Facing an Audit? Here’s What You Need to Know

In the past few years, audits - especially by Medicare - seem to be increasing. The Recovery Audit Contractor (RAC) program in particular has been a source of frustration for radiologists. What types of audits can you expect in your practice, and how best to handle them? Here’s a primer.

Types of audits

“There’s an alphabet soup of audits,” said Jessica Gustafson, an attorney at The Health Law Partners in Michigan.

For Medicare claims, the primary audit program is RAC, which looks for errors made by providers, followed by the Comprehensive Error Testing Program (CERT), which looks for mistakes in payment made by the Medicare administrator contractors. ZPIC audits (Zone Program Integrity Contractors) identify fraud and Medicare abuse. States have MIC (Medicaid Integrity Audits) programs, looking for fraud like duplicate billing, and commercial carriers are following suit with their own financial audits.

“All of these people are doing a money grab for alleged overpayment on the claims,” said Gustafson.

RAC audits are not random. Rather, CMS vets the issues, approving possible vulnerabilities for review. Auditors then use data analysis to look for claims fitting that issue. Issues might include place of service, billing compliance with National Correct Coding Initiative edits, correct use of modifiers, and proper billing of add-on codes, said Michael Mabry, executive director of the Radiology Business Managers Association.
CMS is looking for any type of improper payment or anything that’s not medically necessary, said Gustafson. These will be big issues with the transition to ICD-10, she adds, referring to the scheduled October 2014 deadline to adopt new diagnostic and procedural codes. “They intend for that to result in a lot of auditing and a lot of overpayment,” with incomplete documentation and duplicate bills.

While the types of audits are plentiful, Doug Kraus has seen mostly RAC audits at his South Texas Radiology Group in San Antonio. As chief financial officer of a practice with about 60 physicians, he sees every audit that comes through the office, and thinks that CERT audits will become more of an issue in the future. His practice hasn’t had any state Medicaid or commercial insurance audits.

What to do when you get audited

When you get notice, Kraus said, “do not take these audits lightly.” “They are very serious. They need to be treated with the utmost respect, and reviewed. Don’t wait to respond.” Kraus said the audit should be handled by a high level administrator, someone who knows billing. He and/or the CEO spend a lot of time and energy researching every audit before responding.
Indeed there are timelines associated with the audit, and if you don’t comply, the payer will start issuing denials for them. You’ll get overpayment demands for the entire claim amount, said Gustafson. What started out as a minor issue can turn into a major one.
Here’s how Kraus deals with an audit. He is first alerted because an electronic remittance file will end a remark code in 432, which indicates an audit. His staff puts him on notice, and when the paper request arrives, he reviews it and logs onto his RAC auditor’s website. The audits are listed there, with the letters posted. He said the nature of the issue in the mailed letter isn’t always clear, and “sometimes the letter and the website vary,” with the website often being more accurate.

He then pulls up the medical records and anything related to those services. Typically their audits involve only one patient per letter, and one day of service, he said; he may also pull up the NCCI edits and literature.

Before submitting the records to the RAC auditor, Kraus files what’s known as the 935 appeal redetermination letter to get it on the record immediately. You have a short time frame to respond, and if you miss that deadline, “there’s the automatic assumption that the RAC is correct and they start taking your money back,” said Barbara Rubel, senior vice president of marketing and client services at the medical billing company Management Services Network.

Retain a copy of the records in your office, and have another set of eyes look at them before they go out, suggested Kraus. Send out the requested RAC paperwork certified mail, and keep a log. Kraus follows up make sure he gets a response back in a timely manner.

Gustafson agreed it’s important to track everything. “Things are often lost on [the auditor’s] end, in their mailrooms, or misrouted.”

What not to do

While there are many things you should do during an audit, there are also a few things avoid. Rubel cautioned against giving the auditor anything they didn’t ask for: “If they’re targeting a specific date of service on a specific patient or a specific procedure, don’t pull in other services that aren’t under inquiry.”
Even if you believe the records aren’t thorough enough or need additional explanation, don’t be tempted to alter them, said Abby Pendleton, an attorney at The Health Law Partners. The physician could face mandatory licensure revocation for alterations, as it can be seen as falsifying the records. If you need to make something clear, she recommends writing an additional note and dating it contemporaneously, following your state’s laws.

When to call for help

While Kraus said his practice handles all its own audits, there may be a time to bring in hired guns.

That really depends on the nature of the inquiry, said Pendleton. “Most of the time, providers handle the initial records request. To the extent that there’s a potential issue, they should get their health care lawyers in at that point. There may be some strategies on the front end to make it user friendly and make sure you’re providing comprehensive information to establish medical necessity,” she said.

The appeals process is a time you may want help. “If you don’t apply all your evidence by the second stage of the appeal, you’ve lost the ability to bring up information later,” Pendleton said. “And if you miss timelines with appeals, you lose your right to appeal.” She recommends getting help during the Medicare appeals process, because of the dollar amounts at stake.

When the audit concludes

How does it all end?

The hopeful outcome, Rubel said, is you get a clean bill of health, and they say “Whoops! This wasn’t a valid issue to audit.” That happens frequently with RAC audits, she said.

If the auditor doesn’t find in your favor and you believe they are wrong, there are multiple levels of appeals available. And there’s more than just medical arguments to be made in the appeal process, especially with Medicare audits said Pendleton. “There are a lot of different challenges that can be made from the provider side,” she said. “In addition to arguing the merits and substance of denials, there are legal challenges as well.”

It’s also possible the auditor will find a legitimate issue. “If the auditor is correct, that can point to deficiencies in your organization as to procedures and thoroughness,” said Kraus. In that instance, he recommends conducting an internal investigation to find out how the error occurred. “If it’s a process problem, you have to ask why this wasn’t detected,” and correct the problem in the practice.

Examining internal processes shouldn’t be restricted to audits, though, and even a claim denial should prompt an internal review. “In a day when we’re all under the microscope, you have to have systems in place. You should always be looking at your processes, asking ‘are we doing what we need to before the bills go out,’” said Kraus.

Engaging in regular training and employee education and making sure coders are current with the latest changes all helps, as does taking a critical look at documentation practices to find areas for improvement. You won’t be able to prevent an audit, Pendleton said, but the office should have proactive compliance efforts, understanding the rules for the payers, getting the Medicare local coverage determinations to make sure you’re complying with them.