Receiving notice from a payor that you are being audited can be alarming. Questions will inevitably run through your mind, such as, Why? How? How much will this cost?
Understanding the types of payor audits and how to navigate the process can make answering those questions easier. In addition, advanced preparation and knowing when to engage legal counsel can be critical to a successful audit outcome.
There are three general types of audits that providers face: Medicare audits, Medicaid audits, and private payor audits.
Medicare audits: The agency responsible for Medicare audits is the Centers for Medicare & Medicaid Services (CMS). There are three types of Medicare audits. Comprehensive Error Rate Testing (CERT) audits focus on providers who deliver high-cost items or services, have high volume, and/or have atypical billing or coding practices. Private contractors perform Recovery Audit Contractor (RAC) program audits; these contractors are paid a percentage of the amount of any improper payment discovered. Finally, Zone Program Integrity Contractor (ZPIC) audits are the most serious of the three audit types. ZPIC audits are performed by CMS contractors who mine the provider’s data for compliance with Medicare coverage and coding policies, investigate fraud, and may prepare cases for civil or criminal referral to CMS or law enforcement agencies.
Medicaid audits: Medicaid audits evaluate compliance with both CMS and applicable state regulations and investigate fraud. Evidence of fraud will be reported to the state attorney general for further review and prosecution.
Private payor audits: Private payor audits consist of informal reviews and formal audits. These audits can be triggered by actual allegations or evidence of noncompliance, or they can be random, in which general compliance is assessed. Audit procedures are typically determined by contract or the payor’s provider handbook and in accordance with applicable state law. The process can consist of prepayment reviews, in which the sufficiency of a claim and its supporting documentation is determined before payment is made to the provider, or post-payment reviews, during which claims are analyzed after the provider has been paid to determine if an overpayment was made and the amount of such overpayment. In the event an overpayment is discovered, a recoupment will be sought from the provider.
Consistent billing by a provider of high volumes of certain high-level services, high volumes of evaluation and management services, or consistently referring patients for certain testing can create suspicion in mayors.
In recent years, the primary focus of audits has been medical necessity due to payor concerns about specific fraud and abuse issues. Documentation of medical necessity is required during an audit. However, proving medical necessity can be difficult as the definition of “medical necessity” can vary by payor and within a payor depending on the underlying plan. In addition, private payors often have arbitrary and vague guidelines for defining and determining medical necessity, particularly when dealing with physicians or ordering clinicians. For this reason, it is critical that providers read their payor contracts and manuals carefully. If those materials are unclear, it is best to confirm requirements with the payor.
Regardless of the definition, medical necessity is a precondition to coverage for all payors. Proof is required that the services were reasonable and necessary to diagnosis or treat a patient’s medical condition. To satisfy this standard, providers should document the diagnosis for all procedures performed and all diagnostic tests ordered. In the case of repeat procedures, providers should clearly note the outcome of the previous procedure and the basis for reordering.
Responding to an Audit Request
All audit requests must be taken very seriously. Payors tend to copy what other payors are doing, and a problematic audit with one payor can cause other payors to initiate their own audits. Therefore, it is critical to respond appropriately to each audit request. Also, auditors often only check a few billing records. If errors are found, they will then extrapolate those findings, and the provider may be penalized.
Upon receipt of an audit request, it is important to immediately engage legal counsel well-versed in handling payor audits. Having an attorney who understands the audit process and has experience responding to audit requests can help ensure the best possible audit outcome. A negative outcome could result in recovery of overpayments, civil and/or criminal penalties, and exclusion from government programs.
Providers should work with such legal counsel to review the audit request and supply everything reasonably requested. A concerted effort should be made to submit all information to the auditor at one time. If information is missing, the auditor may determine that a significant error rate exists, which could cause the auditor to review all CPT codes to calculate the overpayment made to the provider. If it is not possible to gather the requested material before the auditor’s deadline, an extension should be requested. Any extensions granted should be documented.
It is important that an audit response and supporting documentation be thorough, clear, and concise. It should be submitted in a manner that allows the auditor to quickly review the information and understand the provider’s arguments. It should clearly state what measures the provider has already taken to terminate existing problems and prevent future issues. Competent legal counsel will be able to address procedural, legal, or factual flaws in the auditor’s position.
The best way to ensure compliance and audit readiness is to develop and implement a compliance plan well in advance of any audit. Experienced legal counsel should play a pivotal role in development of such plan. As always, periodic self-audits or independent audits are necessary to proactively identify compliance issues and mitigate their impact.
Finally, regular and periodic training and education should be conducted regarding audit response obligations and responsibilities. Performing these tasks will help ensure a smooth audit experience with minimal infractions and penalties. TH