Navigating Payer Audits

Government and commercial payer audits have increased dramatically in recent years, a trend directly attributable to the growing focus on identifying and preventing overpayments and reducing waste in the healthcare system.1 Specifically, audits are intended to uncover instances of improper or insufficient chart documentation, suspect billing or coding practices, and/or improper Medicare payments.2

The majority of the increased emphasis on provider audits is rooted in the success of the Medicare Recovery Audit program (formerly known as the Recovery Audit Contractor program), which was formally established in 2009 after uncovering $1 billion in improper payments during the preceding 3-year pilot period.2,3 Between 2009 and 2014, the Recovery Audit program recouped more than $8 billion in wasteful and fraudulent payments.4

Types of Audits

Audits may be conducted by employees or contractors associated with the federal Medicare program, state Medicaid agencies, or national and regional commercial payers, such as UnitedHealthcare, Aetna, and BlueCross BlueShield plans.

The Centers for Medicare & Medicaid Services (CMS) increased the frequency of provider audits in response to growing pressure to improve accountability and reduce costs for government-funded healthcare programs.2 CMS and its contractors scrutinize provider evaluation and management code distributions and recognize patterns that would identify providers as outliers compared with their peers within a particular contractor state or region. If a provider’s code level distribution varies by a certain percentage from the average distribution profile, as determined by Medicare or Medicaid, that provider and his or her medical group may be targeted for a focused audit.2

Good recordkeeping is essential for medical practices because the federal government can audit Medicare patients’ charts for up to 10 years (ie, the look-back period) after patients’ treatment. In addition, the look-back period for Medicaid beneficiaries can also be up to 10 years; however, rules vary from state to state.5,6

Medicare Audits

CMS has implemented several different audit programs pertaining to healthcare providers who treat patients with Medicare coverage.

Recovery Audit Program

As previously mentioned, the Medicare Recovery Audit program was established in 2009 after a 3-year Recovery Audit pilot uncovered more than $1 billion in improper payments between 2005 and 2008.2,3,7 An analysis of the pilot program revealed that 42% of the overpayments were the result of incorrect coding, 32% were for treatments deemed medically unnecessary or for incorrect service, 9% were the result of insufficient documentation, and 17% were listed as “other.”2,7 The success of the Recovery Audit pilot program led to the inclusion of Section 6411 in the Affordable Care Act (ACA), expanding the current program to Medicaid and Medicare Part C and Part D.7,8

The Medicare Recovery Audit program uses third-party contractors to identify waste, errors, and improper payments. Nationally, the 4 Medicare Recovery Audit contractors comprise Performant Recovery; CGI Federal, Inc; Connolly Inc; and HealthDataInsights, Inc.7 These contractors must follow Medicare regulations, including national coverage determinations and local coverage determinations (in accordance with their local Medicare administrative contractors [MACs]).9

Initially, Recovery Audit contractors focused the bulk of their efforts on institutions, because the high error rates and high-cost services associated with hospital-based care provided a cost-efficient opportunity to recoup Medicare revenue. Recently, however, Recovery Audit contractors have become more active in reviewing services provided by physician practices.6 Of interest to practices and institutions providing oncology services, Recovery Audit contractors are known to focus on the place-of-service errors (eg, facility vs nonfacility) and on evaluation and management services during global surgery periods.2 Providers may appeal Recovery Audit denials, and should heed the fact that hospitals have had considerable success in appealing adverse rulings, with 75% of the initial decisions overturned in favor of the institution.6

Recovery Audit contractors are paid on a contingency-fee basis; that is, their commissions are tied to the number of claims they deny. Several professional organizations have argued that this compensation arrangement results in overzealous auditing efforts with little regard to the accuracy of the denials.10 For example, the American Medical Association and the American Hospital Association have called for an overhaul and a reform of the Recovery Audit program, respectively.10,11

In February 2014, the Recovery Audit program was temporarily suspended; it was reinstated on a limited basis beginning in August 2014.4,12 According to CMS, the delay in restarting the Recovery Audit program was to enable the various Recovery Audit regions to restructure and allow time for administrative law judges to resolve the lengthy backlog of appeals.13 As a result of the backlog, Recovery Audit contractors were prohibited from processing postpayment patient status reviews of inpatient hospital admissions through March 2015; patient status reviews are planned to resume after that point in time.13

Medicare Administrative Contractors

The primary function of MACs is to process and pay claims for Medicare Part A and Part B services.6 In addition, MACs conduct postpayment (retrospective) and prepayment (concurrent) claims reviews, and their responsibilities extend to auditing providers and reducing the Medicare claims payment error rate.6

MACs may conduct probe reviews when a provider-specific problem is suspected, but additional documentation is required to substantiate the potential concern.6 Before a provider-specific review takes place, practices and institutions must be notified via a written notice. The notice must include the specific reason as to why the provider was selected, and must disclose whether the review will occur on a prepayment or a postpayment basis. When conducting data analyses to identify potential areas of concern, MACs look for a high volume of services, high cost, and dramatic changes in the frequency of specific services or procedures.6

Providers with identified billing problems may be placed on a prepayment review, in which a percentage of their claims undergo medical review before MAC authorizes payment.6 The length and the scope of the prepayment review are based on the perceived severity of the billing problem.6

Comprehensive Error Rate Testing Program

Through claims analysis, Medicare develops thresholds to delineate improper payment rates. In doing so, the Comprehensive Error Rate Testing (CERT) program randomly selects a sample of claims submitted to MACs during each reporting period and requests the corresponding medical records.14 Contractors then evaluate the claims to determine whether they comply with Medicare coverage, coding, and billing rules; if not, errors are assigned to the claims. If medical records are not submitted by the provider in a timely manner, cases are classified as no-documentation claims and categorized as errors. Providers with errors may be sent overpayment and underpayment letters that mandate adjustments for claims that were overpaid or underpaid.14

Because the CERT program uses random samples rather than a predefined sampling methodology to select claims, reviewers cannot conduct a comprehensive evaluation of provider billing patterns that may indicate potential fraud when making payment determinations. For this reason, the CERT program does not and cannot label a claim as fraudulent.2

ZPIC Audits

Unlike MACs and Recovery Audit programs, whose auditing is intended to recoup overpayments and prevent errors, Zone Program Integrity Contractors (ZPICs) exist primarily to uncover and to investigate suspected fraud, waste, and abuse. ZPICs are responsible for initiating timely investigations and ensuring that Medicare funds are not paid inappropriately.15,16

Each of the 4 ZPICs––Safeguard Services LLC, NCI Inc, Cahaba Safeguard Administrators, and Health Integrity LLC––has a unique coverage area and uses government analytics and other proprietary methods to assess billing trends and patterns.16,17 ZPICs flag Medicare Part A and Part B claims that vary from those submitted by the majority of other providers in an area. A case is opened for investigation when irregularities are suspected to involve fraud or abuse.15,16

Because ZPIC audits imply that fraud is suspected, they are serious, and, if contacted, providers should consider seeking legal counsel. ZPICs are empowered to impose administrative actions, such as suspensions, overpayment collections, and referrals to law enforcement and CMS for further sanctions2; some cases have even been turned over to the US Department of Health & Human Services (HHS) and the Justice Department for prosecution.16

Medicaid Audits

Medicaid contractor audits are also relatively common and include Medicaid Integrity Contractors (MICs). MICs are similar to Medicare Recovery Audit contractors in that MICs conduct a number of activities intended to uncover payment irregularities and waste.6 There are 3 types of MICs, including audit MICs, review MICs, and education MICs. Under contract with CMS, audit MICs conduct postpayment audits of Medicaid providers to identify overpayments.6 Review MICs analyze claims data to identify aberrant claims and potential billing vulnerabilities and pro- vide leads to audit MICs. Finally, education MICs work with review MICs and audit MICs to educate healthcare providers, state Medicaid officials, and others about Medicaid integrity issues.6

Although audit MICs are not paid on a contingency-fee basis, they may be eligible for financial bonuses based on the effectiveness of their audits.6 The look-back period for Medicaid claims under the MIC program varies from state to state. In addition, states have different policies pertaining to appeals for MIC denials.6

In addition to the MIC program, the ACA legislation expanded the RA program to include Medicaid. Beginning in 2012, state Medicaid agencies were allowed to contract with RA contractors in order to identify underpayments and overpayments and recoup overpayments.2,17 Individual states have a substantial leeway in establishing their own program parameters depending on the issues facing their state. The states can also coordinate their recovery efforts with other government entities performing audits, including federal and state law enforcement agencies, such as the Federal Bureau of Investigation, HHS, and the state Medicaid Fraud Control Unit.2,17

Commercial Payer Audits

More recently, commercial or private payers, encouraged by the success of the government programs in recouping cost-savings, have instituted their own audit initiatives.2 In doing so, they are using similar techniques to those of the government auditors to scrutinize claims submitted by their network providers and hospitals.2

Similar in intent to the Medicare and Medicaid Recovery Audit program, commercial payer audits, however, pose a distinct set of issues for hospitals and medical practices.1 Commercial audits tend to be timelier and occur much closer to the actual patient encounter than government audits. In addition, commercial auditors will often go directly to the practice or institution to review the medical records when evaluating contracted claims.1 Similar to government payers, commercial payers often hire third parties to perform audits on behalf of the plan.2

Unlike Medicare and Medicaid postpayment audits, many commercial payers conduct prepayment audits that may withhold payments for outstanding claims.1 These auditors scrutinize medical necessity documentation to ensure that it is complete and accurate and look for inappropriate charges or miscoding. In addition, they identify charges for inpatient services that should have been classified as outpatient services.1

Audits by commercial plans may be triggered by repeated claims submission errors; internal changes to claims management policies or procedures; and by individual reports, including patient complaints, whistle-blowers, or employer requests.2 Some payers will mine their claims data to search for physicians who report an unusual percentage of high-acuity evaluation and management codes or certain procedure codes compared with their peers. In some cases, commercial payer audits are conducted at random.2

Commercial payer audits are divided into 2 groups, claims reviews and formal audits.2 Claims reviews take place when payers request to review contracted claims as a preliminary investigative step to decide whether to engage in a formal audit. When a practice or an institution receives notification of a formal audit, it should ensure that the payer follows the process outlined in the provider–payer contract.2 In some instances, the contract language may reference payer policies or procedures that are not explicitly written in the contract itself; if this is the case, this documentation should be obtained from the payer and carefully reviewed to ensure that the auditor is in compliance.2

When conducting audits, commercial payers must comply with state regulations that govern audits and overpayment recovery.2 Local state medical societies can be useful resources for information about the commercial audit appeals process for payers in each state.2

Navigating Commercial Payer Audits

When practices receive an audit notification from a commercial payer, they should first confirm that they will be required to participate; payers may send out a Heralding Notice, which notifies providers that the payer intends to conduct an audit, but does not indicate that a specific practice has been targeted. However, if the practice receives a Notice of Audit, it is being audited.18

When practices receive a Notice of Audit, they should first determine the scope and the intent of the audit.18 Not all payer requests for medical records are recovery audits. For example, payers who participate in the National Committee for Quality Assurance Accreditation program may have medical records audited as part of their Healthcare Effectiveness Data and Information Set data gathering process. Furthermore, it is important to identify which payer’s department is conducting the audit and whether it is asking for medical records. If the audit is being requested by the payers’ Special Investigations Unit, it is likely that it is seeking to recover overpayments to investigate potential fraud.18

When notified of an impending audit, it is important to identify how many claims the payer is pursuing; a larger number of claims may indicate that the payer intends to conduct a comprehensive review, in which case they may seek to extrapolate their recovery efforts to a broader universe of claims.18 In its 2014 Administrative Guide for providers, UnitedHealthcare, the largest private payer in the nation,19 notified contracted providers that they may “select and audit a statistically valid random sample (SVRS) of claims, or a smaller subset of SVRS in order to obtain an estimate of the proportion of claims that were, in fact, paid in error. The estimated proportion-referred to as the error rate-may then be projected across the relevant universe of claims to determine any overpayment, as permitted by law or regulation.”20

Practices that have been notified of a fraud or a recovery audit should consider assembling an experienced team to pull the proper medical records; review coding, billing, and documentation; and interface with payer representatives. When auditors are on site, there may be opportunities for the staff to interact with the auditors and help them find the information needed to support the practice’s position.1,18 In some cases, practices may want to consider retaining an attorney to represent their interests.18

It is important to ensure that practices select and submit the correct information requested by the auditors and that they comply with the auditors’ requests before the deadline.18 If a payer withholds payment or asks for a recoupment of claims payment as a result of the audit, practices should request time to review the audit findings. In addition, practices should ensure that the payer provides a thorough explanation for each claim that was incorrectly paid or coded.18

In the event of an adverse judgment, there should be an opportunity to appeal the decision; before a formal appeal, however, there may be a chance to submit a rebuttal or an informal appeal.18 Practices should understand the process by which the payer calculated their error rate, and challenge determinations that do not appear to be accurate. If a practice decides to file a formal appeal, it should follow the process detailed by the payer organization.18

The best way to handle audits is to prevent them altogether. Although audits cannot always be avoided, practices can take steps to minimize their risk for being targeted.18,21 For example, practices should ensure that they are using current billing codes and modifiers.18 In addition, practices should ensure that the time spent with patients by oncologists and by advanced practice clinicians is appropriately documented; documentation should support the level of code submitted.18 Furthermore, practices should con- sider conducting an internal audit annually to recognize and correct potential deficiencies.21 Finally, practices should ensure that all staff are trained to follow CMS and commercial payer policies regarding proper coding and documentation.21

Although these efforts may require a substantial commitment of time and resources, the cost may be minimal compared with the resources and the fiscal burden of a large-scale external audit.


1. Adampoulos H, for Becker’s Hospital Review. Tracking and trending: how hos- pitals should handle the rise in commercial audits. May 28, 2014. www.beckers the-rise-in-commercial-audits.html. Accessed April 1, 2015.
2. American College of Emergency Physicians. Preparing for payer audits: ACEP Reimbursement Committee 2013. Resources/issuesByCategory/reimbursement/Preparing%20for%20Payer%20 Audits.pdf. Accessed April 1, 2015.
3. Centers for Medicare & Medicaid Services. Centers for recovery auditing in Medicare and Medicaid for fiscal year 2012. Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/ Recovery-Audit-Program/Downloads/Report-To-Congress-Recovery-Auditing-in- Medicare-and-Medicaid-for-Fiscal-Year-2012_013114.pdf. Accessed April 7, 2015.
4. The Advisory Board Company. CMS resumes some (but not most) RAC audits. August 6, 2014. but-not-most-rac-audits. Accessed April 1, 2015.
5. Terry K, Ritchie A, Marbury D, et al, for Medical Economics. Top 15 challenges facing physicians in 2015. December 1, 2014. http://medicaleconomics.modern- 2015?page=full. Accessed April 1, 2015.
6. Oplink. Economics are driving the increase in audits. July 2012. www.oplinc. com/newsletter/BestPracticesReviewJuly2012.html. Accessed April 1, 2015.
7. Centers for Medicare & Medicaid Services. Recovery audit program. Updated Sep- tember 26, 2014. Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/. Accessed April 1, 2015.
8. US Congress. The Patient Protection and Affordable Care Act. Public Law 111-148. 2010. Accessed May 10, 2015.
9. Centers for Medicare & Medicaid Services. Medical review and education. Updated June 24, 2014. Programs/Medicare-FFS-Compliance-Programs/Medical-Review/. Accessed April 8, 2015.
10. American Hospital Association. RAC auditing reform is essential to fix urgent, crit- ical problems. Accessed April 1, 2015.
11. American Medical Association. AMA calls for overhaul of recovery audit pro- cess. Press release. December 3, 2014. Accessed April 1, 2015.
12. The Advisory Board Company. CMS puts RAC audits on hold. March 6, 2014. Ac- cessed April 1, 2015.
13. Tillman T. The winding road of RAC audits. How to ensure your facility stays ahead of the curve in a constantly changing landscape. Health Manag Technol. 2014;35:16-17.
14. Centers for Medicare & Medicaid Services. Medicare program integrity manual chapter 12––the comprehensive error rate testing. Guidance/Guidance/Manuals/downloads/pim83c12.pdf. Accessed April 1, 2015.
15. Centers for Medicare & Medicaid Services. The role of the zone program integ- rity contractors (ZPICs), formerly the program safeguard contractors (PSCs). www. MattersArticles/downloads/SE1204.pdf. Accessed April 1, 2015.
16. Carlson J, for Modern Healthcare. Under the microscope: intensity of scrutiny by ZPICs draws provider complaints, attention from feds. February 22, 2013. www. Accessed April 1, 2015.
17. Medicaid RACs. Legislation and guidance. guidance/. Accessed April 1, 2015.
18. Verhovshek J, for American Academy of Professional Coders. Respond to a payer audit. January 1, 2014. Ac- cessed April 1, 2015.
19. Namovicz-Peat S, Trompeter E. AIS’s Directory of Health Plans: 2015. Washing- ton, DC: Atlantic Information Services, Inc; 2015.
20. UnitedHealthcare. Physician, Health Care Professional, Facility and Ancillary Provider 2014 Administrative Guide. manual/ProviderManual_Master_2014.pdf. Accessed April 1, 2015.
21. Merritt M, for Cancer Network. Code correctly to avoid RAC audits at your practice. February 27, 2013. Ac- cessed April 1, 2015.

Subscribe to
Oncology Practice Management

Stay up to date with oncology news & updates by subscribing to recieve the free OPM print publications or weekly e‑Newsletter.

I'd like to recieve: