The ADR rule went into effect Jan. 1, 2019. Original blog post published March 6, 2019, on RACMonitor.
The Centers for Medicare & Medicaid Services (CMS) has updated its criteria for additional document requests (ADRs). If your ADR “cycle” is less than 1, CMS will round it up to 1.
What is an ADR cycle?
When a claim is selected for medical review, an ADR is generated requesting medical documentation be submitted to ensure payment is appropriate. Documentation must be received by CGS (A Celerian Group Company) within 45 calendar days for review and payment determination. Any selected and submitted claim can create an ADR. In other words, a provider is asked to prove that the service was rendered and that the billing was compliant.
It is imperative to understand that you, as the provider, check the Fiscal Intermediary Standard System (FISS) status/location S B6001. Providers are encouraged to use FISS Option 12 (Claim Inquiry) to check for ADRs at least once per week. You will not receive any other form of notification for an ADR.
To make matters even more confusing, there are two different types of ADRs: medical review (reason code 39700) and non-medical review (reason code 39701).
An ADR may be sent by CGS, Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs), Supplemental Medical Review Contractors (SMRCs), the Comprehensive Error Rate Testing (CERT) contractor, etc. When a claim is selected for review or when additional documentation is needed to complete the claim, an ADR letter is generated requesting that documentation and/or medical records be submitted.
The ADR process is essentially a type of prepayment review.
A baseline annual ADR limit is established for each provider based on the number of Medicare claims paid in the previous 12-month period that are associated with the provider’s six-digit CMS Certification Number (CCN) and the provider’s National Provider Identifier (NPI) number. Using the baseline annual ADR limit, an ADR cycle limit is also established.
After three 45-day ADR cycles, CMS will calculate (or recalculate) a provider’s denial rate, which will then be used to identify a provider’s corresponding “adjusted” ADR limit. Auditors may choose to either conduct reviews of a provider based on their adjusted ADR limit (with a shorter lookback period) or their baseline annual ADR limit (with a longer lookback period).
The baseline, annual ADR limit is one-half of one percent of the provider’s total number of paid Medicare service types for which the provider had reimbursed Medicare claims.
Effective Jan. 1, 2019, providers whose ADR cycle limit is less than 1, even though their annual ADR limit is greater than 1, will have their ADR cycle limit round up to 1 additional documentation request per 45 days, until their annual ADR limit has been reached.
For example, say Provider ABC billed and was paid for 400 Medicare claims in a previous 12-month period. The provider’s baseline annual ADR limit would be 400 multiplied by 0.005, which is two. The ADR cycle limit would be 2/8, which is less than one. Therefore, Provider ABC’s ADR cycle limit will be set at one additional documentation request per 45 days, until their annual ADR limit, which in this example is two, has been reached. In other words, Provider ABC can receive one additional documentation request for two of the eight ADR cycles, per year.
ADR letters are sent on a 45-day cycle. The baseline annual ADR limit is divided by eight to establish the ADR cycle limit, which is the maximum number of claims that can be included in a single 45-day period. Although auditors may go more than 45 days between record requests, in no case shall they make requests more frequently than every 45 days.
And that is the update on ADRs. Remember, the rule changed Jan. 1, 2019.
Once You STOP Accepting Medicaid/Care, How Much Time Has to Pass to Know You Will Not Be Audited? (For Past Nitpicking Documentation Errors)
I had a client, a dentist, ask me today how long does he have to wait until he need not worry about government, regulatory audits after he decides to not accept Medicare or Medicaid any more. It made me sad. It made me remember the blog that I wrote back in 2013 about the shortage of dentists that accept Medicaid. But who can blame him? With all the regulatory, red tape, low reimbursement rates, and constant headache of audits, who would want to accept Medicare or Medicaid, unless you are Mother Teresa…who – fun fact – vowed to live in poverty, but raised more money than any Catholic in the history of the recorded world.
What use is a Medicaid card if no one accepts Medicaid? It’s as useful as our appendix, which I lost in 1990 and have never missed it since, except for the scar when I wear a bikini. A Medicaid card may be as useful as me with a power drill. Or exercising lately since my leg has been broken…
The answer to the question of how long has to pass before breathing easily once you make the decision to refuse Medicaid or Medicare? – It depends. Isn’t that the answer whenever it comes to the law?
By Whom and Why You Are Being Investigated Matters
If you are being investigated for fraud, then 6 years.
If you are being investigated by a RAC audit, 3 years.
If you are being investigated by some “non-RAC entity,” then it however many years they want unless you have a lawyer.
If being investigated under the False Claims Act, you have 6 – 10 years, depending on the circumstances.
If investigated by MICs, generally, there is a 5-year, look-back period.
ZPICS have no particular look-back period, but with a good attorney, reasonableness can be argued. How can you be audited once you are no longer liable to maintain the records?
The CERT program is limited by the same fiscal year.
The Alternative: Self-Disclosure (Hint – This Is In Your Favor)
If you realized that you made an oops on your own, you have 60-days. The 60-day repayment rule was implemented by the Centers for Medicare and Medicaid Services (“CMS”), effective March 14, 2016, to clarify health care providers’ obligations to investigate, report, and refund identified overpayments under the Affordable Care Act (“ACA”).
Notably, CMS specifically stated in the final rule that it only applies to traditional Medicare overpayments for Medicare Part A and B services, and does not apply to Medicaid overpayments. However, most States have since legislated similar statutes to mimic Medicare rules (but there are arguments to be made in courts of law to distinguish between Medicare and Medicaid).
Premature Recoupment of Medicare or Medicaid Funds Can Feel Like Getting Mauled by Dodgeballs: But Is It Constitutional?
State and federal governments contract with many private vendors to manage Medicare and Medicaid. And regulatory audits are fair game for all these contracted vendors and, even more – the government also contracts with private companies that are specifically hired to audit health care providers. Not even counting the contracted vendors that manage Medicaid or Medicare (the companies to which you bill and get paid), we have Recovery Act Contractors (RAC), Zone Program Integrity Contractors (ZPICs), Medicare Administrative Contractors (MACs), and Comprehensive Error Rate Testing (CERT) auditors. See blog for explanation. ZPICs, RACs, and MACs conduct pre-payment audits. ZPICs, RACs, MACs, and CERTs conduct post-payment audits.
It can seem that audits can hit you from every side.
“Remember the 5 D’s of dodgeball: Dodge, duck, dip, dive and dodge.”
Remember the 5 A’s of audits: Appeal, argue, apply, attest, and appeal.”
Medicare providers can contest payment denials (whether pre-payment or post-payment) through a five-level appeal process. See blog.
On the other hand, Medicaid provider appeals vary depending on which state law applies. For example, in NC, the general process is an informal reconsideration review (which has .008% because, essentially you are appealing to the very entity that decided you owed an overpayment), then you file a Petition for Contested Case at the Office of Administrative Hearings (OAH). Your likelihood of success greatly increases at the OAH level because these hearings are conducted by an impartial judge. Unlike in New Mexico, where the administrative law judges are hired by Human Services Department, which is the agency that decided you owe an overpayment. In NM, your chance of success increases greatly on judicial review.
In Tx, providers may use three methods to appeal Medicaid fee-for-service and carve-out service claims to Texas Medicaid & Healthcare Partnership (TMHP): electronic, Automated Inquiry System (AIS), or paper within 120 days.
In Il, you have 60-days to identify the total amount of all undisputed and disputed audit
overpayment. You must report, explain and repay any overpayment, pursuant to 42 U.S.C.A. Section 1320a-7k(d) and Illinois Public Aid Code 305 ILCS 5/12-4.25(L). The OIG will forward the appeal request pertaining to all disputed audit overpayments to the Office of Counsel to the Inspector General for resolution. The provider will have the opportunity to appeal the Final Audit Determination, pursuant to the hearing process established by 89 Illinois Adm. Code, Sections 104 and 140.1 et. seq.
You get the point.”Nobody makes me bleed my own blood. Nobody!” – White Goodman
Recoupment During Appeals
Regardless whether you are appealing a Medicare or Medicaid alleged overpayment, the appeals process takes time. Years in some circumstances. While the time gently passes during the appeal process, can the government or one of its minions recoup funds while your appeal is pending?
The answer is: It depends.
Before I explain, I hear my soapbox calling, so I will jump right on it. It is my legal opinion (and I am usually right) that recoupment prior to the appeal process is complete is a violation of due process. People are always shocked how many laws and regulations, both on the federal and state level, are unconstitutional. People think, well, that’s the law…it must be legal. Incorrect. Because something is allowed or not allowed by law does not mean the law is constitutional. If Congress passed a law that made it illegal to travel between states via car, that would be unconstitutional. In instances that the government is allowed to recoup Medicaid/care prior to the appeal is complete, in my (educated) opinion. However, until a provider will fund a lawsuit to strike these allowances, the rules are what they are. Soapbox – off.
Going back to whether recoupment may occur before your appeal is complete…
For Medicare audit appeals, there can be no recoupment at levels one and two. After level two, however, the dodgeballs can fly, according to the regulations. Remember, the time between levels two and three can be 3 – 5 years, maybe longer. See blog. There are legal options for a Medicare provider to stop recoupments during the 3rd through 5th levels of appeal and many are successful. But according to the black letter of the law, Medicare reimbursements can be recouped during the appeal process.
Medicaid recoupment prior to the appeal process varies depending on the state. Recoupment is not allowed in NC while the appeal process is ongoing. Even if you reside in a state that allows recoupment while the appeal process is ongoing – that does not mean that the recoupment is legal and constitutional. You do have legal rights! You do not need to be the last kid in the middle of a dodgeball game.
Don’t be this guy:
Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).
Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.
Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?
These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.
Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.
Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive. Pick one and read.
You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.
Other targeted providers types coming up:
- Security of Certified Electronic Health Record Technology Under Meaningful Use
- States’ Collection of Rebates on Physician-Administered Drugs
- States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
- Adult Day Health Care Services
- Oversight of States’ Medicaid Information Systems Security Controls
- States’ MCO Medicaid Drug Claims
- Incorrect Medical Assistance Days Claimed by Hospitals
- Selected Inpatient and Outpatient Billing Requirements
And the list goes on and on…
Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs…
Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!
The Center for Medicare and Medicaid Services (CMS) announced the expansion of Targeted Probe and Educate (TPE) audits. At first glance, this appears to be fantastic news coming on the heels of so much craziness at Health and Human Services (HHS). We have former-HHS Secretary Price flying our tax dollars all over. Dr. Don Wright stepping up as our new Secretary. The Medicare appeal backlog fiasco. The repeal and replace Obamacare bomb. Amidst all this tomfoolery, health care providers are still serving Medicare and Medicaid patients, reimbursement rates are in the toilet, which drives down quality and incentivizes providers to not accept Medicare or Medicaid (especially Caid), and providers are undergoing “Audit Alphabet Soup.” I actually had a client tell me that he receives audit letters requesting documents and money every single week from a plethora of different organizations.
So when CMS announced that it was broadening its TPE audits, it was a sigh of relief for many providers. But will TPE audits be the benign beasts they are purporting to be?
What is a TPE audit? (And – Can We Have Anymore Acronyms…PLEASE!)
CMS says that TPE audits are benevolent. CMS’ rhetoric indicates that these audits should not cause the toner to run out from overuse. CMS states that TPE audits will involve “the review of 20-40 claims per provider, per item or service, per round, for a total of up to three rounds of review.” See CMS Announcement. The idea behind the TPE audits (supposedly) is education, not recoupments. CMS states that “After each round, providers are offered individualized education based on the results of their reviews. This program began as a pilot in one MAC jurisdiction in June 2016 and was expanded to three additional MAC jurisdictions in July 2017. As a result of the successes demonstrated during the pilot, including an increase in the acceptance of provider education as well as a decrease in appealed claims decisions, CMS has decided to expand to all MAC jurisdictions later in 2017.” – And “later in 2017” has arrived. These TPE audits are currently being conducted nationwide.
Below is CMS’ vision for a TPE audit:
Clear? As mud?
The chart does not indicate how long the provider will have to submit records or how quickly the TPE auditors will review the documents for compliance. But it appears to me that getting through Round 3 could take a year (this is a guess based on allowing the provider 30 days to gather the records and allowing the TPE auditor 30 days to review).
Although the audit is purportedly benign and less burdensome, a TPE audit could take a whole year or more. Whether the audit reviews one claim or 20, having to undergo an audit of any size for a year is burdensome on a provider. In fact, I have seen many companies having to hire staff dedicated to responding to audits. And here is the problem with that – there aren’t many people who understand Medicare/caid medical billing. Providers beware – if you rely on an independent biller or an electronic medical records program, they better be accurate. Otherwise the buck stops with your NPI number.
Going back to CMS’ chart (above), notice where all the “yeses” go. As in, if the provider is found compliant , during any round, all the yeses point to “Discontinue for at least 12 months.” I am sure that CMS thought it was doing providers a favor, but what that tells me is the TPE audit will return after 12 months! If the provider is found compliant, the audit is not concluded. In fact, according to the chart, the only end results are (1) a referral to CMS for possible further action; or (2) continued TPE audits after 12 months. “Further action” could include 100% prepayment review, extrapolation, referral to a Recovery Auditor, or other action. Where is the outcome that the provider receives an A+ and is left alone??
CMS states that “Providers/suppliers may be removed from the review process after any of the three rounds of probe review, if they demonstrate low error rates or sufficient improvement in error rates, as determined by CMS.”
I just feel as though that word “may” should be “will.” It’s amazing how one word could change the entire process.
Electronic health records or EHR have metamorphosed health care. Choosing a vendor can be daunting and the prices fluctuate greatly. As a provider, you probably determine your EHR platform on which vendor’s program creates the best service notes… or which creates the most foolproof way of tracking time… or which program is the cheapest.
But…what’s in YOUR contract can be legally deadly.
Regardless how you choose your EHR vendor, you need to keep the following legal issues in mind when it comes to EHR and the law:
Regulatory and Clinical Coverage Policy Compliance
Most likely, your EHR vendor does not have a legal degree. Yet, you are buying a product and assuming that the EHR program complies with applicable regulations, rules, and clinical coverage policies – whichever are applicable to your type of service. Well, guess what? These regulations, rules, and clinical coverage policies are not stagnant. They are amended, revised, and re-written more than my chickens lay eggs, but a little less often, because my chickens lay eggs every day.
Think about it – The Division of Medical Assistance (DMA) publishes a monthly Medicaid Bulletin. Every month DMA provides more insight, more explanations, more rules that providers will be held accountable to follow.
Does your EHR program update every month?
You need to review your contract and determine whether the vendor is responsible for regulatory compliance or whether you are. If you are, should you put so much faith in the EHR program?
You are required to maintain your records (depending on your type of service) anywhere from 5-10 years. Let’s say that you sign a four year contract with EHR Vendor X. The four years expires, and you hire a new EHR vendor. You are audited. But Vendor X does not allow you access to the records because you no longer have a contract with them – not their problem!
You need to ensure that your EHR contract allows you access to your documents (because they are your documents) even in the event of the contract expiring or getting terminated. The excuse that “I don’t have access to that” does not equal a legal defense.
This is otherwise known as the “Blame Game.” If there is a problem with regulatory compliance, as in, the EHR records do not follow the regulations, then you need to know whether the EHR vendor will take responsibility and pay, or help pay, for attorneys’ fees to defend yourself.
Like it or not, the EHR vendor does not undergo audits by the state and federal government. The EHR vendor does not undergo post and pre-payment reviews for regulatory compliance. You do. It is your NPI number that is held accountable for regulatory compliance.
You need to check whether there is an indemnification clause in the EHR contract. In other words, if you are accused of an overpayment because of a mistake on the part of the vendor, will the vendor cover your defense? My guess is that there is no indemnification clause.
HIPAA laws require that you minimize the access to private health information (PHI) and prevent dissemination. With hard copies, this was easy. You could just lock up the documents. With EHR, it becomes trickier. Obviously, you have access to the PHI as the provider. But who can access your EHR on the vendor-side? Assuming that the vendor has an IT team in case of computer issues, you have to consider to what exactly does that team have access.
I recently attended a legal continuing education class on data breach and HIPAA compliance for health care. One of the speakers was a Special Agent with the FBI. This gentleman prosecutes data breaches for a living. He said that hackers will pay over $500 per private medical document. Health care companies experienced a 72% increase in cyberattacks between 2013 and 2014. Stolen health care information is 10 times more valuable than your credit card information.
Obviously, I am exaggerating here. I do not believe that The Walking Dead is real and in our future. But here is my point – You are held accountable for maintaining your medical records, even in the face of an act of God or terrorism.
Example: It was 1996. Provider Dentist did not have EHR; he had hard copies. Hurricane Fran flooded Provider Dentist’s office, ruining all medical records. When Provider Dentist was audited, the government did not accept the whole “there was a hurricane” excuse. Dentist was liable for sever penalties and recoupments.
Fast forward to 2017 and EHR – Think a mass computer shutdown won’t happen? Just ask Delta about its August 2016 computer shutdown that took four days and cancelled over 2000 flights. Or Medstar Health, which operates 10 hospitals and more than 250 outpatient facilities, when in March 2016, a computer virus shut down its emails and…you guessed it…its EHR database.
So, what’s in YOUR contract?
How many times have you heard, “Third time’s a charm?”If that is true, then what is the fifth time? The sixth time?
In an October 3, 2016, advisory report, the Office of Inspector General (OIG) recommends that the Center for Medicare and Medicaid Services (CMS) heighten its scrutiny on personal care services (PCS) in states across the country. The OIG claims “that home health has long been recognized as a program area vulnerable to fraud, waste, and abuse.” Past OIG reports have focused on Medicare. This new one focuses on Medicaid.
OIG is a division of the U.S. Department of Health and Human Services (HHS) and is charged with identifying and combating waste, fraud, and abuse in the HHS’s more than 300 programs. But, evidently, OIG is not happy, happy, happy, when HHS disregards its findings, which appears to be what has happened for a number of years.
PCS are nonmedical services for people who need assistance with activities of daily living (ADLs), such as bathing, eating, and toileting. Most of the time, PCS are allowing the person to remain in his or her home, instead of being institutionalized. However, according to OIG, PCS is fraught with fraud.
PCS is an optional service for Medicaid, i.e., states can choose to cover the cost of PCS with government funds. But, on the federal level, PCS is provided, if medically necessary, in all states.
The OIG report summarizes Medicaid fraud schemes from November 2012 through August 2016. OIG goes on to say that the fraud in this report is merely replicate of Medicare fraud found in a prior reports. In other words,OIG is basically saying that it has found Medicare fraud in home health in multiple, past reports and that CMS has not followed through appropriately. In fact, this report makes over five times, in recent years, that OIG has instructed CMS to increase its regulatory oversight of Medicare/caid personal care services. How many times does it take for your spouse to ask you to take out the trash until you take out the trash? Third time’s a charm??
Mark my words…in the near future, there will be heightened investigations and increased audits on home health.
Here are some scenarios that can trigger an audit of home health:
- High percentage of episodes for which the beneficiary had no recent visits with the supervising physician;
- High percentage of episodes that were not preceded by a hospital or nursing home stay;
- High percentage of episodes with a primary diagnosis of diabetes or hypertension;
- High percentage of beneficiaries with claims from multiple home health agencies; and
- High percentage of beneficiaries with multiple home health readmissions in a short period of time.
While the above-mentioned scenarios do not prove the existence of Medicare/caid fraud, they are red flags that will wave their presence before health care investigators’ faces.
Here are the states (and cities) which will be targets:
Notice that North Carolina is not highlighted. Notice that Florida is highlighted and contained numerous “hotspots.” Certainly that has nothing to do with the abnormal number of people on Medicare…
Regardless, North Carolina will get its share of Medicare PCS audits. Especially, considering that we have the 7th most number of Medicare beneficiaries in the country – that should have gotten us highlighted per se.
Since the OIG Portfolio report issued in 2012, OIG has opened more than 200 investigations involving fraud and patient harm and neglect in the PCS program across the country. “Given the significant vulnerabilities in the PCS program, including a lack of internal controls, and that PCS fraud continues to be a persistent problem, OIG anticipates that its enforcement efforts will continue to involve PCS cases.”Report.
Fifth time is a ______?? (Sure thing).
Monday, February 22, 2016, The Centers for Medicare and Medicaid Services (CMS) announced that it plans to increase onsite visits and monitoring of health care providers. One of the top priorities for CMS is to verify that provider enrollment and address are correct…
Because, as you know, providers with correct addresses on file are less likely to commit Medicare fraud. Medicare Fraud 101 – Give CMS the wrong address. Really? (While I applaud their valiant effort, the fraud that I have witnessed has not been a health care provider using a fake address to provide fake services…that is too Ponzi, too shallow in thought…too easily detected. Oh no, the fraud I have encountered were providers with actual practices with correct addresses, but embellishing on the amount of services provided to an actual Medicare enrollee to cushion their pockets. This is much more difficult to detect.
But CMS has its reasons for sniffing out fake addresses. CMS’ address hunt-down comes on the heels of a report from June 2015 out of the Government Accountability Office (GAO), which determined that approximately 22% of Medicare provider addresses are “potentially ineligible.” Additionally, last March (2015) CMS decreased the amount of audits conducted by Medicare Administrative Contractors (MACs), which are one of the entities that investigate Medicare provider eligibility.
Whenever the GAO finds potential errors, CMS usually puts on the whole dog and pony show…or, maybe, for a change, a pig and pony show…
With all these political talks about donkeys and elephants, I would like to take a moment and blog about a pig. Some of you know that I own a pet pig. She is 4 1/2 years old and about 30 pounds. See below.
Isn’t she cute?! Some of you will remember my last blog about Oink was “Our Medicaid Budget: Are We Just Putting Lipstick on a Pig?”
The reason I bring up Oink is that she is the smartest, most animated animal I have ever encountered. She is also the best “sniffer-outer” I have ever encountered. Her keen sense of smell is well beyond any human’s sense of smell. If you liken Oink to CMS and Medicare fraud to a Skittle, the Skittle would have no chance.
These upcoming and increased number of audits is CMS’ way of sniffing out fraud. However, CMS’ sense of smell is not up to snuff like Oink’s sense of smell.
Searching for erroneous addresses in order to detect fraud, waste, and abuse (FWA) will, inevitably, be over-inclusive. Meaning, many of the erroneous addresses will not be committing Medicare fraud. Some erroneous addresses exist because providers simply moved to another location and either failed to inform CMS or CMS’ database was not updated with the new address. Other erroneous addresses exist because health care providers went out of business and never informed CMS. A new company leases the property and it appears to CMS that fraudulent billing was occurring a couple years ago out of, for example, what is now a Jimmy John’s.
Searching for erroneous addresses in order to detect FWA will, inevitably, be under-inclusive. Meaning, that many providers committing Medicare fraud do so with accurate office addresses.
My contention is that if you want to find FWA, you need to dig deeper than an incorrect address. Sniffing out Medicare fraud is a bit more in depth than finding improper addresses. That would be like tossing handfuls of Skittles on the ground and expecting Oink to only find the green ones.
In fiscal year 2014, Medicare paid $554 billion for health care and related services. CMS estimates that $60 billion (about 10 percent) of that total was paid improperly (not only because of incorrect addresses).
CMS is responsible for developing provider and supplier enrollment procedures to help safeguard the program from FWA. CMS contracts with Medicare Administrative Contractors (MACs) and the National Supplier Clearinghouse (NSCs) to manage the enrollment process. MACs are responsible for verifying provider and supplier application information in Provider Enrollment, Chain and Ownership System (PECOS) before the providers and suppliers are permitted to enroll into Medicare. CMS currently contracts with 12 MACs, each of which is responsible for its own geographic region, known as a “jurisdiction.
As you can see, we live in Jurisdiction 11. These MACs act as the “sniffer-outers” for CMS.
According to the GAO June 2015 report, about 23,400 (22 percent) of the 105,234 addresses that GAO initially identified as a Commercial Mail Receiving Agency (CMRA), vacant, or invalid address are potentially ineligible for Medicare providers and suppliers. “About 300 of the addresses were CMRAs, 3,200 were vacant properties, and 19,900 were invalid. Of the 23,400 potentially ineligible addresses, [GAO] estimates that, from 2005 to 2013, about 17,900 had no claims associated with the address, 2,900 were associated with providers that had claims that were less than $500,000, and 2,600 were associated with providers that had claims that were $500,000 or more per address.”
In other words, out of 105,234 addresses, only 2,600 actively billed Medicare for over $500,000 from 2005 through 2013 (8 years). Had CMS narrowed the scope and looked at practices that billed over $500,000 since 2010, I fancy the the number would have been much lower, because, as discussed above, many of these providers either moved or went out-of-business.
Now, 2,600 is not a nominal number. I am in no way undermining CMS’ efforts to determine the accuracy of providers’ addresses; I am not insinuating that these efforts are unnecessary or a complete waste of time. I think verification of health care providers’ addresses is an important aspect of detecting FWA. Instead, I believe that, as discussed above, verifying providers’ addresses is a poor, under and over-inclusive attempt at searching for FWA. Because, as I stated at the beginning of this blog, the people who are intentionally trying to defraud the system, are not going to intentionally give an erroneous address. It is just too easy for the government to discover the error. No, the people who are intentionally defrauding the state will have a legitimate office.
For example, in my opinion, it is unlikely that anyone intentionally trying to defraud the system will inform the government that they provide health care services from the following places:
Again, if I liken CMS’ search for FWA by detecting inaccurate addresses to Oink, it would be like tossing a handful of Skittles on the ground and expecting Oink to only find the green ones.
If CMS audits are to Oink as fraud is to Skittles, then I think there is a less intrusive, less inclusive way to detect FWA rather than throwing out packets of Skittles for Oink. All that does is make Oink eat too much.
Medicare is the largest payor of clinical lab services in the nation. Clinical lab services include everything from blood counts to urinalyses, and every letter of the alphabet in between. Lab services are performed by hospitals, independent labs, physicians, or other institutions.
Medicare Part B (which covers lab services) has had increased enrollment over the past few years, but the amount billed to Part B over the past few years has increased at a much higher rate. In other words, the amount of lab services billed to Part B has increased disproportionately to the increase in enrollment. Any number of factors could contribute to this: defensive practice of medicine, more reliance on laboratory testing, more labs…
Regardless, the higher billing amounts in lab services has now won the prestigious award of “Increased CMS Scrutiny!” (sarcasm, people). And the crowd goes wild!!!!
Mid-2014, the U.S. Office of Inspector General (OIG) published a study entitled, “Questionable Billing for Medicare Part B Clinical Laboratory Services.” OIG determined that Medicare allowed $1.5 billion to be paid for claims with questionable billing. It recommended that CMS: (1) review the labs identified with questionable billing and take appropriate action; (2) review program integrity strategies and determine whether such strategies are adequate; and (3) ensure that claims with invalid and ineligible ordering-physician numbers are not being paid.
In normal and expectant government time frames, the “dinosauric beast” has now determined, a little over a year later, that laboratory service claims warrant enhanced scrutiny. And a little over 85 years after its discovery, we finally determine that Pluto isn’t a planet.
CMS zoomed in their lens of scrutiny on lab services multiple times over a decade ago. Each “CMS zoom” resulted in millions and millions of money given to the federal government, which perpetuates the feds to zoom more and more…it’s easy money.
For example, in 2000, OIG issued Project LabScam, which resulted in substantial settlements against Laboratory Corporation of America Holdings, SmithKline Beecham, Met/Path, Damon, Roche, and Allied.
In 2002, OIG found that Medicare incorrectly paid $7.4 million for lab services with invalid ordering UPINs and $15.3 million for lab service claims with inactive ordering UPINs.
What does this mean to providers of lab services today?
It means you need to be prepared for an audit.
When I was young, one of my favorite games was “Red Rover.” Children would grasp arms and form a straight line facing the other team, which was doing the same. I would yell, “Red River, Red Rover, send Holly right over!” At which time, little Holly would be released from her line and prepare to run, full speed, into my line of little kids’ arms. Inevitably, once we saw where Holly was running, we would tighten up our grasps on one another’s arms to prepare for the impact.
Similarly, in preparation for upcoming audits, lab service providers need to tighten up.
The best way to be certain of your risks in a potential audit is to hire a professional consultant or an experienced attorney to review a large sample of your documents. This allows an outsider to provide an unbiased opinion as to your risk. You may have the best billing manager in the world, but, when it comes to a self audit, he or she already believes that his or her documentation is stellar and that the organization of such documents is self evident. Having an outsider audit your records is worth its weight in gold and the best way to tighten up pre-audit.
The second best way to be certain of your risks in a potential audit is to self audit. Even if you hire a consultant or an attorney for a one time, third-party audit, you still want to self-audit multiple times a year. Every now and then you need to kick the old tires.
How do you self audit?
FYI: My general explanation of how to self audit will be appropriate for all health care service provider types. I will describe some more detailed ways to self audit that will be specific to lab services.
In order to self audit, I teach the IAKA method, not to be confused with IKEA.
- Identify common risks
- Audit a sample of your documents
- Keep record of each step of your audit, including findings
- Act on the findings.
What are the common red flags in your industry?
For lab services, common red flags may be high average allowed amounts per ordering physician, high percentage of claims with ineligible ordering-physician numbers, high percentage of claims with compromised beneficiary numbers, and high percentage of duplicate lab tests.
Here’s an area to look into that you may not otherwise consider in a self audit: what percentage of your lab clients live outside 100 miles? This may sound hoaky, but I had a lab service client flagged because 92% of the clients resided over 150 miles away. There was a perfectly reasonable explanation for such anomaly, the lab was located in a large, prestigious hospital in a rural area and people came from miles away to the hospital, but the statistic still flagged it.
Another specific item to review is, on average, how much does each physician bill in the laboratory? Do you have 4 physicians who bill, on average, $60,000+ per ordering physician? Because, for an independent lab, that would be very high.
For the actual self audit, you want to break up the audit into two categories: standards and procedures and document compliance.
For standards and procedures, you are reviewing whether you are properly orienting new hires, the specific training you implement, your criminal background check procedures, HIPAA training, your license renewal processes, your certification renewal processes, etc.
For document compliance, you are reviewing for physician signatures and dates.
NOTE: It is not required, but it is extremely prudent to print the name of the signator underneath all signatures. I have seen auditors ding providers on “physicians not being licensed/credentialed” because the auditor could not read the name of the physician.
You are also reviewing for medical necessity, eligible ordering-physician numbers, distance the client is to the lab, amount prescribed to that particular client, amount prescribed by that particular physician, whether that test prescribed for the same client within a 12 month period, coding compliance, etc.
It is imperative that you keep meticulous records while you conducting the audits. You want to be able to show an auditor that you caught a mistake and that you implemented a plan of correction to remedy the mistake going forward. And that, in actuality, you remedied the mistake going forward. This documentation is essential for possible defenses to alleged potential overpayments, false claims, and, even, alleged criminal actions. Your documentation skills could be the difference between paying millions in penalties, or, in the extreme case, jail.
I got ahead of myself in the prior section by saying that you need to document the way in which you fix the mistake. But I cannot emphasize it enough. Acting on your findings is important, obviously, but documenting the actions is more important. Ever hear the saying, “If it isn’t documented, it didn’t happen?” Take that as gospel.
Be prepared. Be proactive. Be ready. Tighten up!
When you, as a health care provider, undergo a regulatory Medicare or Medicaid audit, your liability insurance could be your best friend or your worst enemy. It is imperative that you understand your liability coverage prior to ever undergoing an audit.
There are two very important issues that you need to know about your liability insurance:
1. Whether your liability insurance covers your choice of attorney; and
2. Whether your liability insurance covers settlements and/or judgments.
I cannot express the importance of these two issues when it comes to regulatory audits, paybacks and recoupments. Let me explain why…
Does your liability insurance cover attorneys’ fees for your choice of provider?
I have blogged numerous times over the past years about the importance of knowing whether your liability insurance covers your attorneys’ fees. I have come to realize that whether your liability insurance covers your attorneys’ fees is less important than knowing whether your liability insurance covers your choice of attorney. Believe it or not, when it comes to litigating regulatory issues in the Medicare/Medicaid, attorneys are not fungible.
A client of mine summed it up for me today. She said, “I wouldn’t go to my dentist for a PAP smear.”
Case in point, here are some examples of misconceptions that attorneys NOT familiar with the Office of Administrative Hearings (OAH) might think:
• Myth: Getting the case continued is a breeze, especially if all the parties consent to it.
• Reality: Generally, OAH is reluctant to continue cases, except for good cause, especially when a case has pended for a certain amount of time. (This has been a more recent trend and could change in the future).
• Myth: When my case is scheduled for trial on X date, it will be a cattle call and we will only determine when the case will be actually heard, so I don’t need to prepare for trial. (This is true in superior court).
• Reality: Incorrect. Most likely, you will be heard. OAH has a number of administrative law judges (ALJs) who are assigned cases. Generally, they only schedule one case per day, although there are exceptions.
• Myth: Since we are going to trial next week, the other side must not intend to file a motion to dismiss or motion for summary judgment. I don’t need to prepare any counter arguments.
• Reality: The administrative rules allow attorneys to orally file motion the day of trial.
You can imagine how devastating attorney misconceptions can be to your case. An attorney with these misconceptions could very well appear unprepared at a trial, which could have catastrophic consequences on you and your company.
Review your liability insurance. Determine whether your liability insurance covers attorneys’ fees. Then determine whether it covers your choice of attorney.
Does your liability insurance cover settlements and/or judgments?
Recently, a client was informed that the agency allegedly owes over $400,000 to the auditing agency. We will call him Jim. Jim came to me, and I instructed him to determine whether his liability insurance covers attorneys’ fees. It turned out that his insurance did cover attorneys’ fees, but only a certain attorney. Jim had overlooked our first issue.
Despite the fact that his insurance would not cover my fees, he opted to stick with me. (Thanks, Jim).
Regardless, once settlement discussions arose between us and the auditing entity, which in this particular case was Palmetto, I asked Jim for a copy of his liability insurance. If his liability insurance covers settlements, then we have all the incentive in the world to settle and skip an expensive hearing.
I was shocked at the language of the liability insurance.
According to the contract, insurance company would pay for attorneys’ fees (just not mine). Ok, fine. But the insurance company would contribute nothing to settlements or judgments.
What does that mean?
Insurance company could provide Jim with bargain basement attorneys, the cheapest it could find, with no regard as to whether the attorney were a corporate, litigation, real estate, tax, bankruptcy, or health care lawyer BECAUSE…
The insurance company has no skin in the game. In other words, the insurance company could not care less whether the case settles, goes to trial, or disappears. Its only duty is to pay for some lawyer.
Whereas if the insurance company were liable for, say, 20% of a settlement or judgment, wouldn’t the insurance company care whether the hired lawyer were any good?
Print off your liability insurance. Read it. Does your liability insurance cover attorneys’ fees for your choice of provider?
Does your liability insurance cover settlements and/or judgments?