Archives (248)


The Patient Protection and Affordable Care Act (PPACA) of 2010. Under the PPACA, the Medicare hospice benefit underwent changes related to both documentation and billing requirements. It is important for providers to recognize these changes and adjust their procedures accordingly. Failure to comply with these new requirements may leave providers vulnerable to claim denials and overpayment recoupment in a future RAC or other Medicare audit.

Hospice Certification

In order for a patient to receive hospice care, a physician must certify that the patient is suffering from a terminal illness and that the individual's prognosis is for a life expectancy of six months or less if that illness runs its normal course. In 2009, the Centers for Medicare & Medicaid Services (CMS) added a clinical narrative requirement to the certification process. This requirement calls for a physician to prepare a narrative outlining the clinical findings that support a life expectancy of no longer than six months in order to certify a patient for hospice.

This narrative must be reflective of the patient's individual clinical conditions and cannot contain form language or check-box information. Furthermore, the physician is required to attest that he or she wrote the narrative personally, based on examination or the patient's medical records. This additional measure is designed to ensure that the physician has diagnosed the patient's condition personally and is not just signing off on what another clinician on the nursing staff has concluded. Increased physician and patient contact seems to be the trend in hospice care recently.


Accordingly, the PPACA also adopted several of the Medicare Payment Advisory Commission's (MedPAC) recommendations regarding recertification. Specifically, Section 3132 of the PPACA called for greater physician engagement in the recertification of hospice patients' eligibility to receive Medicare coverage for hospice services. The focus on increased physician engagement was memorialized in a Final Rule issued on Nov. 17, 2010 a directive that incorporated new legislative requirements for face-to-face encounters.

The new regulations required that a hospice physician or nurse practitioner undertake a face-to-face encounter with all hospice patients prior to the 180-day recertification - and all subsequent recertifications - to determine a patient's continued eligibility for hospice. The face-to-face encounter is not required for certification of the first or second 90-day benefit period, but must be performed for patients entering their third (60-day) benefit period, and for any and all subsequent 60-day benefit periods. While nurse practitioners may conduct the face-to-face encounter, only a physician may certify the patient's terminal illness.  Thus, if a nurse practitioner conducts the encounter, he or she must certify that the clinical information was provided to the certifying physician.

The face-to-face encounter is required to take place no more than 30 days prior to the 180-day recertification or subsequent recertifications.  Without a valid face-to-face encounter, Medicare will not cover the hospice stay. The face-to-face requirements took effect on Jan. 1, and all providers now need to adopt protocols to ensure that these encounters are taking place with the appropriate personnel and in the time frames required - or risk potential claim denials.

Once a patient has been certified properly, level of care is another important consideration. Hospice care is provided in four different levels, including routine home care, general inpatient, continuous home care and inpatient respite care. Each level has specific criteria used to determine whether it is the appropriate level of care for the patient at issue, and each level has its own billing rate. Providers need to ensure that they are meeting all the requirements for the level of care billed in order to avoid any possible issues when or if their practice becomes the subject of a RAC or Medicare audit.


The audit and compliance environment continues to change at a rapid rate as new documentation and coverage requirements are implemented. Based on our experience, providers are facing key audit risk areas and claim denials related to six-month prognosis, level of care, continuous care, inpatient hospital admissions, hospice/nursing facility benefit and technical denials for certifications. The best defense for a RAC or Medicare audit is to have a comprehensive compliance plan in place that mitigates these and other potential audit risk areas. This is especially true in the hospice arena, where CMS recently has been implementing provisions of the PPACA that directly affect hospice providers.  While there is a no guarantee that a provider with a strong compliance program will not find his or her practice in the crosshairs of a Medicare auditor, it is one of the best ways to prepare for the situation proactively.

To comment on this article please go to

"Moving From Coding to Payment Audits: 12 Easy Steps"

About The Authors

Andrew B. Wachler is the principal of Wachler & Associates, P.C.  He graduated Cum Laude from the University of Michigan in 1974 and was the recipient of the William J. Branstom Award. He graduated Cum Laude from Wayne State University Law School in 1978. Mr. Wachler has been practicing healthcare and business law for over 25 years and has been defending Medicare and other third party payor audits since 1980.  Mr. Wachler counsels healthcare providers and organizations nationwide in a variety of legal matters.  He writes and speaks nationally to professional organizations and other entities on a variety of healthcare legal topics.

Jennifer Colagiovanni is an attorney at Wachler & Associates, P.C.  Ms. Colagiovanni graduated with Distinction from the University of Michigan and Cum Laude from Wayne State University Law School.  Upon graduation, Ms. Colagiovanni was nominated to the Order of the Coif. Ms. Colagiovanni devotes a substantial portion of her practice to defending Medicare and other third party payer audits on behalf of providers and suppliers.  She is a member of the State Bar of Michigan Health Care Law Section.

Contact The Authors

afehn100 jColagiovanni100

Written By Amy K. Fehn, Esq. and Jennifer Colagiovanni, Esq.

Providers who recently received a comparative billing report (CBR) or have heard about the release of these reports may be asking how CBRs fit into the current audit landscape.  According to the Centers for Medicare & Medicaid Services (CMS), the CBR is a tool being used to educate providers about their individual billing practices.

CBRs show individual providers how their billing patterns for various codes and procedures compare to state averages and the national average for providers within the same field (i.e. physical therapists, chiropractors, etc.). These comparative studies are designed to help providers review their coding and billing practices and utilization patterns with an eye on taking proactive compliance measures. CMS has stated that “the CBR is not intended to be punitive or sent as an indication of fraud. Rather, it is intended to be a proactive statement that will help the provider identify potential errors in their billing practice.” Still, CBRs also may reveal issues that leave providers vulnerable to future audit activity (or put them on notice of overpayments).

CBRs Reveal Billing Outliers

In the past, CMS has issued similar billing reports, such as the Program for Evaluating Payment Patterns Electronic Report (PEPPER) targeting inpatient hospitals. PEPPER focuses on several inpatient risk areas, compiling data used by hospitals to compare their billing practices with those of other hospitals across the nation. Although not currently available to hospitals, CBRs are much like PEPPER in that they provide comparative data to assist providers in visualizing underpayments and overpayments as part of an effort to reveal billing outliers.

CMS awarded Safeguard Services LLC the contract for producing CBRs, awarding Livanta LLC the contract for distributing the reports. CMS has recommended that CBRs be sent out to select provider types that bill for certain services identified as vulnerabilities in the Medicare program.
The first CBRs were sent out in August 2010 to physical therapists, who were chosen due to an identified vulnerability in their billing practices: the use of the “KX” HCPCS modifier, which is a billing requirement used to show that a beneficiary has exceeded the therapy cap but requires additional medically necessary physical therapy services.

CBR Expansion Program

Since then CMS has expanded the number of provider types slated to receive CBRs. The provider types that thus far have been tabbed to receive the reports include chiropractors, ambulance services, hospice, podiatry, sleep studies and spinal orthotics, each having its own vulnerabilities identified by CMS.

A maximum of 5,000 providers in each provider class will be selected to receive CBRs. Medicare updates the data twice a year, so the reports cover one of two dates-of-service time frames: January through June or July through December. Due to CBRs being based on dates of service, the reports typically are not available for at least three months, allowing time for claims to be finalized.

CBRs are not available to anyone but the provider who receives them. The reports do not include patient or case-specific data, only summary billing information, this being a method of ensuring privacy. The providers receiving the reports are directed to use the summary billing information as a tool to help them comply with Medicare billing rules and correct any current billing errors that could lead to future audits.

Likely Audit Candidates

Providers receiving CBRs may wonder what these data reports mean in the context of future audits. CBR data analysis involves the same data-mining tools used by Medicare contractors to identify candidates for audit. Also, in our experience the vulnerabilities identified in the CBRs tend to be the same as those identified by CMS contractors who select providers for audit. Thus, providers who are identified as outliers in CBRs likely will be subject to audits.

Providers can determine whether they have been identified as outliers compared to their peers by reviewing the graphical illustrations included in the CBRs. Providers whose specialty has been identified but have not yet received a CBR may want to view a sample CBR (which can be found on Safeguard’s website) so they will understand the information in the report should it arrive.

CBRs: Next Steps

Upon receiving a CBR, it is vital that providers evaluate the information within and consider conducting an attorney-client privileged internal compliance audit to determine whether any differences in billing patterns are attributable to billing errors or can be explained in other manners  (i.e. a difference in patient population).

Providers also should develop compliance policies to address any identified risk areas. Recipients of a CBR and provider types that have been tabbed to receive the reports should consider contacting a health law attorney to discuss CBR analysis and development of an appropriate compliance plan that will reduce audit risks going forward.

About the Authors

Amy K. Fehn is a partner at Wachler & Associates, P.C.  Ms. Fehn is a former registered nurse who has been counseling healthcare providers for the past eleven years on regulatory and compliance matters and frequently defends providers in RAC and other Medicare audits.

Jennifer Colagiovanni is an attorney at Wachler & Associates, P.C.  Ms. Colagiovanni graduated with Distinction from the University of Michigan and Cum Laude from Wayne State University Law School.  Upon graduation, Ms. Colagiovanni was nominated to the Order of the Coif. Ms. Colagiovanni devotes a substantial portion of her practice to defending Medicare and other third party payer audits on behalf of providers and suppliers.  She is a member of the State Bar of Michigan Health Care Law Section.

Contact the Authors



On Nov. 15 CMS unveiled a demonstration program that may provide some relief to hospitals whose inpatient claims are being denied as not medically necessary because care was not provided in the appropriate setting.

At the same time CMS announced the launch of a demonstration program that allows Recovery Audit Contractors (RACs) to conduct prepayment review on certain types of claims in 11 states - a move that could have significant consequences for many providers.

The Part A-to-Part B Rebilling Demonstration Program will allow participating providers to receive 90 percent of a Part B payment for Part A inpatient claims when an inpatient admission is denied as unreasonable and unnecessary.

Currently, if a Part A inpatient claim is denied on the basis that service could have been provided in an outpatient setting under Medicare Part B, the claim is denied in full and hospitals are not permitted to re-bill for Part B payments. Hospital providers also currently are forced to engage in costly and time-consuming appeals processes in order to obtain an order for full Part B reimbursement for inpatient short-stay claims denied under Medicare Part A.

Under the Part B Rebilling Demonstration Program, providers will be able to obtain 90 percent of the payable Part B amount but will not be permitted to charge beneficiaries for any additional copay or out-of-pocket costs. Hospitals participating in the demonstration project will be able to resubmit claims for outpatient payments when claims are denied during the audit process or when improper payments are self-identified. Those hospitals also will agree to waive their appeal rights to claims re-billed for Part B reimbursement.

Call for Volunteers

The demonstration program will accept 380 volunteer participants on a first-come, first-serve basis. In its recent notice regarding two upcoming Special Open Door Forums, CMS indicated that the pool of hospital participants will be stratified by size into three categories: "small hospitals," including facilities with fewer than 100 beds, "moderate hospitals," including facilities with 100 to 299 beds, and "large hospitals," including facilities with 300 or more beds. CMS has not yet indicated the number of hospitals that will be allotted to each category. CMS's Q&A regarding the rebilling demonstration indicated that enrollment for the program is scheduled to begin at 2 p.m. EST on Dec. 12. CMS also has specified that it will provide more information regarding enrollment during the two identical Special Open Door Forums currently scheduled for 2 p.m. on Nov. 30 and Dec. 8. Hospital providers can listen to these forums by calling 1-866-501-5502 (reference conference identification #28779067).

Unanswered Questions

The limited information available about the rebilling demonstration has left many unanswered questions. First, it is unclear why CMS has limited the demonstration to only 380 hospitals, or even how that number was determined. Moreover, CMS has not indicated how it will balance the allotment of demonstration participants between differently sized and urban or rural hospitals. It also is unclear at this time whether any additional hospital allotments will be included in the three-year demonstration program - or if hospitals not included will be forced to wait the full three years, utilizing only the Medicare appeals process to obtain orders for outpatient reimbursement.

Waiving Appeal Rights?

One of the biggest questions that remain unanswered involves at what level a participating hospital is required to waive its appeal rights. Does a hospital agree to waive all appeals of Part A claims denied based on care being provided in an inappropriate setting when it agrees to participate in the demonstration, or does a participating hospital have the opportunity to choose which claims to resubmit for the 90 percent payment under Part B?

Furthermore, if the latter option exists, can this choice be made at any stage of the appeals process? While the demonstration is scheduled to begin on Jan. 1, 2012, it is also unclear whether participating hospitals will be able to waive further appeals on claims currently pending in the appeals process in order to re-bill or if the program only will apply to claims identified after the start of the demonstration.

CMS has indicated that it believes the demonstration program will lower appeal rates because participating hospitals will be able to resubmit claims for 90 percent of the Part B payments; again, hospitals currently have to appeal these claims through the Medicare appeals process in order to obtain an order for Part B reimbursement. Hospitals that are not part of the demonstration program will have to continue to utilize this process to obtain full Part B reimbursement.


Pre-Payment Review Demonstration

In addition to the re-billing program, CMS also unveiled the Recovery Audit Pre-Payment Review Demonstration Program. This program will allow RACs to review claims before they are paid to ensure that providers are complying with all Medicare payment rules.

These pre-payment reviews are focused on seven states with high rates of fraud and error-prone providers (Florida, California, Michigan, Texas, New York, Louisiana and Illinois) as well as four states with high numbers of inpatient hospital stays (Pennsylvania, Ohio, North Carolina and Missouri).

This demonstration program will build on the RACs' existing infrastructure used to review claims and initially will focus on inpatient hospital claims, specifically short stays. CMS will choose more specific types of claim reviews as the program continues and RACs review the claims initially selected.

Potential Problems Seen for Some

This program could create significant problems for some providers. Pre-payment review allows RAC auditors to deny payment up front and force providers to go through the Medicare appeals process to obtain any payment, which can be a significant challenge in terms of restricting cash flow.

Pre-payment review is an aggressive audit method, and there is no substantive criteria for initiating a pre-payment review - nor is there a procedural process in place for providers to seek removal from this form of review. The Pre-Payment Review RAC Demonstration Program reflects the continuing challenge to balance the importance of the Medicare program's integrity initiatives and the effects pre-payment reviews have on Medicare providers.

The practical impact of these demonstration programs has yet to be seen, but the current audit climate suggests that providers must be prepared. It is imperative for hospitals to stay current on emerging developments related to both the Part B Rebilling Demonstration and the RAC Pre-Payment Review Demonstration, as both implicate key reimbursement considerations.

About the Authors

Andrew B. Wachler is the principal of Wachler & Associates, P.C. He graduated Cum Laude from the University of Michigan in 1974 and was the recipient of the William J. Branstom Award. He graduated Cum Laude from Wayne State University Law School in 1978. Mr. Wachler has been practicing healthcare and business law for over 25 years and has been defending Medicare and other third party payor audits since 1980. Mr. Wachler counsels healthcare providers and organizations nationwide in a variety of legal matters. He writes and speaks nationally to professional organizations and other entities on a variety of healthcare legal topics.

Jennifer Colagiovanni is an attorney at Wachler & Associates, P.C. Ms. Colagiovanni graduated with Distinction from the University of Michigan and Cum Laude from Wayne State University Law School. Upon graduation, Ms. Colagiovanni was nominated to the Order of the Coif. Ms. Colagiovanni devotes a substantial portion of her practice to defending Medicare and other third party payer audits on behalf of providers and suppliers. She is a member of the State Bar of Michigan Health Care Law Section.

Contact the Authors

To comment on this article please go to

Hospitals Play a Key Role in Preventing Exposure-Related Injuries for People Experiencing Homelessness



LINK 2: (Special Open Door Forums)

LINK 3: (AB Rebilling Demonstration)


Recent changes ushered in by the Patient Protection and Affordable Care Act of 2010 (PPACA) create new risks for false claims liability when auditors identify overpayments.

Section 6402(d) of PPACA amended the Social Security Act to require an entity to return any overpayments it receives and to notify the appropriate authorities. The overpayment must be reported and returned to the appropriate entity (such as CMS, OIG or the carrier) no later than 60 days from "the date on which the overpayment was identified" or "the date any corresponding cost report is due, if applicable," according to the language of the legislation. Furthermore, the PPACA makes the retention of an overpayment beyond this time frame an issue under the False Claims Act.

Prior to passage of the Fraud Enforcement and Recovery Act of 2009 (FERA), the False Claims Act extended liability to  "any person who ... knowingly makes, uses or causes to be made or used a false record or statement to conceal, avoid or decrease any obligation to pay or transmit property to the government." FERA focused on retention of overpayments ("reverse false claims"), rather than the affirmative submission of a false record or statement. FERA expanded false claims liability to include a person who "knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the government."  The term "knowing" is defined to include "deliberate ignorance" or "reckless disregard." Thus, FERA eliminated the requirement of an affirmative act of concealment, expanding false claims liability to include knowing failure to repay an overpayment.

Impact on Overpayments

The changes implemented under PPACA and FERA directly impact overpayments identified by audit contractors and raise important issues for providers weathering a RAC or Medicare audit. For instance, when does an overpayment become "identified," triggering the 60-day deadline for reporting and returning the overpayment? The Office of the Inspector General (OIG) has yet to clarify at what point these obligations are initiated in the audit context.

The Medicare appeals process may shelter providers appealing claim denials from an immediate obligation to repay during the appeal, but the obligation may apply once the matter is resolved. The appeals process also creates a limitation on recoupment of current Medicare payments during the first two stages of appeal, and this may satisfy the overpayment reporting requirement. At present, the application of the 60-day time frame for reporting and returning remains unclear, as it applies to the various aspects of the appeals process.

Minimizing Risk of Liability

The interplay between PPACA and FERA also raises questions about the responsibilities of providers who realize during an audit review that they received an overpayment - and the potential penalties for providers with an inability to pay back an overpayment. While these issues do not have clear answers at this time, providers can expect to gain clarity as to their liabilities and responsibilities pertaining to the retention of overpayments as these statutory provisions are applied in practice. In the meantime, it is important for entities involved with RAC and Medicare audit processes to consider carefully whether, at any stage in the appeals process, the facts demonstrate an existing overpayment. If an overpayment is discovered, healthcare providers are advised to discuss their obligation to repay with legal counsel in order to help minimize the risk of liability under the False Claims Act.

Liability under the False Claims Act is significant. The retention of an identified overpayment can result in civil monetary penalties, which can include $10,000 for each item or service and an assessment of three times the amount claimed for each item or service. Moreover, failure to report and return an overpayment may result in an exclusion from participation in federal and state healthcare programs.

New Recoupment Authority

In addition to the aforementioned liability under the False Claims Act, any additional potential liability is enhanced by Medicare's new recoupment authority under PPACA. Section 6401(a) of PPACA grants CMS the authority to adjust payments to related providers and suppliers on the basis of their federal tax identification numbers. The new rules allow CMS to hold liable for the debts of "related parties" providers and suppliers with the same tax identification number, regardless of those entities' billing numbers or NPI numbers.) Previously, CMS only could recover unpaid Medicare overpayments from related entities sharing the same provider number. The previous system limited Medicare's recoupment ability, since most entities with multiple sites enroll under different provider numbers. CMS now may withhold funds due to related providers and suppliers as long as they share a federal tax identification number. This change to permit "cross-provider" recoveries enhances Medicare's ability to collect overpayments from entities with multiple locations and provider numbers.


As accelerated audit activities performed by a variety of audit contractors continue to pick up steam, providers are advised to become aware of the potential liabilities related to the identification of Medicare overpayments, and to develop a comprehensive plan for a successful audit appeal.

About the Authors

Andrew B. Wachler is the principal of Wachler & Associates, P.C.  He graduated Cum Laude from the University of Michigan in 1974 and was the recipient of the William J. Branstom Award. He graduated Cum Laude from Wayne State University Law School in 1978. Mr. Wachler has been practicing healthcare and business law for over 25 years and has been defending Medicare and other third party payor audits since 1980.  Mr. Wachler counsels healthcare providers and organizations nationwide in a variety of legal matters.  He writes and speaks nationally to professional organizations and other entities on a variety of healthcare legal topics.

Jennifer Colagiovanni is an attorney at Wachler & Associates, P.C.  Ms. Colagiovanni graduated with Distinction from the University of Michigan and Cum Laude from Wayne State University Law School.  Upon graduation, Ms. Colagiovanni was nominated to the Order of the Coif. Ms. Colagiovanni devotes a substantial portion of her practice to defending Medicare and other third party payer audits on behalf of providers and suppliers.  She is a member of the State Bar of Michigan Health Care Law Section.

Contact the Authors

To comment on this article please go to

Data Mining as an Audit Tool

As many of you know, the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) rolled out a pilot program in November 2011 using KPMG to conduct audits for compliance with the Health Information Portability and Accountability Act of 1996 (HIPAA) and its regulations, including the Privacy Rule and the Security Rule. KPMG first will focus on covered entities, with business associates to follow. The goal is to establish a permanent program by the end of 2012.


These audits are primarily compliance improvement activities, and OCR will use the reports to determine what types of technical assistance should be developed (as well as what types of corrective action are most effective). However, should an audit report indicate a serious compliance issue, OCR may initiate a compliance review to address the problem.


It is important to understand that the HIPAA Security Rule and Health Information Technology for Economic and Clinical Health Act (the HITECH Act) are different from the Privacy Rule. The Privacy Rule sets standards for how protected health information should be controlled; it does this by, among other things, setting forth what uses and disclosures are authorized or required and what rights patients have with respect to their health information. However, the Security Rule and the HITECH Act focus on general requirements for safeguards to protect the confidentiality, integrity and availability of protected electronic health information that must be tailored to each organization - one size does not fit all.


At the same time OCR has been engaged in the HIPAA audits, the Centers for Medicare & Medicaid Services (CMS) recently revised its interpretive guidance and instructions for surveyors on hospital conditions of participation (CoP). For example, under the Patient Rights CoP, the old survey instructions called for observations to determine if patients were provided privacy. During the survey, basic observations were made to see if patient information or names were posted in public view and if the hospital was promoting the right to privacy.


The new CMS survey instructions are significantly more detailed and contain language that parrots the HIPAA Privacy and Security Rules. Again, using the Patient Rights CoP as an example, the new survey procedures include a review of hospital policies and interviews with staff concerning their understanding of the use of patient information in the facility directory - representing an attempt to determine if the policies address the opportunity for the patient or patient's representative to restrict or prohibit use of patient information in emergent and non-emergent situations. Surveyors also are instructed to review hospital policies and conduct observations or interview staff to determine if reasonable safeguards are used to reduce incidental disclosures of patient information. Lastly, if audio and/or visual monitoring is utilized in the medical/surgical or ICU settings, they will conduct observations to ensure that monitor screens and/or speakers are not readily visible or audible to visitors or the public. Needless to say, the new survey process is a more intense analysis and review.


So why is this so important now? Prior to the HITECH Act, the HHS secretary could impose civil monetary penalties on any person who violated a provision of this, a penalty of not more than $100 for each violation (except that the total amount for all violations of an identical requirement of prohibition during a calendar year could not exceed $25,000). The HITECH act strengthened HIPAA enforcement, establishing categories of violations that reflect increasing levels of culpability, requiring that a penalty determination be based on the nature and extent of the violation and the harm resulting from the violation, and establishing tiers of increasing penalty amounts based on reasonable findings of diligence, reasonable cause or willful neglect.


These changes definitely will affect normal operations and must be addressed, particularly within policies, procedures and training. Each entity must have or develop policies and procedures (P&Ps) to help ensure compliance with HIPAA. Much of the training staff currently receive revolves around HIPAA Privacy, yet each rule must be defined and should be taught as part of all staff and full workforce orientation (and should be part of your competency reviews). Your organization must have a designated security official (in addition to your privacy officer) who should receive ongoing training.


Finally, each covered entity is required to conduct a technical and non-technical assessment under the Security Rule. So, each facility must utilize ongoing risk assessment and risk management methodologies for the security of electronic PHI (ePHI), which should include self-audits of Security Rule requirements and revisions to policies and procedures, as appropriate. In addition, facilities should examine their compliance with applicable accreditation requirements and the relevant CoPs (based on the new CMS instructions for surveyors).


About the Authors


Elizabeth Lambin, MHA, is a partner in PACE Healthcare Consulting. Elizabeth has more than 20 years of C-suite level hospital executive management experience.  Most recently, she was the CEO/Market President for Tenet Healthcare's Hilton Head Regional Healthcare. Elizabeth holds an undergraduate degree in Business Administration, Cum Laude and a Master's in Healthcare Administration from the University of South Carolina.


Melissa Thompson, JD, MPH, is with the law firm of Adelman, Sheff, & Smith, LLC where she focuses her practice on healthcare regulatory, litigation, administrative appeals and transactional law.  Lisa is also a trained arbitrator, mediator and a frequent author and lecturer on health care issues.


Contact the Authors


To comment on this article please go to


NOTE: This summary is provided for information purposes only and does not constitute legal advice.

This morning I read a great article, titled "What Happens when RACs Don't Hold Up Their End of the Deal?, and it just fueled my already stimulated adrenal glands.

Even within the business of healthcare, there should be a type of mystical harmony that follows the flow of the universe. Ok, maybe not quite that dramatic; but it would seem that the RACs, just like the providers, should be required to follow the rules. In this article, Amanda Berglund of Pace Healthcare Consulting ( expressed, in far more calm and eloquent terms than I could hope to, the inequity and injustice regarding RAC rules and regulations.

Unsurprisingly, the article indicated, while providers are held to the letter of the law, the RACs are not. It would seem that, in representing the concept of complementary rather than opposing forces, the rules and regulations would lead to a sort of equanimity within the system. See, if a provider, which has expended resources to provide quality care to a patient, makes a coding mistake connected to a certain service or procedure, the RAC swoops in to make sure that they don't get to keep the money they received. And in a system in which there seem to be more rules and regulations than protons in the known universe, it is virtually impossible to get it right all the time.

It is important to note, however, that just because some administrative error occurred, it doesn't mean that the provider didn't provide a benefit to the recipient - only that the provider didn't report that service or procedure appropriately (whatever that means!) You would think that, with so many calls for civility in government, when an agency responsible for stealing hard-earned dollars from healthcare providers commits an error in the process, the provider would be given the benefit of the doubt in turn.

But when you are a commissioned salesperson (the RAC auditor) and your livelihood depends on how much money you can squeeze out of the doctor or the hospital, I can understand why there is no "benefit" to such doubt. It would seem that the rule of thumb is to err on the side of the RACs, even when they are responsible for the "err."

At the Fi-Med RAC Summit held in Milwaukee last week, my friend (and brilliant litigator) Thomas Force, Esq., gave the best demonstration of how to deal with these types of situations by reenacting a scene from what should be his new hit television series (called "Small Claims Court with Tom.") The bottom line is this: even when we are right, the force (not Tom) is against us. There is a Yang without the Yin, and not only does that fail to fulfill the purpose of the RACs, which is to recover payments that were legitimately made to providers in error, it just increases the trust gap (or chasm) that continues to grow between the government and healthcare providers. In fact, the majority of the presenters at the conference were there to help providers understand what to do when their rights are violated. How sad! You'd think we could focus more of our time on ways to improve quality or to become more efficient or increase accessibility of care. Instead we filled nearly two full days with more important issues, like how to defend against a finding of impropriety, how to make sure that an auditor isn't jacking up an overpayment demand by "lying with statistics," or even how to prepare yourself for the audit crisis before it even happens.

There's good news, though! There is a point to all of this, and here it comes. Recently I completed a survey on RAC audits and appeals to try to get a handle on just how out of control this whole RAC process has become, and while not necessarily surprised with the results, I was disappointed.

First, I wanted to know how many practices had undergone a RAC audit specifically for medical necessity issues during the past year. Fifty percent of all practices subject to a RAC audit were audited on medical necessity. In fact, when the survey results were compared to those of our survey conducted in February 2011, we saw a statistically significant increase in the number of practices subject to a RAC audit for any reason. For each audit, the median number of claims reviewed was right around 30. About 63 percent of respondents said that overpayment demands originated from one or more medical necessity questions.

Importantly, I also wanted to know to what extent practices appealed the overpayment findings, the costs of the appeal and the overall outcome. Thirty-four percent said they appealed between 91 and 100 percent of all findings, with an average of around 50 percent of all overpayments findings being appealed. When asked about the cost of appealing a single claim, the range was pretty wide, with responses ranging from under $25 to more than $200. By weighting the results of this question, I calculated the average cost per claim to be around $110.

And to top it off, in somewhere around 50 percent of appeals, the finding of overpayment was reversed in favor of the provider! But that's not the part that got my adrenaline pumping. Forget the fact that the RACs are wrong in their findings half the time. Looking at the 2011 survey and using a bit of mathematical ballet, I estimated overpayments per claim to be $86.  Do the math: that means that the average impact of a SUCCESSFUL appeal still COSTS the practice $24. No wonder there are so few practices that actively appeal the claims. Take a minute to really let this sink in. RACs are not bound to the rules like providers are. They are paid a commission to recover as much as possible. They have no incentive whatsoever to conduct themselves in an honest and ethical manner. And they push the limits to such extremes that half of their findings are reversed on appeal. This is so wrong on all levels that my real surprise is that it continues unabated.

Let's put this calf back in the barn. According to a study conducted by SK&A (a Cegedim company), there are approximately 230,000 medical practices in the United States. Conservatively speaking, if only 25 percent were subject to a RAC audit, this would equate to 57,546 practices.



Based on our survey, this would mean that approximately 1,726,402 claims would be reviewed, with a finding that 1,329,329 were paid in error, for a total overpayment of $114,322,373 (excluding any additional results of extrapolation audits). Fifty percent of these (664,665) would be appealed at a cost of $73,113,095, resulting in a net loss of $15,951,960. The bottom line is this: when you factor in the cost of the audit and the net loss to the practice, the unchecked and unsupervised actions of the RACs increase the cost of doing business for a typical medical practice by $641. While this may not seem like a lot, remember that the purpose of the RAC was to recover dollars that were paid inappropriately, thereby reducing the overall cost to the government for the Medicare program. We haven't even addressed the issue as it pertains to hospitals, where the reversal rate on appeal is closer to 70 percent and the cost of appealing is significantly higher.

I don't oppose the concept of audits to recover truly improper payments. In fact, I support doing everything we can to improve the quality of healthcare, reduce costs and increase access - as long as everything is legal, ethical, moral and fairly applied. And from what I see, putting a system like that in place completely eliminates the RACs! My recommendation, besides beating a pillow with a bat, is in line with those suggested by Ms. Berglund in her excellent article. Report any and all violations and suspected violations to CMS, the RA and the MAC. In addition, take advantage of physician advocacy groups like the American Medical Association, American Hospital Association, Medical Group Management Association and others.

Unless providers do something to combat what I see as probable RAC fraud and abuse, it will not only continue, but it will get worse.

About the Author

Frank Cohen is the senior analyst for The Frank Cohen Group, LLC. He is a healthcare consultant who specializes in data mining, applied statistics, practice analytics, decision support and process improvement.

Contact the Author

To comment on this article please go to

The Medicare RAC program continues to be the most prominent government audit program affecting the healthcare provider community.

As if the many changes in this program were not enough to handle, we await (with resignation) the commencement of the Medicaid RAC program, which will inflict similar treatment on Medicaid claims.

In the interim, the results of the Medicaid Integrity Program, which has been functioning in some fashion since the beginning of Fiscal Year 2009, have come under scrutiny by the OIG. If three recent reports (including the latest from April 23) are any indication, the program requires significant adjustment with regard to the audit workflow before meaningful results can be achieved.

I covered two of the recent OIG reports on the Medicaid Integrity Program on a recent episode of the Monitor Monday podcast, but I'll give you a quick synopsis. The first was released back in February and addressed how well the review Medicaid Integrity Contractors (MICs) were performing their tasks. The report found that the review MICs completed 81 percent of their assignments, but had limited input into what specific leads were forwarded to the audit MICs. The review MICs created 114 reports identifying 113,378 unique providers for possible audit. CMS then filtered this extensive information and targeted 244 providers for audit. The report recommended that the quality of data given to the review MICs improve, as well as suggesting that the review MICs have more input in the final selection of audit leads.

This first report led into another, released roughly one month later, regarding audit MIC performance. The report showed that 81 percent of review audits conducted between January 1 and June 30, 2010, did not lead to the identification of an overpayment. Additionally, only 11 percent of assigned audits were completed and $6.9 million in overpayments were identified, with $6.2 million of that coming from collaborative audits between the review MICs, audit MICs, state fraud control units, and CMS. The report recommended that further collaborative audits be initiated.

On April 23, the OIG issued a five-page addendum to the February report on the Review MICs to further clarify the status of the 244 providers targeted for audit by CMS. It turns out that in the second half of 2011, CMS assigned 161 of the 244 providers targeted to the audit MICs. As of February 1, 2012, 127 of these proposed audits have been completed. From this universe of targets, only 25 audits uncovered overpayments with an identified total of $285,629. This number represents less than 1 percent of the estimated $33.5 million in potential overpayments identified by the review MICs at the time of referral of these cases from CMS to the audit MICs.

As with a report with similar findings from November 2011 regarding the ZPIC program, we see clear and compelling evidence that a CMS audit initiative is plagued by poor data and substandard execution. It is also worth remembering that some portion of the minuscule amount identified as overpaid will be appealed by providers successfully, which will further decrease the meager total amount of overpayment collections under the Medicaid Integrity Program.

A recent corporate news release telegraphs some subtle changes to Medicaid audit efforts. It was announced on April 23 that Thomson Reuters had reached agreement on a sale of their healthcare division to Veritas Capital for $1.25 billion in cash. In addition to being the Review MIC for most of the Northeastern United States, Thomson Reuters had been previously identified as the incoming Medicaid RAC contractor for the state of Indiana. This is an interesting purchase for Veritas, a company that has made a rather salutary living in the world of government contracting (mostly in areas of defense) since 1992.

Thanks to a recent letter from a House Ways and Means subcommittee requesting comprehensive, detailed information on CMS' program activities, we should be learning quite a bit about the effectiveness of CMS' overall strategy. As any RAC response team in a facility can tell you, crafting multiple reports showing less-than-stellar results across multiple contractors is an exercise in stating the obvious.

About the Author

J. Paul Spencer is the Compliance Officer for Fi-Med Management, Inc., a national physician practice financial management company based in Wauwatosa, WI. Paul has over 20 years of experience across all facets of healthcare billing, including six years spent with insurance carriers. In his current role with Fi-Med, he acts as a physician educator on issues related to E/M level of service and documentation audits by CMS and other outside entities. Paul has carried the CPC and CPC-H credentials from the American Academy of Professional Coders since 1998.

Contact the Author

To comment on this article please go to



Large drug wholesaler McKesson Corporation will pay more than $190 million to resolve false claims allegations that the company inflated drug price information.

That information was used to set rates for pharmaceuticals by Medicaid and other programs, the Justice Department stated in an April 26 announcement. McKesson marked up prices and caused First DataBank to publish inflated average wholesale prices for those drugs.

In other fraud news:

Three operators of a Miami home health agency will spend between seven and 10 years in prison after pleading guilty in connection with a $60 million Medicare fraud scheme, the Justice Department reported April 25. The three paid kickbacks and bribes to patient recruiters and billed Medicare for unnecessary nursing and therapy services. Along with the prison time, they will have to pay $40 million in restitution.

A New Jersey man posing as a doctor will spend four years in prison after conducting hundreds of visits to elderly, homebound patients then billing Medicare, the Justice Department stated April 23. The man used names and identification numbers of licensed professionals who had worked for him at the Visiting Doctors of New Jersey but quit when he didn't pay them. He will have to pay $40,000 in restitution and undergo alcohol/drug/mental health/gambling treatment.

One RAC Issue Posted

The Region A recovery auditor (RAC) DCS Healthcare Services posted one issue April 26 for semi-automated review of inpatient rehabilitation facility patient assessment data.

Note: DCS' post had two suspected typos - the issue name mentioned the late submission of IRF-PAI date, though the description indicated the RAC was targeting late data. Also, one of the states listed was RH, though it's assumed the RAC target affects Rhode Island. (Those have been corrected in the chart below.)

Inpatient rehabilitation facilities

Name of issue

Date posted or approved

Regions/states where it is active

Description of issue

Document sources

Late submissions of inpatient rehabilitation facility patient-assessment instrument data


Maine, Mass., N.H., R.I., Vt.

Inpatient rehabilitation facility-patient assessment instrument (IRF-PAI) data, which is collected on a Medicare Part A fee-for-service inpatient, must be transmitted to the CMS National Assessment Collection Database by the 17th calendar day from the date of the patient's discharge. Transmission of the IRF-PAI data record 28 or more calendar days after the discharge date, with the discharge date itself starting the counting sequence, will result in the claim incurring a 25 percent late-transmission penalty.

Medicare Claims Processing Manual chapter 3; MLN Matters article MM3885; OIG report A-01-09-00507


About the Author

Karen Long is the compliance product manager for DecisionHealth and oversees products that relate to fraud and abuse and HIPAA compliance for physician offices and home health agencies, and accreditation compliance for hospitals. In her almost four years at DecisionHealth, Karen also has been the compliance editor and a reporter for Home Health Line, nation's leading independent authority on home healthcare business, regulation and reimbursement.

Contact the Author

To comment on this article please go to

The objective of having compliance plans and procedures in place is becoming increasingly important for Medicare providers and suppliers. On Feb. 16, the Centers for Medicare & Medicaid Services (CMS) released a proposed rule to implement Section 128(d) of the Social Security Act, which was introduced as a provision of the Patient Protection and Affordable Care Act (PPACA) and deals with the reporting and returning of overpayments. Although the proposed rule mirrors much of the existing rule, it is significant because it includes a definition for when an overpayment is considered "identified" and proposes a 10-year lookback period for reporting and returning identified overpayments.

The Social Security Act requires an entity that has received an overpayment to report and return the overpayment to the appropriate party (the federal government, the state, a carrier or a contractor). The deadline for reporting and returning an overpayment, which is identical to the current deadlines for similar functions, is whichever occurs later: 60 days after the date on which the overpayment was identified or the date any corresponding cost report is due.

The proposed rule also contains the existing definition of "overpayment," which is defined as "any funds that a person receives or retains under title XVIII to which the person, after applicable reconciliation, is not entitled under such title." The proposed rule provides that the term "applicable reconciliation" will become relevant when the provider submits a cost report. In addition, CMS in the regulations provides examples of what could be considered overpayments, including: a) Medicare payments for non-covered services, b) Medicare payments in excess of the allowable amount for an identified covered service, c) errors and non-reimbursable expenditures in cost reports, d) duplicate payments and e) receipt of Medicare payment when another payer had the primary responsibility for payment.

As previously mentioned, the proposed rule is particularly significant because of the inclusion of the previously undefined concept of "identified." In the text of the rule, CMS proposes that an overpayment is identified "if the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the existence of the overpayment." CMS goes on to suggest in the proposed rule that without such a definition, a provider or supplier might avoid activities that can reveal overpayments - activities such as "self-audits, compliance checks and other additional research." This definition is critical to providers and suppliers because the 60-day reporting and returning clock would begin to run on the date of identification.

In an effort to assist providers and suppliers, CMS has provided a list of examples of scenarios in which an overpayment is identified and the provider or supplier should make a "reasonable inquiry with all deliberate speed" to determine if an overpayment exists. Those scenarios include:

  • When a provider receives an anonymous compliance-related hotline telephone complaint about a potential overpayment;
  • When a provider or supplier reviews billing or payment records and learns that it incorrectly coded certain services, resulting in increased payment;
  • When a provider or supplier learns that a patient death occurred prior to the date of service on a submitted claim;
  • When a provider or supplier learns that services were provided on its behalf by an unlicensed or excluded individual;
  • When a provider or supplier performs an internal audit and discovers overpayments;
  • When a provider or supplier is informed by a government agency of an audit that uncovered a potential overpayment; and
  • When a provider or supplier experiences a significant increase in Medicare revenue with no apparent reason for the increase.

This list of examples should give providers and suppliers a good starting point for evaluating and updating their current compliance plans. Retention of an overpayment becomes an obligation under the False Claims Act. Furthermore, such retention may result in the provider or supplier being found liable under the Civil Monetary Penalties Law, as well as possible exclusion from participating in federal healthcare programs.

In addition to making clear the definition of "identification," requiring providers and suppliers to exercise diligence in investigating potential overpayments, CMS has proposed that an overpayment must be reported and returned only if a person identifies the overpayment within 10 years of the date it was received. CMS rationalizes the 10-year lookback period as being consistent with that of the False Claims Act's statute of limitations. CMS believes that such a term is appropriate because it provides certainty for providers and suppliers, ensuring that they can close their books without ongoing potential overpayment liability looming, and because it also provides a long enough period for furthering CMS's interest in ensuring that overpayments are returned to the Medicare Trust Funds in a timely manner. CMS also has proposed that the reopening rules be amended to allow reopening for a period of 10 years.


The proposed rules also cite the interplay between the obligation to report and return overpayments and the existing Medicare Self-Referral Disclosure Protocol (SRDP) for Stark law violations and the OIG Self-Disclosure Protocol (OIG SDP) for the reporting of potential fraud to the OIG. For example, it is proposed that the deadline for returning overpayments will be suspended when: a) the OIG acknowledges receipt of a submission to the OIG SDP, or CMS acknowledges receipt of a submission to the SRDP, until such time as a settlement agreement is entered; b) the person or entity withdraws from the OIG SDP or SRDP; or c) the person or entity is removed from the OIG SDP or SRDP. Furthermore, CMS proposes that once a provider or supplier notifies OIG of an identified overpayment via the OIG SDP, such notice will qualify as a report. However, CMS's proposed rule cautions that providers and suppliers should be aware that "the process of reporting and returning overpayments pursuant to section 1128J of the Act cannot resolve any potential False Claims Act or OIG administrative liability associated with the overpayment (even though returning an overpayment may ... limit any FCA or administrative liability arising from the retention of an overpayment)."

CMS's implementation of Section 1128(d) should not go unnoticed. As a result of the proposed rule, providers and suppliers should recognize the added importance of revising and updating current compliance plans. Specifically, providers and suppliers should implement methods to determine when an overpayment is considered "identified," as well as introduce measures to ensure timely compliance with reporting and returning overpayments. Failure to have an effective compliance plan in place could result in knowingly (through actual knowledge, reckless disregard or deliberate ignorance) having retained an overpayment. No matter how an overpayment ultimately is identified, the results of retaining the overpayment are clear- a potentially substantial monetary penalty, or worse, exclusion from participating in federal healthcare programs.

About the Authors

Jessica Lange is an associate at Wachler & Associates, P.C.  Ms. Lange dedicates a considerable portion of her practice to defending healthcare providers and suppliers in the defense of RAC, Medicare, Medicaid and third party payer audits.  Her practice also includes the representation of clients in Stark, anti-kickback, and fraud and abuse matters.

Rebecca Robichaud is an attorney at Wachler and Associates, P.C. She has represented clients in Medicare, Medicaid and other third party payer audits and appeals and also counsels clients in contract negotiations, Stark, anti-kickback, and fraud and abuse matters. Mrs. Robichaud graduated from the University of Notre Dame Law School in 2003 where she was an Administrative Editor for the Journal of Legislation and a Student Bar Association Representative.

Contact the Authors

To comment on this article please go to

Reading Between the Lines – Algorithms of Medical Necessity (Part I of II)

EDITOR’S NOTE: This is the first of a two-part series on the algorithms of medical necessity.

The rules of medical necessity and medical decision-making (MDM) are sure to trump the complexity of tax law for the foreseeable future. As the government continues to pump auditing contractors with funds to "fish," the standard algorithm to determine medical necessity has become highly proprietary as providers find themselves under investigation for issues tied to inpatient and outpatient evaluation and management services. As the first of two pieces on this matter, this article will explore the processes of calculating medical necessity, and medical decision-making - and the subjective regulations that factor in.

Most of us who have been in the auditing industry for at least 10 years probably have seen the widely accepted score sheet originally developed by the Marshfield Clinic. The "point system" has morphed into several variations depending on the user, namely a payer, health system or consulting firm.


Likewise, if you ever had to educate a provider about the system, you know it tends to be a good conversation piece to combine the three MDM elements of a) diagnoses or problems to examine, b) data reviewed and c) risk of complications. The major flaw within this system, plain and simple, is that physicians don't think the same way auditors code for E/M services. Take oncology, for example: consider that a patient is being treated for CLL and is on several chemotherapy regimens, requiring the patient to be seen on a weekly basis. Today the patient is stable, with no complications or side effects. The provider reviews labs and adjusts infusions for the following day. Based on a standard metric for MDM, this would be equivalent to straightforward medical decision-making. The bottom line is that coding rules don't equate to how physicians view a patient's complexity. Furthermore, the point system for the first piece of calculating medical decision-making ("problem to examiner," as listed above) leaves many questions when categorizing a "self-limiting" problem (yielding a point value of 1) over a "new" problem (yielding a point value of 3 or 4). One very important step auditors can take with providers, based on specialty, is recognizing the common diagnoses, which physicians often feel are more simplistic, as compared to those that are more complicated. Take general surgery as a second example: this may be the difference between managing a hand cyst and addressing a new onset of abdominal pain. Examples such as these can make a huge difference in how an auditor reviews a case and can carry over into appealing and fighting post- or pre-payment reviews. Furthermore, it can add ammunition to your compliance policies, as they pertain to matching criteria, more objectively.

In the first part of the article you may have been wondering why the terms "medical necessity" and "medical decision" were used interchangeably. To a large degree, they actually are interchangeable. Medical necessity most often is associated with LMRP Local Medical Review Policies and NCD's National Coverage Determinations. As CMS confines certain CPT procedure codes, only a limited number of diagnoses are considered payable or "medically necessary" based on policy. Medical necessity also has a huge new role tied to electronic medical records. Take the two pieces of correspondence published by Noridian in May of 2011:

  • "Another trend noted by Part B MR is the MDM does not correlate to the chief complaint. One such example would be (that) the HPI supports a follow-up visit for renal functions tests, hypertension and reflux. The medical management of that patient is then a physical therapy referral for low back pain, with no mention of medical management of the issues that brought the patient to the clinic. The documentation did not support complaints of low back pain."
  • "Part B MR has also noted that the plan of care simply lists the medical diagnoses of the patient, with no mention of changes to the plan of care if any, or continuation of current treatment regimens. It is difficult to determine the medical necessity of a visit when the documentation lacks important information, or when the documentation does not support medical management of the patient's chief complaint."



I like to call this piece "note logic," illustrating the importance of correlating the medically necessary "reason for visit" to the assessment/plan portion of the note. If the information in the progress doesn't sync between history and assessment, it becomes very difficult to support the medical necessity of managing a given condition. Electronic health records certainly have become a culprit for "pre-populating" areas from active problem lists to active diagnoses, or even infusing past history into active diagnoses. If the provider is not managing conditions or problems connected to a particular visit, regardless of whether the problem is active or listed as information in the PMH, it should not be in the assessment portion of the note. Ranking in our top five most frequent metric errors with new EHR implementations, this is No. 2. This simple mistake will impact the overall "logic check" of the note and, if using an encoder, it also can cause an upcoding of entire medical decision-making area.

Part II of this series will provide guidance on teaching strategies for auditors and coders wrestling with MDM/medical necessity, offering resources to share with providers to keep their evaluation and management services out of the hands of RAC contractors.

About the Author

Jana B. Gill, MA, CPC, is a product engineer and developer of Regulatory and Reimbursement software suites for Wolters Kluwer. Jana also is the principal of Gill Compliance Solutions, LLC which specializes in physician compliance, developing internal auditing programs, government appeals (RAC/CERT), coding risk assessments, due diligence for physician/hospital integrations and revenue analyses of hospitalist services.

Contact the Author

To comment on this article please go to

What Happens when RACs Don’t Hold Up their End of the Deal?