The Latest Risk Area for Providers: CMS’ EHR Incentive Program Post-Payment Audits

(January 26, 2012):

1.   Background:

RACs, PSCs, ZPICs, HIPAA Auditors, State MFCUs, MICs, Medicaid RACs, HHS-OIG, DOJ, FBI, and Now. . . Patients?

(January 20, 2012):

I.   Background

Get Ready – RAC Prepayment Reviews of Medicare Claims Are on the Horizon

(December 19, 2011):

I.          Introduction: 

As you know, RACs play an important role in the identification of Part A and Part B overpayments. Since the inception of the RAC Demonstration Project in 2005, RACs have successfully identified a number of improper claims, denying payment for reasons ranging from mere technical errors to broad concerns about medical necessity.  Unlike other contractors engaged in post-payment audits (such as Zone Program Integrity Contractors and Program Safeguard Contractors), RACs are not compensated on a fixed contract or cost-plus basis.  Instead, their compensation is based on the amount of overpayments they identify (which remain overpayments after any administrative appeals have been pursued). This arrangement has roundly been criticized by providers. Regardless of whether or not you agree with the RAC concept, the program is here to stay.  After reviewing the results of the RAC Demonstration Project, the government expanded the program and made it permanent.

II.         Expansion of the RAC’s Responsibilities:

On November 15^th, 2011, CMS announced that it was initiating a new demonstration project designed to help ensure that Medicare claims billed to the government are medically necessary and otherwise proper before they are paid. RACs will now be performing prepayment audits of provider claims. These reviews will likely be conducted in much the same manner as those currently initiated by other Medicare contractors. With the addition of RAC prepayment reviews, CMS hopes to further reduce the number of improper claims paid by the government each year.

III.        States to be Covered in the RAC Prepayment Demonstration Project:

The “RAC Prepayment Review Demonstration Project” is initially slated to target physicians, hospitals and other Medicare providers in Florida, California, Mississippi, Texas, New York, Louisiana, Illinois, Pennsylvania, Ohio, North Carolina and Missouri.  Implementation of the new pilot project is set to begin in January 2012.

IV.        Impact of Being Placed on Prepayment Review:

Importantly, there is no administrative appeals process covering prepayment audits. As a result, it is not uncommon for providers placed on prepayment review to remain in this status for four to six months or until the provider is able to show the contractor that the services billed are both medically necessary and fully meet Medicare’s coverage and documentation requirements.  Unfortunately, being placed on prepayment review can prove disastrous for providers with a large Medicare patient load.  It can effectively delay payment for several months, even if the contractor ultimately finds that the claims qualify for coverage and payment.

V.         Avoiding Prepayment Review:

Unfortunately, there is no “silver bullet” you can use to completely eliminate the risk of being placed on prepayment review. Nevertheless, there are a number of preemptive steps you can take to reduce the likelihood of such an occurrence.  To start, you should conduct a “gap analysis” of your claims.  In doing so, you will be able to learn whether or not the services you are billing meet Medicare’s medical necessity, coverage and documentation requirements.  Additionally, you will likely learn whether your utilization of services is less than, comparable to, or exceeds that of your peers.  Any deficiencies noted can be promptly addressed and added to the risk areas covered in your Compliance Plan.  At this point, you will likely be well situated to respond to any prepayment audits initiated by a RAC or another Medicare contractor.

Liles Parker attorneys and staff have extensive experience conducting gap analyses and providing compliance guidance to health care providers.  Additionally, our attorneys are skilled in assisting providers who have been placed on prepayment review. For more information, please call us today for a free consultation at 1-800 (475) 1906.

CERT Audits are Serious – Don’t Take them Lightly

(November 23, 2011):

I.             What is a CERT Audit?

The “Comprehensive Error Rate Testing” (CERT) program was implemented as a mechanism for the Centers for Medicare and Medicaid Services (CMS) to assess whether their Medicare Administrative Contractors (MACs) are properly paying claims.  In other words, is a particular MAC failing to identify and deny improper claims?  Alternatively, is the MAC denying claims which do, in fact, qualify for coverage and payment? Essentially, the CERT program serves as an integral management tool for CMS as well as an important feedback mechanism for the MACs. When problem areas are identified, they can be actively addressed by a wide variety of Medicare contractors with audit responsibilities.  Notably, several of the MACs around the country have been aggressively reasserting their roles in the corrective action process.

Essentially, MACs write the checks on behalf of CMS.  As a result, they play an extraordinarily important role in the Medicare reimbursement process. Therefore, when a CERT auditor finds that a MAC has been incorrectly reimbursing providers for claims which may not qualify for coverage, it is very important that the MAC immediately address this system-level deficiency.

II.            Recent Actions Taken by MACs in Response to CERT Audit Findings.

In response to certain CERT audit findings, one MAC recently sent notification to providers of Evaluation and Management (E/M) services explaining that new “stringent corrective actions” will be taken to address some of the more common claims errors identified by the CERT auditors when conducting their reviews of MAC payment practices.  As recent correspondence to a provider reflects, MACs are taking the results of CERT audits quite seriously, and are expanding their program integrity efforts.  As one MAC recently wrote, the contractor stands ready to:

• Suspend a provider if that provider has “too many” payment errors (it does not state how many is “too many”);
• “[R]efer every physician” to that region’s ZPIC if those providers continue to bill for services which may constitute payment errors;
• “[R]efer every physician” to the ZPIC if there is a pattern of past payment errors; and,
• “[C]onduct prepayment reviews” of future claims, up to 100% of a provider’s claims.

To be clear, none of these potential corrective actions represent new authorities.  Nevertheless, the fact that MACs are now reasserting these points is reflective of CMS’ ongoing concerns regarding the prevalence of improper claims.  Indirectly, CMS is making it crystal clear that as the initial recipient and screener of Medicare claims submitted by providers for payment, MACs play an essential role in screening out improper claims and bad providers.  As Medicare’s primary gatekeepers, MACs are responsible for identifying both improper claims and providers who may be engaged in abusive and / or fraudulent practices.

III.           What Should You Do if You Are Notified of a CERT Audit?

Should you receive a CERT audit request for documents from a CERT Documentation Contractor (CDC), it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  Nevertheless, it is imperative that you take a CERT audit request quite seriously.  At the end of the day, it will be you, not the MAC, who is responsible for any overpayments identified as a result of the audit. Moreover, bad results on a CERT audit may lead to further auditing in the future.

IV.          What Actions Should a Compliance Officer Take to Being Audited?

As an organization, if you are subjected to a CERT audit, the “horse is already out of the barn,” so to speak.  Your goal is to review and monitor your organization’s coding, billing and utilization practices on an ongoing basis so that improper claims are never submitted to your MAC in the first place.   In most cases, you can check your MAC’s website to determine if their CERT auditor has already identified certain areas of concern. For instance, one MAC recently reported that out of 508 errors identified in a CERT audit of certain Medicare claims, the contractor found that:

• 311 errors were due to “insufficient documentation.”  Notably, a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
• 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
• 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
• 10 errors were due to “invasive procedures that were assessed to be without medically necessity.”
• 9 errors were due to an “incorrect procedure code” used when billing the service.
• 6 errors were the result of “billing for services that were not rendered.”
• 2 errors were due to “other errors.”
• 1 error was due to an “incorrect discharge code being used.”

Compliance Officers can take these “general” risk areas, add them to the “practice-specific” risk areas already noted, and take special note of these concerns when conducting internal reviews. The only way to avoid the scrutiny of Medicare’s various administrative contractors (MACs, ZPICs, RACs and CERT auditors) is to avoid payment errors altogether.  While no provider is perfect, the development, implementation and adherence to an effective Compliance Plan can significantly reduce the number of improper claims submitted by a provider to a MAC for reimbursement.

V.            What Actions Should a Compliance Officer Take After Receiving a CERT Audit Letter?

As Compliance Officer, upon receipt of a CERT audit request, you should carefully review the request and take steps to assemble a complete set of medical records and other supporting documentation related to the specific claims at issue.  It is important not only to make sure that your documentation is complete when sending in records to a CERT contractor, but to make sure that compliance is a daily part of your practice. Ensuring that your documentation is appropriate and accurately documents both medical necessity and the level of services performed can greatly assist you in avoiding trouble down the road.

Now, more than ever, it is important that you have an effective Compliance Plan in place.  Your Compliance Plan should explicitly set out your organization’s policies about how to correctly assess the need for, and document the services provided to a Medicare beneficiary. Otherwise, as demonstrated by the tough stance being taken by the MAC discussed above, CERT audits and other Medicare post-payment audits could raise serious problems for your practice.

Liles Parker attorneys represent health care providers in CERT, MAC, ZPIC and RAC audits and investigations.  Our attorneys have extensive compliance experience and can conduct “gap” analyses designed to place your practice or clinic on solid regulatory footing.  To speak with one of our attorneys, call 1 (800) 475-1906 for a free consultation today. 

AdvanceMed, the ZPIC Responsible for Zone 2 and Zone 5 has Reportedly Been Acquired by NCI

(April 10, 2011):  Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC.  While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.

           With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow.  Medicare and Medicaid providers have an affirmative obligation to ensure that operations, coding and billing activities fully comply with applicable statutory and regulatory requirements.  As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before.  It is therefore imperative that all health care providers immediately implement an effective Compliance Plan (if they have not already done so) or further enhance their current compliance efforts.   The purpose of this article is to briefly report on NCI’s recent acquisition of AdvanceMed.  An overview of the current ZPIC environment is also provided.

I.        Background:

          NCI first announced its plans to acquire AdvanceMed last February.  As NCI’s February 25th News Release noted (in part):

“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”  (A complete account of NCI’s announcement can be found at the above link). 

          In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government.  In addition to serving as a Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5, the contractor also serves as Program Safeguard Contractor (PSC) in areas not yet converted to the ZPIC system of contractor review.  Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor.  On the Medicaid side, AdvanceMed also serves as a Medicaid Integrity Contractor (MIC).  While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.  As NCI announced as part of April 4^th “News Release” covering the acquisition:

“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.

AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.

AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.

The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.

As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . . “   (A complete account of NCI’s statement can be found at the link indicated above).

II.      Overview of the ZPIC Program:

          The following comments are intended to provide an overview of the ZPIC program and is not focused on any ZPIC in particular.

         Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:

•  Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).
• After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).
•  These actions were intended to consolidate the existing program integrity efforts.  Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.

           At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs.   Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones.  The seven ZPIC zones include the following states and / or territories:

• Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
• Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
• Zone 3 – MN, WI, IL, IN, MI, OH and KY.
• Zone 4 – Health Integrity: CO, NM, OK, TX. 
• Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
• Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
• Zone 7 – SafeGuard Services: FL, PR and VI.

          In many instances, these changes have been more of a “name change” rather than a substantive change in the way claims will be audited. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors.  ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors.  In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, and / or refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.

          Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished.  Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.

           In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:

• Pre-Payment Audit.  After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”).  Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief.  Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.
• Post-Payment Audit.  Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government.  After reviewing these claims, it is not uncommon for a ZPIC to find that the audited provider has been overpaid.  Having said that, the ZPICs we have dealt with appear to apply a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature.  In doing so, it is not unusual to find that a provider has failed to fully comply with each and every requirement.  Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the alleged overpayment.  In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
• Suspension.  While the number of suspension actions taken by ZPICs has steadily increased in recent years,  Medicare providers should expect to see this number continue to grow.  Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.   
• Revocation.  As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
• Referrals for Civil and Criminal Enforcement.  ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).

 III.        Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:

          In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial. In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.

          Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future.  In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan.  A comprehensive assessment of an organization’s coding and billing practices is one element of an effective plan.  Several general points to consider also include:

Keep in mind your experiences with PSCs and other contractors.  The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments.  As you will recall, the appeals rules to be followed are virtually the same.

Monitor HHS-OIG’s Work Plan.  While often cryptic, it can be invaluable in identifying areas of government concern.  Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?

Keep an eye on RAC activities.  Review the service-specific findings set out in annual RAC reports.  Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.

You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided.  Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.

Review your documentation.  Imagine you are an outside third-party reviewer.  Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment?  Are the notes legible and written is a clear fashion?  Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided?  If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?

IV.        Closing Thoughts:

          Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample.  To be clear, not all statistical extrapolations will be flawed.  Denpending on the steps taken by the ZPIC’s statistician,  to the Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.

Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors.  Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation.  We can be reached at:  1 (800) 475-1906.

 

 

 

 

Post-Payment Audits Conducted by Medicare Contractors: An Overview of the CERT Audit Process

(March 12, 2011):  Health care providers around the country are finding their practices and clinics subjected to Medicare post-payment audits by Zone Program Integrity Contractors (ZPICs), Program Safeguard Contractors (PSCs) and Comprehensive Error Rate Testing (CERT) Contractors.  While all post-payment audits should be taken seriously, there are real differences between both the contractors and the post-payment audits they are conducting.  This is the first of three articles examining these differences.  Starting with the CERT audit program, we will be examining each of the Medicare contractors conducting post-payment audits and review of provider claims for services and devices.   

Historical Background of the CERT Audit Program:

With the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104 -191), the Department of Health and Human Services, Office of Inspector General (OIG) initiated work in an effort to estimate the improper payment error rate of Medicare Fee-For-Service (FFS) claims.  From 1996 through 2002, OIG continued to manage this program. In 2002, the “Improper Payments Information Act” (IPIA) was enacted. The Centers for Medicare and Medicaid Services (CMS) subsequently began working with the OIG in 2003, and worked to further refine the estimated Medicare FFS error rate so that the program would comply with the requirements of the IPIA.  These efforts became known as the “Comprehensive Error Rate Testing” (CERT) program.[1]  Unlike early efforts, the CERT program does not only estimate a national improper payments error rate for Medicare FFS claims.  As Timothy Hill, OIG’s Chief Financial Officer testified before the Senate, the CERT program examines a number of essential aspects of the overall error rate of Medicare FFS claims:

“Contractor-specific improper payment rates – which measure the accuracy of our claims processors.

Provider-type specific improper payment rates – which measure how well the providers who care for our beneficiaries are preparing and submitting claims to the program; and

Other management related information – which provides insight into payment errors by region and reason.”[2]

Notably, the CERT program was designed to provide a comprehensive assessment of the improper payments being made to specific types of Medicare providers, along with the improper payment decisions being made by various Medicare contractors.  In doing so, the CERT program was set up to serve as an integral management tool to be used by CMS. Once problem areas were identified, CMS was able to monitor specific problem areas (and in some cases, specific Medicare contractors making erroneous payment decisions) so that corrective action could be taken.

CERT Contractors:

CMS has selected private contractors to administer the CERT program.  There are two basic types of CERT contractors, a “CERT Review Contractor” (CRC) and a “CERT Documentation Contractor” (CDC).  As an initial step, the CRC will first select random samples of claims from each Medicare claims processing contractor.  The CDC will then take the list of claims selected by the CRC and request the relevant documentation related to these claims from the health care provider who provided, billed and was paid for the services.  Once received, the CDC then forwards the documentation to the CRC. 

A.        Livanta – CDC.

CMS has awarded the CDC contract to a private company named “Livanta, LLC” (Livanta), located in Annapolis Junction, Maryland. Notably, Livanta has also been awarded the “Statistical Contractor” (SC) portion of the Payment Error Rate Measurement (PERM) program.  The PERM program is designed to measure improper payments in both the Medicaid program and the State Children’s Health Insurance Program (SCHIP).  

Focusing on Livanta’s duties as CDC, the contractor typically proceeds as follows when completed its duties as a CERT contractor: 

• Once a provider has been identified, the CDC will contact the provider regarding the audit.  In a number of cases, the CDC will first call the provider by telephone and then follow-up with a fax or written request for the documents sought. 
• If a provider has not forwarded the documents requested to the CDC by day 30, both telephone and written follow-ups are made by the CDC to the provider.   
• If the records are not received by day 45, the CDC will again both call and fax or write the provider to ascertain the status of the requested documentation. 
• If the requested documentation still has been received by day 60, a letter is sent to the provider again inquiring on the status of the missing documents. 
• If no documentation is received by day 76, the claims associated with the missing documentation is denied and scored as an “error” based on the missing documentation.

B.        AdvanceMed – CRC.

Once the CDC has requested and received the claims documentation from the provider, it is forwarded to the “CERT Review Contractor” (CRC).  CMS has awarded the contract to serve as CRC to AdvanceMed. As CRC, AdvanceMed must carefully review the documentation received and determine whether the services qualify for coverage and payment.  The CRC then compares its assessment to that of the Medicare contractor who originally reviewed and paid the claims (the contractor is typically a Medicare Administrative Contractor (MAC) who is responsible for review of the Part A or Part B claims).  If the CRC finds that the Medicare contractor incorrectly billed, paid or processed the services at issue, the claim is noted to be an “error”

Sample CERT Program Results From the Fourth Quarter of 2010:

Each quarter, Highmark Medicare Services (Highmark) reports on the most recent “errors” identified by the CERT contractor in connection with the CERT program audit.  During the Fourth Quarter of 2010, 508 CERT errors were found in connection with the Part A claims reviewed.   The 508 errors can be broken down as follows: 

• 311 errors were due to “insufficient documentation.”  Notably,   a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
• 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
• 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
• 10 errors were due to “invasive procedures that were assessed  to be without medically necessity.”
• 9 errors were due to an “incorrect procedure code” used when billing the service.
• 6 errors were the result of “billing for services that were not rendered.”
• 2 errors were due to “other errors.”
• 1 error was due to an “incorrect discharge code being used.”  

In addition to the Part A errors identified, a separate error report covering Part B claims is also detailed on Highmark’s website. [3] 

 Responding to a CERT Audit Request for Documents:

Should you receive a CERT audit request for documents from a CDC, it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  As Compliance Officer, upon receipt of a CERT audit request, you should carefully review the request and take steps to assemble a complete set of documentation covering the specific claims at issue.  As Highmark also notes, when dealing with notes that are difficult to decipher, it is recommended that a transcription of the notes be made and submitted with the documentation.  

Appealing CERT Denials:

The results of a CERT audit are likely to be set out in Medicare’s electronic Fiscal Intermediary Standard System (FISS) computer system.  It is imperative that you monitor the status of the claims selected for CERT review.  If the CRC finds that one of more of your paid claims did not qualify for coverage and payment you will have to decide whether or not you agree with the denial decision that has been issued.  Should you dispute the denial, you will need to file for administrative appeal within the standard, established timeframes.   CERT denials are appealed in the same manner as any other claims denial would be appealed.

Comparison of CERT and ZPIC / PSC Post-Payment Audits:

As reflected above, CERT audits are fundamentally different from ZPIC and PSC audits, both in terms of fundamental purpose and in terms of likely financial liability.  At its core, a CERT audit is really an attempt by CMS to learn whether or not its contractors (typically MACs) are properly assessing and processing claims submitted by Medicare providers for review and payment.  If a CERT contractor finds that a provider’s claims should not have been paid, it primarily reflects on the MAC, not necessarily the provider.  Having said that, claims denied by a CERT contractor should still be appealed if the provider believes that the claims do, in fact, qualify for coverage and payment.  While denied claims will still contribute to a provider’s overall error rate (possibly increasing the likelihood that a provider could be subjected to later audits), damages associated with CERT audits are not typically extrapolated.  As a result, the overall damages associated with CERT audits are relatively modest, especially when compared to the potential damages alleged in ZPIC and PSC “big-box” cases.  Additionally, unlike ZPIC and PSC audits, most CERT audits are solely concerned with the coverage and payment of the particular claims under review.  In contrast, ZPIC and PSC post-payment audits can lead to suspension, revocation or even referral to OIG or DOJ in cases where fraud may be evident.

Despite the limited scope of liability inherent in CERT audits, it is imperative that Medicare providers diligently work to respond to requests for documentation in a timely fashion.  Notably, other contractors (including ZPIC, PSC and RAC auditors) may review CERT audit findings for targeting purposes.  The bottom line is fairly simple — if you owe money to the Medicare program, pay it back.  If not, you should challenge unwarranted denials of claims by CERT auditors. 

Liles Parker attorneys represent health care providers around the country in connection with post-payment audits and reviews by Medicare contractors.  Should your practice, clinic or company be subjected to a post-payment audit, give us a call for a complimentary consultation.  We can be reached at: 1 (800) 475-1906.    

Health Data Insights Begins Medical Necessity Reviews

(August 30, 2010): Introduction:

Health Data Insights (HDI), the Centers for Medicare & Medicaid Services (CMS) Recovery Audit Contractor (RAC) responsible for auditing health care providers in Region D, has announced it will immediately begin reviews on previously approved projects which involve the medical necessity of selected inpatient DRG payments.  A complete list of the medical necessity “issues” currently being examined by HDI can be found on its Website. 

 

Scope of Responsibility:

RACs, such as HDI, contract with the CMS to perform post-payment reviews of Medicare claims to find overpayments (and theoretically, underpayments in return for a percentage (from 9 percent to 12.5 percent) of the amounts recovered. Put simply, they “eat what they kill.” HDI was awarded responsibility for handling Region D audits.  Region D consists of 17 States and 3 U.S. territories (Alaska, Arizona, California, Hawaii, Iowa, Idaho, Kansas, Missouri, Montana, North Dakota, Nebraska, Nevada, Oregon, South Dakota, Utah, Washington, Wyoming, Guam, American Samoa and Northern Marianas).  HDI’s contingency fee contract award dollar amount is 9.49% according to CMS.  The 29 DRGs where HDI will be examining “medical necessity” requirements, include certain procedures related to:

• Nervous System Disorders
• Respiratory
• Cardiac Procedures
• Cardiovascular Diseases
• Cardiovascular, Other
• Gastrointestinal Disorders
• Musculoskeletal Disorders
• Endocine, Nutritional & Metabolism Disorders
• Kidney & Urinary Tract Disorders, and
• Blood & Immunological Disorders

Provider Concerns:

A continuing concern of health care providers is that the RAC determinations of medical necessity will be performed by personnel with little, if any, specific knowledge of the specific claims at issue. Given the RAC business model, providers remain worried that audits will not reflect a fair and reasonable application of applicable coverage requirements. This is especially worrisome in light of the fact that approximately 41 percent of overpayments in the demonstration project were due to medical necessity determinations.

Audit and Appeal Considerations:

As set out CMS’ June 2010 reported entitled “The Medicare Recovery Audit Contractor (RAC) Program — Update to the Evaluation of the 3-Year Demonstration,” as of 03/09/10, the cumulative number of claims with overpayment determinations identified by RACs has grown to 598,238.  Notably, only 76,073 of these overpayments were appealed by health care providers.  Of the claims appealed, over half were decided in favor of the health care provider.  Interestingly, HDI had one of the highest number of claims denials overturned on appeal, in favor of the appealing provider. Four basic steps to be taken when preparing for a RAC audit include:

(1)               Monitor issues of interest to the government and its contractors.  Are the services you provide currently under scrutiny by RACs and other Medicare contractors?  You should keep abreast of current enforcement initiatives and mistakes made by other providers.  Learn from their mistakes. 

(2)               Know where your current weaknesses are and fix them.  This typically requires that you conduct an internal audit of your coding, billing and operational practices.  Take care when engaging an outside “consultant.”  We have seen numerous cases where the consultant conducts an internal assessment and identifies multiple problems with the provider’s prior and current practices. Unfortunately, few consultants consider the fact that their adverse report to the provider will likely not be privileged.  As a result, if the provider is ever investigated, the report could easily serve as a roadmap for the government. Prior to conducting an internal audit – call your attorney!   

(3)               Know your rights. If your practice is audited, know your rights both during the audit and once the audit results are issued by the contractor.  There is a fine line between exercising your rights as a provider and being perceived by a contractor as refusing to cooperate in their review.  You should immediately call your attorney to clarify which actions must be taken if your practice is subjected to a site visit by a Medicare contractor.  The best practice would be for you to call your attorney today and discuss how you should respond in the event of a site visit.  CMS takes allegations of non-cooperation very seriously.  Should the contractor argue that you refused to cooperate in their efforts, you could find the action taken by the contractor is to seek a revocation of your Medicare number.  This is an especially sensitive issue.

(4)               Have a firm understanding of how the Medicare appeals process works.  Depending on the amount in controversy, you may choose to handle Medicare claims denials internally.  As the use of data-mining increases, Medicare contractor reliance on provider profiling will continue to increase.  While mere errors or mistakes should be returned to the government (or not appealed is properly denied by the contractor), should you find that claims were improperly denied, we recommend that you appeal such denials. RACs and other Medicare contractors will likely focus on providers with high error rates. 

While every case is different, health care providers should consider the following when faced with a RAC audit:

The scope of RAC audits is expanding.  In the past, hospitals and other “low-hanging fruit” were the focus of HDI and other RACs around the country.  As a result, some physicians, small practice groups, clinics and other smaller providers have grown complacent in their compliance efforts.  This is a mistake, as more issues are identified and approved, the RACs will be expanded the scope of their reviews.  Now is the time to get your practice in order.

ZPICs and PSCs continue to represent a greater danger to small physician practices and health care provider groups. Zone Program Integrity Contractors (ZPICs) and Program SafeGuard Contractors (PSCs) are not subject to the time, audit and service scope limitations imposed on RACs.  The implementation of effective compliance efforts will help reduce the likelihood of liability should the practice be audited by a ZPIC, PSC or RAC.

Beware of “canned” consultant solutions.  As a search on Google will readily attest, consulting firms around the country are touting the latest RAC audit “tool” or audit response “template.”   We recommend that you exercise caution when retaining any organization that “guarantees” results or seeks to dissuade you from engaging legal counsel support.  

Retain experienced health care counsel. Under the current appeal structure, there is a significant likelihood that your case will eventually be heard by an Administrative Law Judge (ALJ).  Importantly, ALJs are lawyers — not typically clinicians.  In defending your case, it is strongly recommended that you retain legal counsel, regardless of whether you ultimately decide to work with a consultant or employ a clinician as an expert witness.  Legal counsel will be best situated to understand and argue the various legal arguments which may prove essential in winning your case.

While RACs have not represented much of a threat to individual physicians and small practice groups in the past, the future is likely to be quite different.  Physicians must already contend with audits by ZPICs, PSCs, Medicaid Integrity Contractors (MICs), Medicaid Fraud Control Unit (MFCU) investigators and Comprehensive Error Rate Testing (CERT) contractors.  The expansion of the RAC program will further increase the need for statutory and regulatory compliance.  Physicians and small practice groups and organizations should avoid the misconception that their limited size and / or relative billings will keep them “off the radar,” thereby limiting their chances of being audited.

ZPICs and PSCs are continuing to rely statistical sampling in an effort to extrapolate damages:

In our practice, we have seen a marked increase in the number of solo physicians and small providers groups who have been subjected to pre-payment and post-payment audits of their Medicare billings. 

In the case of post-payment reviews, the vast majority of Medicare audits we have worked on have included the statistical extrapolation of damages by ZPICs and PSCs.  We expect RACs to follw suit as the number of their audits increase.  In defending a post-payment audit, it is essential that you examine the statistical methodology utilized and identify any flaws in the contractor’s approach.  We have successfully convinced both Qualified Independent Contractors (QICs) and ALJs to invalidate statistical extrapolations based on mistakes in the process committed by the ZPIC or PSC.  Arguments can be legal and / or methodology-based.  In many cases, it is necessary to engage the assistance of a qualified statistical expert.  Should you succeed – be ready to defend this decision before the Medicare Appeals Counsel (MAC).  Over the past year, practically every invalidation of the statistical extrapolation of damages was appealed to the MAC by the Administrative QIC (AdQIC). 

Summary:

Health care providers must be proactive in their efforts to better comply with applicable Medicare coding and billing practices.  Should your practice be placed on pre-payment audit or have its post-payment Medicare claims reviewed, we recommend that you immediately contact your health care attorney for assistance.

Should you have questions regarding RAC, ZPIC or PSC audit processes, you may contact us for a complimentary consultation.  We can be reached at 1 (800) 475-1906.

 

Additional Cities will have HEAT Teams in 2011

(August 27, 2010): Yesterday, Attorney General Eric Holder and U. S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius conducted the second of a planned series of “Regional Health Care Fraud Prevention Summits.”

In addition to these agency heads, participants learned of current and additional planned initiatives from a number of Federal and State law enforcement officials. The first summit was recently conducted in Miami, Florida.  This summit was held in Los Angeles, California.

Describing the progress made in the last fiscal year, Attorney General Holder noted that:

 “In just the last fiscal year, we’ve won or negotiated more than $1.6 billion in judgments and settlements, returned more than $2.5 billion to the Medicare Trust Fund, opened thousands of new criminal and civil health care fraud investigations, reached an all-time high in the number of health care fraud defendants charged, and stopped numerous large-scale fraud schemes in their tracks.”

Notably, Attorney General Holder also made it clear that the government’s joint Health Care Fraud Prevention and Enforcement Action Team (HEAT) program is slated for further expansion over the next year.  As he noted:

“HEAT’s impact has been recognized by President Obama, whose FY 2011 budget request includes an additional $60 million to expand our network of Strike Forces to additional cities. With these new resources, and our continued commitment to collaboration, I have no doubt we’ll be able to extend HEAT’s record of achievement. And this record is extraordinary. (emphasis added).

These funds will be to supplement, not supplant, existing health care fraud enforcement efforts currently underway. While the additional cities slated for HEAT expansion were not announced at this event, all health care providers, regardless of location, should be especially vigilant in their efforts to ensure that Medicare coding and billing practices regulating the items and services they are providing must comply with applicable statutory and agency requirements.

Should you have questions regarding a health care fraud issue, you may call Robert W. Liles or another of our attorneys. Call 1 (800) 475-1906 for a free consultation.

 

Region B RAC CGI Announces that it will Begin Review of Eighteen Projects that Involve Medical Necessity

(August 25, 2010): CGI Technologies and Solutions, Inc., (CGI), has announced it will immediately begin reviews on 18 newly approved projects that involve the medical necessity of selected inpatient DRG payments.  A complete list of the “issues” currently being examined by CGI can be found on its website. http://racb.cgi.com/Issues.aspx

Recovery Audit Contractors (RACs), such as CGI, contract with the Centers for Medicare & Medicaid Services (CMS) to perform post-payment reviews of Medicare claims to find overpayments and underpayments in return for a percentage (from 9 percent to 12.5 percent) of the amounts recovered. Put simply, they eat only what they kill.  CGI was awarded responsibility for handling Region B audits.  CGI’s contingency fee contract award dollar amount is 12.50% according to CMS.  Issues where CGI will be examining “medical necessity” requirements, include certain procedures related to:

• Chest Pain
• Other Circulatory System Diagnoses
• Other Vascular Procedures
• Syncope & Collapse
• Red Blood Cell Disorders
• Atherosclerosis
• Heart Failure & Shock
• Esophagitis, Gastroenteritis & Misc Digestive Disorders
• Musculoskeletal Disorders
• Chronic Obstructive Pulmonary Disease
• Respiratory
• Nutritional and Metabolic Disorders
• Kidney & Urinary Tract Infections
• GI Disorders
• Percutaneous Cardiovascular Procedures
• Renal Failure
• Nervous System Disorders and
• Cardiac Arrhythmia & Conduction Disorders.

 As CGI’s website discusses, when asked “What utilization criteria will CGI be using to review for medical necessity?” in its FAQ section, CGI states, “CGI will utilize the rules for National Coverage Determinations (NCD), Local Coverage Determinations (LCD), HCPCS, ICD-9 (ICD-10 when implemented and appropriate) and CCI that were in effect on the date of service.” 

 A continuing concern of providers is that the RAC determinations of medical necessity will be  performed by personnel with little, if any, specific knowledge of the specific claims at issue.  Given the RAC business model, providers remain worried that audits will not reflect a fair and reasonable application of applicable coverage requirements. This is especially worrisome in light of the fact that approximately 41 percent of overpayments in the demonstration project were due to medical necessity determinations.

 Should you have questions regarding the RAC process, you may contact us for a complimentary consultation.  We can be reached at 1 (800) 475-1906.

 

ZPICs and PSCs Are Requiring Strict Adherance With CMS Medicare Signature Rules When Conducting Medical Reviews

(August 4, 2010): Earlier this year, the Centers for Medicare and Medicaid Services (CMS) issued updated guidance, Change Request (CR) 6698, to be used by Medicare contractors (including Medicare Administrative Contractors, affiliated contractors, CERT contractors, ZPICs and PSCs) when conducting claims reviews of medical documentation submitted by Medicare providers.

 CMS reportedly issued this guidance to “clarify and update” various sections of the Program Integrity Manual.  Importantly, this guidance is not intended to supplant any existing specific requirements that may be contained in LCDs or other CMS manuals which may address specific signature requirements (such as signature and timeliness requirements which must be made in connection with Treatment Plans or Plans of Care prepared by CMHCs when providing partial hospitalization program care).

 Several examples of the strict approach that CR 6698 requires include:

•  For medical review purposes, Medicare requires that services provided / ordered be authenticated by the author.  The method used shall be a hand written or an electronic signature.  Stamp signatures are not acceptable. 

Our comments:  Despite the fact that “stamp signatures” have been problematic for years, we are still seeing cases where a provider has continued to use a stamp of his signature on orders and at the end of record entries. Get rid of signature stamps in your office or clinic!  Contractors that may be looking for an excuse to deny your claims will readily do so if your have used a stamp instead of documenting your signature by hand. 

•  If there are other reasons for denial, unrelated to signature requirements, the reviewer shall not proceed to signature authorization.  If the criteria in the relevant Medicare policy cannot be met but for a key piece of medical documentation which contains a missing or illegible assessment, the reviewer shall proceed to the signature assessment. 

 Our comments:  This requirement reinforces the fact that Medicare reviewers are required to assess the adequacy of medical documentation (and presumably of medical necessity), separate and apart from their review of the signature itself.  Once they determine that the medical documentation is otherwise acceptable for coverage purposes, then they will assess whether the signature meets applicable requirements.

•  If the signature is missing from an order, ACs, MACs, PSCs, ZPICs and CERT shall disregard the order during the review of the claim.

 Our comments:  This requirement can be extremely harsh, especially when considering the fact that many claims depend on an initial order by a referring or ordering physician.  If in the absence of such an order, the claim will be denied, it becomes readily apparent that providers must be especially diligent in their review of orders to ensure that each one is properly signed.

 These examples represent only a few of the many examples and changes highlighted in CR 6698.  We strongly recommend that you review these changes with each of the providers in your practice or clinic to ensure that everyone is aware of how CMS expects its contractors to proceed when conducting medical reviews.

 Should you have any questions regarding these changes, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

 

 

 

Next Page »