Within the last year, I have seen a significant increase in the number of insurance carriers (“insurers”) that perform pre-payment and post-payment audits on providers’ claims. Moreover, many of these insurers have taken a page out of Medicare’s book by performing statistical extrapolations, which results in astronomical overpayments. For example, a DME provider may receive an overpayment request from United or Humana for $5 million based on an 80 percent claims denial rate on $20,000 worth of claims with dates of service in 2013, extrapolated to the universe of the provider’s claims between 2011 and 2014. Auditors for the insurers apply many of the same rules as Medicare auditing contractors, and many providers respond to these audits in the same way they would if the audit was conducted by a Medicare auditing contractor. This may not be the best strategy. Insurers are subject to different statutes and regulations than Medicare (or its contractors) when performing audits. Specifically, insurers are subject to both state and federal law, unlike Medicare contractors, which are only subject to federal law. Additionally, because many plans offered by insurers are provided to workers by their employers, auditing claims under these plans is subject to Employment Retirement Income Security Act of 1974 (ERISA) law. ERISA requires insurers to adhere to numerous requirements when auditing claims, such as giving the provider adequate notice of adverse benefit determinations. Many insurers do not follow these notice requirements. Providers may be able to use insurers’ failure to follow ERISA notice requirements as a partial or complete defense to an audit. Under ERISA, every employee benefit plan must “maintain reasonable procedures governing . . . notification of benefit determinations and appeal of adverse benefit determinations.” If an insurer makes an adverse benefit determination under an ERISA plan, ERISA entitles a beneficiary (which, depending on state law, includes the provider) to sufficient notice of an adverse benefit determination, an opportunity to appeal it and a full and fair review of the appeal. The definition of “sufficient notice” is extensive. Moreover, ERISA specifically states that a notice of denial of benefits is adequate only if it is in writing and includes “specific reasons for such denial [including] reference to the specific plan provisions on which the determination is based.” The notice must also include a “description of the plan’s review procedures and the time limits applicable to such procedures, including a statement of the claimant’s right to bring a civil action under [ERISA] following an adverse benefit determination on review.” With respect to the appeal process, the plan administrator must give the claimant at least sixty (60) days to lodge the appeal and allow him/her to submit written comments, documents and records relating to the claim. Full and fair review also requires the plan administrator to give written or electronic notice of its decision. In Penn. Chiropractic Ass’n v. Blue Cross Blue Shield Ass’n, an Illinois district court determined that members of the association of network providers were considered “beneficiaries” for ERISA purposes. Based on this finding, in-network providers may be able to stand in the shoes of beneficiaries when responding to an audit that is subject to ERISA law. Providers need to be aware that insurers must follow certain statutes and regulations under ERISA, including providing sufficient notice of an adverse benefit determination. In my experience, many insurers fail to follow these notice requirements, thereby giving providers an additional argument to partially or completely defend against an audit.
