Presented by Nexsen Pruet's Stephen Bittinger

1. Current Payor Audits &
Defending Them
Stephen Bittinger
Healthcare Reimbursement Attorney
NEXSEN PRUET, LLC

2. Goals for Today
Learn the Current Types of Payor Audits
Medicare, Medicaid, and Private Payor
Learn the Current Appeals Processes and Legal
Options
Medicare Appeals, Medicaid Appeals, and Private Payor
Appeals
Learn How to Prevent and Defend Audits
Protecting Your NPI, Payor Compliance, and Defending Audits

3. Types of Medicare Audits
Recovery Audit Contractors (RACs)
 Old news
 Audits focus on “errors and omissions”
 Paid a contingency fee of the recovery amount
Quality Improvement Organizations (QIOs)
 Comprised of health quality experts, clinicians and consumers with focus on
improving quality of care
 Two kinds
(1) Beneficiary and Family Centered Care (BFCC-QIO) – manage all
individual beneficiary complaints
(2) Quality Innovation Network (QIN-QIO) – data driven initiatives that
promote best practices for better care of beneficiaries

4. Types of Auditors: FWA & The
Reality
 Fraud, Waste and Abuse (FWA) auditors are targeting providers that are
statistical “outliers” from their peers based on services billed.
 FWAs are using the “threat” of reporting potential fraud and abuse to the OIG,
DOJ, or FBI to coerce providers into submission to overly aggressive audit
tactics, unfounded repayment demands, and inappropriate Medicare payment
suspension or participation denial.
 FWAs are reporting all findings through the Unified Case Management (UCM)
system that is a central repository of all provider data accessed by CMS, Unified
Program Integrity Contractors (UPICs), Medicaid Integrity Contractors (MICs),
Medicare Drug Integrity Contractor (MEDIC), DOJ, HHS, and State AG offices.
UCM is the “Big Brother” of healthcare data that tracks providers and care by
social security number, Unique Provider Identification Number (UPIN), National
Provider Identifier (NPI), medical notes, foreign activities, device identifiers, and
financial account information.

5. What Constitutes Fraud
by a Provider
 Old Standard – “fraudulent conduct” in the facts
 billing for services with no qualified provider,
 repeated, blatant violations of supervision regulations
 billing under NPI of provider who did not provide service.
 New Standard - “fraudulent pattern” that is data driven
“[Dr. Miller] submitted, or caused to be submitted, claims to Medicare for nerve
block injections that were false and fraudulent because the nerve block injections
were not medically indicated and necessary for the patients’ health per Medicare
coverage guidelines.” - U.S. v. Michael K. Miller (Missouri) (Plea Agreement –
April 2014 – 15 months and $880,000 in restitution).

6. Types of Auditors: United Program
Integrity Contractors (UPICs)
 UPICS are the newest fraud, waste, and abuse auditor that CMS is
implementing in 2018 that will replace the ZPICs.
 UPICs formed as part of the Comprehensive Medicaid Integrity Plan (CMIP) to
wrap all federally funded integrity reviews into a single audit.
 Formed in response to projected $119 billion increase in Medicaid spending
over FY 2014-2018.
 CMS awarded multiple 10-year, $2.5B IDIQ (Indefinite delivery/indefinite
quantity) UPIC contracts in support of CMS’ audit, oversight, antifraud, waste,
and abuse general budget.
 Contract for the Southeastern region, which includes South Carolina, has
been awarded to SafeGuard Services, LLC.

7. 1. Simplify and Streamline – increased federal spending in UPIC program will
heavily influence state control over Medicaid program
2. Identifying Fraudulent Providers – UPIC will collaborate with state agencies
to identify and remove fraudulent providers.
3. Shared Accountability – federal and state will have shared accountability for
developing and delivering “cost-effective” healthcare to Medicaid beneficiaries.
4. Fraud Preventions – through provider screening, periodic revalidation, and
temporary suspension of payments for “credible allegations of fraud.”
5. Oversight of Financial Policies – federal will oversee state plans, waivers, and
financial management for grant making to the states.
6. Strengthen Medicaid Integrity – federal and state auditors will share data,
coordinate audits, and collaborate with state and federal law enforcement
agencies.
Objectives of the UPIC

8. Impact of UPICs
 Despite UPIC unifications, CMS will continue with other
audit programs, including RACS and QIOs.
 Providers will face a higher level of unified scrutiny across
ALL FEDERAL PAYERS: Medicare, Medicaid, Medicare
supplemental plans and all military plans, such as Tricare and
VA Choice/Community Care.

9. CMS Targeted Probe and
Educate (TPE) Audits
 Medicare Administrative Contractors (MACs) perform TRE audits
 Providers are targeted for TPE based on:
 Questionable billing practices
 Claim error rates from prior reviews
 Services that have high national error rates
 Services that are at financial risk to Medicare
 Most common claim errors:
 Missing signatures
 Documentation does not establish medical necessity
 Encounter notes lack support for all elements of eligibility
 Missing or incomplete initial certifications or re-certifications for
services

10. CMS Targeted Probe and
Educate (TPE) Audits
 Steps in the TPE process:
 Targeted providers will receive a letter from MAC requesting
documentation for 20-40 claims;
 MAC will review the documentation to determine if there are errors and
recoupment should be made;
 Providers with denied claims will have one-on-one education session;
 Providers will have 45 days to make changes and improve (established
by another production and review);
 Providers that do achieve 100% compliance will not be reviewed for
another year; and
 Providers that fail to achieve 100% in three reviews in less than 1 years
will be referred to CMS for options below.

11. CMS Targeted Probe and
Educate (TPE) Audits
 Potential consequences of failing three reviews:
 100% prepayment review of all claims;
 MAC can extrapolate error rate from sample over universe of claims
(back 6 years) and make overpayment demand on them all;
 Referral to RAC for same extrapolation process;
 Referral to UPIC for fraud and abuse investigation;
 CMS can begin Medicare exclusion process; and/or
 CMS can refer the provider to the Office of Inspector General (OIG) for
potential criminal prosecution for billing fraud by the DOJ.

12. Overpayments Discovered by
Providers: 60-day Rule
 Under the Affordable Care Act, healthcare providers are
required to report and return overpayments to CMS
within 60 days after identification of the overpayment.
 Reasonable Diligence Standard – a provider is
deemed to have identified an overpayment when the
provider has or should have through the exercise of due
diligence determined that the provider received an
overpayment and quantified the amount of the
overpayment (6 month maximum from discovery).

13. Penalties Under False Claims Act
for Failure to Disclose
 As of March 2017, overpayments retained after that 60
day deadline are considered “reverse false claims” that
are subject to civil and criminal penalties under the
federal False Claims Act.
 Penalties can be imposed for between $11,463-$22,363
per claim plus treble damages for the total amount of the
overpayment. (e.g., claims each worth $100 totaling
$5,000 of reimbursement improperly held could total
$1,118,150 in penalties and $15,000 in treble damages)

14. Private Payer Audits
 Private payor medical and billing policies can be different than CMS
or can default to CMS policy. The payor’s website usually has a link
to all medical service policies.
 Audits are conducted in a similar fashion to CMS when statistical
outliers are identified.
 Private payors have Special Investigative Units (“SIUs”) that become
involved if fraud is suspected.
 Every payer has its own unique overpayment appeal process that can
usually be found in the provider manual.

15. Medicare Appeals Process
 Five Levels of Appeal:
 1. Redetermination (MAC) – 120 days for timely, but 30 days to
stop recoupment; MAC decision within 60 days
 2. Reconsideration (Qualified Independent Contractor – QIC) –
180 days for timely, but 30 days to stop recoupment; QIC
decision within 60 days, but cannot stop recoupment after this 3.
Office of Medicare Hearings and Appeals
(OMHA)/Administrative Law Judge (ALJ) – 60 days for timely,
but currently on a 1,300+ day wait for ALJ hearing (Injunctive
Relief?) (Escalation to Medicare Appeals Council)
 4. Medicare Appeals Counsel (MAC)/Department of Appeals
Board (DAB) – 60 days for timely, 90-180 days for decision
 5. Federal District Court – 60 days for timely, but limited review

16. Medicaid Appeals Process
 Varies by State; Main Steps:
 1. Medicaid Agency Appeal – an appeal to the agency
that audited or of the contractor that audited
 2. State Attorney General – appeal from agency’s
decision
 3. State Court Review – usually treated as an “original
case” in state court

17. Private Payor Appeals Process
 Varies by Payor; Main Steps:
 1. Appeal back to SIU or of contract auditors to SIU
 2. Appeal council/board, if provided in your contract
 3. State court litigation is only option thereafter

18. Preventing Audits
• Protect Your NPI –
• #1 cause of provider audits
• Misuse of NPI by billing companies,
partnerships, associated practices, and
billing staff
• Negligence in payor policy compliance
(e.g. Incident-to; midlevel billing)

19. Preventing Audits
• Payor Compliance –
• Stay current on payor policy changes (i.e.
network alerts, provider manual changes)
• Payor Matrix – compile (e.g. spreadsheet)
of payors, services, providers, and policies
with hyperlinks and self-audit quarterly
• Annual external self-audit (CMS requires)

20. Defending an Audit
 Communication – cautious, but open, communication with investigators is
essential to determine the basis for initiation of an audit and to determine
the scope (both in length of time and breadth of services). Initiate
communication to express cooperation and to determine investigator’s
motives.
 Self-Audit – self-auditing can be one of the most effective tools to
preventing fiscal collapse. Hire an independent expert to review claims
targeted by the auditor to determine an objective assessment of non-
compliant reimbursement and disclose overpayments prior to the auditor
producing their extrapolated findings. Self-disclosure may be the only
escape from the nightmare of the CMS or private payer appeal process.

21. Defending an Audit (cont.)
 Corrective Actions – quickly establish a thorough corrective action plan
for any medical necessity or billing errors found during the self-audit.
Disclose this plan to the auditor and the claims administrator collecting the
overpayment disclosure.
 Education and Training – implement the corrective actions and document
the implementation process and training provided to providers and staff.
 Review Compliance Failure History – complete an internal investigation
into the origin of the reimbursement error and develop a protocol for
prevention to be added to the compliance plan.

22. Summary
 Auditors are becoming much more
sophisticated and claim data is the essential base
 Refund all identified overpayments promptly.
 Avoid audits by ramping up your compliance
efforts and understanding policies for services
billed to both federal and private payors.
 Be prepared to defend your business.

23. Stephen Bittinger, Esq.
www.nexsenpruet.com
sbittinger@nexsenpruet.com
(o) 843-720-1703
(c) 440-823-0664