Today I’m going to answer a few inquiries about recovery audit contractor (“RAC”) audits from providers. A question that I get often is: “Do I have to submit the same medical records to my Medicare Administrative Contractor (“MAC”) that I submit to a RAC for an audit?” The answer is “No.” Providers are not required to submit medical records to the MAC if submitted to a RAC, but doing so is encouraged by most MACs. There is no requirement that you submit to the MAC what you submit to RACs. This makes sense because the MACs and the RACs have disparate job duties. One of the MACs, Palmetto, instructs providers to send records sent to a RAC directly to the Palmetto GBA Appeals Department. Why send the records for a RAC audit to a MAC appeals department? Are they forecasting your intentions? The instruction is nonsensical unless ulterior motives exist.
RAC audits are separate from mundane MAC issues. They are distinct. Quite frankly, your MAC shouldn’t even be aware of your audit. (Why is it their business?) Yet, many times I see the MACs cc-ed on correspondence. Often, I feel like it’s a conspiracy – and you’re not invited. You get audited, and everyone is notified. It’s as if you are guilty before any trial.
I also get this question for appeals – “Do I need to send the medical records again? I already sent them for the initial review. Why do I need to send the same documents for appeal?” I get it – making copies of medical records is time-consuming. It also costs money. Paper and ink don’t grow on trees. The answer is “Yes.” This may come as a shock, but sometimes documents are misplaced or lost. Auditors are humans, and mistakes occur. Just like, providers are humans, and 100% Medicare regulatory compliance is not required…people make mistakes; those mistakes shouldn’t cause financial ruin.
“Do the results of a RAC audit get sent to your MAC?” The answer is “Yes.” Penalties penalize you in the future. You have to disclose penalties, and the auditors can and will use the information against you. The more penalties you have paid in the past clear demonstrate that you suffer from abhorrent billing practices.
In fact, Medicare post-payment audits are estimated to have risen over 900 percent over the last five years. Medicare provider audits take money from providers and give to the auditors. If you are an auditor, you uncover bad results or you aren’t good at your job.
Politicians see audits as a financial win and a plus for their platform. Reducing fraud, waste, and abuse is a fantastic platform. Everyone gets on board, and votes increase.
Appealing your RAC audits is essential, but you have to understand that you won’t get a fair deal. The Medicare provider appeals process is an uphill battle for providers. And your MACs will be informed.
The first two levels, redeterminations and reconsiderations are, basically, rubber-stamps on the first determination.
The third level is the before an administrative law judge (ALJ), and is the first appeal level that is before an independent tribunal.
Moving to the False Claims Act, which is the ugly step-sister to regulatory non-compliance and overpayments. The government and qui tam relators filed 801 new cases in 2022. That number is down from the unprecedented heights reached in 2020 (when there were a record 922 new FCA cases), but is consistent with the pace otherwise set over the past decade, reflecting the upward trend in FCA activity by qui tam relators and the government since the 2009 amendments to the statute.
See the chart below for reference:
Attorney Ryan Hargrave joined the Practus Health Care Litigation team on June 1, 2022. Ryan comes from a career of litigation in the State of North Carolina. He began his career in 2016 as a Prosecutor for the State of North Carolina, Guilford County. There he gained valuable experience from which he used as he moved to defending clients. He served as the Lead Trial Attorney at Triad Legal Group before joining Graystar Legal as the Senior Associate Attorney.
Ryan obtained his undergraduate degree at Presbyterian College in Clinton, SC., where he received a B.A. in Political Science and a minor in Biology. Ryan has always had a keen interest in health care which has followed him throughout his career. He is locally known as the “Drug Lawyer” for his focus in the defense of drug-related crimes. He has a reputable proficiency in Cannabis Law, Criminal Law, and Civil Law across State and Federal Courts. Ryan has extensive trial experience that he brings to the Health Care Litigation team at Practus.
Ryan lives in North Carolina with his family, spending his time working out, making financial investments, and beginning his non-profit business, “Colored Money”. His non-profit will focus on teaching young boys and girls the value of money as a vehicle to achieve wealth, making smart investments, and how to achieve financial freedom. He is a big Georgia football fan and even has an English Bulldog that could serve as the team’s mascot.
Note from me:
I expect Ryan to dovetail and expand my Medicare and Medicaid regulatory compliance practice because his litigation experience will directly help me in litigation natters, but, also, his criminal litigation experience will also allow us to represent more White Collar Crime clients, including Medicare and Medicaid fraud accusations, False Claims Act, Stark, and Anti-Kickback alleged violations.
We are happy that he is here!
Lack of medical necessity is one of the leading reasons for denials during RAC, MAC, TPE, and UPIC audits. However, case law dictates that the treating physician should be allowed deference with the decision that medical necessity exists because the Medicare and/or Medicaid auditor never had the privilege to see the recipient.
However, recent ALJ decisions have gone against case law. How is that possible? CMS creates “Rules” – I say that in air quotes – these Rules are not promulgated, but are binding on anyone under CMS’ umbrella. Guess what? That includes the ALJs for Medicare appeals. As an example, the “treating physician” Rule is law based on case law. Juxtapose, CMS’ Ruling 93-l. It states that no presumptive weight should be assigned to a treating physician’s medical opinion in determining the medical necessity of inpatient hospital and skilled nursing facility services. The Ruling adds parenthetically that the Ruling does not “by omission or implication” endorse the application of the treating physician rule to services not addressed in the Ruling. So, we get a decision from an ALJ that dismisses the treating physician rule.
The ALJ decision actually said: Accordingly, I find that the treating physician rule, standing alone, provides no basis for coverage.
This ALJ went against the law but followed CMS Rulings.
CMS Rulings, however, are not binding. CMS Rulings aren’t even law. Yet the CMS Rulings, according to CMS, are binding onto the entities that are under the CMS umbrella. This means that the Medicare appeals process, which include the redeterminations, the reconsiderations, the ALJ decisions, and the Medicare Appeals Councils’ decisions are all dictated by these non-law, CMS Rulings, which fly in the face of actual law. ALJs uphold extrapolations based on CMS Rulings because they have to. But once you get to a federal district court judge, who are not bound by CMS, non-law, rulings, you get a real Judge’s decision, and most extrapolations are thrown out if the error rate is under 50%.
Basically, if you are a Medicare provider, you have to jump through the hoops of 4 levels of appeals that is not dictated by law, but by an administration that is rewarded for taking money from providers on the pretense of FWA. Most providers do not have the financial means to make it to the 5th level of appeal. So, CMS wins by default.
Folks, create a legal fund for your provider entity. You have got to appeal and be able to afford it. That is the only way that we can change the disproportionately unfair Medicare appeal process that providers must endure now.
Today, I am going to write about America’s managed care problem. We always talk about providers getting audited. It is about time that the payors get audited. In particular, for Medicaid, States contract with managed care organizations, which are prepaid, and, for Medicare, Medicare Advantage companies, which are prepaid.
Managed care in Medicare is MA organizations. Managed care in Medicaid is MCOs. These MCOs and MAs need to be held accountable for the misuse of funds.
Today, capitated, managed care is the dominant way in which states deliver services to Medicaid enrollees. And MA is becoming the dominant way to receive Medicare.
Under these prepaid programs, these private companies are paid a flat fee per month depending on the number of consumers to provide whatever care is required for patients based on age, gender, geography and health risk factors. The more diagnoses a person has, the more the company is prepaid. To compensate plans and providers for potential costs of care for individual patients with long-term conditions such as diabetes, heart disease or cancer, Medicare boosts the monthly payment to Medicare Advantage plans under a “risk adjustment” for each additional condition. The system differs from the traditional “fee for service” payment, in which Medicare pays hospitals and doctors directly each time they provide a service.
If companies add more risk adjustment codes to a Medicare Advantage beneficiary’s medical record to receive higher payment — but don’t spend money on the additional care — they make more money. Same as MCOs denying care or terminating providers, the tax dollars line the executive pockets instead of reimbursing providers for providing medically necessary care.
Maybe the answer is remaining with the fee-for service model. Prepaying entities creates a financial incentive to bolster beneficiaries’ health problems then cross your fingers that the health problems never come to fruition either because the beneficiary remains healthy or the health problem was fabricated.
MCOs and MA companies must be supervised by the single agency. These companies cannot have the ability to refuse medically necessary services or terminate provider at will for whatever reason with no repercussions. It’s not fair to the recipients or providers. Maybe it’s time to switch our telescopic lens from auditing providers to auditing MCOs and MAs. Let’s get these RAC, ZPIC, and TPE auditors focused on the stewards of our tax dollars, the prepaid entities.
42 CFR §431.10 dictates a single state agency for Medicaid, which is the Department in each State. CMS is the single agency in Medicare. CMS and State Departments are ultimately responsible for the private MCOs and MAs, but really are allowing these companies autonomy to the deficit of our tax dollars.
If you recall, earlier this year, The American Hospital Association urged the Justice Department to use its authority under the False Claims Act to create a fraud task force to investigate commercial insurers that routinely deny patients access to services. This was due to the April 2022 OIG report that “Some Medicare Advantage Organization Denials of Prior Authorization Requests Raise Concerns about Beneficiary Access to Medically Necessary Care.”
Instead of audits of providers or concurrently in audits of providers, we need to audit the payors. Both MCOs and MAs. What’s good for the goose is good for the gander.
The American Hospital Association (“AHA”) is asking the Department of Justice (DOJ) to look into health insurance companies that routinely deny patients access to care and payments to providers. I’d like a task force as well. This is exactly the problem I have witnessed with managed care organizations or MCOs. In traditional Medicare and Medicaid, MCOs are prepaid and make profit by denying consumers medical care, terminating provider contracts, and not paying providers for care rendered. Congress created the same scenario with Medicare Advantage. Individuals can elect coverage through private insurance plans. While MA has been wildly successful and popular, the AHA is complaining that too many people are getting denied services.
An OIG report that was published in April cites MAOs as denying services for beneficiaries. We are always talking about providers getting audited, it is about time that the companies that are gateways for providers getting reimbursed and beneficiaries getting medically necessary services are likewise audited for denying services. It seems ironic that providers are audited for potentially billing for too many services and these gateway, third party reimbursement companies are audited for providing too few services – or denying too many prior authorizations. But if the MCO or MAO deny medical services, then the money that would have been paid to the provider stays in their pocket.
The OIG report found that many MAOs delay or deny services despite those services meeting Medicare prior authorization criteria, approximately 13-18%. Almost a 20% wrongful denial rate. When these MAOs get tax payer money for a Medicare beneficiary and deny services those tax dollars stay in the MAO’s pockets.
Supposedly MAOs approve the vast majority of requests for services and payment, they issue millions of denials each year, and OIG’s audit of MAOs has highlighted widespread and persistent problems related to inappropriate denials of services and payment. As enrollment in Medicare Advantage continues to grow, MAOs play an increasingly critical role in ensuring that Medicare beneficiaries have access to medically necessary covered services and that providers are reimbursed appropriately.
According to the OIG report, MAOs denied prior authorization and payment requests that met Medicare coverage rules by: (1) using MAO clinical criteria that are not contained in Medicare coverage rules; (2) requesting unnecessary documentation; and (3) making manual review errors and system errors.
Personally, I am fed up with these private, insurance companies denying services and keeping our tax dollars. It is about time the insurance companies are audited.
If you could light a torch to a Molotov Cocktail and a bunch of newspapers, you could not make a bigger explosion in my head than a recent Decision from a Medicare administrative law judge (“ALJ”). The extrapolation was upheld, despite an expert statistician citing its shortcomings, based on a CMS Ruling, which is neither law nor precedent. The Decision reminded me of the new Firestarter movie because everything is up in flames. Drew Barrymore would be proud.
I find it very lazy of the government to rely on sampling and extrapolations, especially in light that no witness testifies to its accuracy.
Because this ALJ relied so heavily on CMS Rulings, I wanted to do a little detective work as to whether CMS Rulings are binding or even law. First, I logged onto Westlaw to search for “CMS Ruling” in any case in any jurisdiction in America. Nothing. Not one case ever mentioned “CMS Ruling.” Ever. (Nor did my law school).
What Is a CMS Ruling?
A CMS Ruling is defined as, “decisions of the Administrator that serve as precedent final opinions and orders and statements of policy and interpretation. They provide clarification and interpretation of complex or ambiguous provisions of the law or regulations relating to Medicare, Medicaid, Utilization and Quality Control Peer Review, private health insurance, and related matters.”
But Are CMS Rulings Law?
No. CMS Rulings are not law. CMS Rulings are not binding on district court judges because district court judges are not part of HHS or CMS. However, the Medicare ALJs are considered part of HHS and CMS; thus the CMS Rulings are binding on Medicare ALJs.
This creates a dichotomy between the “real law” and agency rules. When you read CMS Ruling 86-1, it reads as if there two parties with oppositive views, both presented their arguments, and the Administrator makes a ruling. But the Administrator is not a Judge, but the Ruling reads like a court case. CMS Rulings are not binding on:
- The Supreme Court
- Appellate Courts
- The real world outside of CMS
- District Courts
- The Department of Transportation
- Civil Jurisprudence
- The Department of Education
- Etc. – You get the point.
So why are Medicare providers held subject to penalties based on CMS Rulings, when after the providers appeal their case to district court, that “rule” that was subjected against them (saying they owe $7 million) is rendered moot? Can we say – not fair, equitable, Constitutional, and flies in the face of due process?
The future does not look bright for providers going forward in defending overzealous, erroneous, and misplaced audits. These audits aren’t even backed up by witnesses – seriously, at the ALJ Medicare appeals, there is no statistician testifying to verify the results. Yet some of the ALJs are still upholding these audits.
In the “court case,” which resulted in CMS Ruling 86-1, the provider argued that:
- There is no legal authority in the Medicare statute or regulations for HCFA or its intermediaries to determine overpayments by projecting the findings of a sample of specific claims onto a universe of unspecified beneficiaries and claims.
- Section 1879 of the Social Security Act, 42 U.S.C. 1395pp, contemplates that medical necessity and custodial care coverage determinations will be made only by means of a case-by-case review.
- When sampling is used, providers are not able to bill individual beneficiaries not in the sample group for the services determined to be noncovered.
- Use of a sampling procedure violates the rights of providers to appeal adverse determinations.
- The use of sampling and extrapolation to determine overpayments deprives the provider of due process.
The CMS Ruling 86-1 was decided by Mr. Henry R. Desmarais, Acting Administrator, Health Care Financing Administration in 1986.
Think it should be upheld?
Whenever you receive correspondence with letterhead from the Department of Justice, Attorney General’s office, you know it’s important and you better take note.
A Civil or Criminal Investigative Demand is serious. Getting any communication from the U.S. Department of Justice can be a bit unnerving. That’s particularly true for Medicare and Medicaid providers receiving a Civil Investigative Demand (“CID”) for documents and testimony.
A CID is a tool used by the Justice Department (“DOJ”) to investigate potential violations of the False Claims Act (“FCA”). See blog. The DOJ can issue a CID whenever the DOJ has “reason to believe that any person may be in possession, custody, or control of any documentary material or information relevant to a false claims law investigation.” The bottom line is that the DOJ uses CIDs to obtain documents and identify potential witnesses so they can bring FCA suits against the recipient or others.
What is the False Claims Act anyway?
It’s a broad statute that punishes many things, one of which is making false statements to the government in connection with a claim for payment from the government. The DOJ often uses CIDs to investigate medical providers who seek payment from Medicare and Medicaid.
Just because the Investigative Demand is labeled “civil” does not mean that the investigation is only civil; it could take a turn towards criminal. In other words, something sparked the DOJ’s attention, but, perhaps there were no allegations of criminal action, the investigation could start and the investigator could uncover something they consider criminal. An investigation earmarked as civil can turn criminal with the uncovering of one document.
On the other hand, the investigator could review all the documents and conclude that there is not even a civil violation. Very rarely, do the investigators contact you to tell you that the investigation is over and no violation was found. Most of the time, you are put on notice that you are being investigated, then hear nothing from the investigator in perpetuity.
Recently, I had an investigator inform me that the review of. my client was complete, and the file was being closed. But that’s the only time in 22 years that I was informed that nothing noncompliant was found. Usually, time just passes.
If you are found to have violated the FCA, the government can triple the amount of penalties, so the numbers get very high very quickly.
The Justice Department obtained more than $5.6 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending Sept. 30, 2021. This is the second largest annual total in False Claims Act history, and the largest since 2014. Settlement and judgments since 1986, when Congress substantially strengthened the civil False Claims Act, now total more than $70 billion.
A much lesser known provision of the FCA is the reverse one. Not to blow everyones’ minds, but there is also a “reverse false claims” provision of the False Claims Act. The reverse false claims provision permits the government or relators to pursue defendants who are alleged to have hidden or reduced an obligation to pay the government through false statements, or who have violated the 60-day payment rule’s obligation to return “identified overpayments.” These claims typically have been raised in the context of cost reporting, Medicare Part C, or related to alleged failures to fulfill obligations under the 60-day payment rule. The government and relators have increasingly relied on the reverse false claims provision to support stand-alone claims or have used it in conjunction with affirmative false claims. However, because the reverse false claims provision is very lightly used compared to affirmative false claims provisions, there is a dearth of case law defining it or exploring its parameters. The case law that does exist is primarily from district courts and, as the survey of case law contained herein illustrates, there is little guidance from the Circuit Courts or the U.S. Supreme Court.
Intent or deliberate disregard is required to prove the false claims act – reverse and regular.
Failure to respond to a CID completely could warrant criminal contempt. This is especially important to note, as civil investigate demand sounds much less important than a subpoena. But a CID is, in essence, a subpoena. Immediately, implement a “legal hold” upon receipt of the CID, and don’t forget to avoid producing privileged documents.
After the investigation is complete, if there are violations of the FCA uncovered, you will receive correspondence that states in “all-caps” and bold font:
Rule 408 FOR SETTLEMENT PURPOSES ONLY
FRE 408 prohibits the use of settlement negotiations as evidence. After reviewing the offer, get with your legal counsel to discuss next steps.
The Centers for Medicare & Medicaid Services (CMS) announced that they have modified the additional documentation request (ADR) limits for the Medicare Fee-for-Service Recovery Audit Contractor (RAC) program for suppliers. ADRs are the about of documents that a RAC auditor can demand from you. This is a win for DME providers.
Currently, the RAC’s methodology is based on a total claim number by NPI without consideration for the number of claims in a particular product category. This means that suppliers can receive large volumes of RAC audits for a product category in which they do minimal business.
These new limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. These changes will be effective beginning April 1, 2022.
Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular HCPCS policy group (The policy groups are available on the PDAC website). Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). If you get more than the allowed ADRs, call them out. These limits are created to lessen the burden on providers.
Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
- Supplier A had 1,253 claims paid with HCPCS codes in the “surgical dressings” policy group, within a previous 12-month period. The supplier’s ADR limit would be (1,253 * 0.1) / 8 = 15.6625, or 16 ADRs, per 45 days, for claims with HCPCS codes in the “surgical dressings” policy group.
- Supplier B had 955 claims paid with HCPCS codes in the “glucose monitor” policy group, within a previous 12-month period. The supplier’s ADR limit would be (955 * 0.1) / 8 = 11.9375 or 12 ADRs, per 45 days, for claims with HCPCS codes in the “glucose monitor” policy group.
CMS reserves the right to give a RAC permission to exceed these ADR limits. But that would be in instances of potential fraud.
(On a personal note, I apologize for how long since it has been my last blog. I was in an accident and spent 3 days in the ICU.)
I’d like to write today about the sheer absurdity about how these RAC, ZPIC, MAC, and other types of audits are being held against health care providers. When an auditor requests documents from a provider and opines that the provider owes a million dollars in alleged overpayments, I would expect that the auditor will show up before an independent tribunal to defend its findings. However, for so many of these Medicare provider appeals, the auditor doesn’t appear to defend its findings.
In my opinion, if the entity claiming that you owe money back to the government does not appear at the hearing, the provider should automatically prevail. A basic legal concept is that the accused should be able to confront its accuser.
I had depositions the last two weeks for a case that involved an opiate treatment program. The two main accusers were Optum and ID Medicaid. When Optum was deposed, they testified that Optum did not conduct the audit of the facility. When ID Medicaid was deposed, it contended that Optum did conduct the audit at issue.
When not one person can vouch for the veracity of an audit, it is ludicrous to force the provider to pay back anything. Auditors cannot hide behind smoke and mirrors. Auditors need to testify to the veracity of their audits.
To poke holes in Medicare audits, you need to know the rules. You wouldn’t play chess without knowing the rules. Various auditor have disparate look-back period, which is the time frame the auditor is allowed to look back and review a claim. For example, RACs may only look back 3 years. Whereas ZPICs have no specific look back period, although I would argue that the older the claim, the less likely it is to be recouped. There is also the federal 48-month limit to look backs absent accusations of fraud.
When appealing the outcome of a MAC or RAC audit, it is necessary for providers to have a specific reason for challenging the auditors’ determinations. Simply being dissatisfied or having generalized complaints about the process is not enough. Some examples of potential grounds for challenging a MAC or RAC determination on appeal include:
- Application if inapplicable Medicare billing rules
- Misinterpretation of applicable Medicare billing rules
- Reliance on unsound auditing methodologies
- Failure to seek an expert opinion
- Ignoring relevant information disclosed by the provider
- Exceeding the MAC’s or RAC’s scope of authority
It is imperative that you arm yourself in defending a Medicare audit, but if the auditor fails to appear at any stage in litigation, then you should call foul and win on a “absent” technicality.