Blog Archives
There Is No Law to Be Perfect in Medicare; Just Self-Disclose!
We all know that there is no law, regulation or statute that medical records supporting payment by Medicare or Medicaid must be perfect. There is no mandatory 100% compliant standard. Because humans err. In light of the ongoing financial strain brought about by the pandemic and the constraints imposed by Congress on Medicaid coverage disenrollments, State Medicaid agencies are poised to explore additional audits to manage increasing Medicaid expenditures. Recent developments, such as additional flexibilities granted by CMS, suggest a shifting landscape in how States respond to these challenges.
Anticipating a more assertive approach by States in dealing with service providers, potential measures could include rate cuts and enhanced scrutiny through service audits. This prompts a crucial examination of States’ and providers’ rights under federal Medicaid law to audit service provisions and recover overpayments, a legally intricate and noteworthy domain.
Medicaid RAC Audits are governed by 42 CFR 455 Subpart F—Medicaid Recovery Audit Contractors Program. Other Medicaid alleged overpayments are dictated by 42 CFR Chapter 433.

To establish a foundational understanding, it’s essential to consider the mandate imposed by Congress in section 1902(a)(30)(A) of the Social Security Act. States are required to incorporate provisions in their Medicaid plans to “safeguard against unnecessary utilization of … care and services.” This underscores the federal interest in ensuring responsible use of matching funds, given the federal government’s financial contribution to the program.
A landmark case illustrating the complexities of this mandate is the 1999 decision by the Supreme Judicial Court of Massachusetts in Massachusetts Eye and Ear Infirmary v. Commissioner of Medical Assistance. The court evaluated Massachusetts Medicaid’s retrospective utilization review policy, emphasizing the need for meaningful definitions of terms like “inpatient” and “outpatient” to avoid arbitrary penalties on providers.
Moving to the realm of overpayments, CMS regulations, specifically at 42 C.F.R. § 433.316, provide guidance on how States should proceed when identifying overpayments. The regulations recommend written notification to providers, with states having the discretion to choose whether to notify in cases of suspected fraud. Furthermore, States are required to take “reasonable actions” based on state collections law to recoup overpayments, with a one-year timeframe to return the federal share of identified overpayments to CMS.
Determining when a State “discovers” an overpayment is a critical aspect outlined in the regulations. The discovery is pegged to specific events, such as the state contacting the provider, the provider notifying the state, formal initiation of recoupment, or a federal official identifying the overpayment. Significantly, the regulations focus more on CMS’s relationship with the state than on the state’s relationship with providers.
Recent legal precedents, such as the Wisconsin Supreme Court’s decision in Professional Home Care Providers v. Wisconsin Department of Health Services, underscore the need for states to operate within the bounds of their granted authority. In this case, the court rejected a Medicaid agency’s “perfection” policy, emphasizing that state law must align with CMS regulations in overseeing overpayment recovery.
As States grapple with revenue shortfalls exacerbated by the pandemic, the potential for increased efforts to recoup overpayments from providers looms large. Legal challenges, exemplified by recent decisions in Massachusetts and Wisconsin, underscore the delicate balance States must strike in these endeavors, emphasizing the limits within which they must operate as they navigate the complex terrain of Medicaid law and financial constraints.
Expect audits. Be ready to defend yourself. Self audits are so important. If you self audit and find a problem and self-disclose, you will not receive penalties. Self-disclosures are key. When I told a group of law students this key information, one asked, has you told a client to self-disclose and they refused? To which I said yes. One time. A female doctor informed me that she falsified 7 medical records, I said that she should disclose. She screamed at me in her language, fired me, and hired a new attorney and withheld the information about falsifying records.
She is jail currently.
Laboratories Are Under Scrutiny by OIG and State Medicaid!
Laboratories are under scrutiny by the OIG and State Medicaid Departments. Labs get urine samples from behavioral health care companies, substance abuse companies, hospitals, and primary care facilities, who don’t have their own labs. Owners of labs entrust their lab executives to follow procedure on a federal and/or state level for Medicare or Medicaid. Well, what if they don’t. For example, one client paid a urine collector/courier by the mile. That courier service collected urine from Medicaid consumers in NC, sometimes in excess of 90 times a year, when Medicaid only allows 24 per year. I have about 10-15 laboratory clients at the present.
Another laboratory’s urine collector collected the urine, but never brought the urine back to get tested. To which I ponder, where did all those urine specimens go?
Another laboratory had a standing order for over 6 years to test presumptive and definitive testing on 100% of urine samples.
OIG has smelled fraud within laboratories and is widening its search for fraudsters. Several laboratories are undergoing the most serious audits in existence. Not RAC, MAC, or UPIC audits, but audits of even more importance. They received CIDs or civil investigative demands from their State Medicaid Divisions. These requests, like RAC, MAC, or UPIC audits, request lots of documents. In fact, CIDs are legally allowed to request documents for a much longer period of time than RACs, which can only request 3 years back. Most CIDs are fishing for false claims under the False Claims Act (FCA). Stark and Anti-Kickback violations are also included in these investigations. While civil penalties can result in high monetary penalties, criminal violations result in jail time.
As everyone knows, labs must follow CLIA or be CLIA certified, which is the federal standard for which labs. The Clinical Laboratory Improvement Amendments (CLIA) of 1988 (42 USC 263a) and the associated regulations (42 CFR 493) provide the authority for certification and oversight of clinical laboratories and laboratory testing. Under the CLIA program, clinical laboratories are required to have the appropriate certificate before they can accept human samples for testing. There are different types of CLIA certificates, as well as different regulatory requirements, based on the types and complexity of clinical laboratory tests a laboratory conducts. CLIA, like CMS, has its own set of rules. When entities like CLIA or CMS have their own rules, sometimes those rules juxtapose law, which creates a conundrum for providers. If you own a lab, do you follow CLIA rules or CMS rules or the law? Let me give you an example. According to CLIA, you must maintain documentation regarding samples and testing for two years. So, if CLIA audits a laboratory, the audits requests will only go back for two years. Well, that’s all fine and dandy. Except according to the law, you have to maintain medical documents for 5 or 6 years, depending on the service type.
Recently, one of my labs received a CID for records going back to 2017. That is a 6-year lookback. Had the lab followed CLIA’s rules, the lab would only have documentation going back to 2021. Had the lab followed CLIA’s rules, when OIG knocked on its door, it would have NOT had four years of OIG’s request. Now I do not know, because I have never been in the position that my lab client only retained records for two years…thank goodness. If I were in the position, I would argue that the lab was following CLIA’s rules. But that’s the thing, rules are not laws. When in doubt, follow laws, not rules.
However, that takes me to Medicare provider appeals of RAC, MAC, and UPIC audits. Everything under the umbrella of CMS must follow CMS rules. Remember how I said that rules are not laws? CMS rules, sometimes, contradict law. Yet when a Medicare provider appeals an overpayment or termination, the first four levels of appeal are mandated to follow CMS rules. It is not until the 5th level, which is the federal district court that law prevails. In other words, the RAC, MAC, or UPIC, the 2nd level QIC, the 3rd level ALJ, and the 4th level Medicare Appeal Council, all must follow CMS rules. It is not until you appear before the federal district judge that law prevails.
Receiving a CID does not mean that your investigation will remain civil. Most investigations begin civilly. If the evidence uncovered demonstrates any criminal activity, your civil investigation can quickly turn criminal. I co-defend with a federal criminal attorney if the case has a chance to turn criminal. Believe me, there is a huge difference between federal and state criminal lawyers! Even with the best federal criminal lawyers, you want a Medicare and Medicaid expert lawyer on the team to dispute the regulatory accusations that a criminal attorney may not be as well-versed. I am so thankful that I moved my practice to Nelson Mullins, because we have a huge, yet highly-specialized health care practice. While we have a large number of lawyers, each partner specializes in slightly different aspects of health care. So, when I need a federal criminal attorney to partner-up with me, I just walk down the hall.
Laboratories: Beware! Be ready! Be prepared! Be lawyered up!
Ding Dong! PHE Is Dead!!!
The federal Public Health Emergency (PHE) for COVID-19, declared under Section 319 of the Public Health Service (PHS) Act, is expiring at the end of the day on May 11, 2023, today! This is huge. There have been thousands of exceptions and waivers due to COVID throughout the last 2 1/2 years. But on the end of the day on May 11, 2023…POOF….

Most exceptions or waivers will immediately cease.
The Department claims it has been working closely with partners—including Governors; state, local, Tribal, and territorial agencies; industry; and advocates—to ensure an orderly transition out of the COVID PHE.
Yesterday, HHS released a Fact Sheet. It is quite extensive, as it should be considering the amount of regulatory compliance changes that will happen overnight!
Since January 2021, COVID deaths have declined by 95% and hospitalizations are down nearly 91%.
There are some flexibilities and actions that will not be affected on May 11.
Access to COVID vaccinations and certain treatments, such as Paxlovid and Lagevrio, will generally not be affected.
At the end of the PHE on May 11, Americans will continue to be able to access COVID vaccines at no cost, just as they have during the COVID PHE. People will also continue to be able to access COVID treatments just as they have during the COVID PHE.
At some point, the federal government will no longer purchase or distribute COVID vaccines and treatments, payment, coverage, and access may change.
On April 18, 2023, HHS announced the “HHS Bridge Access Program for COVID-19 Vaccines and Treatments.” to maintain broad access to vaccines and treatments for uninsured Americans after the transition to the traditional health care market. For those with most types of private insurance, COVID vaccines recommended by the Advisory Committee on Immunization Practices (ACIP) are a preventive health service and will be fully covered without a co-pay when provided by an in-network provider. Currently, COVID vaccinations are covered under Medicare Part B without cost sharing, and this will continue. Medicare Advantage plans must also cover COVID vaccinations in-network without cost sharing, and this will continue. Medicaid will continue to cover COVID vaccinations without a co-pay or cost sharing through September 30, 2024, and will generally cover ACIP-recommended vaccines for most beneficiaries thereafter.
After the transition to the traditional health care market, out-of-pocket expenses for certain treatments, such as Paxlovid and Lagevrio, may change, depending on an individual’s health care coverage, similar to costs that one may experience for other covered drugs. Medicaid programs will continue to cover COVID treatments without cost sharing through September 30, 2024. After that, coverage and cost sharing may vary by state.
Major telehealth flexibilities will not be affected. The vast majority of current Medicare telehealth flexibilities that people with Medicare—particularly those in rural areas and others who struggle to find access to care—have come to rely upon throughout the PHE, will remain in place through December 2024. Plus, States already have significant flexibility with respect to covering and paying for Medicaid services delivered via telehealth. This flexibility was available prior to the COVID PHE and will continue to be available after the COVID PHE ends.
What will be affected by the end of the COVID-19 PHE:
Many COVID PHE flexibilities and policies have already been made permanent or otherwise extended for some time, with others expiring after May 11.
Certain Medicare and Medicaid waivers and broad flexibilities for health care providers are no longer necessary and will end. During the COVID PHE, CMS used a combination of emergency authority waivers, regulations, and sub-regulatory guidance to ensure and expand access to care and to give health care providers the flexibilities needed to help keep people safe. States, hospitals, nursing homes, and others are currently operating under hundreds of these waivers that affect care delivery and payment and that are integrated into patient care and provider systems. Many of these waivers and flexibilities were necessary to expand facility capacity for the health care system and to allow the health care system to weather the heightened strain created by COVID-19; given the current state of COVID-19, this excess capacity is no longer necessary.
For Medicaid, some additional COVID PHE waivers and flexibilities will end on May 11, while others will remain in place for six months following the end of the COVID PHE. But many of the Medicaid waivers and flexibilities, including those that support home and community-based services, are available for states to continue beyond the COVID PHE, if they choose to do so. For example, States have used COVID PHE-related flexibilities to increase the number of individuals served under a waiver, expand provider qualifications, and other flexibilities. Many of these options may be extended beyond the PHE.
Coverage for COVID-19 testing will change.
State Medicaid programs must provide coverage without cost sharing for COVID testing until the last day of the first calendar quarter that begins one year after the last day of the PHE. That means with the PHE ending on May 11, 2023, this mandatory coverage will end on September 30, 2024, after which coverage may vary by state.
The requirement for private insurance companies to cover COVID tests without cost sharing, both for OTC and laboratory tests, will end at the expiration of the PHE.
Certain COVID data reporting and surveillance will change. CDC COVID data surveillance has been a cornerstone of our response, and during the PHE, HHS had the authority to require lab test reporting for COVID. At the end of the COVID-19 PHE, HHS will no longer have this express authority to require this data from labs, which will affect the reporting of negative test results and impact the ability to calculate percent positivity for COVID tests in some jurisdictions. Hospital data reporting will continue as required by the CMS conditions of participation through April 30, 2024, but reporting will be reduced from the current daily reporting to weekly.
FDA’s ability to detect shortages of critical devices related to COVID-19 will be more limited. While FDA will still maintain its authority to detect and address other potential medical product shortages, it is seeking congressional authorization to extend the requirement for device manufacturers to notify FDA of interruptions and discontinuances of critical devices outside of a PHE which will strengthen the ability of FDA to help prevent or mitigate device shortages.
Public Readiness and Emergency Preparedness (PREP) Act liability protections will be amended. On April 14, 2023, HHS Secretary Becerra mailed all the governors announcing his intention to amend the PREP Act declaration to extend certain important protections that will continue to facilitate access to convenient and timely COVID vaccines, treatments, and tests for individuals.
More changes are occurring than what I can write in one, little blogpost. Know that auditors will be knocking on your doors, asking for dates of service during the PHE. Be sure to research the policies and exceptions that were pertinent during those DOS. This is imperative for defending yourself against auditors knocking on your doors.
And, as always, lawyer-up fast!
And just like the Wicked With of the West, DING DONG! The PHE is dead.
Preparing for Post-PHE Medicare and Medicaid Audits
Hello and happy RACMonitor Monday! As the nation forges ahead in the wake of the COVID-19 pandemic, the audits continue after that brief hiatus in March 2020. Recovery Audit Contractors (RACs), UPICs, and other auditors are dutifully reviewing claims on a post-payment basis. However, since COVID, there is a staffing shortage, which have many provider facilities scrambling on a normal basis. Throw in an audit of 150 claims and you’ve got serious souff-laying.
Yes, audit preparation has changed since COVID. Now you have more to do to prepare. Audits create more work when you have less staff. Well, suck it up sippy-cup because post-PHE audits are here.
The most important pre-audit preparation is knowing the COVID exceptions germane to your health care services. During PHE over the last two years, there has been a firehose of regulatory exceptions. You need to use these exceptions to your advantage because, let’s face it, the exceptions made regulatory compliance easier. For the period of time during which the exceptions applied, you didn’t have to get some signatures, meet face-to-face, have supervision, or what not. The dates during which these exceptions apply is also pertinent. I suggest creating a folder for all the COVID exceptions that apply to your facility. While I would like to assume that whatever lawyer that you hire, because, yes, you need to hire a lawyer, would know all the COVID exceptions – or, at least, know to research them, you never know. It only benefits you to be prepared.
Any medical provider that submits claims to a government program may be subject to a Medicare or Medicaid audit. Just because you have been audited in the past, doesn’t change the fact that you may be audited again in the future. RAC audits are not one-time or intermittent reviews and can be triggered by anything from an innocent documentation error to outright fraud. I get that questions a lot: This is my 3rd audit. At what point is this harassment. I’ve never researched the answer to that question, but I would venture that auditors get tons of latitude. So, don’t be that provider that is low-hanging fruit and simply pays post-payment reviews.
While reduced staff, high patient loads or other challenges may be bogging down your team, it’s important to remember that timeliness is crucial for CMS audit responses.
Locating the corresponding medical records and information can be a hassle at the best of times, but there are a few key things your organization can do to better prepare for a RAC Audit:
According to CMS, if selected for review, providers should discuss with their contractor any COVID-19-related hardships they are experiencing that could affect audit response timeliness. CMS notes that all reviews will be conducted in accordance with statutory and regulatory provisions, as well as related billing and coding requirements. Waivers and flexibilities will also be applied if they were in place on the dates of service for any claims potentially selected for review.
Ensure that the auditor has the appropriate contact information for requesting audit-related documentation. With so many changes to hospitals teams, it’s important to make sure that auditors’ requests for medical records are actually making it to the correct person or team in a timely manner.
Provide your internal audit review teams with proper access to data and other software tools like those used to ensure timely electronic audit responses. With a mix of teams working from home and in the office, it’s a good idea to make sure that teams handling Additional Documentation Requests (ADRs) and audit responses have the necessary access to the data they will need to respond to requests.
Review and document any changes to your audit review team processes.
Meet with your teams to ensure they fully understand the processes and are poised to respond within the required timeframes.
Successfully completing these audits in a timely manner is made much easier when the above processes and steps are in place.
The Horror Story of 99214 and Insurance to Assist
99214. Is that Jean Valjean’s number? No. It is an E/M code of moderate complexity. Few CPT codes cause goosebumps, chilly air, and a pit in your stomach besides 99214. As I said, 99214 is an E/M code of moderate level of complexity. For a low complexity visit, the code decreases to 99213. Even lower is a 99212, which is considered a straightforward visit. The code goes as high as a 99215, which denotes high complexity. Generally, physicians are good at spotting the 99215s and 99212s; the lowest and highest complexities seem simple to spot. However, the middle complexity codes are a bit subjective. Auditors frequently find 99214s that the auditor thinks should have been a 99213. I am talking about the RACs, MACs, TPEs, UPICs, and other contractors paid with our tax dollars on behalf of CMS. I recently had a BCBS audit, which found that an urgent care center had a 97% error rate. Out of 30 claims, only one claim was considered 99214; 29 claims should have been down coded to a 99213, according to BCBS. Well, my urgent care center disagreed and hired an independent auditor to review the same claims that were audited. The independent audit resulted in vastly different results. According to the independent audit, only 4 of the 30 claims should have been down coded to 99213.
One should ask, how could two separate auditors audit the same documents and issue such disparate results? One reason is that the difference between 99213 and 99214 is subjective. However, subjectiveness was not the only reason for two polar opposite results.
You see, before 2021, facilities had the choice to follow either the 1995 guidelines or the 1997 guidelines for these CPT codes. And, there is a difference between the two guidelines. Instead of choosing either the 1995 or 1997 guidelines, BCBS applied both the 1997 and 1995 guidelines, which falsely created a more stringent criteria for a 99214.
The urgent care center had been verbose about the fact that they use the 1995 guidelines, not the 1997 guidelines. When the independent contractor audited the records, it used the 1995 guidelines only.
All in all, for an accusation of owing $180k, it cost the urgent care center almost $100k to defend itself against what was obviously a faulty audit. So, I’m thinking why in the world is there insurance for physicians for making a mistake in surgery – medical malpractice, but no insurance for False Claims allegations. I mean, med mal allegations mean there is a victim. But you can be accused of false claims unexpectantly and your practice is changed forever.
Recently, I learned of an insurance company that insures doctors and facilities if they are accused of billing Medicare or Medicaid for false claims. Unlike med mal, an accusation of false claims does not yield a victim (unless you see our tax dollars as people); however, an accusation of billing a False Claim can cost a doctor, facility, a hospital hundreds of thousands of dollars. Which, knowing all things are relative, is pennies on the dollar of the penalties under the FCA.
The company’s name is Curi. That is C-U-R-I. Personally, I had never heard of this company. I googled it after I was placed on the panel. This is an insurance company that pays for attorneys’ fees if you are accused of false claims or an overpayment. Personally, I think every listener should procure this insurance directly after RACMonitor. After 23 years of litigating, I have realized the worst part about defending yourself against accusations that you owe the government money is the huge price tag associated with it.
When I presented this story on RACMonitor, David Glaser made a comment about my segment that I would be remiss to omit. SOME med mal insurance policies cover the legal fees for attorneys for regulatory audits. Please review your policy to see whether your insurance company covers the attorneys’ fees for defense of regulatory audits before purchasing more insurance.
CMS Published 2023 Medicare/caid Health Care Providers’ Audit Process
THE CENTER FOR MEDICARE AND MEDICAID SERVICES (“CMS”) 2023 Program Audit Process Overview came out recently. The report is published by the Division of Audit Operations. CMS will send engagement letters to initiate routine audits beginning February 2023 through July 2023. Engagement letters for ad hoc audits may be sent at any time throughout the year. The program areas for the 2023 audits include:
- CDAG: Part D Coverage Determinations, Appeals, and Grievances
- CPE: Compliance Program Effectiveness
- FA: Part D Formulary and Benefit Administration
- MMP-SARAG: Medicare-Medicaid Plan Service Authorization Requests, Appeals, and Grievances
- MMPCC: Medicare-Medicaid Plan Care Coordination
- ODAG: Part C Organization Determinations, Appeals, and Grievances
- SNPCC: Special Needs Plans Care Coordination
The Program Audit Process document is only 13 pages. Yet, it is supposed to set forth the rules that the auditors must abide by in 2023. My question is – what if they don’t. What if the auditors fail to follow proper procedure.
For example, similarly to last year, an audit consists of 4 phases.
- Audit engagement and universe submission
- Audit field work
- Audit reporting
- Audit validation and close out
I would like to add another phase. Phase 5 is appeal.
According to the Report, and this is a quote: “the Audit Engagement and Universe Submission (which is the 1st stage) is a six-week period prior to the field work portion of the audit. During this phase, a Sponsoring organization is notified that it has been selected for a program audit and is required to submit the requested data, which is outlined in the respective Program Audit Protocol and Data Request document.” My question is: The sponsoring organization? CMS is referring to the provider who getting audited as a sponsoring organization. And why does CMS call the provider who is getting audited sponsoring? Is it because after the audit the sponsoring organization will be paying in recoupments?
It is interesting that the first phase “Audit Engagement and Universe Submission,” lasts 6 weeks. At this point, I want to know, does the provider know that the facility has been targeted for an audit? As an attorney, I get to see the process in the aftermath. Folks call me in distress because they got the results of an audit and disagree. I have never had the opportunity to be involved from the get go. So, if any of y’all receive a notice of an audit, please call me. I won’t charge you. I just would love the experience of walking through an audit from the get go. I think it would make me better at my job.
In other news, as you know, CMS may issue civil money penalties to providers for alleged noncompliance. Other penalties exist as well, which may or may not be worse that civil penalties. On January 23, 2023, CMS published a correction that Total Longterm Care, Inc. d/b/a InnovAge Colorado PACE (InnovAge CO) corrected its violations. In 2021, CMS had suspended its ability to re-enroll. Another facility was imposed with pre-payment review, which means that the facility must submit claims to an auditor prior to receiving reimbursements. Pre-payment review is probably the worse penalty in existence. A client of mine was told yesterday that pre-payment review is imminent. The only recourse for pre-payment review is a federal or State injunction Staying the suspension of reimbursements. You cannot appeal being placed on pre-payment review. But you do have a chance to Stay the suspension. The suspension makes no sense to me. It’s as if the government is saying that you are guilty before an ability to prove innocence.
Are UTIs Preventable? OIG Says Yes and CMS Will Audit!
I hope everyone had a fantastic Thanksgiving and are now moving toward the Christmas or Hanukkah holiday. As I discussed last week, CMS and its contracted auditors are turning their watchdog eyes toward nursing homes, critical access hospitals (“CAHs”), and acute care hospitals (“ACHs”). You can hear more on this topic on Thursday, December 8th at 1:30 when I present the RACMonitor webinar, “Warning for Acute Care Hospitals: You Are a Target for Overpayment Audits.”
October 2022, OIG published a new audit project entitled, “Potentially Preventable Hospitalizations of Medicare-Eligible Skilled Nursing Facility Residents.”
Residents of nursing homes and long-term care facilities are frequently transferred to an Emergency Department as an inpatient when they need acute medical care. A proportion of these transfers may be considered inappropriate and may be avoidable, says OIG.
OIG identified nursing facilities with high rates of Medicaid resident transfers to hospitals for urinary tract infections (“UTIs”). OIG describes UTIs as being “often preventable and treatable in the nursing facility setting without requiring hospitalization.” A 2019 OIG audit found that nursing facilities often did not provide UTI detection and prevention services in accordance with resident’s individualized plan of care, which increases the chances for infection and hospitalization. Each resident should have their own prevention policy for whatever they are prone to get. My Grandma, for example, is prone to UTIs, so her personal POC should have prevention measures for trying to avoid contracting a UTI, such as drinking cranberry juice and routine cleansing. In addition to UTIs, OIG noted that previous CMS studies found that five conditions were related to 78% of the resident transfers to hospitals: pneumonia, congestive heart failure, UTIs, dehydration, and chronic obstructive pulmonary disease/asthma. OIG added a sixth condition citing that sepsis is considered a preventable condition when the underlying cause of sepsis is preventable. In my humble opinion, the only condition listed as preventable that is actually preventable is dehydration.
OIG’s new audit project involved a review of Medicare and Medicaid claims related to inpatient hospitalizations of nursing home residents with any of the six conditions noted previously. The audit will focus on whether the nursing homes being audited provided services to residents in accordance with the residents’ care plans and related professional standards (or whether the nursing homes caused preventable inpatient admissions due to non-compliance with care plans and professional standards).
What can you do to prepare for these upcoming audits? Review your facilities’ policies, procedures, and practices germane to the identification of the 6 conditions OIG flagged as preventable. Ensure that your policies and procedures lay out definitive steps to prevent or try to prevent these afflictions. Educate and train your staff of detection, prevention, treatment, and care planning related to the six conditions. Collect and analyze data of trends of frequency and cause of inpatient hospitalizations and determine whether these inpatient hospitalizations could have been prevented and how.
In summary, be prepared for audits of inpatient hospitalizations with explanations of attempted prevention. You cannot prevent all afflictions, but you can have policies in place to try. As always, it’s the thought that counts, as long as, it’s written down.
The Catastrophic Effect of Natural Disasters on Medicare Audits
When natural disasters strike, Medicare and Medicaid audits become less important, and human safety becomes most important. During Hurricane Ian, 16 hospitals were evacuated in Florida alone. Hospitals and long-term care facilities were without water.
Approximately, 8,000 patients were evacuated from 47 nursing homes and 115 assisted living facilities. Seventy-eight nursing homes lost power and all had to implement emergency plans involving generator power. Did the providers continue to bill during this time? If so, could regulations be followed in the midst of a pandemic.

These natural disasters impact future Medicare and Medicaid audits. Obviously, during natural disasters a hospital may not be able to maintain the two-midnight rule or determine whether a patient is in observation status or in-patient. You may be surprised to hear that there are no automatic audit exceptions during a disaster.
The general rule, which has exceptions, is a 30-day extension for records requests. Broadly speaking, Medicare fee-for-service has three sets of potential temporary adjustments that can be made to address an emergency or disaster situation. These include:
- Applying flexibilities that are already available under normal business rules. This is on an individual basis;
- Waiver or modification of policy or procedural norms by CMS; and
- Waiver or modification of certain Medicare requirements pursuant to waiver authority under § 1135 of the Social Security Act. This waiver authority can be invoked by the Secretary of the DHHS in certain circumstances.
These waivers are not automatic.
Section 1135 of the Social Security Act authorizes the Secretary DHHS to waive or modify certain Medicare, Medicaid, CHIP, and HIPAA requirements. Two prerequisites must be met before the Secretary may invoke the § 1135 waiver authority. First, the President must have declared an emergency or disaster, and the Secretary must have declared a Public Health Emergency (PHE).
Waivers authorized by the statute apply to Medicare in the context of the following requirements:
- conditions of participation or other certification requirements applicable to providers;
- licensure requirements applicable to physicians and other health professionals;
- sanctions for violations of certain emergency medical standards under the Emergency Medical Treatment and Labor Act (EMTALA)
- sanctions relating to physician self-referral limitations (Stark)
- performance deadlines and timetables (modifiable only; not waivable); and
- certain payment limitations under the Medicare Advantage program.
Following a disaster, such as Ian, there is no standing authority for CMS to provide special emergency/disaster relief funding following an emergency or disaster in order to compensate providers for lost reimbursement. Congress may appropriate disaster-specific special funding for such; but absent such special appropriation, Medicare does not provide funding for financial losses.
In the context of Medicare audits, providers can obtain extensions to audit requests. Audits will only be suspended on a case-by-case basis, which means it is a subjective standard. Natural disasters are awful, and we probably need more comprehensive audit exceptions.
Post-COVID Medicare/caid Rules Matter!
How many times have we panelists talked about COVID and COVID exceptions to the regulatory rules? How many times have we warned providers that the exceptions will expire at the end of public health emergency (“PHE”)? Well, it’s coming. The COVID PHE is still in effect for America, but some States have lifted their PHE status. NC’s state of emergency expired August 15, 2022. In Montana, the state of emergency ended June 30, 2021.
What does that mean? When America’s PHE expires, so does also all the exceptions. When your particular State’s PHE ends, so do the PHE exceptions your particular State allowed. This is imperative to ALL Medicare and Medicaid audits by whatever alphabet soup is knocking on your door. As well you know, auditors don’t always get it right. Add in confusion due to COVID exceptions…which apply in which State and which expired?
Last week, CMS released fact sheets summarizing the current status of Medicare and Medicaid COVID waivers and exceptions by provider type. The fact sheets include information about which waivers and flexibilities have already been terminated, have been made permanent or will end at the end of the COVID-19 public health emergency. Unless specifically stated, all exceptions expire at the end of PHE, which is in the process of winding down.
I decided to review a fact sheet to determine how useful it was. I chose for provider type – hospitals. The fact sheet is entitled, “Hospitals and CAH (including swing beds, DPUs), ASCs and CMHCs.” It is 28 pages. The fact sheets are must reads for all providers. When you play chess the rules matter. When you accept Medicare and/or Medicaid, the rules matter. And these fact sheets are the rules.
The fact sheets cover telehealth and reimbursement rates. The hospital fact sheet covers hospitals without walls, off-site patient screening, paperwork requirements, physical environment requirements, which waivers will or will not expire at the end of PHE, and much more. I would say these fact sheets, for whichever type of provider you are – are mandatory reads. The fact sheets may not be absolutely encompassing, but they are summaries for you, all in one spot, organized for ease of reading. Thank you, CMS, for gathering this info and putting it all in one spot.
Defenses Against Medicare/caid Audits: Arm Yourself!
Auditors are overzealous. I am not telling you anything you don’t know. Auditors cast wide nets to catch a few minnows. Occasionally, they catch a bass. But, for the most part, innocent, health care providers get caught in the overzealous, metaphoric net. What auditors and judges and basically the human population doesn’t understand is that accusing providers of “credible allegations of fraud” and alleged overpayments, when unfounded, has a profound and negative impact. First, the providers are forced to hire legal counsel at an extremely high cost. Their reputations and names get dragged through the mud because providers are guilty until they are proved innocent. Then, once they prove that there is no fraud or noncompliant documents, the wrongly accused providers are left with no recourse.
The audits generally result in similar reasoning for denials. For instance,
- Lacks medical necessity. Defense: The treating physician rule. Deference must be given to the treating physician, not the desk reviewer who has never seen the patient.
- Canned notes: Defense: While canned notes are not desirable, it is not against the law. There is no statute, regulation, or rule against canned notes. Canned notes are just not best practices. But, in reality, when you serve a certain population, the notes are going to be similar.
- X-rays tend to be denied for the sole reason that there are no identifying notes on the X-ray. Or the printed copy of the X-ray you submit to the auditors is unreadable. Defense/Proactive measure: When you submit an X-ray, include a brief note as to the DOS and consumer.
- Signature illegible; therefore, no proof of provider being properly trained and qualified. Defense: This one is easy; you just show proof of trainings, but to head off the issue, print your name under your signature or have it embedded into your EHR.
- Documentation nitpicking. The time, date, or other small omissions result in many a denial. Defense: There is no requirement for documents to be perfect. The SSA provides defenses for providers, such as “waiver of liability” and “providers without fault.” The “waiver of liability” defense provides that even if payment for claims is deemed not reasonable and necessary, payment may be rendered if the provider did not know and could not have been reasonably expected to know that payment would not be made.
Whenever a client tells me – let’s concede these claims because he/she believes the auditors to be right, I say, let me review it. With so many defenses, I rarely concede any claims. See blog for more details.