpayment due to the error rate dropping. Even the ALJ misinterpreted the letter, which tells me that Palmetto should revise its notices of write offs.
If Palmetto unilaterally dismisses or writes off any balance that is allegedly owed, the letter should explicitly explain this. Because providers and attorneys are not accustomed to receiving correspondence from a MAC, CMS, Palmetto, or any other auditing entity with GOOD NEWS. If we get GOOD NEWS from an auditing entity, that correspondence should be explicit.
Regardless, this was a huge win for me and my client, who was positively ecstatic with the outcome. Tune in next week, during which I will tell a story of how we battled successfully a qui tam action against a facility of 9 specialists due to a disgruntled employee who tried to blow the whistle on my specialists and their facility…falsely!
Hello and happy RACMonitor Monday! As the nation forges ahead in the wake of the COVID-19 pandemic, the audits continue after that brief hiatus in March 2020. Recovery Audit Contractors (RACs), UPICs, and other auditors are dutifully reviewing claims on a post-payment basis. However, since COVID, there is a staffing shortage, which have many provider facilities scrambling on a normal basis. Throw in an audit of 150 claims and you’ve got serious souff-laying.
Yes, audit preparation has changed since COVID. Now you have more to do to prepare. Audits create more work when you have less staff. Well, suck it up sippy-cup because post-PHE audits are here.
The most important pre-audit preparation is knowing the COVID exceptions germane to your health care services. During PHE over the last two years, there has been a firehose of regulatory exceptions. You need to use these exceptions to your advantage because, let’s face it, the exceptions made regulatory compliance easier. For the period of time during which the exceptions applied, you didn’t have to get some signatures, meet face-to-face, have supervision, or what not. The dates during which these exceptions apply is also pertinent. I suggest creating a folder for all the COVID exceptions that apply to your facility. While I would like to assume that whatever lawyer that you hire, because, yes, you need to hire a lawyer, would know all the COVID exceptions – or, at least, know to research them, you never know. It only benefits you to be prepared.
Any medical provider that submits claims to a government program may be subject to a Medicare or Medicaid audit. Just because you have been audited in the past, doesn’t change the fact that you may be audited again in the future. RAC audits are not one-time or intermittent reviews and can be triggered by anything from an innocent documentation error to outright fraud. I get that questions a lot: This is my 3rd audit. At what point is this harassment. I’ve never researched the answer to that question, but I would venture that auditors get tons of latitude. So, don’t be that provider that is low-hanging fruit and simply pays post-payment reviews.
While reduced staff, high patient loads or other challenges may be bogging down your team, it’s important to remember that timeliness is crucial for CMS audit responses.
Locating the corresponding medical records and information can be a hassle at the best of times, but there are a few key things your organization can do to better prepare for a RAC Audit:
According to CMS, if selected for review, providers should discuss with their contractor any COVID-19-related hardships they are experiencing that could affect audit response timeliness. CMS notes that all reviews will be conducted in accordance with statutory and regulatory provisions, as well as related billing and coding requirements. Waivers and flexibilities will also be applied if they were in place on the dates of service for any claims potentially selected for review.
Ensure that the auditor has the appropriate contact information for requesting audit-related documentation. With so many changes to hospitals teams, it’s important to make sure that auditors’ requests for medical records are actually making it to the correct person or team in a timely manner.
Provide your internal audit review teams with proper access to data and other software tools like those used to ensure timely electronic audit responses. With a mix of teams working from home and in the office, it’s a good idea to make sure that teams handling Additional Documentation Requests (ADRs) and audit responses have the necessary access to the data they will need to respond to requests.
Review and document any changes to your audit review team processes.
Meet with your teams to ensure they fully understand the processes and are poised to respond within the required timeframes.
Successfully completing these audits in a timely manner is made much easier when the above processes and steps are in place.
The issue today is whether health care auditors can double-dip. In other words, if a provider has two concurrent audits, can the audits overlap? Can two audits scrutinize one date of service (“DOS”) for the same consumer. It certainly doesn’t seem fair. Five years ago, CMS first compiled a list of services that the newly implemented RAC program was to audit. It’s been 5 years with the RAC program. What is it about the RAC program that stands out from the other auditor abbreviations?
We’re talking about Cotiviti and Performant Recovery; you know the players. The Recovery Audit Program’s mission is to reduce Medicare improper payments through the efficient detection and collection of overpayments, the identification of underpayments and the implementation of actions that will prevent future improper payments.
RACs review claims on a post-payment basis. The RACs detect and correct past improper payments so that CMS and Carriers, and MACs can implement actions that will prevent future improper payments.
RACs are also held to different regulations than the other audit abbreviations. 42 CFR Subpart F dictates the Medicaid RACs. Whereas the Medicare program is run by 42 CFR Subchapter B.
The auditors themselves are usually certified coders or LPNs.
As most of you know, I present on RACMonitor every week with a distinguished panel of experts. Last week, a listener asked whether 2 separate auditors could audit the same record. Dr. Ronald Hirsh’s response was: yes, a CERT can audit a chart that another reviewer is auditing if it is part of a random sample. I agree with Dr. Hirsh. When a random sample is taken, then the auditors, by definition, have no idea what claims will be pulled, nor would the CERT have any knowledge of other contemporaneous and overlapping audits. But what about multiple RAC audits? I do believe that the RACs should not overlap its own audits. Personally, I don’t like the idea of one claim being audited more than once. What if the two auditing companies make differing determinations? What if CERT calls a claim compliant and the RAC denies the claim? The provider surely should not pay back a claim twice.
I believe Ed Roche presented on this issue a few weeks ago, and he called it double-dipping.
This doesn’t seem fair. What Dr. Hirsh did not address in his response to the listener was that, even if a CERT is allowed to double-dip via the rules or policies, there could be case law saying otherwise.
I did a quick search on Westlaw to see if there were any cases where the auditor was accused of double-dipping. It was not a comprehensive search by any means, but I did not see any cases where auditors were accused of double-dipping. I did see a few cases where hospitals were accused of double-dipping by collecting DSH payments to cover costs that had already been reimbursed, which seems like a topic for another day.
The Centers for Medicare & Medicaid Services (“CMS”) has modified the additional documentation request (“ADR”) limits for the Medicare Fee-for-Service Recovery Audit Contractor (“RAC”) program for suppliers. Yet, one of our listeners informed me that CMS has found a “work around” from the RAC ADR limits. She said, “There is the nationwide Supplemental Medical Review Contractor (“SMRC”) audits and now nationwide Quality Improvement Organizations (“QIO”) contract audits. These contracts came about after the Congressional limits on number of audits by the RAC.” Dr. Hirsh retorted, “But SMRC and QIO are not paid contingency fee. So, they are “different” audits. RACs are evil; SMRC and QIO have a few redeeming qualities.” I completely agree with Dr. Hirsh. But her point is well taken – SMRCs and QIOs follow different rules than RACs, so of course the SMRCs and QIOs have distinct ADR limits.
This is similar to the lookback periods. The lookback period varies depending on the acronym: RAC, MAC, or UPIC. RACs’ lookback period is 3 years, yet other acronyms get longer periods. I think what Dr. Hirsh is saying is right, because RACs are paid by contingency instead of a contracted rate, we have to limit the RACs authority because they are already incentivized the find problems., plus they are allowed to extrapolate. The RACs already have too much leash.
So, what are the RAC ADR limits?
Well, interestingly they just changed in April 2022. These limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular Healthcare Common Procedure Coding System (HCPCS) policy group. The policy groups are available on the pricing, coding analysis, and coding (PDAC), website. Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
I wanted to go into the SMRCs and QIOs’ ADR limits to see whether they are are following THEIR rules, but I’m out of time for today. I’ll research the SMRCs and QIOs ADR limits for next week and I will have an answer for you.
Today I’m going to answer a few inquiries about recovery audit contractor (“RAC”) audits from providers. A question that I get often is: “Do I have to submit the same medical records to my Medicare Administrative Contractor (“MAC”) that I submit to a RAC for an audit?” The answer is “No.” Providers are not required to submit medical records to the MAC if submitted to a RAC, but doing so is encouraged by most MACs. There is no requirement that you submit to the MAC what you submit to RACs. This makes sense because the MACs and the RACs have disparate job duties. One of the MACs, Palmetto, instructs providers to send records sent to a RAC directly to the Palmetto GBA Appeals Department. Why send the records for a RAC audit to a MAC appeals department? Are they forecasting your intentions? The instruction is nonsensical unless ulterior motives exist.
RAC audits are separate from mundane MAC issues. They are distinct. Quite frankly, your MAC shouldn’t even be aware of your audit. (Why is it their business?) Yet, many times I see the MACs cc-ed on correspondence. Often, I feel like it’s a conspiracy – and you’re not invited. You get audited, and everyone is notified. It’s as if you are guilty before any trial.
I also get this question for appeals – “Do I need to send the medical records again? I already sent them for the initial review. Why do I need to send the same documents for appeal?” I get it – making copies of medical records is time-consuming. It also costs money. Paper and ink don’t grow on trees. The answer is “Yes.” This may come as a shock, but sometimes documents are misplaced or lost. Auditors are humans, and mistakes occur. Just like, providers are humans, and 100% Medicare regulatory compliance is not required…people make mistakes; those mistakes shouldn’t cause financial ruin.
“Do the results of a RAC audit get sent to your MAC?” The answer is “Yes.” Penalties penalize you in the future. You have to disclose penalties, and the auditors can and will use the information against you. The more penalties you have paid in the past clear demonstrate that you suffer from abhorrent billing practices.
In fact, Medicare post-payment audits are estimated to have risen over 900 percent over the last five years. Medicare provider audits take money from providers and give to the auditors. If you are an auditor, you uncover bad results or you aren’t good at your job.
Politicians see audits as a financial win and a plus for their platform. Reducing fraud, waste, and abuse is a fantastic platform. Everyone gets on board, and votes increase.
Appealing your RAC audits is essential, but you have to understand that you won’t get a fair deal. The Medicare provider appeals process is an uphill battle for providers. And your MACs will be informed.
The first two levels, redeterminations and reconsiderations are, basically, rubber-stamps on the first determination.
The third level is the before an administrative law judge (ALJ), and is the first appeal level that is before an independent tribunal.
Moving to the False Claims Act, which is the ugly step-sister to regulatory non-compliance and overpayments. The government and qui tam relators filed 801 new cases in 2022. That number is down from the unprecedented heights reached in 2020 (when there were a record 922 new FCA cases), but is consistent with the pace otherwise set over the past decade, reflecting the upward trend in FCA activity by qui tam relators and the government since the 2009 amendments to the statute.
See the chart below for reference:
The Centers for Medicare & Medicaid Services (CMS) announced that they have modified the additional documentation request (ADR) limits for the Medicare Fee-for-Service Recovery Audit Contractor (RAC) program for suppliers. ADRs are the about of documents that a RAC auditor can demand from you. This is a win for DME providers.
Currently, the RAC’s methodology is based on a total claim number by NPI without consideration for the number of claims in a particular product category. This means that suppliers can receive large volumes of RAC audits for a product category in which they do minimal business.
These new limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. These changes will be effective beginning April 1, 2022.
Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular HCPCS policy group (The policy groups are available on the PDAC website). Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). If you get more than the allowed ADRs, call them out. These limits are created to lessen the burden on providers.
Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
- Supplier A had 1,253 claims paid with HCPCS codes in the “surgical dressings” policy group, within a previous 12-month period. The supplier’s ADR limit would be (1,253 * 0.1) / 8 = 15.6625, or 16 ADRs, per 45 days, for claims with HCPCS codes in the “surgical dressings” policy group.
- Supplier B had 955 claims paid with HCPCS codes in the “glucose monitor” policy group, within a previous 12-month period. The supplier’s ADR limit would be (955 * 0.1) / 8 = 11.9375 or 12 ADRs, per 45 days, for claims with HCPCS codes in the “glucose monitor” policy group.
CMS reserves the right to give a RAC permission to exceed these ADR limits. But that would be in instances of potential fraud.
Hospitals across the nation are seeing lower profits, and it’s all because of a sudden, tsunami of Medicare and Medicaid provider audits. Whether it be RAC, MAC, UPIC, or Program Integrity, hospital audits are rampant. Billing errors, especially ‘supposed bundling,’ are causing a high rate of insurance claims denials, hurting the finances of hospitals and providers.
A recent report from American Hospital Association (AHA) found “Under an optimistic scenario, hospitals would lose $53 billion in revenue this year. Under a more pessimistic scenario, hospitals would lose $122 billion thanks to a $64 billion decline in outpatient revenue”*
The “Health Care Auditing and Revenue Integrity—2021 Benchmarking and Trends Report” is an insider’s look at billing and claims issues but reveals insights into health care costs trends and why administrative issues continue to play an outsize role in the nation’s high costs in this area. The data used covers 900+ facilities, 50,000 providers, 1500 coders, and 700 auditors – what could go wrong?
According to the report,
- 40% of COVID-19-related charges were denied and 40% of professional outpatient audits for COVID-19 and 20% of hospital inpatient audits failed.
- Undercoding poses a significant revenue risk, with audits indicating the average value of underpayment is $3,200 for a hospital claim and $64 for a professional claim.
- Overcoding remains problematic, with Medicare Advantage plans and payers under scrutiny for expensive inpatient medical necessity claims, drug charges, and clinical documentation to justify the final reimbursement.
- Missing modifiers resulted in an average denied amount of $900 for hospital outpatient claims, $690 for inpatient claims, and $170 for professional claims.
- 33% of charges submitted with hierarchical condition category (HCC) codes were initially denied by payers, highlighting increased scrutiny of complex inpatient stays and higher financial risk exposure to hospitals.
The top fields being audited were diagnoses, present on admission indicator, diagnosis position, CPT/HCPCS coding, units billed, and date of service. The average outcome from the audits was 70.5% satisfactory. So, as a whole, they got a ‘C’.
While this report did not in it of itself lead to any alleged overpayments and recoupments, guess who else is reading this audit and salivating like Pavlov’s dogs? The RACs, MACs, UPICs, and all other alphabet soup auditors. The 900 facilities and 50,000 health care providers need to be prepared for audits with consequences. Get those legal defenses ready!!!!