Today, I am going to talk about RAC audits. I know what you are thinking…don’t you always talk about RACs? Of course, you are going to talk about RAC audits. No. Today, I’m taking this blog in a different direction.
I want to talk about secret, hidden RAC audits. As you are aware, the federal regulations limit RACs from going back more than 3 years to audit claims. Juxtapose the UPICs, TPEs, SMRCs, MACs, OIG, and even State Medicaid agencies. Everyone, but the RACs are allowed more than a 3-year lookback period. Some, like OIG, have long lookback periods. Coincidentally, when a company responds to an RFP or a request for proposal from CMS to act as CMS’ vendor to conduct Medicare audits on America’s Medicare providers, a clause in the proposed contract between CMS and the vendor is highly argued or negotiated. Which clause in the vendor’s contract is most negotiated? I will tell you. The clause that states that the vendor is a RAC is most negotiated. Because if the vendor is called a UPIC instead of a RAC, the vendor has a longer lookback period. Being called a UPIC, suddenly, becomes a commodity. There are no laws mandating UPICs to a 3-year lookback period. All of a sudden, it is not hip to be a RAC.
Look into it. Do your research. The contracts are public record. Ask for Cotiviti’s contracts with CMS. Notice I said contracts, not contract. What I have realized over time is that a vendor may be hired by CMS to be a RAC auditor, but, once the vendor realizes the limit of 3 years, it goes back to CMS and asks if it can be considered an UPIC. Why? A UPIC can do everything that a RAC does; however, it gets an additional 3 years to lookback at claims and that means money. Cha-ching! Even Dr. Ron Hirsh commented today on RACMonitor about this story, which I presented this morning at 10:00am, as I present every Monday morning, live, on the national podcast RACMonitor , hosted by Chuck Buck and produced by MedLearn. If you want to listen to the podcast, click the following link: Nelson Mullins – Monitor Mondays Podcast Featuring Knicole Emanuel; Defeating Statistical Extrapolations, Expansion of Medicaid RACs, IPPS Final Rule, Smart Hospitals, and Physician Advisors Episodes
The podcast is also on video, but I don’t know how to view that. If you do, you would see my baby duck Biscuit on the screen. He joined me this morning to talk about, “What Walks Like a Duck and Quacks Like a Duck, Must be a Duck.” Dr. Hirsh commented that companies like Cotiviti have many, many contracts deeming Cotiviti many different acronyms. If you get a letter from Cotiviti, do not assume it is acting as a RAC. Instead, ask for the contract which allows Cotiviti to do what it purports to want to do.
I’ve noticed this trend in real life, but only for 10-20 individual cases, maybe 30. I have not had the time to draft a FOYIA request, and, quite frankly, my name on a FOYIA request nowadays result in a response that says, something to the effect of, use discovery instead. Even though my personal experiences should not be extrapolated across the country because that would be inappropriate and judgmental, I will give an example and you may extrapolate or not. There is a company that has been doing RAC audits in NC for the last 5-8 years. It is called Public Consulting Group (“PCG”). PCG and I go way back. If you are a longtime listener of RACMonitor, you will recall that Ed Roche and I presented numerous podcasts about the debacle in NM in 2013. The State of NM put 15 Medicaid providers who constituted 87.6% of the BH providers in NM at the time. The consequences were catastrophic; thousands were out of BH services overnight. There is even a documentary about the unraveling of BH in NM in 2013. The reason that these 15 BH providers were put out of business overnight was because of a NM vendor called PCG. PCG issued a report to NM after conducting Medicaid audits on these 15 BH facilities, which accused the 15 facilities of fraud. In 2013, PCG was considered a RAC per contract. Today, when I have a case against PCG and make the 3-year lookback period argument, I get a retort that it’s not a RAC. Instead it’s a UPIC.
To which I say, if it walks like a duck and talks like a duck, it is a duck.
The Centers for Medicare & Medicaid Services (“CMS”) has modified the additional documentation request (“ADR”) limits for the Medicare Fee-for-Service Recovery Audit Contractor (“RAC”) program for suppliers. Yet, one of our listeners informed me that CMS has found a “work around” from the RAC ADR limits. She said, “There is the nationwide Supplemental Medical Review Contractor (“SMRC”) audits and now nationwide Quality Improvement Organizations (“QIO”) contract audits. These contracts came about after the Congressional limits on number of audits by the RAC.” Dr. Hirsh retorted, “But SMRC and QIO are not paid contingency fee. So, they are “different” audits. RACs are evil; SMRC and QIO have a few redeeming qualities.” I completely agree with Dr. Hirsh. But her point is well taken – SMRCs and QIOs follow different rules than RACs, so of course the SMRCs and QIOs have distinct ADR limits.
This is similar to the lookback periods. The lookback period varies depending on the acronym: RAC, MAC, or UPIC. RACs’ lookback period is 3 years, yet other acronyms get longer periods. I think what Dr. Hirsh is saying is right, because RACs are paid by contingency instead of a contracted rate, we have to limit the RACs authority because they are already incentivized the find problems., plus they are allowed to extrapolate. The RACs already have too much leash.
So, what are the RAC ADR limits?
Well, interestingly they just changed in April 2022. These limits will be set by CMS on a regular basis to establish the maximum number of medical records that may be requested by a RAC, per 45-day period. Each limit will be based on a given supplier’s volume of Medicare claims paid within a previous 12-month period, in a particular Healthcare Common Procedure Coding System (HCPCS) policy group. The policy groups are available on the pricing, coding analysis, and coding (PDAC), website. Limits will be based on the supplier’s Tax Identification Number (TIN). Limits will be set at 10% of all paid claims, by policy group, paid within a previous 12-month period, divided into eight periods (45 days). Although a RAC may go more than 45 days between record requests, in no case shall a RAC make requests more frequently than every 45 days. Limits are based on paid claims, irrespective of individual lines, although credit/replacement pairs shall be considered a single claim.
I wanted to go into the SMRCs and QIOs’ ADR limits to see whether they are are following THEIR rules, but I’m out of time for today. I’ll research the SMRCs and QIOs ADR limits for next week and I will have an answer for you.
In case you didn’t know, instead of orange, Medicare Advantage is the new black. Since MA plans are paid more for sicker patients, there are huge incentives to fabricate co-morbidities that may or may not exist.
Medicare Advantage will be the next most audited arena. Home health, BH, and the two-midnight rule had held the gold medal for highest number of audits, but MA will soon prevail.
As an example, last week- a New York health insurance plan for seniors, along with amedical analytics company the insurer is affiliated with, was accused by the Justice Department of committing health care fraud to the tune of tens of millions of dollars. The dollar amounts are exceedingly high, which also attracts auditors, especially the auditors who are paid on contingency fee, which is almost all the auditors.
CMS pays Medicare Advantage plans using a complex formula called a “risk score,” which is intended to render higher rates for sicker patients and less for those in good health. The data mining company combed electronic medical records to identify missed diagnoses — pocketing up to 20% of new revenue it generated for the health plan. But the Department of Justice alleges that DxID’s reviews triggered “tens of millions” of dollars in overcharges when those missing diagnoses were filled in with exaggerations of how sick patients were or with charges for medical conditions the patients did not have. “All problems are boring until they’re your own.” – Red
MA plans have grown to now cover more than 40% of all Medicare beneficiaries, so too has fraud and abuse. A 2020 OIG report found that MA paid $2.6 billion a year for diagnoses unrelated to any clinical services.
Diagnoses fraud is the main issue that auditors are focusing on. Juxtapose the other alphabet soup auditors – MACs, SMRCs, UPICs, ZPICs, MCOs, TPEs, RACs – they concentrate on documentation nitpicking. I had a client accused of FWA for using purple ink. “Yeah I said stupid twice, only to emphasize how stupid that is!” – Pennsatucky. Other examples include purported failing of writing the times “in or out” when the CPT code definition includes the amount of time.
Audits will be ramping up, especially since HHS has reduced the Medicare appeals backlog at the Administrative Judge Level by 79 percent, which puts the department on track to clear the backlog by the end of the 2022 fiscal year.
As of June 30, 2021, the end of the third quarter of FY 2021, HHS had 86,063 pending appeals remaining at OMHA, according to the latest status report, acquired by the American Hospital Association. The department started with 426,594 appeals. This is progress!!
The ADR rule went into effect Jan. 1, 2019. Original blog post published March 6, 2019, on RACMonitor.
The Centers for Medicare & Medicaid Services (CMS) has updated its criteria for additional document requests (ADRs). If your ADR “cycle” is less than 1, CMS will round it up to 1.
What is an ADR cycle?
When a claim is selected for medical review, an ADR is generated requesting medical documentation be submitted to ensure payment is appropriate. Documentation must be received by CGS (A Celerian Group Company) within 45 calendar days for review and payment determination. Any selected and submitted claim can create an ADR. In other words, a provider is asked to prove that the service was rendered and that the billing was compliant.
It is imperative to understand that you, as the provider, check the Fiscal Intermediary Standard System (FISS) status/location S B6001. Providers are encouraged to use FISS Option 12 (Claim Inquiry) to check for ADRs at least once per week. You will not receive any other form of notification for an ADR.
To make matters even more confusing, there are two different types of ADRs: medical review (reason code 39700) and non-medical review (reason code 39701).
An ADR may be sent by CGS, Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs), Supplemental Medical Review Contractors (SMRCs), the Comprehensive Error Rate Testing (CERT) contractor, etc. When a claim is selected for review or when additional documentation is needed to complete the claim, an ADR letter is generated requesting that documentation and/or medical records be submitted.
The ADR process is essentially a type of prepayment review.
A baseline annual ADR limit is established for each provider based on the number of Medicare claims paid in the previous 12-month period that are associated with the provider’s six-digit CMS Certification Number (CCN) and the provider’s National Provider Identifier (NPI) number. Using the baseline annual ADR limit, an ADR cycle limit is also established.
After three 45-day ADR cycles, CMS will calculate (or recalculate) a provider’s denial rate, which will then be used to identify a provider’s corresponding “adjusted” ADR limit. Auditors may choose to either conduct reviews of a provider based on their adjusted ADR limit (with a shorter lookback period) or their baseline annual ADR limit (with a longer lookback period).
The baseline, annual ADR limit is one-half of one percent of the provider’s total number of paid Medicare service types for which the provider had reimbursed Medicare claims.
Effective Jan. 1, 2019, providers whose ADR cycle limit is less than 1, even though their annual ADR limit is greater than 1, will have their ADR cycle limit round up to 1 additional documentation request per 45 days, until their annual ADR limit has been reached.
For example, say Provider ABC billed and was paid for 400 Medicare claims in a previous 12-month period. The provider’s baseline annual ADR limit would be 400 multiplied by 0.005, which is two. The ADR cycle limit would be 2/8, which is less than one. Therefore, Provider ABC’s ADR cycle limit will be set at one additional documentation request per 45 days, until their annual ADR limit, which in this example is two, has been reached. In other words, Provider ABC can receive one additional documentation request for two of the eight ADR cycles, per year.
ADR letters are sent on a 45-day cycle. The baseline annual ADR limit is divided by eight to establish the ADR cycle limit, which is the maximum number of claims that can be included in a single 45-day period. Although auditors may go more than 45 days between record requests, in no case shall they make requests more frequently than every 45 days.
And that is the update on ADRs. Remember, the rule changed Jan. 1, 2019.