Deborah Grider, CPC, COC, CPC-I, CPC-P, CPMA, CEMC, CCS-P, CDIP
Medicare and private payers continue to focus on audits to recover improper payments. You need to be prepared for the possibility of an audit. The first step is to understand what types of audits are conducted and who might be looking at your documentation.
Who Audits Your Medical Records
Comprehensive Error Rate Testing (CERT) Program
Recovery Audit Contractor (RAC)
- CERT programs measure error rates by reviewing randomly selected claims.
- Signatures, physical therapy, and evaluation and management (E/M) codes are big issues!
- A periodic report is issued by the Centers for Medicare and Medicaid Services (CMS) with national audit results.
Medicare Administrative Contractor (MAC)
- RACs have incentives for recoupments.
- RACs make public the issues list. For example, a physician issue could be E/M billed during the global (pre- or postoperative) period.
Zone Program Integrity Contractor (ZPIC)
- MACs conduct pre- and post-payment audits.
- Audits are determined by analyzing paid claims, referrals from the Office of the Inspector General (OIG), results of CERT and RAC audits, and other sources.
Health Care Fraud Prevention and Enforcement Action Team (HEAT)
- ZPICs are given incentives for money they collect.
- ZPICs focus on billings that are higher than those of most providers and noncompliance with local coverage decisions.
Office of Inspector General (OIG)
- HEATS are interagency teams that combat criminal fraud.
Medicaid Integrity Contractor (MIC)
- The OIG investigates areas of overpayment.
- Areas for payer audits are highlighted.
- Audit targets (work plans) are published each year.
- Critical care was added to the to the work plan in August 2018 and is still active.
- MICs audit Medicaid claims.
- Overpayments are identified.
All commercial payers conduct pre- and post-payment audits. In general, insurance carrier auditors look for inaccurate coding, insufficient or lack of documentation, nonadherence to payer policies and lack of medical necessity. It is important to respond to the request for documentation immediately and take the necessary steps to send the appropriate documentation. Failure to do so might result in a request by the payer for a refund for the service. A payer might ask for one record or might ask to review 10 to 20 records. When the request is for more than 20 records, you should assume that they are conducting a focused review.
Payers use data mining to determine what are called outliers. Every time you submit a claim for payment, data is compiled based on the physician’s unique physician identification number. For example, overutilization of a level of E/M services such as a level 3 (99223) initial hospital care or excessive units of 99292 could trigger an audit. An audit could also be triggered by unbundling procedures included in critical care or overuse of modifier 25 or 59.
Steps to Take When a Payer Requests Documentation
When you receive a notice requesting records from a payer, this means that the payer intends to conduct an audit. If the reasons for the request are not in the notice, contact the payer for clarity.
Determine the focus of the audit by ascertaining whether the audit:
- requires that medical records be sent
- is a baseline or review
- is a focused review (requiring more than 20 records)
- is for recovery or potential fraud
Find out whether the payer suspects improper coding or billing. How many claims are involved? Is the payer asking for 15 records or 100 records? The review could be random or it could be that a more focused review is being conducted with statistical validity that allows for extrapolation and a larger recovery. This might suggest the potential for a demand for repayment of overpaid claims.
Look for medical necessity, bundling issues, higher levels of E/M services, or overutilization of critical care services. Without the medical record(s) it is difficult for a payer to justify a denial, and the only option for the payer is to review the medical record(s). It might be beneficial to request that a coding consultant with expertise in clinical documentation review the records being requested. It is always beneficial to hire an outside consultant to obtain a more objective opinion.
Notify your healthcare attorney if the payer is asking for a large number of medical records. It is not necessary to notify your attorney for every audit but if a consultant determines that there might be problem areas, legal advice will be beneficial. Find out who is conducting the audit and which department that person works in. A special investigation unit is more likely to look for recovery than a compliance unit.
Comply by the deadline. If the payer requests medical records, you are obligated to comply within the given deadline (usually 30-45 days). Check your payer contract if a commercial payer is requesting records. It is beneficial to also check the prompt payment laws in your state. Many states have timelines in which payers may recover reimbursement. Send copies (not originals) of the records and keep copies in your files. Know what the payer is asking for and send all supporting documentation to support the services that were billed. If sending via the U.S. Postal Service, send by certified mail. Some payers now have portals in which you can submit documentation electronically. Carefully follow the instructions in the notice. If you have questions, contact the payer. There is always a contact person and phone number in the request.
Make sure you send requested documentation with all supporting information, such as notes for the date of service, any procedure notes, orders, laboratory reports, and radiographs. Include all information that will validate medical necessity for the service. Make sure that the patient’s name and date of service are on each page.
Make sure that there is a signature on every note requested. From the electronic health record, it is important that you send a copy of the notes with signatures. The signature should include the clinician’s first and last name and medical credentials (eg, MD, DO, PA, NP, CNP). Always include a copy of the request for medical records. Often, the request will contain a list of documentation to include. Again, keep a copy of everything you send. If you use nonstandard abbreviations, include an abbreviation list with the audit request. It might take several weeks or months to hear back from the payer after the audit.
Always have a plan in place if the payer asks for payment recoupment or—worse—the payer suspects fraud. If you do not have a healthcare attorney, you should engage one in case you need an attorney. Do not wait until the last minute to scramble for help. Make sure that if you receive a demand letter you consider the following questions:
Be Ready for a Payer Audit
- Was the demand letter received in a reasonable time frame after the audit?
- Did the payer provide an explanation as to how the recovery amount was determined?
- Did the payer provide an explanation for each incorrectly coded paid claim?
- Did the payer explain the statistical sampling methodology that was used?
- Did the payer offer a chance to speak to a representative before submitting an appeal?
- Did the payer explain how to submit an appeal? (Medicare has a specific appeals process.)
Minimizing Your Risk on an Ongoing Basis
- Educate yourself and your staff on accurate CPT and ICD-10-CM coding.
- If you are not confident your documentation will pass an audit, seek outside help from a coding auditor or consultant.
- Make sure your documentation is comprehensive and supports the services that have been performed and billed.
- Follow your Medicare carrier and top private payers’ medical coverage policies on a regular basis. New policies are established and existing policies revised on a routine basis. CMS Publication 100-4 chapter 12 is a good resource for critical care services.
- Regularly self-audit your procedures and E/M coding and documentation for errors and areas of risk. Have an outside audit performed on a regular basis. Both activities should be part of your compliance plan.
- Avoid high-risk coding behavior, such as:
- High percentage of level 3 inpatient visits
- Overutilization of critical care services
- Billing for critical care when rounding
- Billing for critical care when the patient does not meet the critical care definition
- Not reporting total time for adult critical care
- Unbundling services inappropriately with modifier 25 or 59
- Billing minor procedures with an E/M when the E/M is not significantly separately identifiable
- Inaccurate ICD-10-CM coding
- Assess your risk by analyzing your E/M frequency and comparing it to known data. A frequency or utilization report should be reviewed every quarter.
Retain an expert coding and documentation expert to assess your coding, documentation, and billing practices. Make sure you are using up to date CPT and ICD-10-CM codes. Keep in mind that additions, revisions, and deletions to ICD-10-CM go into effect October 1 of each year and CPT codes are updated effective January 1 of each year. Make sure your documentation is complete, contains supporting information, and can support medical necessity for all billed services. Remember that, just because you document a higher-level visit, the patient may not need that level of care for billing purposes. Compare your utilization with national standards and look at outliers. Double-check your coding profile with your top payers. If you find that the payer is correct, take immediate corrective action. Make sure you have a compliance plan in place with clinical documentation improvement as added value. Audit and monitor on a regular basis. Schedule audits based on previous findings.
- Centers for Medicare and Medicaid Services. Publication 100-04. Chapter 12. Section 30.6.1. Selection of Evaluation and Management Service. Washington, DC: Centers for Medicare and Medicaid Services
- Centers for Medicare and Medicaid Services. Medicare Fee for Service Recovery Audit Program. Last modified April 24, 2019. Washington, DC: Centers for Medicare and Medicaid Services. https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/. Accessed September 20, 2019.
- Grider, Deborah J. Medical Record Auditor. 4th ed. Chicago, IL: American Medical Association; 2015.
- Medicaid Integrity Program. Fact Sheet. November 2012. Washington, DC: Centers for Medicare and Medicaid Services. https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud-Prevention/Provider-Audits/Downloads/MIP-Audit-Fact-Sheet.pdf. Accessed September 20, 2019.
- Office of Inspector General. Work Plan. Washington, DC: Office of Inspector General. https://oig.hhs.gov/reports-and-publications/workplan/index.asp. Accessed September 20, 2019.