CMS Announces the Resumption of Medicare Audits

The hiatus of audits was short-lived. 

The ongoing COVID-19 pandemic and resulting public health emergency (PHE) has brought about massive and quick changes in the healthcare industry, notably among them the temporary suspension of Medicare Fee-For-Service (FFS) audits. The Centers for Medicare & Medicaid Services (CMS) suspended most audits on March 30, and this change was universally welcomed by the healthcare industry.

Although the PHE continues, the hiatus of audits was short-lived. CMS announced the end of exercising audit enforcement action suspension in late July, and it resumed program integrity audits effective Aug. 3. In doing so, the agency acknowledged the continuing PHE, but emphasized the importance of (and need to) resume medical review activities. Specifically, CMS stated that:

“As states reopen, and given the importance of medical review activities to CMS’s program integrity efforts, CMS expects to discontinue exercising enforcement discretion beginning on Aug. 3, 2020, regardless of the status of the public health emergency.” (Emphasis added.)

The CMS announcement was released in a document titled Coronavirus Disease 2019 (COVID-19) Provider Burden Relief FAQ’s, which in part also addressed the resumption of certain medical review activities that had been paused.

Resumption of Medicare Audits
The FAQs was updated to indicate that CMS has authorized Medicare contractors (e.g. durable medical equipment, or DME; Medicare Administrative Contractors, or MACs; Recovery Audit Contractors, or RACs; Supplemental Medical Review Contractors, or SMRCs; Unified Program Integrity Contractors, or UPICs; etc.) to once again perform pre-payment and post-payment audits as part of their medical review responsibilities.

CMS indicated that if individual providers selected for medical review believe that responding to a request for documentation would create a hardship situation, they should discuss response options with the contractor performing the review.

It is also important to note that CMS authorized the reinstatement of all Medicare audits.

According to CMS, auditors will be “applying” any waivers and flexibilities in place during the emergency period as they conduct their claims reviews, which otherwise will follow statutory and regulatory provisions and billing and coding requirements.

What to be Ready for
A provider may be selected for audit based on high utilization of particular billing codes or some other abnormality identified by CMS in its data analytics. If a provider is selected for a targeted probe-and-educate (TPE) review, the provider will typically receive notice by mail with a request for medical records associated with 20-40 previously submitted claims. The auditor will then work with the provider on any areas of identified non-compliance. If the auditor does not see improvement over three rounds of its audit, the provider will be referred to CMS for further review. Pre-payment and RAC audits consist of records requests and notification of any identified audit findings, but do not have the education component that TPE reviews have.

UPIC audits are often generated through data analysis or by review of consumer complaints, and most often target specific healthcare providers. Currently, telehealth claims are part of the UPIC targeted audits, as more and more providers have moved to a telehealth platform during the PHE. But in early review, it has been reported by CMS Administrator Seema Verma that compliance and specific CMS guidelines were not always adhered to during the course of telehealth use. Ms. Verma also told Business Insider that CMS is investigating fraudulent telehealth charges, including providers that bill for “more visits than are humanly possible in a day.”

The agency is examining new ways to oversee telehealth, to identify and investigate this type of fraud.

Many assumed that payors would not audit claims adjudicated during the PHE, especially because of the associated waivers issued by CMS. The agency communicated that it would audit for potential fraud or abuse during the PHE, along with “bad faith,” which was first communicated in the Coronavirus Aid, Relief, and Economic Security (CARES) Act, when the PHE was first declared. Again, this guidance was somewhat confusing for the industry.

After all, CMS published its last approved RAC audit in February 2020. Yet on Aug. 3, the agency published five new RAC focus areas, including ambulance services, hospital inpatient services, hospital outpatient services, ambulatory surgical centers, and professional (physician) services.

This audit downtime has enabled payors to shift their focus to data-mining claims. This is why medical records requests and overpayment demand letters from RACs and commercial payors will likely resume during the next few weeks.

Audits, disruptive during the best of times, become even more so when fewer staffers are available to process record requests and respond. Timely response is imperative.

How to Handle
I would strongly advise all medical practices, providers, and facilities to heed every overpayment and audit letter, whether from a government or commercial payor. The rules applicable to telehealth, supervision, inpatient rehabilitation facilities (IRFs), and nursing homes changed rapidly at the onset of the PHE, as well as “approved providers,” which can perform services that they may not have been authorized to perform before. This increased the likelihood of audit errors, misapplication of rules, and application of rules and regulations to inapplicable dates of service.

Claims adjudicated during the PHE, and particularly within the first 60 days of the PHE, may ultimately be subject to several different rule changes that varied from day to day. This is why these audits are at higher risk of errors having occurred. Generally, audits reflect a specific date range, and auditors apply appropriate payor rules. The appropriate guideline or regulation may not be applied correctly, or to the applicable time frame, which could reveal an overpayment in error. Numerous executive orders at the state and federal levels have further complicated audits during the PHE.

As I am starting to receive payor requests to audit, and also client requests, as a proactive response, my recommendation is to avoid prematurely and unnecessarily returning any overpayment by confirming all overpayments before you accept audit findings. It is important that qualified staff or your external auditor re-audit records identified as having overpayments. Parameters of the confirmation process must include all appropriate regulations and/or payor policies that were applicable on that particular date of service.

And remember, if your organization is selected for an audit, you have options. CMS recognizes that staffing and resources necessary to respond to audits may be limited. Providers may contact RACs to explain any COVID-19-related hardships they are experiencing that may impact response time.

Programming Note: Terry Fletcher is a member of the ICD10monitor editorial board. Listen to her live reporting on this subject today on Talk Ten Tuesdays, 10 a.m. EST.