You might think you are prepared for a Medicare audit and that
your documentation is strong and comprehensive. But in my
experience, an overwhelming majority of small- to medium-size
companies are not prepared and, when audited, have significant
issues that result in large overpayments and additional scrutiny.
The burden of being placed on prepayment review or appealing large
overpayments is costly and overwhelming for most businesses, and
can end up having a devastating impact. Many blame heavy-handed
auditors or contractors, but the ugly truth is that most home
medical equipment companies have done nothing to prepare themselves
to avoid these issues.
Unfortunately, there are a few bad apples in this industry that
have taken advantage of the Medicare program. The Centers for
Medicare and Medicaid Services has implemented more complex
coverage policies with significant documentation requirements to
counter these abuses. However, doing so accomplishes little except
making it more difficult for legitimate providers to get necessary
equipment covered.
The system is set up to make providers rely on physicians to
document services in a certain manner in their clinical records.
But often, physicians are not familiar with the policy
requirements. More important, they are not liable if they don't
document in accordance with DMEPOS coverage policies.
Additionally, the criminals committing fraud do not care that
CMS requires a physician to document testing frequency for their
diabetic patients or that CMS wants the manufacturer name and model
information of the battery for a power mobility device.
Nevertheless, when you undergo an audit, your claims will be denied
for reasons like this, regardless of whether the service is
medically reasonable and necessary for that patient.
In all the years I have worked in the health care arena, there
has never been a time when the government has been more intent on
reducing improper payments in Medicare and Medicaid. Coupled with
current health care reform initiatives, that has made auditing the
providers that bill the federal government a primary focus.
That translates into increased funding for program integrity
activities, including auditing. Specifically, the FY 2010 budget
invests $311 million toward these functions, a 50 percent increase
from 2009 funding. In any federal budget, that is a significant
increase.
Essentially, this means that there will be more auditors
conducting more audits. We are already seeing the effects with the
expanded Recovery Audit Contractor (RAC) program and the transition
to Zone Program Integrity Contractors (ZPICs).
All this being said, your best defense is offense.
It's obvious that the likelihood of being audited is increasing,
so instead of trying to avoid an audit, providers should focus on
preparing for one when it does happen. Implement elements that are
consistent with a comprehensive and effective compliance program,
including written policies, procedures and standards of conduct;
effective training and education; and strong internal controls
along with enforcement and corrective actions.
This is your livelihood and these are your federal tax dollars
being spent. You must be responsible for making sure you are
following Medicare policies, whether you agree with those policies
or not.
Policies, Procedures and Standards of Conduct
The first step in preparing for an audit is developing internal
policies and procedures that are specifically related to compliance
issues. All HME providers should already have significant policies
and procedures for normal day-to-day operations as a result of the
accreditation requirement. There is no need to implement a whole
new set of policies. Rather, review the policies you have in place
to make sure they are current on compliance issues and that
appropriate risk areas and vulnerabilities are addressed.
If not, you can draft new policies and procedures and implement
them into your current information. If you already have
well-developed policies pertaining to compliance, it is a good idea
to review and update them accordingly. These policies and
procedures should be shared with all employees and even
subcontractors or agents that may be involved in patient care or
billing (such as billing companies).
One of the most important aspects of these policies should be
implementing specific and appropriate standards of conduct.
All HME companies, no matter how large or small, should draft
very specific and tailored standards of conduct for all employees.
(It's rare that I find a provider who actually has these.) It must
be clear to everyone who reads these standards that the company has
a very strong commitment to compliance. This must be evident from
the top down.
No matter what size a company is, if management does not stress
the importance of compliance to staff, then staff will not
understand the importance themselves. On the contrary, if
management is adamant about the significance of these policies,
employees will adopt these same principles. Ultimately, this
protects the individual employees, management and the facility as
well as the government. In my opinion, a company that doesn't have
appropriate standards to follow is negligent in the role as a
provider that receives federal funds.
Risk Areas for DME
Written policies and procedures need to be drafted for areas in
which providers are vulnerable to potential issues that could arise
as a result of an audit. Each type of health care provider has
similar risk areas like the Federal Anti-Kickback Statute, but many
other vulnerabilities are relevant specifically to DME. Some of
these include:
- Billing for medically unnecessary services;
- Billing for services without proper documentation or
documentation with conflicting information; - Billing for services not provided;
- Billing patients for denied charges without a signed
notice; - Duplicate billing;
- Billing for items or services without a prescription on
file; - Upcoding;
- Unbundling;
- Billing for new equipment and providing used equipment;
- Continuing to bill for rental items after they are no longer
medically necessary or no longer being used; - Billing for substantially excessive amounts of items or
supplies; - Billing for an item that does not meet the quality of the item
claimed; - Capped rentals;
- False information on the claim form, CMN, DIF and/or
accompanying documentation; - Completing documentation reserved for completion only by the
treating physician; - Altering medical records;
- Manipulating the patient's diagnosis;
- Inappropriate use of place of service codes;
- Improper use of modifiers;
- Routine waiver of deductibles and coinsurance;
- Providing incentives to referral sources;
- Non-compliance with supplier standards;
- Providing false information on the supplier enrollment
form; - Not notifying the NSC in a timely manner of changes; and
- Knowing misuse of a supplier number.
You should review these potential risk areas and, depending on
what types of products you provide, figure out if these pertain to
your specific business. If they do, develop policies to educate
employees and decrease your vulnerability. Your policies should
include clear, concise, publicized and strict disciplinary actions
for employees who do not follow the policies. I have seen too many
providers assume they are in good standing regarding these issues
without confirming it — and end up in trouble.
Training and Education
The next step in preparing your company for an audit is
implementing a comprehensive and effective training program. Again,
your accrediting body requires that you have an ongoing training
program. Written policies and procedures are a necessity, but if
you don't have a training program in place that educates your
staff, then it renders them ineffective and inadequate.
A training program should be developed that covers every single
staff member, from clerical and administrative personnel to billing
to clinical staff. All too often, training programs are designed
solely for clinical staff or just for billing staff. But the
employees in all of these areas need to work together to assure the
claims being filed are accurate. Almost every provider I have seen
audited that has had significant issues identified has not had an
effective training program in place.
There are several things that should be highlighted in your
training program:
- Your compliance program;
- General fraud and abuse training;
- Claims submission procedures; and
- Medical necessity guidelines and documentation
requirements.
Training should be conducted as quickly as possible when new
staff is hired. That doesn't mean the training should stop there.
We all know how fluid the Medicare program is and how often
policies and procedures are changed — so often, in fact, that
you must have someone in charge of monitoring policies and have
procedures in place to assure that person is notified when changes
occur.
There should be some mechanism in place for you to monitor more
specific changes and disseminate that information to the
individuals who may be affected. Your training program should be as
fluid as the Medicare program and be consistently and accurately
updated.
Physician Education and Documentation
The Medicare program is set up so that physicians are
essentially the gatekeepers. Nothing can be billed to Medicare
without proper authorization from a patient's physician, and DMEPOS
policies rely heavily on physician documentation.
Without a doubt, physician documentation is the area where HME
providers are most vulnerable. Reviewers and auditors are getting
increasingly stringent in their reviews of medical documentation,
most likely as a result of CMS guidance.
I know firsthand how difficult it is to get physicians to
document in accordance with coverage policies. I can go on and on
about how unfair it is to DMEPOS providers who rely on this
documentation and are liable if it is not sufficient. But it would
make no difference as these policies are written and in effect. The
only thing you can do is to take a more active role in educating
physicians on policies and requirements.
One way to accomplish this is by drafting cover letters to
physicians who order DMEPOS. Section 5.3.2 of the Medicare Program
Integrity Manual (PIM), Publication 100-8, specifically states:
Cover letters can be used by a supplier as a method of
communication between the supplier and the physician. It is not
CMS' intent to restrict necessary communication between the
supplier and the physician. CMS does not require nor regulate the
cover letter. The DME MACs, DME PSCs, and ZPICs should not take
adverse action against suppliers that solely involve cover
letters.
The PIM specifies that it is both the physician's and the
supplier's responsibility to determine that the equipment ordered
is medically necessary and ensure that the beneficiary's condition
is correct and documented properly. It also encourages contractors
to remind providers that they can include language in cover letters
reminding physicians of their responsibilities.
Getting Documentation Up Front
Adding to the necessity of educating physicians is the need to
be more proactive in obtaining documentation from physicians up
front, before claims are files. Although many policies do
not require you to do so, I highly recommend this whenever
possible.
I understand the complexities as well as the administrative
burden. However, there is no way for you to know in advance what
the physician's documentation contains. If you are audited and the
documentation is requested at that point, you'll be liable to
payment of the services if the documentation is deemed
insufficient.
If you implement these procedures in conjunction with educating
physicians about what is required, you will hopefully —
eventually — begin to see documentation that meets the
coverage policies. These processes will only help you in the long
run.
Internal Monitoring and Reporting
I cannot stress this point enough: Do not wait for
Medicare contractors or government auditors to come to you and find
a problem. If that does happen, you open yourself up to
much bigger problems. For example, an auditor can do an
extrapolated overpayment or place your facility on a prepayment
review, which will have a major impact on your cash flow. I
recently saw an actual overpayment of $12,763.83 extrapolated out
to $1,408,169 for minor technical issues and insufficient
documentation.
Also, if auditors find issues and identify overpayments, you
will most likely have to go through the appeals process, which is
time-consuming, frustrating and costly.
Many HME owners and managers feel they don't have the time,
money or resources to conduct regular internal audits, but this is
much more cost-effective than if Medicare determines you have
issues. In other words, you cannot afford not to!
There is no way to avoid audits, especially in the current
environment. Eventually it is going to happen, so you need to be
prepared. Most issues identified by auditors could have easily been
detected and corrected in advance. Perhaps you might identify
claims that should not have been paid and should be refunded, but a
voluntary refund of payments is much different than an overpayment
demand in which additional scrutiny is likely.
Use available resources to get an idea of where to focus your
internal audits. For example, the RAC and DME MAC Web sites
identify the focus of widespread reviews. The HHS Office of
Inspector General releases its work plan each year that clearly
identifies areas of focus.
This year, for example, the OIG is looking at claims with KX
modifiers as well as payments for power mobility devices, hospital
beds and accessories, oxygen concentrators and parenteral/enteral
nutrition. If you provide any of these services or file claims with
KX modifiers (over 30 coverage policies now contain some reference
to use of a KX modifier), then you may want to look at these claims
to make sure they are valid and meet the policy requirements.
The HME industry faces a lot of challenges and scrutiny. Despite
that, you provide a necessary service to the Medicare
population.
Prior to his death a year ago this month, my father relied on
power mobility and oxygen. His quality of life was significantly
increased and prolonged as a result. I understand this. However, I
urge all home medical equipment providers to take a more active
role and make an expressed commitment to compliance with the strict
coverage policies being implemented in this industry.
By preparing your HME company and reducing the chance that
government auditors will identify issues with your claims, you will
increase the likelihood that CMS and its contractors will focus
their efforts on reducing legitimately fraudulent claims. Doing so
is in the best interest of the DMEPOS industry and public in
general.
You Can't Hide
"There is no way to avoid audits, especially in the current
environment. Eventually it is going to happen, so you need to be
prepared."
CERT — Comprehensive Error Rate
Testing Contractors review random samples of claims in order
to calculate a provider paid-claims error rate as well as a
contractor error rate.
RAC — Recovery Audit Contractors
are responsible for reviewing claims to determine whether they were
overpaid or underpaid. RACs are looking for improper payments,
which can include medical necessity issues, but they are not
reviewing for fraud or abuse.
ZPIC — Zone Program Integrity
Contractors are replacing Program Safeguard Contractors and
are reviewing claims to detect fraud, waste and abuse in the
Medicare program.
Medical Review — These reviews are
conducted by the DME MACs and are designed to determine that
services are reasonable and necessary and billed in accordance with
local and national coverage guidelines.
- Read about ZPIC audit
preparation, including what you should do when a ZPIC
audit hits you and how to prepare for a ZPIC audit before it
happens.
Author and consultant Wayne van Halem, president of The van Halem
Group, Atlanta, has built a career interpreting and
understanding the nation's preeminent health care entitlement
programs. He has worked as a fraud analyst, Medicare fraud
information specialist and senior investigator. An Accredited
Healthcare Fraud Investigator and Certified Fraud Examiner, van
Halem has also served as the appeals manager for Medicare Part B
second-level statutory appeals nationally. Currently, he provides
counsel to all entities involved in the participation,
administration and oversight of public and private health care
plans. A book he authored entitled Medicare Audits in
Long-Term Care: A Guide to MACs, RACs, and ZPICs is being released
this month. You can reach van Halem at 404/343-1815 or wayne@vanhalemgroup.com.
What Should You Do when a ZPIC Hits You?
If you receive a letter from the ZPIC requesting documentation
on a number of claims, what should you do?
- Begin compiling the documentation immediately.
- The ZPICs expect you to provide clinical documentation to
support the need for the items they are auditing. Most providers
think that because the policies state that they are not required to
have the documentation in their files that they are not required to
submit them. This is wrong, as the policies state that the
documentation must be provided if requested. - If you do not provide any clinical records, the claim will be
denied as not medically necessary. You must contact the ordering
physicians and request specific documentation related to why they
prescribed the item in question. - It is very important to know that the clinical records must be
dated prior to the date of service in question or else they will be
deemed insufficient. - Utilize the physician documentation request letter drafted by
the DME MAC medical directors to help in obtaining the
documentation that you may not have on file. - Conduct a comprehensive review of the documentation prior to
submitting them to the ZPIC. - If you identify issues in your review, notify the ZPIC
immediately and prepare a corrective action plan to address those
issues internally. - Retain exact duplicate copies of the documentation you submit
to the ZPIC. - Even after you have submitted the documentation, continue
working with referral sources to obtain as much clinical
documentation as possible. - If the documentation dated prior to the date of service in
question is lacking, you can ask the referring physician for more
recent documentation or to document on his/her letterhead why the
item was ordered, the patient's clinical history, and why the
equipment is necessary. While this may not be sufficient for the
audit, it could be considered at higher levels of appeal. - If you cannot meet the deadline imposed by the ZPIC (usually 30
days), then call and request an extension. Regulations provide that
the ZPIC cannot render a decision on a claim for failure to respond
until after the 45th day, so you will always be able to request an
extension to 45 days at the minimum. They have the discretion to
extend further if necessary.
You receive a letter from a ZPIC identifying an overpayment as a
result of the audit. What happens next?
- Within 30 days of the letter from the ZPIC, you will receive an
actual overpayment demand letter from the DME MAC. - Review the specific denial reasons in the audit results letter
from the ZPIC and begin attempting to get supporting documentation
to counter the denials. - You technically have 120 days to file your appeal request;
however, the contractor will begin collection proceedings on the
41st day. So, you should either: - Refund the overpayment in 30 days and then begin preparing your
appeal; - Request a repayment plan within 30 days; or
- Submit a valid request for Redetermination prior to the 41st
day. - If you submit a valid request before the 41st day, the
limitation on recoupment provisions apply, and the DME MAC cannot
collect the overpayment while the appeal is pending. The same
process applies for the second level of appeal (QIC, or Qualified
Independent Contractor) as well. (Reconsideration requests must be
received before the 61st day in order to stop collection of
overpayment.) Keep in mind that interest will begin accruing on the
30th day from the identification of the overpayment. - If unsuccessful at Redetermination and Reconsideration, then
request an a hearing by an Administrative Law Judge (ALJ), and if
you have not satisfied the overpayment by this time, then refund
the money or request a repayment plan. - Do not wait until you are being audited by a ZPIC before
reviewing your files. It is much more cost-effective to review
documentation and files in advance to determine whether you have
any issues rather than waiting for the government to come in and
audit a sample of your claims and extrapolate the overpayment.
How Do I Prepare for a ZPIC Audit Before it Happens?
- Conduct an internal review of the primary services you provide
and make sure your documentation is in order. - Review the "documentation requirements" section for each item
you provide. When a ZPIC audits a claim, they are auditing to make
sure the requirements outlined in the LCDs and related articles are
met. Develop documentation checklists for your files to assure you
always have all the necessary documentation. - Make sure your files are orderly and consistent.
- Whenever possible, get as much clinical documentation up front
for the services you provide. It is much easier to get the
documentation you need at the time the service is ordered rather
than having to go back if faced with one of these audits. - Make sure your referral sources know the guidelines and
conditions for the items they order are covered. - Do not rely on supplier-generated forms to document medical
necessity. They are not considered part of the medical record and
actually discourage physicians from documenting the information in
their own record. - Make sure all items are clearly listed on the orders prior to
dispensing, and make sure your delivery documentation is very
detailed and includes brand name, model and serial numbers.
