Audits: The Best Defense is a Good Offense

Nov 15, 2024 | ANJC News & Updates

Audits: The Best Defense is a Good Offense

By David Klein, CPC, CPMA, CHC, ANJC Coding & Compliance Consultant

Everyone dreads payer audits.

They’re extremely intrusive, stressful, time-consuming, and costly. Most audits are money-driven and are called “post-payment reviews.” The process of post-payment review can occur with Medicare payments, commercial insurance payments, or other third-party payment situations. Commercial insurers select and review paid claims for correctness of payment (i.e., paid appropriately) for in-network and out-of-network claims and determine if documentation supports the codes billed. They are often looking at codes that the payer has noted as “problematic.” If they determine a provider has been overpaid, they send a demand letter requesting any overpayment amounts paid. Most of these audits result in a negotiated settlement with the Provider.

Medicare utilizes third-party “contractors” such as Safeguard Services, LLC to review claims. Safeguard is considered a Unified Program Integrity Contractor or UPIC. UPICs are responsible for identifying and protecting against fraud, waste, and abuse using both pre-payment medical reviews and post-payment audits. UPIC audits can result in high-dollar extrapolated overpayment demands, payment suspensions, and referral to law enforcement for additional review.

UPICs identify potentially fraudulent billing in several ways, including data mining to uncover billing “aberrancies” that could indicate fraud, waste, and abuse. UPICs also investigate referrals from Medicare Administrative Contractors (MACs), CMS, the Office of Inspector General for Health and Human Services (HHS OIG), Beneficiaries, Providers, Suppliers, and others.

For Providers, a UPIC audit typically begins with a documentation request. The number of medical records being requested usually provides insight into the type of UPIC audit. If only a small number of claims are requested (typically less than 10), this often indicates that the UPIC is conducting a ‘probe sample’ to validate the initial analysis or allegation that led to the audit to determine the need for additional post-payment medical review. If the UPIC’s request is for 20-30 (or more) claims, it is likely that the UPIC is reviewing claims in connection with what’s called a ‘statistically valid random sample,’ which can lead to a determination of an extrapolated overpayment.

Recently, I was involved in 3 different UPIC cases. One Provider received a request for 10 claims with supporting documentation. After review, the UPIC identified an overpayment (incorrect coding), and the Provider paid a small sum back to CMS. The second Provider received a request for 30 claims with supporting documentation. After review, the UPIC identified significant errors and, based on a statistically valid random sample, extrapolated the error rate against all claims. This resulted in a significant overpayment amount. The third Provider received a request for 60 claims with supporting documentation for review. This request included claims for over 2 years prior. After complying, the third Provider received no response from the UPIC. Unbeknownst to the Provider, this UPIC was triggered by a whistleblower (staff person) referral from the OIG. The result took over 7 years and a federal fraud trial. While the Provider was ultimately acquitted of all charges, it was a very long and costly battle.

In all 3 of these cases, the Providers agreed on the most important lesson learned—they should have been much more proactive in how they operated their Practice.

In other words, the best defense for risk-bearing Providers is to proactively address measures to improve not only coding and documentation but also how they communicate with their associates and staff.

Below are a few key items Providers should consider implementing:

  • Educate yourself and your team. Medicare and commercial payers want Providers to know the rules and do things according to established guidelines (AMA and CMS). If you don’t know, ask someone who does and get it in writing. Improper use of codes and modifiers can make you an easy target. For example, if you are billing 98942 more than 10–15% of the time, you will stand out amongst your peers.
  • Most coding errors involve a misunderstanding of the rules that results from:
    • Bad information from unqualified sources
    • Philosophy that does not fit within the carrier’s guidelines
  • Implement compliance protocols into your team’s daily routines. Each staff member should be aware of their specific responsibilities towards compliance in the Practice. Providers should consider a comprehensive compliance plan.
  • Billers should have specific coding instructions for CPT, ICD-10, and modifier use.
  • Associate Providers should know documentation requirements, code utilization, and compliance rules regarding the services they provide. Make sure your EHR system produces high-quality notes that clearly identify functional improvement—repetitive macros are not acceptable.
  • The Scope of Practice should be clearly defined for Providers and support staff. Be proactive and in constant communication with staff. As business owners, Providers must be aware of concerns and issues that frequently occur in a Healthcare office. Confusion over coding, documentation, and billing rules must be addressed in an open & encouraging environment.
  • Know your Audit. Recognizing the type and nature of an audit is critical to a positive outcome. Every audit request must be taken seriously and requires your full attention. Talk with a qualified professional. Don’t simply send in your records to the payer. Know your options and understand your rights, especially when dealing with a UPIC or investigative unit for a payer.

Audits and post-payment reviews are stressful. Often, Providers feel overwhelmed and some even begin to question their commitment to the profession. However, a proactive approach to compliance will help reduce the likelihood of an audit and, if one does occur, can significantly reduce the impact on your practice.

“Remember, the best defense is a good offense!”

ABOUT THE AUTHOR:

David Klein, CPC, CPMA, CHC, is the ANJC Coding & Compliance Consultant and co-founder of PayDC, a web-based practice management EHR system that focuses on keeping Providers compliant and getting Providers paid. He is a certified professional coder and certified medical auditor through the American Academy of Professional Coders (AAPC), and is certified in healthcare compliance through the Health Care Compliance Board (HCCB). His expertise in coding and compliance consulting stretches over 26 years in the healthcare arena.

PayDC is an ANJC Gold Sponsor

Learn more about PayDC: paydc.com

0 Comments