Audit

How to Navigate a CMS audit

There’s no need to panic if you follow a few simple steps.

BY DONNA M. McCUNE, CCS-P, COE, CPMA

In July 2011, The Centers for Medicare and Medicaid Services (CMS) introduced a Fraud Prevention Initiative.¹ With this initiative, CMS aims to:

• Keep individuals and companies that intend to defraud Medicare, Medicaid, and CHIP out of these programs.

• Avoid payment of fraudulent claims when they are submitted.

• Remove fraudulent individuals and companies from Federal health-care programs.

As a result of this initiative and others, providers and facilities may receive the dreaded “Dear Doctor” letter requesting documentation supporting claims for reimbursement. Don’t panic! Navigating an audit does not need to be onerous if you follow a few simple steps.

Step 1: Determine who is performing the audit and the type of audit.

Various organizations within CMS perform audits. The organization and type of audit are typically described in the opening paragraph of the request for information. Some examples include the following.

Comprehensive Error Rate Testing (CERT).² The results of these audits calculate the annual Medicare fee-for-service error rate. To develop a statistically-valid sample of claims, CMS chooses providers and facilities at random. CERT audits review claims and medical records for compliance with Medicare coverage, coding, and billing rules.

Recovery Audit Contractor (RAC).³ Four contractors hired by CMS conduct these audits, which began in 2009. The purpose of these audits is to identify and recover improper payments made to providers.

Program Safeguard Contractors (PSC) audits and Zone Program Integrity Contractors (ZPIC) audits. These audits are far more serious in their purpose. The primary goal of the PSC and the ZPIC BI unit is to identify cases of suspected fraud, investigate them thoroughly and in a timely manner, and take immediate action to ensure that Medicare Trust Fund monies are not inappropriately paid out and that any mistaken payments are recouped.⁴

Medicare Administrative Contractor (MAC). Your local MAC may request medical records for a variety of reasons including aberrant billing patterns, a complaint against the provider or practice, or claim errors raising a red flag.

Step 2: Identify specific deadlines.

Depending on the type of audit, the deadline to submit information varies. However, there will be a deadline requiring adherence. A sample CERT letter includes the following regarding a deadline:

Your response is due on _______. If you fail to produce the requested information by this date, the CERT contractors will assume the services on the claim were not rendered and your local Medicare contractor will initiate claims adjustments and/or overpayment recoupment actions for these undocumented services.

In general, expect 30 days as the typical response time to a request. If you are unable to satisfy the deadline, contact the individual who signed the records request to discuss an extension. Secure their acceptance of additional time and ask them to confirm it in writing to you.

Step 3: Prepare and send complete information.

A request for records may ask for single dates of service or a range of services for a patient. Regardless of the request, make certain that you send enough information to provide support for the claim(s) in question. For example, if a diagnostic test is audited, the reviewer needs to see records that demonstrate the order for the test, the test itself, and the interpretation. The order may have occurred at a visit prior to the day of the test, so include the visit note that contains the test order in addition to the test itself and physician’s interpretation.

More than the operative note supports a cataract surgery. The exam determining the need for surgery with the patient’s complaint and lifestyle issues and the clinical exam supports the cataract surgery along with the operative note. Be cognizant of sending the necessary documentation to support the service without sending non-pertinent documents. Lastly, maintain a copy of everything you send.

Step 4: Conduct an internal review.

Internal auditing and monitoring is a component of an effective compliance program. When an organization requests medical records, this is also a good time to explore the issue internally to assess your exposure. Hopefully, your internal review reveals compliant documentation and valid claims. In the event that it does not and you discover an error that results in a known overpayment, consider a proactive approach with the auditing entity before it completes its assessment. This approach may require the assistance of legal counsel.

Step 5: Understand your right to appeal.

Upon receipt of the audit results, carefully analyze the findings and determine if you agree with the findings or desire to appeal some or all findings. Most CMS audits follow a well-established appeal protocol with specific deadlines that mirror the process to appeal a denied claim.⁵ Don’t fold if you believe your claim(s) is supported.

Depending on the type of audit, size, and monetary value, navigating the process can be intimidating and overwhelming. It can also be the stimulus to improve your compliance efforts. Use the audit to educate physicians and staff by bringing them up to date on the constantly changing rules and regulations. If you are not already reviewing charts internally, start. Finally, if you have not yet developed a compliance program, an audit should motivate you to do so. OP

REFERENCES:

Donna M. McCune is vice president of Corcoran Consulting Group. A nationally recognized speaker, Ms. McCune is an active member of the American Society of Ophthalmic Administrators. She received her Certified Professional Medical Auditor certification in 2012. Contact Ms. McCune at DMcCune@corcoranccg.com, or comment on this article at tinyurl.com/OPreadercomment.