I’m Getting Audited—Now What?

© 2024 HMP Global. All Rights Reserved.
Any views and opinions expressed are those of the author(s) and/or participants and do not necessarily reflect the views, policy, or position of Today’s Wound Clinic or HMP Global, their employees, and affiliates.

Information regarding coding, coverage, and payment is provided as a service to our readers. Every effort has been made to ensure accuracy. However, HMP and the author do not represent, guarantee, or warranty that coding, coverage, and payment information is error-free and/or that payment will be received.

What are the different types of audits?
 
Prepayment reviews. Prepayment reviews consist of reviewing claims and the supporting medical records prior to claims being adjudicated which can occur with both integrity-based (ie, fraud, waste, and abuse audits) and error-based audits (ie, technical error reviews). Prepayment reviews are often service specific (typically conducted when anomalies are detected within claims data) or provider/supplier specific reviews (typically conducted when an organization/provider has made errors in the past).
 
Postpayment reviews. Postpayment reviews consist of reviewing claims and supporting medical records after claims have been adjudicated. Lookback periods (the timeframe payors can review previously paid claims) vary by payor and the type of audit being conducted; but are typically 2 to 4 years.
 
The following are examples of postpayment Medicare reviews:
 
Comprehensive Error Rate Testing (CERT). CERT audits calculate national improper payment rates within the Medicare Fee-for-Service (FFS) program, also known as “original Medicare.” These audits review Medicare contractor(s); however, provider/supplier documentation is needed to complete the reviews.¹
 
Targeted Probe and Educate (TPE). TPE audits review claims submitted by providers or suppliers who have been identified to have an abnormally high denial rate or unusual billing practices as identified in their claims data. These audits are designed to identify errors and assist the provider or supplier in correcting them. TPE audits occur over the course of up to 3 rounds.²
 
Recovery Audit Contractor (RAC). Medicare uses RAC audits to detect and correct improper payments and implement corrective actions to prevent future improper payments to providers or suppliers.³
 
Supplemental Medial Review Contractor (SMRC). SMRC audits determine whether provider or supplier claims have followed applicable coverage, coding, billing, and payment requirements.⁴
 
Unified Program Integrity Contractor (UPIC). UPIC audits are integrity audits that investigate suspected fraud, waste, and/or abuse. If the record request includes 30 or more claims across a broad range of service dates, this is usually indicative of a statistically valid random sample (SVRS) that will be used to extrapolate an overpayment over a broader scope of claims.⁵
 
What are the first steps to take when you get an audit request?
 
When you receive an audit request, the very first step should be to determine whether you can handle the audit internally, or if you will need to seek assistance from an expert or appropriately qualified legal counsel. The type of audit, as well as the volume of reimbursement at risk and the kind of payor, will determine the scope of risk and be a guide for next steps. For example, audits by commercial payors normally only have 2- or 3-year lookback periods and overpayments are usually based on contract liability. Audits by government payors or managed care plans have 4- or 6-year lookback periods, and carry significantly higher forms of potential liability.
 
Typically, you can respond to prepayment reviews, CERT audits, and first round TPE audits on your own. You should consider engaging a reimbursement expert to assist with provider/supplier specific prepayment reviews, SMRC audits, secondary (or tertiary) rounds of TPE audits, and RAC audits. You should engage a qualified attorney with healthcare reimbursement expertise for responding to UPIC audits, Department of Health and Human Services Office of the Inspector General (HHS-OIG) audits, or failed Medicare appeals of any type if you plan to purse the next level of appeal.
 
The next step would be determining the date the record request is due. Should the turnaround time be too short, you should immediately reach out to the entity conducting the audit and seek an extension. After confirming the deadline or extension, it is time to gather the documentation and begin the preparation for submission. While preparing for the initial submission, you should internally assess the volume of reimbursement at risk if the audit should expand to the full lookback period.
 
What would you say to someone who asks “Why am I being audited?”
 
Audits are a routine part of healthcare administration and particularly the life cycle of healthcare claims. When you receive an audit request, it does not necessarily mean you have done anything wrong or that it is a negative judgment on your provision of care. Most audits happen because a provider or service is considered an outlier, which means in comparison to peers or volume, the provider or service appears exceptional or unusual. This analysis is conducted by algorithms on claims data. However, providers can be a positive outlier based on being an exceptional provider or can be providing a service at an unusual rate due to the nature of the patient base. Being an outlier does not necessarily mean you have done anything wrong.
 
How have audits have increased since HHS-OIG’s report on skin cellular- and/or tissue-based products (CTPs)?
 
HHS-OIG acts as the watchdog over the Centers for Medicare and Medicaid Services’ (CMS) funds and operations. HHS-OIG often investigates unusual spending on specific CMS services or providers and makes recommendations for CMS to investigate by engaging contract auditors (eg, UPICs). Over the past several years, due to a significant increase in CMS spending on CTPs, HHS-OIG recommended CMS investigate CTP spending. The significant increase in audits of these services is a result of volume spend, and a few bad actors that have been discovered thus far. This is normal course of action for HHS-OIG and CMS.
 
What are the most common billing errors you see in audits?
 
Common billing errors in the CTP arena include, but are not limited to, reporting the incorrect rendering provider National Provider Identifier (NPI), reporting an evaluation and management (E/M) service when a separately reported E/M is not supported, reporting a CTP application code for non-graft CTP, and reporting the incorrect debridement code.
 
Reporting the correct NPI on the claim is important to ensure accurate reporting of the service(s) provided. For example, when services are performed solely by a non-physician provider (NPP), the NPP’s NPI should be reported on the claim, not the NPI of the supervising physician.
 
Regarding E/M services, it is important to understand the “work” that is included with the services you are providing. For example, evaluating and managing a wound is an inherent part of wound care services and therefore included in the payment of such. Therefore, it is not appropriate to report a separate E/M service unless the E/M is truly separately identifiable and goes above and beyond the evaluation and management of the wound(s) being treated.
 
Skin substitute application codes (Current Procedure Terminology (CPT^®) Codes 15271–15278) are intended to report application of CTPs that are anchored to the surrounding skin. These codes are not to be reported for CTPs such as spreadables, gels, and powders. Therefore, prior to reporting one of the skin substitute application codes, it is important to ensure the skin product(s) being used can be reported with these codes.
 
Reporting the proper debridement codes is also important to ensure accurate reporting of the service(s) provided. Active wound care management codes (CPT^® codes 97597–97610) are used to report debridement (selective or non-selective) of the skin layer(s) (eg, epidermis and/or dermis) whereas surgical debridement codes (CPT^® codes 11042–11047) are reported based on the depth of tissues removed (ie, the deepest depth debrided) and surface area of the wound.
 
What are the most common mistakes you see with documentation?
 
Common documentation mistakes include, but are not limited to, improper use of templates and/or copy/paste (or carried forward) documentation, documentation lacking specificity, and missing/late signatures.
 
The use of pre-formatted templates and/or copy/paste (or carried forward) documentation creates visits notes that are consistently the same across different patients and different dates of service. Additionally, use of these documentation practices can lead to discrepancies and contradictions in the documentation, which can ultimately make services more difficult to defend on audit. While wound care services are often similar in nature and there may not be a lot of variation in language, providers need to ensure that the documentation clearly supports the services rendered to a specific patient on a specific date of service. In other words, the documentation should be clear enough to demonstrate what you saw, what you did, and what you discussed or decided on during each specific encounter.
 
When providing wound care services, providers need to ensure their documentation includes details sufficient to support the service(s) rendered. The documentation should include the specific anatomical location of the wound(s) as well as the specifics related to its size and appearance.
 
This is especially important if one performs procedures on different wounds during the same visit. For example, let’s say the patient has a diabetic foot ulcer on the right big toe and a callus on the right fifth toe. It is important to accurately describe both wounds and specify where one performed each procedure to ensure both procedures are properly billed and paid. As discussed above, the debridement should include not only the location, but the size of the wound and the depth of the debridement performed.
 
How can you ensure you are providing the correct records and documentation?
 
When preparing the documentation production, step into the reviewer’s shoes. Will an outside reviewer understand the course of treatment from one note, or would a series of notes be better to show the full clinical picture of the service(s)? Will an outside reviewer understand the abbreviations used in your documentation or would it be best to send along a reference guide outlining your most used abbreviations? These are just two examples of how thinking like the reviewer can help you pull together a strong document submission which can make the difference between passing and failing an audit.
 
Once you have looked at the review from an outside perspective, the primary tasks will be securing copies of CMS 1500 claim forms for each claim, creating a comprehensive list of services covered, identifying which services have Medicare (or other payor) coverage policies, reviewing any other relevant guidance, and creating a comprehensive list of documents that support the service(s) provided and demonstrate the service(s) meet applicable coverage criteria.
 
You should produce enough of the medical record to fully substantiate the medical necessity of the service(s) provided. This would include, but is not limited to:

• Initial visit note for the wound(s) at issue
  * Depending on when the wound presented this would be either the initial (new patient) visit or an established patient visit at which the wound was first present.
• Records from the referring provider, if applicable
  * This is particularly important when a patient presents with an active wound that was being treated by another prior to being seen by you/your practice.
• Periodic wound care visit notes, if applicable
  * Produce enough visit notes to demonstrate previous care and progression of the wound(s).
  * Depending on the length of the course of treatment and where the date of service (DOS) under review falls into the treatment course, it would be appropriate to produce the visit notes for four weeks (or 30 days) preceding the DOS under review and/or periodic visit notes (monthly is sufficient).
• Wound pictures and/or wound care assessment documentation for each visit note produced, if separate from the visit note

Specific to skin substitute applications, you should also provide any insurance benefit verification correspondence from the applicable skin substitute manufacturer(s), any product tracking/applications logs applicable to the product(s) applied, and the package insert and/or the instructions for use for each skin substitute product utilized within the review.
 
A quick tip would be to create a spreadsheet to track the documents gathered for each claim to ensure you have gathered all necessary documents and subsequently submitted them for review.

The next task would be to determine the order in which you should produce the documents (ie, How can the documents be organized to ensure a clean and logical review by the auditor?). Before submitting the documents for review, perform an interval review/audit of the documents before submitting them for review to ensure you have all the require documents, the documents are organized in an appropriate order, the patient’s name and unique identifier(s) are noted on each record, and signatures are included on all applicable documents. Create a cover page for each documentation packet that identifies each claim in the audit. Finally, make a copy of each documentation packet for your records before submitting the documentation for review.
 
What time factors should people be aware of in audits?
 
The biggest time factor to be aware of in audits is the deadline to respond. In most cases this is 30 days, but we have seen audits with a deadline as short as 15 days. Another important time factor is the lookback period. Providers or suppliers should ensure the request is within the look back period for the entity conducting the audit (typically 2 or 4 years).

In Conclusion

Understanding the risks presented from an initial audit request and proper response and production are the most important steps to preventing a protracted and costly audit. Most importantly, make sure you have the right help for audits with elevated risks and meet deadlines. Remember, being the target does not always mean you are doing something wrong and could mean you are just exceptional – do not stop practicing good medicine.
 
Stephen Bittinger is a partner and a member of the Health Care/FDA practice group. Stephen focuses his practice on health care reimbursement compliance, defense and litigation, with an emphasis on government and private payer disputes on behalf of providers, suppliers, and manufacturers involved in the US health care system nationally and from abroad. He has extensive experience representing large provider groups, home health agencies, medical facilities, ancillary service providers, medical labs, revenue cycle management companies, and drug and device manufacturers in matters including Medicare and Medicaid audits, private payer audits, federal regulatory termination and exclusion proceedings, False Claims Act defense, and health care revenue disputes. Stephen is one of the leading attorneys in the country on the law regarding the use of statistical sampling and extrapolation in the review and analysis of health care claims. He has served as an expert witness regarding federal reimbursement law in civil and criminal proceedings. Stephen has represented many providers with federal agency matters, including the Centers for Medicare and Medicaid Services (CMS) Center for Program Integrity (CPI), the Department of Health and Human Services Office of Inspector General (HHS-OIG), the Department of Veteran Affairs (VA), and Health Care Fraud division of the Department of Justice (DOJ).
 
Jessica Franzese is a coding, reimbursement, and compliance consultant in the firm’s Charleston office. Jessica's work involves assisting the lawyers in the firm’s Health Care and FDA practice group with the technical and operations aspects of health care reimbursement and compliance issues.

References
 
1. Centers for Medicare and Medicaid Services. What’s the Comprehensive Error Rate Testing (CERT) Program? Published Jan. 26, 2022. Accessed July 17, 2024.
 
2. Centers for Medicare and Medicaid Services. Targeted Probe and Educate. Accessed July 17, 2024.
 
3. Centers for Medicare and Medicaid Services. Medicare Fee for Service Recovery Audit Program. Accessed July 17, 2024.
 
4. Centers for Medicare and Medicaid Services. Supplemental Medical Review Contractor. Accessed July 17, 2024.
 
5. Centers for Medicare and Medicaid Services. Medicare Program Integrity Manual. Chapter 3: Medicare Investigation and Audits. Accessed July 17, 2024.