Practices frequently ask what entities are permitted to audit their records. Where Medicare is concerned, several entities may be permitted access to your records. The short answer is that any entity that pays a provider has a right to audit related records to determine if funds paid were paid appropriately. Since Medicare seems to be ubiquitous in the performance of audits, Medicare is the focus of this article. There are five types of audits—some prepayment and some post-payment.

Pre-payment Audits

There are two pre-payment audits, performed routinely on claims during claim processing, that do not slow payment of claims.

1. NCCI Audits. Probably the best-known prepayment audit is the National Correct Coding Initiative (NCCI) audit that relates to unbundling codes that have been bundled by the NCCI. The backbone of passing this audit is correct usage of modifier 59. Providers have appeal rights in the event of a denial.

2. Medically Unlikely Edits (MUE). CMS has established units of service edits. In dermatology, most of the codes subject to MUE are codes that are to be billed only once, such as 11100, 17110, 17111, 11900, grafts, and linear repair codes. But there are also edits for some of the malignant destruction codes and for excisions of large skin cancers.

Some MUEs are published and some are not, due to fraud and abuse concerns. CMS cautions against frequently coming in just under the limit of an MUE. In some cases a provider can support the medical necessity with use of modifiers 76, 59, RT, LT, F1, F2, etc. Providers have appeal rights in the event of a denial.

Pre- or Post-payment Audits

3. Medical Review (MR). These audits are performed by the Medicare payors and can be pre- or post-payment. They can be triggered by various events: error rates reported by the CERT program (see #4), results of RAC audits (see #5), analysis of claims data and even complaints. The goal is to correct incorrect coding patterns and prevent loss from future inappropriate billing. The Medicare payor may start with a small sample of claims called a probe, usually 20 to 40 potential problem claims. If the contractor determines through the probe that a problem exists, the problem will be classified as minor, moderate, or significant, and then corrective actions appropriate to the severity of the infraction will be imposed.

There are several types of corrective action. Provider Notification and Feedback requires the contractor to inform the provider of appropriate billing procedures. Pre-payment Review may be instituted for providers with identified problems in submitting correct claims who may have a percentage of their claims audited prior to payment. Providers may have to send records for pre-payment review. Post-payment Reviews are usually performed via statistically valid sampling. This allows underpayments or overpayments to be determined without requesting all records from all claims. Providers may be required to send records.

4. Comprehensive Error Rate Testing (CERT). This audit is of a relatively small number of claims annually (<150,000) and is actually an audit of both the Medicare payor and the provider. The claims are selected at random, so a request for records for a CERT audit is of no particular concern if you are an informed and compliant coder and documenter. CERT reviews the claims for compliance with Medicare coverage, coding, and billing rules. They consider National Coverage Determinations, Local Coverage Determinations, and Manuals.

The CERT does not develop or apply its own coverage, payment, or billing policies. From CERT audits, CMS calculates a national Medicare Fee For Service paid claims error rate and also service specific and provider type error rates, and a provider compliance error rate. The Paid Claims Error Rate is based on dollars paid after the Medicare payor made its payment decision on the claim. The Provider Compliance Rate is based on how the claims looked when they first arrived, before the payor applied any edits or conducted any reviews. This is a good indicator of how well the Medicare payor is educating the providers since it measures how well the providers prepared the claims for submission. Claims can be adjusted or denied based on the CERT review and normal appeals rights apply.

5. Recovery Audit Contractor (RAC). RACs are tasked with detecting and correcting improper payments on Medicare claims, i.e. collecting overpayments and paying back underpayments. RACs apply statutes, regulations, CMS national coverage, payment and billing policies, as well as LCDs developed by the Medicare payor. Like CERTs, RACs do not develop or apply their own coverage, payment, or billing policies. RACs will not usually review a claim previously reviewed by another entity. RACs analyze data using their proprietary software and identify claims that contain improper payments and those that likely contain improper payments. If a RAC finds an improper payment, it is referred to the Medicare payor to adjust the claim and recover funds.

In the case of “likely improper payments,” the RAC requests the record from the provider, reviews the claim and the record, and makes a determination whether the claim contains an overpayment, underpayment, or has been processed appropriately. If a denial or adjustment is indicated, providers will receive overpayment or underpayment notification letters.

For more audit information go to:

Sharon Andrews, RN, CCS-P is President of DermResources, LLC in Pensacola, FL.