CERT Audits

In 1996, the Department of Health and Human Services (HHS), Office of Inspector General (OIG) first estimate the improper payment error rate of Medicare Fee-For-Service (FFS) claims. [1]  From 1996 through 2002, OIG continued to manage this program. In 2002, the Improper Payments Information Act (IPIA) was enacted.[2] Under the IPIA, Federal agencies, including HHS are required to conduct an annual review of programs it administers to reduce and recover improper payments. In response to the IPA, the Centers for Medicare and Medicaid Services (CMS) began publishing its estimates of improper payment rates. These efforts became known as the “Comprehensive Error Rate Testing” (CERT) program.[3]

I. Current Status of the CERT Audit Program

The CERT audit program was designed to comply with the Payment Integrity Information Act of 2019 (PIIA).[4]  It provides a comprehensive assessment of the improper payments being made to specific types of Medicare providers, along with the improper payment decisions being made by various Medicare contractors. Approximately 50,000 FFS claims are reviewed each year by CERT auditors. The claims reviewed include those that have been paid or denied by Medicare Administrative Contractors (MACs).

On March 30, 2020, CMS suspended the performance of most prepayment and post-payment audit activities. CERT audits were also placed on hold.  Last August, CMS instructed its CERT contractors to resume their audit activities.

II. Providers are Randomly Chosen for a CERT Audit

With one exception, virtually none of the Medicare claims audits initiated by CMS contractors are truly “random,” despite whatever a Unified Program Integrity Contractor (UPIC) or Recovery Audit Contractor (RAC) may tell a health care provider.  There is one narrow exception to this basic rule – CERT audits.  A CERT audit is conducted as part of the CERT program.  Simply stated, the objective of a CERT audit is to estimate the accuracy of the Medicare Fee-For-Service (FFS) program. When a CERT audit is conducted, the CERT auditor is essentially “auditing” a specific previously-paid type of claim to determine whether a Medicare Administrative Contractor (MAC) was correct in allowing the claim to be paid.  To accomplish this, the CERT auditor pulls sample of specific paid services submitted for payment in a MAC region.  Providers with claims in the sample universe are then randomly pulled by the CERT auditor.  The bottom line is that the focus of a CERT audit is the claim at issue, not the provider.

III.   Types of CERT Contractor

Prior to September 2016, CMS utilized several private contractors to administer the CERT program. Effective October 16, 2016, CMS structured the CERT program so that it could be administered by two contractors. As currently designed, the program involves two contractor components – a “CERT Statistical Contractor” (CERT SC) and a “CERT Review Contractor” (CERT RC).

The Lewin Group currently serves as the CERT SC and is responsible for designing how claims are sampled and calculating improper payment rates. It is important to keep in mind that sampled claims are selected by the CERT SC based on the specific type of claim being audited. The sample of claims identified for audit are NOT selected based on a specific provider or supplier.

NCI Information Systems, Inc. (NCI), currently serves as the CERT RC. Once a sample of claims has been identified by the CERT SC, the list is provided to the CERT RC. The CERT RC is then responsible for requesting the supporting medical records associated with this sample of claims from health care providers and suppliers. Once the provider or supplier returns the requested medical records to the CERT RC, the CERT RC is then responsible for reviewing the sampled records to determine if the claims were properly paid by the MAC. The CERT audit process proceeds as follows:


Generally, the responsibilities assigned to each of these contractor components include:[5]

CERT Graph

A. CERT SC duties

Based on the risk issues identified, the CERT SC is responsible for selecting a sample of claims (both paid and unpaid) that have been processed by one or more MACs. The listing of claims are then forwarded to the CERT RC for handling.

B. CERT RC duties

When serving as a CERT RC, the CMS contractor typically proceeds as follows when completing its duties:

  • If a provider or supplier submitted one or more of the claims included in the sample pulled by the CERT SC, the CERT RC will contact the provider or supplier by letter to request copies of the medical documentation associated with the claim(s). On day 25, the CERT RC will typically contact the provider or supplier by phone to check on the status of their documentation
  • If a provider has not forwarded the documents requested to the CERT RC by day 30, a second letter is normally sent to the provider or
  • If the records are not received by day 45, the CERT RC will send a third letter to the provider or supplier to ascertain the status of the requested documentation. On day 55 the CERT RC normally tries to contact the provider or supplier by phone to check on the status of the documentation
  • If the requested documentation still has not been received by day 60, a fourth letter is sent to the provider or supplier, again inquiring on the status of the missing
  • If no documentation is received by day 76, the claims associated with the missing documentation are denied and scored as an “error” based on the missing

IV. Improper Payment Error Categories, Definitions and Examples

 The reasons for payment denial typically cited by a CERT RC contractor include the following:[6]


V. Responding to a CERT Audit

Should you receive a CERT audit request for documents, it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing. Fundamentally, a CERT audit is primarily designed to identify deficiencies and mistakes made by MACs.  Upon receipt of a CERT audit request, a Medicare provider or supplier should carefully review the request and take steps to assemble a complete set of documentation covering the specific claims at issue. Importantly, if you are dealing with notes that are difficult to decipher, it is recommended that a transcription of the notes be made and submitted with the documentation.

VI. Appealing CERT Denials

The results of a CERT audit are likely to be set out in Medicare’s electronic Fiscal Intermediary Standard System (FISS). It is imperative that you monitor the status of the claims selected for CERT review. If the CERT RC finds that one of more of your paid claims did not qualify for coverage and payment, you will have to decide whether or not you agree with the denial decision that has been issued. Should you dispute the denial, you will need to file for administrative appeal within the established timeframes.

VII.   Recommendations

Overall, a CERT audit is perhaps the most benign of any Medicare claims audit.  Nevertheless, it is highly advisable that you exercise caution when responding to a CERT audit.  The results of a CERT audit are used by the OIG, Unified Program Integrity Contractors (UPICs), Supplemental Medical Review Contractors (SMRCs) and Recovery Audit Contractors (RACs) for targeting purposes.  Upon receipt of a CERT audit document request, we recommend that you contact an experienced health lawyer for guidance.  Effectively handling a CERT audit may very well reduce the likelihood of a later, more serious audit of your Medicare claims.

NATIONWIDE REPRESENTATION — Call for Free Consultation: 1 (800) 475-1906

If your practice or health care organization is placed on targeted for a CERT review or audit, you need to understand the collateral impact of the CERT audit findings. Contact Liles Parker to discuss the CERT audit process and how to best respond to a request for documentation. A number of Liles Parker's experienced health lawyers are also “Certified Professional Coders” and / or “Certified Medical Reimbursement Specialists.”

Give us a call for a complimentary consultation. We can be reached at: 1 (800) 475-1906.

[1] The definition of what constitutes an improper payment is quite broad. Both overpayments and underpayments are considered to be improper payments. Improper payments also include:

  • Payments to an ineligible recipient
  • Payments for an ineligible service
  • Duplicate payments
  • Payments for services not received
  • Payments for an incorrect amount

[2] A copy of the “Improper Payments Information Act of 2002” can be found at this link.

3 Guidance regarding the CERT program can be found at https://www.cms.gov/Research-Statistics-Data-and- Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/CERT/

[4] A copy of the “Payment Integrity Information Act of 2019” can be found at this link.

[5] This chart can be found at: https://certprovider.admedcorp.com/Home/About

[6] A copy of this chart was included in a presentation by CMS on the CERT program. It may be found at: https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS- Compliance-Programs/CERT/Downloads/IntroductiontoComprehensiveErrorRateTesting.pdf