Blog Archives

CMS Published 2023 Medicare/caid Health Care Providers’ Audit Process

THE CENTER FOR MEDICARE AND MEDICAID SERVICES (“CMS”) 2023 Program Audit Process Overview came out recently. The report is published by the Division of Audit Operations. CMS will send engagement letters to initiate routine audits beginning February 2023 through July 2023. Engagement letters for ad hoc audits may be sent at any time throughout the year. The program areas for the 2023 audits include: 

  • CDAG: Part D Coverage Determinations, Appeals, and Grievances
  • CPE: Compliance Program Effectiveness
  • FA: Part D Formulary and Benefit Administration
  • MMP-SARAG: Medicare-Medicaid Plan Service Authorization Requests, Appeals, and Grievances
  • MMPCC: Medicare-Medicaid Plan Care Coordination 
  • ODAG: Part C Organization Determinations, Appeals, and Grievances
  • SNPCC: Special Needs Plans Care Coordination

The Program Audit Process document is only 13 pages. Yet, it is supposed to set forth the rules that the auditors must abide by in 2023. My question is – what if they don’t. What if the auditors fail to follow proper procedure.

For example, similarly to last year, an audit consists of 4 phases.

  1. Audit engagement and universe submission
  2. Audit field work
  3. Audit reporting
  4. Audit validation and close out

I would like to add another phase. Phase 5 is appeal.

According to the Report, and this is a quote: “the Audit Engagement and Universe Submission (which is the 1st stage) is a six-week period prior to the field work portion of the audit. During this phase, a Sponsoring organization is notified that it has been selected for a program audit and is required to submit the requested data, which is outlined in the respective Program Audit Protocol and Data Request document.” My question is: The sponsoring organization? CMS is referring to the provider who getting audited as a sponsoring organization. And why does CMS call the provider who is getting audited sponsoring? Is it because after the audit the sponsoring organization will be paying in recoupments?

It is interesting that the first phase “Audit Engagement and Universe Submission,” lasts 6 weeks. At this point, I want to know, does the provider know that the facility has been targeted for an audit? As an attorney, I get to see the process in the aftermath. Folks call me in distress because they got the results of an audit and disagree. I have never had the opportunity to be involved from the get go. So, if any of y’all receive a notice of an audit, please call me. I won’t charge you. I just would love the experience of walking through an audit from the get go. I think it would make me better at my job.

In other news, as you know, CMS may issue civil money penalties to providers for alleged noncompliance. Other penalties exist as well, which may or may not be worse that civil penalties. On January 23, 2023, CMS published a correction that Total Longterm Care, Inc. d/b/a InnovAge Colorado PACE (InnovAge CO) corrected its violations. In 2021, CMS had suspended its ability to re-enroll. Another facility was imposed with pre-payment review, which means that the facility must submit claims to an auditor prior to receiving reimbursements. Pre-payment review is probably the worse penalty in existence. A client of mine was told yesterday that pre-payment review is imminent. The only recourse for pre-payment review is a federal or State injunction Staying the suspension of reimbursements. You cannot appeal being placed on pre-payment review. But you do have a chance to Stay the suspension. The suspension makes no sense to me. It’s as if the government is saying that you are guilty before an ability to prove innocence.

Are UTIs Preventable? OIG Says Yes and CMS Will Audit!

I hope everyone had a fantastic Thanksgiving and are now moving toward the Christmas or Hanukkah holiday. As I discussed last week, CMS and its contracted auditors are turning their watchdog eyes toward nursing homes, critical access hospitals (“CAHs”), and acute care hospitals (“ACHs”). You can hear more on this topic on Thursday, December 8th at 1:30 when I present the RACMonitor webinar, “Warning for Acute Care Hospitals: You Are a Target for Overpayment Audits.

October 2022, OIG published a new audit project entitled, “Potentially Preventable Hospitalizations of Medicare-Eligible Skilled Nursing Facility Residents.”

Residents of nursing homes and long-term care facilities are frequently transferred to an Emergency Department as an inpatient when they need acute medical care. A proportion of these transfers may be considered inappropriate and may be avoidable, says OIG.

OIG identified nursing facilities with high rates of Medicaid resident transfers to hospitals for urinary tract infections (“UTIs”).  OIG describes UTIs as being “often preventable and treatable in the nursing facility setting without requiring hospitalization.” A 2019 OIG audit found that nursing facilities often did not provide UTI detection and prevention services in accordance with resident’s individualized plan of care, which increases the chances for infection and hospitalization. Each resident should have their own prevention policy for whatever they are prone to get. My Grandma, for example, is prone to UTIs, so her personal POC should have prevention measures for trying to avoid contracting a UTI, such as drinking cranberry juice and routine cleansing. In addition to UTIs, OIG noted that previous CMS studies found that five conditions were related to 78% of the resident transfers to hospitals:  pneumonia, congestive heart failure, UTIs, dehydration, and chronic obstructive pulmonary disease/asthma. OIG added a sixth condition citing that sepsis is considered a preventable condition when the underlying cause of sepsis is preventable. In my humble opinion, the only condition listed as preventable that is actually preventable is dehydration.

OIG’s new audit project involved a review of Medicare and Medicaid claims related to inpatient hospitalizations of nursing home residents with any of the six conditions noted previously. The audit will focus on whether the nursing homes being audited provided services to residents in accordance with the residents’ care plans and related professional standards (or whether the nursing homes caused preventable inpatient admissions due to non-compliance with care plans and professional standards).

What can you do to prepare for these upcoming audits? Review your facilities’ policies, procedures, and practices germane to the identification of the 6 conditions OIG flagged as preventable. Ensure that your policies and procedures lay out definitive steps to prevent or try to prevent these afflictions. Educate and train your staff of detection, prevention, treatment, and care planning related to the six conditions. Collect and analyze data of trends of frequency and cause of inpatient hospitalizations and determine whether these inpatient hospitalizations could have been prevented and how.

In summary, be prepared for audits of inpatient hospitalizations with explanations of attempted prevention. You cannot prevent all afflictions, but you can have policies in place to try. As always, it’s the thought that counts, as long as, it’s written down.

Warning for Acute Care Hospitals: You’re a Target for Overpayment Audits

Today I want to talk about upcoming Medicare audits targeted toward Acute Care Hospitals.

In September 2022, OIG reported that “Medicare Part B Overpaid Critical Access Hospitals and Docs for Same Services.” OIG Reports are blinking signs that flash the future Medicare audits to come. This is a brief blog so be sure to tune in on December 8th for the RACMonitor webinar: Warning for Acute Care Hospitals: You’re a Target for Overpayment Audits. I will be presenting on this topic in much more depth. It is a 60-minute webinar.

For OIG’s report regarding the ACHs, OIG audited 40,026 Medicare Part B claims, with half submitted by critical access hospitals and the rest submitted by health care practitioners for the same services provided to beneficiaries on the same dates of service (“DOS”). OIG studied claims from March 1, 2018, to Feb. 28, 2021, and found almost 100% noncompliance, which constituted almost $1million in overpayments to providers.

According to the OIG Report, CMS didn’t have a system to edit claims to prevent and detect any duplicate claims, as in the services billed by an acute hospital and by a physician elsewhere. Even if the physician reassigned his/her rights to reimbursement to the ACH.

As you know, a critical access hospital cannot bill Part B for any outpatient services delivered by a health care practitioner unless that provider reassigns the claim to the facility, which then bills Part B. However, OIG’s audit found that providers billed and got reimbursed for services they did perform but reassigned their billing rights to the critical access hospital. 

The question is – why did the physicians get reimbursed even if they assigned their rights to reimbursement away? At some point, CMS needs to take responsibility as to the lack having a system to catch these alleged overpayments. If the physicians were reimbursed and had no reason to know that they were getting reimbursed for services that they assigned to an ACH, there is an equitable argument that CMS cannot take back money based on its own error and no intent by the physician.

On a different note, I wanted to give a shout out to ASMAC, which is the American Society of Medical Association Counsel; Attorneys Advocating for America’s Physicians. It is comprised of general counsels (GCs) of health care entities and presidents of State Medical Societies. ASMAC’s topics at conferences are cutting-edge in our industry of defending health care providers, interesting, and on-point by experts in the fields. I was to present there last week in Hawaii on extrapolations in Medicare and Medicaid provider audits. Thankfully, all their conferences are not in Hawaii; that is too far of a trip for someone on the East Coast. But you should look into the association, if ASMAC sounds like it would benefit you or you could benefit them, join.

The Ugly Truth about Medicare Provider Appeals

Extrapolated audits are the worst.

These audits under sample and over extrapolate – almost to the point that some audits allege that you owe more than you were paid. How is that fair in our judicial system? I mean, our country was founded on “due process.” That means you have a right to life, liberty, and the pursuit of happiness. If the government attempts to pursue your reimbursements at all, much less a greater amount than what you received, you are required notice and a hearing.

Not to mention that OIG conducted a Report back in 2020 that identified numerous mistakes in the extrapolations. The Report stated: “CMS did not always provide sufficient guidance and oversight to ensure that these reviews were performed in a consistent manner.” I don’t know about you, but that is disconcerting to me. It also stated that “The test was associated with at least $42 million in extrapolated overpayments that were overturned in fiscal years 2017 and 2018. If CMS did not intend that the contractors use this procedure, these extrapolations should not have been overturned. Conversely, if CMS intended that contractors use this procedure, it is possible that other extrapolations should have been overturned but were not.

I have undergone hundreds of Medicare and Medicaid audits with extrapolations. You defend against these audits twofold: 1) by hiring an expert statistician to debunk the extrapolation; and 2) by using the provider as an expert clinician to discredit the denials. However, I am always dismayed…maybe that’s not the right word…flabbergasted that no one ever shows up on the other side. It is as if CMS via whatever contractor conducted the extrapolated audit believes that their audit needs no one to prove its veracity. As if we attorneys and providers should just accept their findings as truth, and they get the benefit of NOT hiring a lawyer and NOT showing up to ALJ trials.

In the above picture, the side with the money is CMS. The empty side is the provider.

In normal trials, as you know, there are two opposing sides: a Plaintiff and a Defendant, although in administrative law it’s called a Petitioner and a Respondent. Medicaid provider appeals also have two opponents. However, in Medicare provider appeals, there is only one side: YOU. An ALJ will appear, but no auditor to defend the merits of the alleged overpayment that you, as a provider, are accused of owing.

In normal trials, if a party fails to appear, the Judge will almost automatically rule against the non-appearing party. Why isn’t it the same for Medicare provider appeals? If a Medicare provider appears to dispute an alleged audit, the Judge does not rule automatically in favor of the provider. Quite the opposite quite frankly. The CMS Rules, which apply to all venues under the purview of CMS, which includes the ALJ level and the Medicare Appeals Council level, are crafted against providers, it seems. Regardless the Rules create a procedure in which providers, not the auditors, are forced to retain counsel, which costs money, retain a statistician in cases of extrapolations, which costs money, go through years of appeals through 5 levels, all of which the CMS Rules apply. Real law doesn’t apply until the district court level, which is a 6th level – and 8 years later.

Any providers reading, who retain lobbyists, this Medicare appeal process needs to change legislatively.

My Halloween blog from Yesterday: Medicare Dollars Vanish!

Happy Halloween. This year I am dressing as Freddy Krueger and my daughter, who is 17, says, “that’s so 80’s.” I guess some younger kids will just think I’m a spooky lady in a green and red sweater with knives for fingers. In honor of Halloween, I would like to tell you three ghost stories, of Medicare money that has vanished never to be found.

First, a ghoulish report from OIG states that CMS has not done enough to recoup Medicare payments found in 12 hospitals. Nothing like a report saying “CMS isn’t getting enough money” to make CMS “trick or treat” with more audits. According to the OIG report, CMS is short staffed, like almost every employer in America. Apparently, CMS claims to have too many phantoms instead of employees to track down every dollar, which I must say, makes me superstitious. If CMS is claiming to not have enough resources to track down money that has been targeted at 12 hospitals, how is it conducting the other audits nation-wide?

Among the 12 hospitals, supposedly, there is an eerie $82 million allegedly owed to CMS.

OIG recommended recouping all the money, but, according to OIG, CMS has provided insufficient information. Specifically, CMS did not provide information on the status of appeals hospitals levied against OIG’s overpayment findings. CMS didn’t provide information on the reason for the appeal or status of the action. Personally, I am just happy the hospitals appealed.

The second ghost story entails CMS’ continual audit of providers, especially the Medicare Advantage plans, which are nightmares. CMS has agreed to release the audits of 90 MA plans conducted between 2011 and 2013. These records are expected to demonstrate more than $600 million in MA overpayments due to alleged upcoding. Chilling!

Finally, a NC hospital system, Atrium Health, publicly announced that in 2019 it provided $640 million to Medicare patients that were never paid for. You would think this spine chilling unless you knew the tax breaks associated with the charity. But for the same year that Atrium’s website says it recorded the $640 million loss on Medicare, the hospital system claimed $82 million in profits from Medicare and an additional $37.2 million in profits from Medicare Advantage in a federally required financial document. Sleight of hand and hocus pocus!

The Catastrophic Effect of Natural Disasters on Medicare Audits

When natural disasters strike, Medicare and Medicaid audits become less important, and human safety becomes most important. During Hurricane Ian, 16 hospitals were evacuated in Florida alone.  Hospitals and long-term care facilities were without water.

Approximately, 8,000 patients were evacuated from 47 nursing homes and 115 assisted living facilities. Seventy-eight nursing homes lost power and all had to implement emergency plans involving generator power. Did the providers continue to bill during this time? If so, could regulations be followed in the midst of a pandemic.

These natural disasters impact future Medicare and Medicaid audits. Obviously, during natural disasters a hospital may not be able to maintain the two-midnight rule or determine whether a patient is in observation status or in-patient. You may be surprised to hear that there are no automatic audit exceptions during a disaster.

The general rule, which has exceptions, is a 30-day extension for records requests. Broadly speaking, Medicare fee-for-service has three sets of potential temporary adjustments that can be made to address an emergency or disaster situation.  These include: 

  1. Applying flexibilities that are already available under normal business rules. This is on an individual basis;
  2. Waiver or modification of policy or procedural norms by CMS; and
  3. Waiver or modification of certain Medicare requirements pursuant to waiver authority under § 1135 of the Social Security Act.  This waiver authority can be invoked by the Secretary of the DHHS in certain circumstances.

These waivers are not automatic.

Section 1135 of the Social Security Act authorizes the Secretary DHHS to waive or modify certain Medicare, Medicaid, CHIP, and HIPAA requirements.  Two prerequisites must be met before the Secretary may invoke the § 1135 waiver authority.  First, the President must have declared an emergency or disaster, and the Secretary must have declared a Public Health Emergency (PHE).

Waivers authorized by the statute apply to Medicare in the context of the following requirements:

  • conditions of participation or other certification requirements applicable to providers;
  • licensure requirements applicable to physicians and other health professionals;
  • sanctions for violations of certain emergency medical standards under the Emergency Medical Treatment and Labor Act (EMTALA)
  • sanctions relating to physician self-referral limitations (Stark)
  • performance deadlines and timetables (modifiable only; not waivable); and
  • certain payment limitations under the Medicare Advantage program.

Following a disaster, such as Ian, there is no standing authority for CMS to provide special emergency/disaster relief funding following an emergency or disaster in order to compensate providers for lost reimbursement.  Congress may appropriate disaster-specific special funding for such; but absent such special appropriation, Medicare does not provide funding for financial losses.

In the context of Medicare audits, providers can obtain extensions to audit requests. Audits will only be suspended on a case-by-case basis, which means it is a subjective standard. Natural disasters are awful, and we probably need more comprehensive audit exceptions.

Always Challenge the Extrapolation in Medicare Provider Audits!

Always challenge the extrapolation! It is my personal opinion that extrapolation is used too loosely. What I mean is that sample sizes are usually too small to constitute a valid representation of the provider’s claims. Say a provider bills 10,000 claims. Is a sample of 50 adequate?

In a 2020 case, Palmetto audited .0051% of claims by Palm Valley, and Palm Valley challenged CMS’ sample and extrapolation method. Palm Valley Health Care, Inc. v. Azar, No. 18-41067, 2020 BL 14097 (5th Cir., Jan. 15, 2020). As an aside, I had 2 back-to-back extrapolation cases recently. The provider, however, did not hire me until the ALJ level – or the 3rd level of Medicare provider appeals. Unfortunately, no one argued that the extrapolation was faulty at the first 2 levels. We had 2 different ALJs, but both ALJs ruled that the provider could not raise new arguments; i.e., that the extrapolation was erroneous, at the 3rd level. They decided that all arguments should be raised from the beginning. This is just a reminder that: (a) raise all defenses immediately; and (b) don’t try the first two levels without an attorney.

Going back to Palm Valley.

The 5th Circuit held that while the statistical sampling methodology may not be the most precise methodology available, CMS’ selection methodology did represent a valid “complex balance of interests.” Principally, the court noted, quoting the Medicare Appeals Council, that CMS’ methodology was justified by the “real world constraints imposed by conflicting demands on limited public funds” and that Congress clearly envisioned extrapolation being applied to calculate overpayments in instances like this. I disagree with this result. I find it infuriating that auditors, like Palmetto, can scrutinize providers’ claims, yet circumvent similar accountability. They are being allowed to conduct a “hack” job at extrapolating to the financial detriment of the provider.

Interestingly, Palm Valley’s 5th Circuit decision was rendered in 2020. The dates of service of the claims Palmetto audited were July 2006-January 2009. It just shows how long the legal battle can be in Medicare audits. Also, Palm Valley’s error rate was 53.7%. Remember, in 2019, CMS revised the extrapolation rules to allow extrapolations in 50% or higher error rates. If you want to read the extrapolations rules, you can find them in Chapter 8 of the Medicare Program Integrity Manuel (“MPIM”).

On RACMonitor, health care attorney, David Glaser, mentioned that there is a difference in arguments versus evidence. While you cannot admit new evidence at the ALJ level, you can make new arguments. He and I agreed, however, even if you can dispute the extrapolation legally, a statistical report would not allowed as new evidence, which are important to submit.

Lastly, 42 CFR 405.1014(a)(3) requires the provider to assert the reasons the provider disagrees with the extrapolation in the request for ALJ hearing.

Post-COVID Medicare/caid Rules Matter!

How many times have we panelists talked about COVID and COVID exceptions to the regulatory rules? How many times have we warned providers that the exceptions will expire at the end of public health emergency (“PHE”)? Well, it’s coming. The COVID PHE is still in effect for America, but some States have lifted their PHE status. NC’s state of emergency expired August 15, 2022. In Montana, the state of emergency ended June 30, 2021.

What does that mean? When America’s PHE expires, so does also all the exceptions. When your particular State’s PHE ends, so do the PHE exceptions your particular State allowed. This is imperative to ALL Medicare and Medicaid audits by whatever alphabet soup is knocking on your door. As well you know, auditors don’t always get it right. Add in confusion due to COVID exceptions…which apply in which State and which expired?

 Last week, CMS released fact sheets summarizing the current status of Medicare and Medicaid COVID waivers and exceptions by provider type. The fact sheets include information about which waivers and flexibilities have already been terminated, have been made permanent or will end at the end of the COVID-19 public health emergency. Unless specifically stated, all exceptions expire at the end of PHE, which is in the process of winding down.

 I decided to review a fact sheet to determine how useful it was. I chose for provider type – hospitals. The fact sheet is entitled, “Hospitals and CAH (including swing beds, DPUs), ASCs and CMHCs.” It is 28 pages. The fact sheets are must reads for all providers. When you play chess the rules matter. When you accept Medicare and/or Medicaid, the rules matter. And these fact sheets are the rules.

The fact sheets cover telehealth and reimbursement rates. The hospital fact sheet covers hospitals without walls, off-site patient screening, paperwork requirements, physical environment requirements, which waivers will or will not expire at the end of PHE, and much more. I would say these fact sheets, for whichever type of provider you are – are mandatory reads. The fact sheets may not be absolutely encompassing, but they are summaries for you, all in one spot, organized for ease of reading. Thank you, CMS, for gathering this info and putting it all in one spot.

Medicare Provider Appeals: The Ghost Auditor

In litigation, there are two opposing sides, like football. It wouldn’t be much of a game if one side didn’t show up. In Medicare provider appeals, only one side shows up and I am asking – how is that fair? Let me explain:

You, as a provider receive a notice of Medicare overpayment in the mail. NGS or Palmetto or whoever claims you owe $4 million dollars. Of course the amount is extrapolated.

You decide to appeal. The first level is a redetermination at the Medicare Administrative Contractor. It is a desk review; you do not have the opportunity to question the other side. It’s just a 2nd look at the audit. The second level is the same as the first but performed by a QIC, and it’s called a reconsideration. The third level you finally get before an administrative law judge. Here, you envision the auditor presenting its evidence in support of why you owe $4 million dollars, and you presenting evidence and support that you don’t owe the money.

You would be wrong.

The auditors may participate in an ALJ Hearing. However, in my experience, the auditors never show up. They don’t provide evidence that their extrapolation was accurate or that their clinical findings are precise. No one substantiates the allegation that you owe $4 million. Instead, you get a soliloquy of why you don’t owe the money. The Judge may ask you questions, but you won’t be cross examined nor will you have the opportunity to cross examine the auditor.

The Medicare provider appeal process flies in the face of America’s judicial system. Our rules allow the accused to confront the accuser. At no time during your Medicare appeal do you get to challenge the auditor nor does the auditor have to back up his or her work. The audits are accepted as true without any verification.

This process needs to be amended. Medicare auditors should have to prove that their audits are accurate. They should have to prove that the documents didn’t support the claim billed and why. They should not be allowed to hide behind generic, cut-and-pasted denials without having to explain their reasoning, if there were any.

This nonsensical, three-ring-circle is why providers refuse to accept Medicare.

In 2020, one percent of non-pediatric physicians formally opted out of Medicare. Most of those opting out were psychiatrists – 42%.

This just goes to show you, qualifying for Medicare doesn’t guarantee that providers will accept you. It’s only going to get worse unless we change the appeal process for providers.

Absent Auditors in Medicare Provider Appeals

(On a personal note, I apologize for how long since it has been my last blog. I was in an accident and spent 3 days in the ICU.)

I’d like to write today about the sheer absurdity about how these RAC, ZPIC, MAC, and other types of audits are being held against health care providers. When an auditor requests documents from a provider and opines that the provider owes a million dollars in alleged overpayments, I would expect that the auditor will show up before an independent tribunal to defend its findings. However, for so many of these Medicare provider appeals, the auditor doesn’t appear to defend its findings.

In my opinion, if the entity claiming that you owe money back to the government does not appear at the hearing, the provider should automatically prevail. A basic legal concept is that the accused should be able to confront its accuser.

I had depositions the last two weeks for a case that involved an opiate treatment program. The two main accusers were Optum and ID Medicaid. When Optum was deposed, they testified that Optum did not conduct the audit of the facility. When ID Medicaid was deposed, it contended that Optum did conduct the audit at issue.

When not one person can vouch for the veracity of an audit, it is ludicrous to force the provider to pay back anything. Auditors cannot hide behind smoke and mirrors. Auditors need to testify to the veracity of their audits.

To poke holes in Medicare audits, you need to know the rules. You wouldn’t play chess without knowing the rules. Various auditor have disparate look-back period, which is the time frame the auditor is allowed to look back and review a claim. For example, RACs may only look back 3 years. Whereas ZPICs have no specific look back period, although I would argue that the older the claim, the less likely it is to be recouped. There is also the federal 48-month limit to look backs absent accusations of fraud.

When appealing the outcome of a MAC or RAC audit, it is necessary for providers to have a specific reason for challenging the auditors’ determinations. Simply being dissatisfied or having generalized complaints about the process is not enough. Some examples of potential grounds for challenging a MAC or RAC determination on appeal include: 

  • Application if inapplicable Medicare billing rules 
  • Misinterpretation of applicable Medicare billing rules 
  • Reliance on unsound auditing methodologies
  • Failure to seek an expert opinion 
  • Ignoring relevant information disclosed by the provider 
  • Exceeding the MAC’s or RAC’s scope of authority 

It is imperative that you arm yourself in defending a Medicare audit, but if the auditor fails to appear at any stage in litigation, then you should call foul and win on a “absent” technicality.