Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

A CERT Audit Is Serious – Don’t Take These Medicare Reviews Lightly

A CERT audit of your Medicare claims is serious business. Is your practice ready to be audited?(November 23, 2011): The “Comprehensive Error Rate Testing” (CERT) program was implemented as a mechanism for the Centers for Medicare and Medicaid Services (CMS) to assess whether their Medicare Administrative Contractors (MACs) are properly paying claims.  In other words, is a particular MAC failing to identify and deny improper claims?  Alternatively, is the MAC denying claims which do, in fact, qualify for coverage and payment? Essentially, the CERT audit program serves as an integral management tool for CMS as well as an important feedback mechanism for the MACs. When problem areas are identified, they can be actively addressed by a wide variety of Medicare contractors with audit responsibilities.  Notably, several of the MACs around the country have been aggressively reasserting their roles in the corrective action process. Essentially, MACs write the checks on behalf of CMS.  As a result, they play an extraordinarily important role in the Medicare reimbursement process. Therefore, when a CERT auditor finds that a MAC has been incorrectly reimbursing providers for claims which may not qualify for coverage, it is very important that the MAC immediately address this system-level deficiency.

I. Recent Actions Taken by MACs in Response to CERT Audit Findings.

In response to certain CERT audit findings, one MAC recently sent notification to providers of Evaluation and Management (E/M) services explaining that new “stringent corrective actions” will be taken to address some of the more common claims errors identified by the CERT auditors when conducting their reviews of MAC payment practices.  As recent correspondence to a provider reflects, MACs are taking the results of CERT audits quite seriously, and are expanding their program integrity efforts.  As one MAC recently wrote, the contractor stands ready to:

  • Suspend a provider if that provider has “too many” payment errors (it does not state how many is “too many”);
  • “[R]efer every physician” to that region’s ZPIC if those providers continue to bill for services which may constitute payment errors;
  • “[R]efer every physician” to the ZPIC if there is a pattern of past payment errors; and,
  • “[C]onduct prepayment reviews” of future claims, up to 100% of a provider’s claims.

To be clear, none of these potential corrective actions represent new authorities.  Nevertheless, the fact that MACs are now reasserting these points is reflective of CMS’ ongoing concerns regarding the prevalence of improper claims.  Indirectly, CMS is making it crystal clear that as the initial recipient and screener of Medicare claims submitted by providers for payment, MACs play an essential role in screening out improper claims and bad providers.  As Medicare’s primary gatekeepers, MACs are responsible for identifying both improper claims and providers who may be engaged in abusive and / or fraudulent practices.

II.  What Should You Do if You Are Notified of a CERT Audit?

Should you receive a CERT audit request for documents from a CERT Documentation Contractor (CDC), it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  Nevertheless, it is imperative that you take a CERT audit request quite seriously.  At the end of the day, it will be you, not the MAC, who is responsible for any overpayments identified as a result of the audit. Moreover, bad results on a CERT audit may lead to further auditing in the future.

III.  What Actions Should a Compliance Officer Take to Being Audited?

As an organization, if you are subjected to a CERT audit, the “horse is already out of the barn,” so to speak.  Your goal is to review and monitor your organization’s coding, billing and utilization practices on an ongoing basis so that improper claims are never submitted to your MAC in the first place.   In most cases, you can check your MAC’s website to determine if their CERT auditor has already identified certain areas of concern. For instance, one MAC recently reported that out of 508 errors identified in a CERT audit of certain Medicare claims, the contractor found that:

  • 311 errors were due to “insufficient documentation.”  Notably, a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
  • 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
  • 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
  • 10 errors were due to “invasive procedures that were assessed to be without medically necessity.”
  • 9 errors were due to an “incorrect procedure code” used when billing the service.
  • 6 errors were the result of “billing for services that were not rendered.”
  • 2 errors were due to “other errors.”
  • 1 error was due to an “incorrect discharge code being used.”

Compliance Officers can take these “general” risk areas, add them to the “practice-specific” risk areas already noted, and take special note of these concerns when conducting internal reviews. The only way to avoid the scrutiny of Medicare’s various administrative contractors (MACs, ZPICs, RACs and CERT auditors) is to avoid payment errors altogether.  While no provider is perfect, the development, implementation and adherence to an effective Compliance Plan can significantly reduce the number of improper claims submitted by a provider to a MAC for reimbursement.

IV.  What Actions Should a Compliance Officer Take After Receiving a CERT Audit Letter?

As Compliance Officer, upon receipt of a CERT audit request, you should carefully review the request and take steps to assemble a complete set of medical records and other supporting documentation related to the specific claims at issue.  It is important not only to make sure that your documentation is complete when sending in records to a CERT contractor, but to make sure that compliance is a daily part of your practice. Ensuring that your documentation is appropriate and accurately documents both medical necessity and the level of services performed can greatly assist you in avoiding trouble down the road.

Now, more than ever, it is important that you have an effective Compliance Plan in place.  Your Compliance Plan should explicitly set out your organization’s policies about how to correctly assess the need for, and document the services provided to a Medicare beneficiary. Otherwise, as demonstrated by the tough stance being taken by the MAC discussed above, CERT audits and other Medicare post-payment audits could raise serious problems for your practice.

Healthcare AttorneyLiles Parker attorneys represent health care providers in CERT, MAC, ZPIC and RAC audits and investigations. Our attorneys have extensive compliance experience and can conduct “GAP Analyses” designed to place your practice or clinic on solid regulatory footing.  To speak with Robert W. Liles, J.D., call 1 (800) 475-1906 for a free consultation today. 

CERT Postpayment Audits: An Overview of the Audit Process

CERT Postpayment(March 12, 2011):  Health care providers around the country are finding their practices and clinics subjected to Medicare post-payment audits by Zone Program Integrity Contractors (ZPICs), Program Safeguard Contractors (PSCs) and Comprehensive Error Rate Testing (CERT) Contractors.  While all post-payment audits should be taken seriously, there are real differences between both the contractors and the post-payment audits they are conducting.  This is the first of three articles examining these differences.  Starting with the CERT audit program, we will be examining each of the Medicare contractors conducting CERT postpayment audits and review of provider claims for services and devices.

I.  Historical Background of the CERT Postpayment Audit Program:

With the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104 -191), the Department of Health and Human Services, Office of Inspector General (OIG) initiated work in an effort to estimate the improper payment error rate of Medicare Fee-For-Service (FFS) claims.  From 1996 through 2002, OIG continued to manage this program. In 2002, the “Improper Payments Information Act” (IPIA) was enacted. The Centers for Medicare and Medicaid Services (CMS) subsequently began working with the OIG in 2003, and worked to further refine the estimated Medicare FFS error rate so that the program would comply with the requirements of the IPIA.  These efforts became known as the “Comprehensive Error Rate Testing” (CERT) program.[1]  Unlike early efforts, the CERT program does not only estimate a national improper payments error rate for Medicare FFS claims.  As Timothy Hill, OIG’s Chief Financial Officer testified before the Senate, the CERT program examines a number of essential aspects of the overall error rate of Medicare FFS claims:

“Contractor-specific improper payment rates – which measure the accuracy of our claims processors.

Provider-type specific improper payment rates – which measure how well the providers who care for our beneficiaries are preparing and submitting claims to the program; and

Other management related information – which provides insight into payment errors by region and reason.”[2]

Notably, the CERT program was designed to provide a comprehensive assessment of the improper payments being made to specific types of Medicare providers, along with the improper payment decisions being made by various Medicare contractors.  In doing so, the CERT program was set up to serve as an integral management tool to be used by CMS. Once problem areas were identified, CMS was able to monitor specific problem areas (and in some cases, specific Medicare contractors making erroneous payment decisions) so that corrective action could be taken.

II.  Contractors Performing CERT Postpayment Audits:

CMS has selected private contractors to administer various aspects of the CERT audit program.  There are two basic types of CERT contractors, a “CERT Review Contractor” (CRC) and a “CERT Documentation Contractor” (CDC).  As an initial step, the CRC will first select random samples of claims from each Medicare claims processing contractor.  The CDC will then take the list of claims selected by the CRC and request the relevant documentation related to these claims from the health care provider who provided, billed and was paid for the services.  Once received, the CDC then forwards the documentation to the CRC.

A.  Livanta – CDC.

CMS has awarded the CDC contract to a private company named “Livanta, LLC” (Livanta), located in Annapolis Junction, Maryland. Notably, Livanta has also been awarded the “Statistical Contractor” (SC) portion of the Payment Error Rate Measurement (PERM) program.  The PERM program is designed to measure improper payments in both the Medicaid program and the State Children’s Health Insurance Program (SCHIP).

Focusing on Livanta’s duties as CDC, the contractor typically proceeds as follows when completed its duties as a CERT contractor:

  • Once a provider has been identified, the CDC will contact the provider regarding the audit.  In a number of cases, the CDC will first call the provider by telephone and then follow-up with a fax or written request for the documents sought.
  • If a provider has not forwarded the documents requested to the CDC by day 30, both telephone and written follow-ups are made by the CDC to the provider.
  • If the records are not received by day 45, the CDC will again both call and fax or write the provider to ascertain the status of the requested documentation.
  • If the requested documentation still has been received by day 60, a letter is sent to the provider again inquiring on the status of the missing documents.
  • If no documentation is received by day 76, the claims associated with the missing documentation is denied and scored as an “error” based on the missing documentation.

B.  AdvanceMed – CRC.

Once the CDC has requested and received the claims documentation from the provider, it is forwarded to the “CERT Review Contractor” (CRC).  CMS has awarded the contract to serve as CRC to AdvanceMed. As CRC, AdvanceMed must carefully review the documentation received and determine whether the services qualify for coverage and payment.  The CRC then compares its assessment to that of the Medicare contractor who originally reviewed and paid the claims (the contractor is typically a Medicare Administrative Contractor (MAC) who is responsible for review of the Part A or Part B claims).  If the CRC finds that the Medicare contractor incorrectly billed, paid or processed the services at issue, the claim is noted to be an “error”

III.  Sample CERT Postpayment Audit Program Results From the Fourth Quarter of 2010:

Each quarter, Highmark Medicare Services (Highmark) reports on the most recent “errors” identified by the CERT contractor in connection with the CERT program audit.  During the Fourth Quarter of 2010, 508 CERT errors were found in connection with the Part A claims reviewed.   The 508 errors can be broken down as follows:

  • 311 errors were due to “insufficient documentation.”  Notably,   a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
  • 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
  • 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
  • 10 errors were due to “invasive procedures that were assessed  to be without medically necessity.”
  • 9 errors were due to an “incorrect procedure code” used when billing the service.
  • 6 errors were the result of “billing for services that were not rendered.”
  • 2 errors were due to “other errors.”
  • 1 error was due to an “incorrect discharge code being used.” 

In addition to the Part A errors identified, a separate error report covering Part B claims is also detailed on Highmark’s website. [3] 

IV.  Responding to a CERT Postpayment Audit Request for Documents:

Should you receive a CERT postpayment audit request for documents from a CDC, it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT postpayment audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  As Compliance Officer, upon receipt of a CERT postpayment audit request, you should carefully review the request and take steps to assemble a complete set of documentation covering the specific claims at issue.  As Highmark also notes, when dealing with notes that are difficult to decipher, it is recommended that a transcription of the notes be made and submitted with the documentation.

V.  Appealing CERT Denials:

The results of a CERT postpayment audit are likely to be set out in Medicare’s electronic Fiscal Intermediary Standard System (FISS) computer system.  It is imperative that you monitor the status of the claims selected for CERT review.  If the CRC finds that one of more of your paid claims did not qualify for coverage and payment you will have to decide whether or not you agree with the denial decision that has been issued.  Should you dispute the denial, you will need to file for administrative appeal within the standard, established timeframes.   CERT denials are appealed in the same manner as any other claims denial would be appealed.

VI.  Comparison of CERT Postpayment Audits and ZPIC Postpayment Audits:

As reflected above, CERT postpayment audits are fundamentally different from ZPIC audits, both in terms of fundamental purpose and in terms of likely financial liability.  At its core, a CERT postpayment audit is really an attempt by CMS to learn whether or not its contractors (typically MACs) are properly assessing and processing claims submitted by Medicare providers for review and payment.  If a CERT contractor finds that a provider’s claims should not have been paid, it primarily reflects on the MAC, not necessarily the provider.  Having said that, claims denied by a CERT contractor should still be appealed if the provider believes that the claims do, in fact, qualify for coverage and payment.  While denied claims will still contribute to a provider’s overall error rate (possibly increasing the likelihood that a provider could be subjected to later audits), damages associated with CERT postpayment audits are not typically extrapolated.  As a result, the overall damages associated with CERT postpayment audits are relatively modest, especially when compared to the potential damages alleged in ZPIC and PSC “big-box” cases.  Additionally, unlike ZPIC and PSC audits, most CERT postpayment audits are solely concerned with the coverage and payment of the particular claims under review.  In contrast, ZPIC postpayment audits can lead to suspension, revocation or even referral to OIG or DOJ in cases where fraud may be evident.

Despite the limited scope of liability inherent in CERT postpayment audits, it is imperative that Medicare providers diligently work to respond to requests for documentation in a timely fashion.  Notably, other contractors (including ZPIC, PSC and RAC auditors) may review CERT postpayment audit findings for targeting purposes.  The bottom line is fairly simple — if you owe money to the Medicare program, pay it back.  If not, you should challenge unwarranted denials of claims by CERT auditors. 

Robert Liles Healthcare LayerRobert W. Liles, J.D. serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with postpayment CERT audits and program integrity reviews by ZPICs and other Medicare contractors.  Should your practice, clinic or company be subjected to a post-payment audit, give us a call for a complimentary consultation.  We can be reached at: 1 (800) 475-1906.    


[1] Guidance regarding the CERT program can be found in the “Medicare Program Integrity Manual, Chapter 12 – The Comprehensive Error Rate Testing Program.”

[2] This information was discussed by Timothy Hill, OIG’s Chief Financial Officer, as part of his sworn testimony regarding “Medicare and Medicaid Improper Payments” in front of the Senate Committee on Homeland Security and Governmental Affairs, Subcommittee on Federal Financial Management, Government Information and International Security, on Thursday, March 29, 2007.  A transcript of Mr. Hill’s testimony may be found at:

http://www.hhs.gov/asl/testify/2007/03/t20070329a.html

[3] Highmark Medicare Services’ CERT audit report covering Part A and Part B errors identified during the Fourth Quarter of 2010 can be found at: https://www.highmarkmedicareservices.com/cert/errors/a-cert-dec10.html