Category Archives: RAC
Today, I am going to talk about RAC audits. I know what you are thinking…don’t you always talk about RACs? Of course, you are going to talk about RAC audits. No. Today, I’m taking this blog in a different direction.
I want to talk about secret, hidden RAC audits. As you are aware, the federal regulations limit RACs from going back more than 3 years to audit claims. Juxtapose the UPICs, TPEs, SMRCs, MACs, OIG, and even State Medicaid agencies. Everyone, but the RACs are allowed more than a 3-year lookback period. Some, like OIG, have long lookback periods. Coincidentally, when a company responds to an RFP or a request for proposal from CMS to act as CMS’ vendor to conduct Medicare audits on America’s Medicare providers, a clause in the proposed contract between CMS and the vendor is highly argued or negotiated. Which clause in the vendor’s contract is most negotiated? I will tell you. The clause that states that the vendor is a RAC is most negotiated. Because if the vendor is called a UPIC instead of a RAC, the vendor has a longer lookback period. Being called a UPIC, suddenly, becomes a commodity. There are no laws mandating UPICs to a 3-year lookback period. All of a sudden, it is not hip to be a RAC.
Look into it. Do your research. The contracts are public record. Ask for Cotiviti’s contracts with CMS. Notice I said contracts, not contract. What I have realized over time is that a vendor may be hired by CMS to be a RAC auditor, but, once the vendor realizes the limit of 3 years, it goes back to CMS and asks if it can be considered an UPIC. Why? A UPIC can do everything that a RAC does; however, it gets an additional 3 years to lookback at claims and that means money. Cha-ching! Even Dr. Ron Hirsh commented today on RACMonitor about this story, which I presented this morning at 10:00am, as I present every Monday morning, live, on the national podcast RACMonitor , hosted by Chuck Buck and produced by MedLearn. If you want to listen to the podcast, click the following link: Nelson Mullins – Monitor Mondays Podcast Featuring Knicole Emanuel; Defeating Statistical Extrapolations, Expansion of Medicaid RACs, IPPS Final Rule, Smart Hospitals, and Physician Advisors Episodes
The podcast is also on video, but I don’t know how to view that. If you do, you would see my baby duck Biscuit on the screen. He joined me this morning to talk about, “What Walks Like a Duck and Quacks Like a Duck, Must be a Duck.” Dr. Hirsh commented that companies like Cotiviti have many, many contracts deeming Cotiviti many different acronyms. If you get a letter from Cotiviti, do not assume it is acting as a RAC. Instead, ask for the contract which allows Cotiviti to do what it purports to want to do.
I’ve noticed this trend in real life, but only for 10-20 individual cases, maybe 30. I have not had the time to draft a FOYIA request, and, quite frankly, my name on a FOYIA request nowadays result in a response that says, something to the effect of, use discovery instead. Even though my personal experiences should not be extrapolated across the country because that would be inappropriate and judgmental, I will give an example and you may extrapolate or not. There is a company that has been doing RAC audits in NC for the last 5-8 years. It is called Public Consulting Group (“PCG”). PCG and I go way back. If you are a longtime listener of RACMonitor, you will recall that Ed Roche and I presented numerous podcasts about the debacle in NM in 2013. The State of NM put 15 Medicaid providers who constituted 87.6% of the BH providers in NM at the time. The consequences were catastrophic; thousands were out of BH services overnight. There is even a documentary about the unraveling of BH in NM in 2013. The reason that these 15 BH providers were put out of business overnight was because of a NM vendor called PCG. PCG issued a report to NM after conducting Medicaid audits on these 15 BH facilities, which accused the 15 facilities of fraud. In 2013, PCG was considered a RAC per contract. Today, when I have a case against PCG and make the 3-year lookback period argument, I get a retort that it’s not a RAC. Instead it’s a UPIC.
To which I say, if it walks like a duck and talks like a duck, it is a duck.
Not everyone loves their job. Not everyone has a job. Not everyone does their job. And that includes doctors and lawyers. Not all doctors and lawyers do their jobs well. When a doctor fails to doctor, where does the liability lie? On the facility? On the hospital?
That is exactly what happened in one of my cases. My client, an inpatient substance abuse facility, hired a physician. Upon hire, the doctor signed an employment agreement that stated that he or she would perform the role as a doctor/medical director for the facility. Years passed. There were no complaints, so the executive committee was under the impression that the doctor was fulfilling his duties. The members certainly had no reason to suspect that the doctor was not doctoring according to the employment contract. No, they assumed that a doctor would doctor.
Then a RAC audit happened. As you are well aware, RAC audits go back three years. The facility received a Tentative Notice of Overpayment from the RAC alleging the facility owed almost $10 million. I was hired, and I conducted a review of the facility, its policies, and interviewed all staff. It came to light that the doctor did not review the results of urinalysis tests. Remember, this is a substance abuse facility. Urine tests are essential. The Medicaid recipients provided the samples; they peed in a cup. The labs were ordered. The doctor has a standing order for definitive and presumptive urinalysis tests. The doctor has sole access to the test results electronically. We discovered, much to our horror, that the doctor never looked at the results. For the past three years, she has never informed any patient that they were or were not positive or negative for any substance. In my mind, reviewing the urinalysis results goes hand in hand with substance abuse therapy.
Here, we discovered a breakdown in the facility, but that breakdown was one person not doing his or her job. Sadly for him or her, we – the facility – were able to use the doctor’s failure to doctor to our advantage. We appealed the $10 million alleged overpayment. Our primary defense was throwing the doctor under the bus, and we had every right to do so. Who would have expected your medical director failing to direct or review pertinent tests. In the world of law, respondeat superior, normally, is the general rule. In Latin, respondeat superior means that the superior or the boss or the owner is responsible for those underneath them. In this case, the facility is the superior and the doctor is the inferior, so you would expect the facility to bear any liability of its employees. But, not here. Not in this case. The doctor failed to meet expectations of the job. By not reviewing urinalysis test results, the doctor veered enough off the track to relieve liability from the facility. The doctor’s inactions were the direct cause of the accusation of owing $10 million. The administrative law judge (“ALJ”) agreed. After terminating the doctor, we contemplated suing the physician for damages. However, since we won the alleged overpayment case, we did not do so.
Earlier this year, I reported on the new extrapolation rules for all audits, including RAC, UPIC, TPE, CERT, etc. You know, that alphabet soup. The biggest change was that no extrapolation may be run if the error rate is under 50%. This was an exciting and unexpected new protection for health care providers. Now I have seen it in action and want to tell you about it.
A client of mine, an internal medicine facility in Alabama, received a notice of overpayment for over $3 million. This is the first case in which I saw the 50% error rate rule in action. Normally, I always tell clients that the first two levels of appeals are rubber-stamps. In other words, don’t expect to win. The QIC and the entity that conducted the audit saying you owe money are not going to overturn themselves. However, in this case, we were “partially favorable” at the QIC level. “Partially favorable” normally means mostly unfavorable. However, the partially favorable decision took the error rate from over 50% to under 50%. We re-grouped. Obviously, we were going to appeal because the new extrapolation was still over $1 million. However, before our ALJ hearing, we received correspondence from Palmetto that said our overpayment was $0. Confused, we wrote to the ALJ pointing out that Palmetto said our balance was zero. The Judge wrote back saying that, certainly, the money has already been recouped and the practice would get a refund if he reversed the denials.” “Ok,” we said and attended a telephonic hearing. We were unsuccessful at the hearing, and the ALJ upheld an alleged overpayment of over $1 million. We argued that the extrapolation should be thrown out due to the error rate being under 50%. The Judge still ruled against us, saying that CMS has the right to extrapolate, and the courts have upheld CMS’ ability to extrapolate. Ok, but what about the NEW RULE?
Later, we contacted Palmetto to confirm what the zero-balance meant. The letter read as if we did not owe anything, yet we had an ALJ decision mandating us to pay over a $1million. There was serious juxtaposition. After many hours of chasing answers on hold with multiple telephone answerers of Palmetto, we learned that, apparently, because the error rate dropped below 50% after the QIC level, Palmetto “wrote off” the nominal balance. Since an extrapolation was no longer allowed, the miniscule amount that Palmetto thought we owed wasn’t enough to pursue. However, the letter sent to us from Palmetto did not explain, “hey, we are writing off your overpayment because the error rate fell below 50%.” No, it was vague. We didn’t even know if it were true.
It took us reaching out to Palmetto and getting an email confirmation that Palmetto had written off the alleged overpayment due to the error rate dropping. Even the ALJ misinterpreted the letter, which tells me that Palmetto should revise its notices of write offs.
If Palmetto unilaterally dismisses or writes off any balance that is allegedly owed, the letter should explicitly explain this. Because providers and attorneys are not accustomed to receiving correspondence from a MAC, CMS, Palmetto, or any other auditing entity with GOOD NEWS. If we get GOOD NEWS from an auditing entity, that correspondence should be explicit.
Regardless, this was a huge win for me and my client, who was positively ecstatic with the outcome. Tune in next week, during which I will tell a story of how we battled successfully a qui tam action against a facility of 9 specialists due to a disgruntled employee who tried to blow the whistle on my specialists and their facility…falsely!
The issue today is whether health care auditors can double-dip. In other words, if a provider has two concurrent audits, can the audits overlap? Can two audits scrutinize one date of service (“DOS”) for the same consumer. It certainly doesn’t seem fair. Five years ago, CMS first compiled a list of services that the newly implemented RAC program was to audit. It’s been 5 years with the RAC program. What is it about the RAC program that stands out from the other auditor abbreviations?
We’re talking about Cotiviti and Performant Recovery; you know the players. The Recovery Audit Program’s mission is to reduce Medicare improper payments through the efficient detection and collection of overpayments, the identification of underpayments and the implementation of actions that will prevent future improper payments.
RACs review claims on a post-payment basis. The RACs detect and correct past improper payments so that CMS and Carriers, and MACs can implement actions that will prevent future improper payments.
RACs are also held to different regulations than the other audit abbreviations. 42 CFR Subpart F dictates the Medicaid RACs. Whereas the Medicare program is run by 42 CFR Subchapter B.
The auditors themselves are usually certified coders or LPNs.
As most of you know, I present on RACMonitor every week with a distinguished panel of experts. Last week, a listener asked whether 2 separate auditors could audit the same record. Dr. Ronald Hirsh’s response was: yes, a CERT can audit a chart that another reviewer is auditing if it is part of a random sample. I agree with Dr. Hirsh. When a random sample is taken, then the auditors, by definition, have no idea what claims will be pulled, nor would the CERT have any knowledge of other contemporaneous and overlapping audits. But what about multiple RAC audits? I do believe that the RACs should not overlap its own audits. Personally, I don’t like the idea of one claim being audited more than once. What if the two auditing companies make differing determinations? What if CERT calls a claim compliant and the RAC denies the claim? The provider surely should not pay back a claim twice.
I believe Ed Roche presented on this issue a few weeks ago, and he called it double-dipping.
This doesn’t seem fair. What Dr. Hirsh did not address in his response to the listener was that, even if a CERT is allowed to double-dip via the rules or policies, there could be case law saying otherwise.
I did a quick search on Westlaw to see if there were any cases where the auditor was accused of double-dipping. It was not a comprehensive search by any means, but I did not see any cases where auditors were accused of double-dipping. I did see a few cases where hospitals were accused of double-dipping by collecting DSH payments to cover costs that had already been reimbursed, which seems like a topic for another day.
The Centers for Medicare & Medicaid Services (“CMS”) has modified the additional documentation request (“ADR”) limits for the Medicare Fee-for-Service Recovery Audit Contractor (“RAC”) program for suppliers. Yet, one of our listeners informed me that CMS has found a “work around” from the RAC ADR limits. She said, “There is the nationwide Supplemental Medical Review Contractor (“SMRC”) audits and now nationwide Quality Improvement Organizations (“QIO”) contract audits. These contracts came about after the Congressional limits on number of audits by the RAC.” Dr. Hirsh retorted, “But SMRC and QIO are not paid contingency fee. So, they are “different” audits. RACs are evil; SMRC and QIO have a few redeeming qualities.” I completely agree with Dr. Hirsh. But her point is well taken – SMRCs and QIOs follow different rules than RACs, so of course the SMRCs and QIOs have distinct ADR limits.
This is similar to the lookback periods. The lookback period varies depending on the acronym: RAC, MAC, or UPIC. RACs’ lookback period is 3 years, yet other acronyms get longer periods. I think what Dr. Hirsh is saying is right, because RACs are paid by contingency instead of a contracted rate, we have to limit the RACs authority because they are already incentivized the find problems., plus they are allowed to extrapolate. The RACs already have too much leash.
So, what are the RAC ADR limits?
Well, interestingly they just changed in April 2022. These limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular Healthcare Common Procedure Coding System (HCPCS) policy group. The policy groups are available on the pricing, coding analysis, and coding (PDAC), website. Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
I wanted to go into the SMRCs and QIOs’ ADR limits to see whether they are are following THEIR rules, but I’m out of time for today. I’ll research the SMRCs and QIOs ADR limits for next week and I will have an answer for you.
I have presented on RACMonitor, I think, for 3 years. I’d have to ask Chuck Buck to be exact. Over the last three years, I have tried my best to get the message out – RAC Auditors do not know what they are doing. Always appeal the decisions. – I feel like on my blog and on RACMonitor I have screamed this message until I was blue in the face.
Apparently, a couple Senators have taken notice. Or their constituents complained enough. Senators Tim Scott and Rick Scott drafted a letter to the Comptroller of America. A comptroller is a “controller” of financial affairs for the Country. The comptroller is the police of our tax dollars.
A few months ago, Senators Tim and Rick Scott wrote the U.S. Comptroller and complained about RAC auditors.
It was a letter that was short and sweet. It asked three questions.
- How have states used the Medicaid RAC program to address strategic program integrity needs, including audits of managed care, and what are the lessons learned?
- What steps do the states and the Centers for Medicare & Medicaid Services (CMS) take to coordinate state Medicaid RAC program audits and other program integrity efforts? This includes existing Medicaid integrity programs such as the Unified Program Integrity Contractors, Payment Error Rate Measurement program, state auditors and Medicaid Fraud Control Units.
- How do states and CMS oversee the Medicaid RAC program and what mechanisms are in place to appropriately refer suspected cases of fraud?
As for the first question, RACs do address strategic PI needs – the very reason for their existence is to detect supposed fraud, waste, and abuse (“FWA”) by Medicaid providers. I’d like to hear the Comptroller’s answer.
As for the second question, they asked whether the States and CMS coordinate State Medicaid RAC audits. I don’t really care if the States and CMS coordinate State Medicaid RAC audits. So, I don’t care whether I hear the Comptroller’s answer to this.
The third question – “how do States and CMS oversee the Medicaid RAC program and what mechanisms are in place to detect FWA by Medicaid providers?” – I want to know that answer! I can tell the Comptroller the answer. The RAC Auditors are not supervised or overseen. If they were, they would audit differently; not try to find errors in every single audit conducted.
Maybe it’s time to get our Senators involved. While we’re at it, let’s talk about the Medicare provider appeal process, which is broken.
Today I’m going to answer a few inquiries about recovery audit contractor (“RAC”) audits from providers. A question that I get often is: “Do I have to submit the same medical records to my Medicare Administrative Contractor (“MAC”) that I submit to a RAC for an audit?” The answer is “No.” Providers are not required to submit medical records to the MAC if submitted to a RAC, but doing so is encouraged by most MACs. There is no requirement that you submit to the MAC what you submit to RACs. This makes sense because the MACs and the RACs have disparate job duties. One of the MACs, Palmetto, instructs providers to send records sent to a RAC directly to the Palmetto GBA Appeals Department. Why send the records for a RAC audit to a MAC appeals department? Are they forecasting your intentions? The instruction is nonsensical unless ulterior motives exist.
RAC audits are separate from mundane MAC issues. They are distinct. Quite frankly, your MAC shouldn’t even be aware of your audit. (Why is it their business?) Yet, many times I see the MACs cc-ed on correspondence. Often, I feel like it’s a conspiracy – and you’re not invited. You get audited, and everyone is notified. It’s as if you are guilty before any trial.
I also get this question for appeals – “Do I need to send the medical records again? I already sent them for the initial review. Why do I need to send the same documents for appeal?” I get it – making copies of medical records is time-consuming. It also costs money. Paper and ink don’t grow on trees. The answer is “Yes.” This may come as a shock, but sometimes documents are misplaced or lost. Auditors are humans, and mistakes occur. Just like, providers are humans, and 100% Medicare regulatory compliance is not required…people make mistakes; those mistakes shouldn’t cause financial ruin.
“Do the results of a RAC audit get sent to your MAC?” The answer is “Yes.” Penalties penalize you in the future. You have to disclose penalties, and the auditors can and will use the information against you. The more penalties you have paid in the past clear demonstrate that you suffer from abhorrent billing practices.
In fact, Medicare post-payment audits are estimated to have risen over 900 percent over the last five years. Medicare provider audits take money from providers and give to the auditors. If you are an auditor, you uncover bad results or you aren’t good at your job.
Politicians see audits as a financial win and a plus for their platform. Reducing fraud, waste, and abuse is a fantastic platform. Everyone gets on board, and votes increase.
Appealing your RAC audits is essential, but you have to understand that you won’t get a fair deal. The Medicare provider appeals process is an uphill battle for providers. And your MACs will be informed.
The first two levels, redeterminations and reconsiderations are, basically, rubber-stamps on the first determination.
The third level is the before an administrative law judge (ALJ), and is the first appeal level that is before an independent tribunal.
Moving to the False Claims Act, which is the ugly step-sister to regulatory non-compliance and overpayments. The government and qui tam relators filed 801 new cases in 2022. That number is down from the unprecedented heights reached in 2020 (when there were a record 922 new FCA cases), but is consistent with the pace otherwise set over the past decade, reflecting the upward trend in FCA activity by qui tam relators and the government since the 2009 amendments to the statute.
See the chart below for reference:
The Centers for Medicare & Medicaid Services (CMS) announced that they have modified the additional documentation request (ADR) limits for the Medicare Fee-for-Service Recovery Audit Contractor (RAC) program for suppliers. ADRs are the about of documents that a RAC auditor can demand from you. This is a win for DME providers.
Currently, the RAC’s methodology is based on a total claim number by NPI without consideration for the number of claims in a particular product category. This means that suppliers can receive large volumes of RAC audits for a product category in which they do minimal business.
These new limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. These changes will be effective beginning April 1, 2022.
Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular HCPCS policy group (The policy groups are available on the PDAC website). Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). If you get more than the allowed ADRs, call them out. These limits are created to lessen the burden on providers.
Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
- Supplier A had 1,253 claims paid with HCPCS codes in the “surgical dressings” policy group, within a previous 12-month period. The supplier’s ADR limit would be (1,253 * 0.1) / 8 = 15.6625, or 16 ADRs, per 45 days, for claims with HCPCS codes in the “surgical dressings” policy group.
- Supplier B had 955 claims paid with HCPCS codes in the “glucose monitor” policy group, within a previous 12-month period. The supplier’s ADR limit would be (955 * 0.1) / 8 = 11.9375 or 12 ADRs, per 45 days, for claims with HCPCS codes in the “glucose monitor” policy group.
CMS reserves the right to give a RAC permission to exceed these ADR limits. But that would be in instances of potential fraud.
In RAC news, on June 1, 2021, Cotiviti acquired HMS RAC region 4. Don’t be surprised if you see Cotiviti’s logo on RAC audits where you would have seen HMS. This change will have no impact in the day-to-day contract administration and audit timelines under CMS’ guidance. You will continue to follow the guidance in the alleged, improper payment notification letter for submission of medical documentation and discussion period request. In March 2021, CMS awarded Performant an 8.5 year contract to serve as the Region 1 RAC.
There really cannot be any deviations regardless the name of the RAC Auditor because this area is so regulated. Providers always have appeal rights regardless Medicare/caid RAC audits. Or any other type of audit. Medicaid RAC provider appeals are found in 42 CFR 455.512. Whereas Medicare provider redeterminations and the 5 levels of appeal are found in 42 CFR Subpart I. The reason that RAC audits are spoken about so often is that the Code of Federal Regulations applies different rules for RAC audits versus MAC, TPE, UPIC, or other audits. The biggest difference is that RAC auditors are limited to a 3 year look back period according to 42 CFR 455.508. Other auditors do not have that same limitation and can look back for longer periods of time. Of course, whenever “credible allegations of fraud” is involved, the lookback period can be for 10 years.
The federal regulations also allow States to request exceptions from the Medicaid RAC program. CMS mandates every State to participate in the RAC program. But there is a federal reg §455.516 that allows exceptions. To my knowledge, no State has requested exceptions out of the RAC Audit program.
RAC auditors have announced a renewed focus on the two-midnight rule for hospitals. Again. This may seem like a rerun and it is. You recall around 2012, RACs began noticing high rates of error with respect to patient status in certain short-stay Medicare claims submitted for inpatient hospital services. CMS and the RACs indicated the inpatient care setting was medically unnecessary, and the claims should have been billed as outpatient instead. Remember, for stays under 2 midnights, inpatient status may be used in rare and unusual exceptions and may be payable under Medicare Part A on a case-by-case basis.