Blog Archives

DME Providers Get Repose in RAC Audits

The Centers for Medicare & Medicaid Services (CMS) announced that they have modified the additional documentation request (ADR) limits for the Medicare Fee-for-Service Recovery Audit Contractor (RAC) program for suppliers. ADRs are the about of documents that a RAC auditor can demand from you. This is a win for DME providers.

Currently, the RAC’s methodology is based on a total claim number by NPI without consideration for the number of claims in a particular product category. This means that suppliers can receive large volumes of RAC audits for a product category in which they do minimal business.

These new limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. These changes will be effective beginning April 1, 2022

Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular HCPCS policy group (The policy groups are available on the PDAC website). Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). If you get more than the allowed ADRs, call them out. These limits are created to lessen the burden on providers.

Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.

            For example:

  • Supplier A had 1,253 claims paid with HCPCS codes in the “surgical dressings” policy group, within a previous 12-month period. The supplier’s ADR limit would be (1,253 * 0.1) / 8 = 15.6625, or 16 ADRs, per 45 days, for claims with HCPCS codes in the “surgical dressings” policy group.
  • Supplier B had 955 claims paid with HCPCS codes in the “glucose monitor” policy group, within a previous 12-month period. The supplier’s ADR limit would be (955 * 0.1) / 8 = 11.9375 or 12 ADRs, per 45 days, for claims with HCPCS codes in the “glucose monitor” policy group.

CMS reserves the right to give a RAC permission to exceed these ADR limits. But that would be in instances of potential fraud.

Absent Auditors in Medicare Provider Appeals

(On a personal note, I apologize for how long since it has been my last blog. I was in an accident and spent 3 days in the ICU.)

I’d like to write today about the sheer absurdity about how these RAC, ZPIC, MAC, and other types of audits are being held against health care providers. When an auditor requests documents from a provider and opines that the provider owes a million dollars in alleged overpayments, I would expect that the auditor will show up before an independent tribunal to defend its findings. However, for so many of these Medicare provider appeals, the auditor doesn’t appear to defend its findings.

In my opinion, if the entity claiming that you owe money back to the government does not appear at the hearing, the provider should automatically prevail. A basic legal concept is that the accused should be able to confront its accuser.

I had depositions the last two weeks for a case that involved an opiate treatment program. The two main accusers were Optum and ID Medicaid. When Optum was deposed, they testified that Optum did not conduct the audit of the facility. When ID Medicaid was deposed, it contended that Optum did conduct the audit at issue.

When not one person can vouch for the veracity of an audit, it is ludicrous to force the provider to pay back anything. Auditors cannot hide behind smoke and mirrors. Auditors need to testify to the veracity of their audits.

To poke holes in Medicare audits, you need to know the rules. You wouldn’t play chess without knowing the rules. Various auditor have disparate look-back period, which is the time frame the auditor is allowed to look back and review a claim. For example, RACs may only look back 3 years. Whereas ZPICs have no specific look back period, although I would argue that the older the claim, the less likely it is to be recouped. There is also the federal 48-month limit to look backs absent accusations of fraud.

When appealing the outcome of a MAC or RAC audit, it is necessary for providers to have a specific reason for challenging the auditors’ determinations. Simply being dissatisfied or having generalized complaints about the process is not enough. Some examples of potential grounds for challenging a MAC or RAC determination on appeal include: 

  • Application if inapplicable Medicare billing rules 
  • Misinterpretation of applicable Medicare billing rules 
  • Reliance on unsound auditing methodologies
  • Failure to seek an expert opinion 
  • Ignoring relevant information disclosed by the provider 
  • Exceeding the MAC’s or RAC’s scope of authority 

It is imperative that you arm yourself in defending a Medicare audit, but if the auditor fails to appear at any stage in litigation, then you should call foul and win on a “absent” technicality.

New Report Points to More Audits of Hospitals

Hospitals across the nation are seeing lower profits, and it’s all because of a sudden, tsunami of Medicare and Medicaid provider audits. Whether it be RAC, MAC, UPIC, or Program Integrity, hospital audits are rampant. Billing errors, especially ‘supposed bundling,’ are causing a high rate of insurance claims denials, hurting the finances of hospitals and providers.

A recent report from American Hospital Association (AHA) found “Under an optimistic scenario, hospitals would lose $53 billion in revenue this year. Under a more pessimistic scenario, hospitals would lose $122 billion thanks to a $64 billion decline in outpatient revenue”*[1]

The “Health Care Auditing and Revenue Integrity—2021 Benchmarking and Trends Report” is an insider’s look at billing and claims issues but reveals insights into health care costs trends and why administrative issues continue to play an outsize role in the nation’s high costs in this area. The data used covers 900+ facilities, 50,000 providers, 1500 coders, and 700 auditors – what could go wrong?

According to the report,

  • 40% of COVID-19-related charges were denied and 40% of professional outpatient audits for COVID-19 and 20% of hospital inpatient audits failed.
  • Undercoding poses a significant revenue risk, with audits indicating the average value of underpayment is $3,200 for a hospital claim and $64 for a professional claim.
  • Overcoding remains problematic, with Medicare Advantage plans and payers under scrutiny for expensive inpatient medical necessity claims, drug charges, and clinical documentation to justify the final reimbursement.
  • Missing modifiers resulted in an average denied amount of $900 for hospital outpatient claims, $690 for inpatient claims, and $170 for professional claims.
  • 33% of charges submitted with hierarchical condition category (HCC) codes were initially denied by payers, highlighting increased scrutiny of complex inpatient stays and higher financial risk exposure to hospitals.

The top fields being audited were diagnoses, present on admission indicator, diagnosis position, CPT/HCPCS coding, units billed, and date of service. The average outcome from the audits was 70.5% satisfactory. So, as a whole, they got a ‘C’.

While this report did not in it of itself lead to any alleged overpayments and recoupments, guess who else is reading this audit and salivating like Pavlov’s dogs? The RACs, MACs, UPICs, and all other alphabet soup auditors. The 900 facilities and 50,000 health care providers need to be prepared for audits with consequences. Get those legal defenses ready!!!!


[1] * https://www.fiercehealthcare.com/hospitals/kaufman-hall-hospitals-close-between-53-and-122b-year-due-to-pandemic

TPE and Prepay Audits: Speak Softly, But Carry a Big Stick

Audits have now resumed to 100% capacity – or even 150% capacity. All audits that were suspended during COVID are reinstated. As you all know, RAC and MAC audits were reinstated back in August. CMS announced that Targeted Probe and Educate (TPE) audits would resume on Sept. 1, 2021. Unlike RAC audits, the stated goal of TPE audits is to help providers reduce claim denials and appeals with one-on-one education, focused on the documentation and coding of the services they provide. However, do not let the stated mission fool you. Failing a TPE audit can result in onerous actions such as 100 percent prepay review, extrapolation, referral to a RAC, or other action, a carefully crafted response to a TPE audit is critical. TPEs can be prepay or post-pay.

Speaking of prepayments, these bad babies are back in full swing. CareSource is one of the companies contracted with CMS to conduct prepayment reviews and urgent care centers seem to be a target. Prepayment review is technically and legally not a penalty; therefore being placed on prepayment review is not appealable. But do not believe these legalities – prepay is Draconian in nature and puts many providers out of business, especially if they fail to seek legal counsel immediately and believe that they will pass without any problem. When it comes to prepay, believing that everything will be ok, is a death trap. Instead get a big stick.

            42 CFR §447.45 requires 90% of clean claims to be paid to a provider within 30 days of receipt. 99% must be paid within 90 days. The same regulations mandate the agency to conduct prepayment review of claims to ensure that the claims are not duplicative, the consumer is eligible for Medicare, or that the number of visits and services delivered are logically consistent with the beneficiary’s characteristics and circumstances, such as type of illness, age, sex, and service location. This standard prepayment review is dissimilar from a true prepayment review.

            Chapter 3 of the Medicare Program Integrity Manual lays out the rules for a prepayment review audit. The Manual states that MACs shall deal with serious problems using the most substantial administrative actions available, such as 100 percent prepayment review of claims. Minor or isolated inappropriate billing shall be remediated through provider notification or feedback with reevaluation after notification. The new prepay review rules comments closed 9/13/21, so it will take effect soon.

            If a 100% prepay is considered the most substantial administrative action, then why is it not considered an appealable sanction? I have, however, been successful in obtaining an injunction enjoining the suspension of payments without appealing being placed on prepay.

When requesting documentation for prepayment review, the MACs and UPICs shall notify providers when they expect documentation to be received. It is normally 30-days. The Manual does not allow for time extensions to providers who need more time to comply with the request. Reviewers shall deny claims when the requested documentation to support payment is not received by the expected timeframe. Any audit, but especially prepay audits can lead to termination under 42 CFR §424.535. You may choose to speak softly, but always carry a big stick.

Instead of Orange, Medicare Advantage Audits Are the New Black

In case you didn’t know, instead of orange, Medicare Advantage is the new black. Since MA plans are paid more for sicker patients, there are huge incentives to fabricate co-morbidities that may or may not exist.

Medicare Advantage will be the next most audited arena. Home health, BH, and the two-midnight rule had held the gold medal for highest number of audits, but MA will soon prevail.

As an example, last week- a New York health insurance plan for seniors, along with amedical analytics company the insurer is affiliated with, was accused by the Justice Department of committing health care fraud to the tune of tens of millions of dollars. The dollar amounts are exceedingly high, which also attracts auditors, especially the auditors who are paid on contingency fee, which is almost all the auditors.

CMS pays Medicare Advantage plans using a complex formula called a “risk score,” which is intended to render higher rates for sicker patients and less for those in good health. The data mining company combed electronic medical records to identify missed diagnoses — pocketing up to 20% of new revenue it generated for the health plan. But the Department of Justice alleges that DxID’s reviews triggered “tens of millions” of dollars in overcharges when those missing diagnoses were filled in with exaggerations of how sick patients were or with charges for medical conditions the patients did not have. “All problems are boring until they’re your own.” – Red

MA plans have grown to now cover more than 40% of all Medicare beneficiaries, so too has fraud and abuse. A 2020 OIG report found that MA paid $2.6 billion a year for diagnoses unrelated to any clinical services.

Diagnoses fraud is the main issue that auditors are focusing on. Juxtapose the other alphabet soup auditors – MACs, SMRCs, UPICs, ZPICs, MCOs, TPEs, RACs – they concentrate on documentation nitpicking. I had a client accused of FWA for using purple ink. “Yeah I said stupid twice, only to emphasize how stupid that is!” – Pennsatucky. Other examples include purported failing of writing the times “in or out” when the CPT code definition includes the amount of time.

Audits will be ramping up, especially since HHS has reduced the Medicare appeals backlog at the Administrative Judge Level by 79 percent, which puts the department on track to clear the backlog by the end of the 2022 fiscal year.

 As of June 30, 2021, the end of the third quarter of FY 2021, HHS had 86,063 pending appeals remaining at OMHA, according to the latest status report, acquired by the American Hospital Association. The department started with 426,594 appeals. This is progress!!

Defenses Against Medicare Audits: Arm Yourself!

To defend against RAC, MAC, or TPE audits, we always fight clinically claim by claim. We show that the clinical records do support the service billed despite what an auditor says. But there are other more broad defenses that apply to providers found in the Social Security Act (SSA), even if the clinical arguments are weak.

When faced with an alleged overpayment, look to the SSA. Within the SSA, we have three, strong, provider defenses:

  1. Waiver of liability
  2. Providers without fault
  3. Treating physician rule

The “waiver of liability” defense provides that, even if payment for claims is deemed not reasonable and necessary, payment may be rendered if the provider did not know, and could not have been reasonably expected to know payment would not be made. SSA, § 1879(a); 42 U.S.C. §1395pp; see also Medicare Claims Processing Manual (CMS-Pub. 100-04), Chapter 30, §20. If a provider could not have been reasonably expected to know payment would not be made as the services were medically necessary and covered by Medicare.

Section 1870 of the SSA states that payment will be made to a provider, if the provider was without “fault” with regard for the billing for and accepting payment for disputed services. As a general rule, a provider would be considered without fault if he/she exercised reasonable care in billing for and accepting payment; i.e., the provider complied with all pertinent regulations, made full disclosure of all material facts, and on the basis of the information available, had a reasonable basis for assuming the payment was correct. Here, there is no allegation of fraud; medically necessary services were rendered. The doctors performed a medically necessary service and should be paid for the service despite nominal documentation nit-picking. The SSA does not require Medicare documents to be perfect; there is no requirement of error-free.

            It is well-settled law that the treating physician’s medical judgment as to the medical necessity of the services provided should prevail absent substantial contradictory evidence. Meaning, the doctor who actually physically or virtually treat the consumer has a better vantage point than any desk review audit. Therefore, substantial deference should be given to the treating physician. This is especially important in proving medical necessity.

Lastly, even though this is not in the SSA, question the expertise of your auditors. If you are an MD and provide bariatric services, the auditor should be similarly qualified. Likewise, a dental hygienist should not audit medical necessity for a dental practice. Even if, clinically, your records are not stellar, you still have the broad legal defenses found in the SSA.

Meaningful Use Increases Audits

Today I want to discuss EHR – electronic health records and RAC audits. We all remember the government pushing providers into purchasing EHR. It’s known as the meaningful use (MU) program, which is now known as the Promoting Interoperability Programs. CMS initially provided 10 incentives to accelerate the adoption of EHRs to meet program requirements. Now, physicians who fail to participate in MU will receive a penalty in the form of reduced Medicare reimbursements, at a minimum. Multiple audits at a maximum. Physicians must use certified electronic health records technology (CEHRT) and demonstrate meaningful use through an attestation process at the end of each MU reporting period to avoid the penalty.

Audits for MU can equal tens of thousands of dollars. The monetary amount is not as high as other RAC audits for medical records. One of my clients is a pediatric facility in Georgia. His facility received an alleged overpayment of $34,000 for two of his physicians not meeting the meaningful use criteria 8 and 9. We were going to fight it, but the two physicians who were dinged had quit and would not testify positively on behalf of my client. Plus, attorneys’ fees would surpass the penalty. Criteria 8 and 9 constitute proving your consumer have email and actually open their emails to check their health care internet folders, which are ridiculous criteria.

On September 2, 2020, CMS published the Fiscal Year (FY) 2021 Medicare Hospital Inpatient Prospective Payment System (IPPS) for Acute Care Hospitals and Long-Term Care Hospital (LTCH) Prospective Payment System (PPS) Final Rule which included program requirements for calendar year (CY) 2021. In this final rule, CMS continued its advancement of EHR utilization, focusing on burden reduction, and improving interoperability, and patient access to health information.

Meaningful use’s not anticipated consequence is ramping up RAC audits. Many RAC auditors are using EHR to claim “copy and paste.” Obviously, the point of EHR is to morph all service notes into a certain standard-looking note. But standard-looking notes scream copy and paste to RAC auditors. Maybe RAC auditors haven’t digested meaningful use yet.

On August 2, 2021 CMS released the Fiscal Year (FY) 2022 Medicare Hospital Inpatient Prospective Payment System for Acute Care Hospitals and Long-term Care Hospital Prospective Payment System Final Rule. For more information on the proposed changes, visit the Federal Register.

COVID affected EHR audits too.

The deadline for eligible hospitals and critical access to submit a hardship exception application is September 1, 2021.

“Reverse RAC Audits”: Increase Revenue by Protecting Your Consumers

Today I want to talk about two ways to increase revenue merely by ensuring that your patients’ rights are met. We talk about providers being audited for their claims being regulatory compliant, but how about self-audits to increase your revenue? I like these kind of audits! I am calling these audits “Reverse RAC audits”. Let’s bring money in instead of reimbursements recouped.

You can protect yourself as a provider and increase revenue by remembering and litigating on behalf of your consumers’ rights. Plus, your patients will be eternally grateful for your advocacy. It is a win/win. The following are two, distinct ways to increase revenue and protect your consumers’ rights:

  1. Ensuring freedom of choice of provider; and
  2. Appealing denials on behalf of your consumers.

Freedom of choice of provider.

In a federal case in Indiana, we won an injunction based on the patients’ rights to access to care.

42 CFR § 431.51 – Free choice of providers states that “(b) State plan requirements. A State plan must provide as follows…:

(1)  A beneficiary may obtain Medicaid services from any institution, agency, pharmacy, person, or organization that is –

(i) Qualified to furnish the services; and

(ii) Willing to furnish them to that particular beneficiary.

In Bader v. Wernert, MD, we successfully obtained an injunction enjoining the State of Indiana from terminating a health care facility. We sued on behalf of a geneticist – Dr. Bader – whose facility’s contract was terminated from the Medicaid program for cause. We sued Dr. Wernert in his official capacity as Secretary of the Indiana Family and Social Services Administration. Through litigation, we saved the facility’s Medicaid contract from being terminated based on the rights of the consumers. The consumers’ rights can come to the aid of the provider.

Keep in mind that some States’ Waivers for Medicaid include exceptions and limitations to the qualified and willing provider standard. There are also limits to waiving the freedom of choice of provider, as well.

Appealing consumers’ denials.

This is kind of a reverse RAC Audit. This is an easy way to increase revenue.

Under 42 CFR § 405.910 – Appointed representatives, a provider of services may appeal on behalf of the consumers. If you appeal on behalf of your consumers, the obvious benefit is that you could get reimbursed for the services rendered that were denied. You cannot charge a fee for the service; however, so please keep this in mind.

One of my clients currently has hired my team appealing all denials that are still viable under the statute of limitations. There are literally hundreds of denials.

Over the past few years, they had hundreds of consumers’ coverage get denied for one reason or the other. Allegedly not medically necessary or provider’s trainings weren’t conveyed to the auditors. In other words, most of the denials are egregiously wrong. Others are closer to call. Regardless these funds were all a huge lump of accounts’ receivables that was weighing down the accounting books.

Now, with the help of my team, little by little, claim by claim, we are chipping away at that accounts’ receivables. The receivables are decreasing just by appealing the consumers’ denials.

RAC Audit Update: Renewed Focus on the Two-Midnight Rule

In RAC news, on June 1, 2021, Cotiviti acquired HMS RAC region 4. Don’t be surprised if you see Cotiviti’s logo on RAC audits where you would have seen HMS. This change will have no impact in the day-to-day contract administration and audit timelines under CMS’ guidance. You will continue to follow the guidance in the alleged, improper payment notification letter for submission of medical documentation and discussion period request. In March 2021, CMS awarded Performant an 8.5 year contract to serve as the Region 1 RAC. 

There really cannot be any deviations regardless the name of the RAC Auditor because this area is so regulated. Providers always have appeal rights regardless Medicare/caid RAC audits. Or any other type of audit. Medicaid RAC provider appeals are found in 42 CFR 455.512. Whereas Medicare provider redeterminations and the 5 levels of appeal are found in 42 CFR Subpart I. The reason that RAC audits are spoken about so often is that the Code of Federal Regulations applies different rules for RAC audits versus MAC, TPE, UPIC, or other audits. The biggest difference is that RAC auditors are limited to a 3 year look back period according to 42 CFR 455.508. Other auditors do not have that same limitation and can look back for longer periods of time. Of course, whenever “credible allegations of fraud” is involved, the lookback period can be for 10 years.

The federal regulations also allow States to request exceptions from the Medicaid RAC program. CMS mandates every State to participate in the RAC program. But there is a federal reg §455.516 that allows exceptions. To my knowledge, no State has requested exceptions out of the RAC Audit program.

RAC auditors have announced a renewed focus on the two-midnight rule for hospitals. Again. This may seem like a rerun and it is. You recall around 2012, RACs began noticing high rates of error with respect to patient status in certain short-stay Medicare claims submitted for inpatient hospital services. CMS and the RACs indicated the inpatient care setting was medically unnecessary, and the claims should have been billed as outpatient instead. Remember, for stays under 2 midnights, inpatient status may be used in rare and unusual exceptions and may be payable under Medicare Part A on a case-by-case basis.

Provider Medicaid Contract Termination Reversed in Court!

First and foremost, important, health care news:

The Medicare Administrative Contractors (MACs) have full authority to renew post-payments reviews of dates of service (DOS) during the COVID pandemic. The COVID pause is entirely off. It is going to be a mess to wade through the thousands of exceptions. RAC audits of COVID DOS will be, at best, placing a finger on a piece of mercury. I hope that the auditors remember that everyone was scrambling to do their best during the past year and a half. In the upcoming weeks, I will keep you posted.

I am especially excited today. Last week, I won a permanent injunction for a health care facility that but for this injunction, the facility would be closed, its 300 staff unemployed, and its 600 Medicare and Medicaid consumers without access to their mental health and substance abuse providers, their primary care physicians, and the Suboxone clinic. The Judge’s clerk emailed us on Friday. The email was terse although the clerk signified that the email was important by clicking the little, red, exclamation point. It simply stated: After speaking with Judge X, she is dismissing the government’s MTD and granting Petitioner’s permanent injunction. Petitioner’s counsel can send a proposed decision within 10 days. Such a simple email affected so many lives!

We hear Ellen Fink-Samnick MSW, ACSW, LCSW, CCM, CRP, speak about social determinants of health (SDoH) on RACMonitor. Well, this company is minority-owned and the mass percentage of staff and consumers are minorities.

Why was this company on the brink of closing down? The managed care organization (MCO) terminated the company’s Medicaid contract. Medicaid comprised the majority of its revenue. The MCO’s reason was that the company violated 42 CFR §455.106, which states:

“Information that must be disclosed. Before the Medicaid agency enters into or renews a provider agreement, or at any time upon written request by the Medicaid agency, the provider must disclose to the Medicaid agency the identity of any person who:

(1) Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and

(2) Has been convicted of a criminal offense related to that person‘s involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs.”

The former CEO – for years – he relied on professional tax accountants for the company’s taxes and his own personal family’s taxes. His wife, who is a physician, relied on her husband to do their personal taxes as one of his “honey-do” tasks. CEO relied on a sub-par accountant for a couple years and pled guilty to failing to pay personal taxes for two years. The plea ended up in the newspaper and the MCO terminated the facility.

We argued that the company, as an entity, was bigger than just the CEO. Quickly, we filed for a TRO to keep the company open. Concurrently, we transitioned the company from the CEO to Dr. wife. Dr became CEO in a seamless transition. A long-time executive stepped up as HR management.

Yet, according to testimony, the MCO terminated the company’s contract when the newspaper published the article about CEO’s guilty plea. The article was published in a local paper on April 9 and the termination notice was sent out April 19th. It was a quick decision.

We argued that 42 CFR §455.106 didn’t apply because CEO’s guilty plea was:

  1. Personal and not related to Medicare or Medicaid; and
  2. Not a conviction but a voluntary plea agreement.

The Judge agreed. We won the TRO for immediate relief. After a four-day hearing and 22 witnesses for Petitioner, we won the preliminary injunction. At this point, the MCO hired outside counsel with our tax dollars, which I did bring up in the final hearing on the merits.

New outside counsel was super excited to be involved. He immediately propounded a ton of discovery asking for things that he already had and for criminal documents that we had no access to because, by law, the government has possession of and CEO never had. Well, new lawyer was really excited, so he filed motions to compel us to produce these unobtainable documents. He filed for sanctions. We filed for sanctions back.

It grew more litigious as the final hearing on the merits approached.

Finally, we presented our case for a permanent injunction, emphasizing the importance of the company and the smooth transition to the new, Dr. CEO. We won! Because we won, the company is open and providing medically necessary services to our most needy population.

And…I get to draft the proposed decision.