(January 19, 2021): As you will recall, on March 30, 2020, the Centers for Medicare and Medicaid Services (CMS) suspended most Medicare audits and reviews due to the COVID-19 national emergency. In early August, CMS instructed its contractors to resume their prepayment and postpayment audit activities. Over the last six months, we have seen a significant increase in the number of prepayment reviews initiated by Medicare Administrative Contractors (MACs) and other CMS contractors. It is therefore essential that home health agencies, physician practices and other health care providers and suppliers understand the prepayment review process and are prepared to appropriately respond to an document request if a MAC, a RAC or another CMS contractor initiates a prepayment audit of their claims. This article provides an overview of the process and discusses ways of reducing your level of risk.
I. Legislative Background
With the passage of the Medicare and Medicaid programs in 1965, the Centers for Medicare and Medicaid Services (CMS)  became authorized to perform a myriad of Medicare program functions, either directly or by contract. Moreover, on August 21, 1996, the Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Section 202 of HIPAA added section 1893 to the Social Security Act, thereby establishing the Medicare Integrity Program (MIP Program). This legislation also permitted CMS to contract with eligible contractors to perform program integrity activities.
On December 8, 2003, Congress subsequently enacted the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA). The MMA included a new subsection regarding both random prepayment audits and non-random prepayment complex medical reviews. Today, prepayment audits of Medicare claims are now conducted by MACs and other CMS contractors around the country.
II.Reasons Providers are Targeted for Prepayment Review / Prepayment Audit:
Contrary to popular belief, CMS and its contractors do not conduct “random” a prepayment audit of health care providers. As CMS expressly set out in the Federal Register:
"Although section 934 of the MMA sets forth requirements for random prepayment review, our contractors currently do not perform random prepayment review. However, our contractors do perform non-random prepayment complex medical review. We are cognizant of the need for additional rulemaking should we wish our contractors to perform random review." 
As a result, if your practice or home health agency has been subjected to non-random prepayment complex medical review by a MAC, it is because of one or more reasons. In most instances, prepayment reviews / prepayment audits are the result of data mining efforts used by CMS contractors to identify potentially inappropriately billed claims. The data mining runs may have been initiated by:
- National or local claims data comparisons
- An analysis of utilization practices
- Beneficiary complaints
- Competitor complaints
- Department of Health and Human Services, Office of Inspector General (OIG)
- Government Accountability Office (GAO) reports
- Department of Justice (DOJ) investigations
Regardless of the reason for review, once a CMS contractor conducts a data mining run and identifies a likelihood of sustained or high level of payment error, the contractor will typically place a health care provider on prepayment audit and immediately request supporting medical documentation in support of any claims submitted by the provider for payment.
III. Types of Non-Random Prepayment Review
There are a number of reasons that a MAC may place your practice or agency on prepayment review. These reasons are outlined below. Regardless of the reason for placing a Medicare provider or supplier on prepayment review, from an operational standpoint, the MAC installs an edit in the Fiscal Intermediary Standard System (FISS) which suspends a claim for medical review before the claim is paid by the contractor. One the edit is put in place, the only way for it to be removed is for the provider or supplier to effectively show (through their submission of a claim's supporting documentation), that the medical services or DME supplies at issue are medically necessary and qualify for coverage and payment. An overview of the reasons for being placed on prepayment review / prepayment audit (along with a description of their associated edits) are outlined below:
Automated Edits. Automated edits have been implemented to address systemic concerns regarding certain billing or claims practices and are not provider specific. Once an improper practice is identified, MACs will go into their claims processing systems and install automated edits in the FISS so that certain claims are either automatically denied or are flagged for further review .
New Provider/New Benefit Edits. The billing practices of newly enrolled Medicare providers and suppliers are carefully monitored by MACs to help ensure that the claims being submitted qualify for coverage and payment. To accomplish this monitoring function, MACs install a "new provider" edit in the FISS system that will then flag claims for prepayment review. This same approach is used when Medicare is introducing a new benefit and CMS wants to better ensure that providers are meeting medical necessity, documentation, coding and billing requirements .
Provider Specific Probe Edits These edits select claims from a specific provider who has been identified as having a potential problem identified through their billing patterns, Medicare's knowledge of service area abuses, and/or complaints received by Medicare. The provider is notified in writing that a probe review (sample of 20-40 claims) is being conducted. When the provider specific probe edits are complete, and it is found that there is a high incidence of inappropriate billing, a provider may be placed on targeted review. Examples of provider specific billing patterns that may be targeted include: (1) Through data analysis, a MAC has identified questionable billing practices by a specific provider (such as non-covered, incorrectly coded or incorrectly billed services); (2) A MAC receives alerts from other MACs, Quality Improvement Organizations (QIOs), Comprehensive Error Rate Testing (CERT) auditors, Recovery Audit Contractors (RACs), the OIG, the General Accounting Office (GAO), or other CMS program integrity contractor findings that support the need for further review; (3) A MAC receives complaints about a specific provider's billing practices; or (4) A MAC validates that a specific provider is billing for services that have been associated with a high risk of payment error .
Provider Specific Targeted Review (TR). Once a provider is placed on targeted review status, a TR edit is installed in the FISS so that a certain percentage of claims will be pulled for prepayment review. Once a provider is placed on targeted review, the period of review typically lasts for three months. At the end of the three month period, if a MAC has determined that the provider's claims meet medical necessity requirements, are properly documented, have been coded and billed correctly, the MAC may agree to remove the edit. If a provider's billing practices remain problematic, the edit will generally remain in place for another three months. It is important to keep in mind that if a provider is unable to to show its MAC that its claims practices are compliant for six months or more, the MAC may make a referral to a Unified Program Integrity Contractor (UPIC) for postpayment audit  .
Referral Edits. Referral edits are based on a referral from other entities, for example the state surveyor after identifying potential unusual billing patterns or practices. Providers are notified by letter when they have been placed on a referral edit. The source of the referral is not disclosed.
Widespread Edits. MACs regularly review claims with the greatest risk of inappropriate program payment, this includes areas that have been identified through data analysis. The following list provides examples of widespread edits but is not all inclusive: (1) Length of stay or number of visits; (2) Revenue and/or HCPCS; (3) Diagnosis and may include ICD-9/ICD-10 codes in relation to revenue codes.
IV. Considerations if Your Practice or Home Health Agency is Placed on Non-Random Prepayment Review
Importantly, once a provider is placed is targeted for prepayment audit, it is highly unlikely that the claims edit will be lifted any time soon without significant work on your part. Please keep in mind:
- There is no “silver bullet” approach having a prepayment audit discontinued
- There is no administrative appeals process in which to contest the placement of your organization on prepayment audit.
- Be wary of consultants who claim to “know someone” that can have you removed from prepayment status.
Once you have been placed on prepayment review, your first task is to figure out the reason why your claims were identified for audit. Were you placed on prepayment review because of your utilization practices, documentation deficiencies or another reason? Ultimately, getting off of prepayment review is just plain hard work.
Over the years, our firm has been contacted by numerous providers whose approach consisted of “holding” their claims in the mistaken belief that the review would eventually be lifted, at which time they would submit their claims for payment. You need to understand – health care providers are placed on prepayment review because a MAC or another CMS contractor has reason to believe (rightly or wrongly) that their claims are not in full compliance with applicable coverage, documentation, medical necessity, coding or billing rules. The best approach to having a prepayment review lifted is to carefully analyze each aspect of your claims, compare your practices with those set out in the applicable rules and correct any deficiencies. Sounds simple doesn’t it? Unfortunately, it can be quite difficult, depending on the types of claims involved. Our firm has worked with a number of health care providers over the years, assisting them in getting removed from prepayment review and incorporating remedial steps into their Compliance Plan.
Robert W. Liles, JD is Managing Partner at the health law firm, Liles Parker, PLLC. With offices in Washington, DC, Houston, TX, and Baton Rouge, LA, our attorneys represent home health agencies, physicians and other health care providers around the country in connection with Medicare / Medicaid prepayment reviews, UPIC postpayment audits, Compliance Plan reviews and State licensing board actions. Should you have any questions, please call us for a free consultation. Robert can be reached at: 1 (800) 475-1906.
-  At the time of passage, the Health Care Financing Administration (HCFA) was responsible for the management of the Medicare and Medicaid programs. In September 2001, the Secretary, Health and Human Services, Tommie Thompson, changed HCFA’s name to the Centers for Medicare and Medicaid Services
-  Federal Register /Vol. 73, No. 188 / Friday, September 26, 2008 /Rules and Regulations, 55753.
-  CMS Pub. 100-08, Ch. 3, §184.108.40.206B.
-  CMS Pub. 100-08, Ch. 3, §3.1B.
-  CMS Pub. 100-08, Ch. 3, §3.2.2A.
-  CMS Pub. 100-08, Ch. 3, §3.2.1.
-  For an overview of the UPIC program, see our discussion at this link.