OIG, ZPIC, Medicaid, Fraud Audits


PATIENT PROTECTION AND AFFORDABLE CARE ACT EXPANDS FRAUD AUDIT

HHS announced a new collaborative initiative between the Department of Health and Human Services Office of the Inspector General (OIG) and the Department of Justice (DOJ) expanding anti-fraud, waste, abuse and payment recovery enforcement activities, including a significant increase of provider post-payment audits, recoupments, civil and criminal actions to be jointly implemented.

Beginning in FY2011 the Act will provide an additional $350 million over the next ten years, for coordinated detection and prevention of fraudulent Medicare and Medicaid billing practices. The coordination of entities has recovered $1 billion in Medicare Medicaid payments under the False Claim Act.

Results reported by CMS for FY 2009 Comprehensive Error Rate Testing (CERT) Medicare payment audits show that 7.8% ($4.7 million) of all Medicare claims sampled were paid in error, with hospitals accounting for over half of these improper payments (40% inpatient and 12% outpatient), while DME providers accounted for 25% of overpayments, followed by physicians at 7% and SNFs at 6%. Based on this audit sample, CMS estimates that approximately $24.1 billion of Medicare claims were improperly paid in error in FY 2009.

The CERT audit results indicate that, 98% of Medicare payments made in error were attributed to three main causes:

  • Insufficient Documentation – missing, incomplete or illegible physician orders, clinical notes, test results, and examination, evaluation and treatment records.
  • Medically Unnecessary Services – medical documentation did not support higher service level or setting, e.g., inpatient admission for treatment or surgical procedure that could have been provided on an outpatient/observation basis, excessive units billed, etc.
  • Miscoded Claims – incorrect diagnosis or procedure codes, coding level billed not supported by medical documentation

DEPARTMENT OF JUSTICE RECOVERS $3 BILLION IN FALSE CASES IN FISCAL YEAR 2010

The Department of Justice announced that it has secured $3 billion settlements and judgments in cases involving fraud in the fiscal year ending September 30, 2010. This includes $2.5 billion in health care fraud recoveries—the largest in history—and represents the second largest annual recovery of civil fraud claims.

The record health care fraud civil recoveries of $2.5 billion made up 83% of the year’s total civil fraud recoveries. HHS reaped the biggest recoveries, largely attributable to its Medicare and Medicaid programs. Recoveries were also made in Department Defense for the TRICARE program and the Department of Veterans Affairs.


OIG WORK PLAN FOR FY 2011 CONTINUES FOCUS ON KEY HIGH RISK AREAS

The HHS Office of the Inspector General (OIG) recently released its annual audit work plan for FY 2011, establishing audit priorities that include continuation of targeted reviews of the following areas considered high risk for improper Medicare payments:

  • Hospital Observation Services
  • Hospital Readmissions
  • Hospital Admissions with Conditions Coded “Present-on-Admission”
  • Critical Access Hospitals & Provider-based Entities
  • Inpatient Rehabilitation Facilities
  • Hospital Payments for Non-Physician Services
  • Part A Hospital Capital Payment
  • Medicare Disproportionate Share Payments
  • Duplicate Graduate Medical Education Payments
  • Durable Medical Equipment

Note CAH & provider based clinics is 4th on OIG list. A report released earlier this year indicates that hospitals and Durable Medical Equipment (DME) providers continue to lead all other providers in terms of improper Medicare payments

For more details on the OIG’s FY 2011 Work Plan, please go to:

http://oig.hhs.gov/publications/workplan/2011/FY11_WorkPlan-All.pdf

STATE MEDICAID RAC EXPANSION ROLLOUT PLANS DUE BY 12/31/2010

As mandated by (PPACA), by December 31, 2010, all states must establish programs to contract with one or more recovery audit contractors for the purpose of identifying underpayments and overpayments and recouping Medicaid overpayments – this will be in addition to the currently expanding Medicaid Integrity Contractor (MIC) state audits, conducted under CMS’ Medicaid Integrity Program (MIP). There are no patient record request limits, shorter provider response (two weeks versus 45 days).

Same as the Medicare RAC program, payments will be made to contractors only on amounts recovered and will be issued on a contingent basis.

The expansion of the RAC program to Medicaid is the next step in the federal government’s increased efforts to recover the GAO's recent estimate of $18.6 billion per year in improper payments beyond what the Medicaid Integrity Program and Medicaid Integrity Contractors (MIC) have done. Since MIC contactors are not paid on contingency, it is anticipated that the RAC Medicaid contractors will be far more aggressive in their audit efforts given the fact they are paid on contingency.

The Affordable Care Act also authorizes the expansion of the Recovery Audit Contractor (RAC) program to Medicaid. CMS reports that a sample of Medicaid claims in 17 states, (one-third of the country including Alaska, Washington, Oregon, Montana and Hawaii) were audited under its Medicaid Payment Error Rate Measurement (PERM) program and revealed that 8.71% were improperly paid in FY2008. CMS’ extrapolation of these results estimates improper payments of $35 billion of the federal share of the Medicaid program were made during FY2007-2008.


ZONE PROGRAM INTEGRITY CONTRACTORS (ZPIC) AUDIT UPDATE 2010-2011

ZPICs are organizations hired indirectly by CMS to perform a wide range of medical review, data analysis and Medicare evidence-based policy auditing activities. Take ZPIC into account the potential of provider fraud and abuse and are given much more latitude than RAC and MIC auditors.

An investigative approach is currently being utilized by ZPICs is comparing hospital claims with physician claims for the same patient service episode to identify variances in DRGs with Complications/Comorbidities, E/M service level coding and supporting medical record documentation, for example. This same cross-checking is also occurring between other providers, like DME and Rehabilitation providers. ZPICs are also directly contacting Medicare beneficiaries to determine whether or not the services and products they actually received are consistent with the claims submitted by all providers involved with their care.

Another difference from RAC the ZPICs do not have any limitations on the number of records that they can review, nor do they a time limit on how far back they can conduct such reviews. For key areas that ZPICs have targeted contact FCAW for more detail.

As of April, 2011 five of the seven ZPIC contracts have been issued:

  • Zone 1: SafeGuard Services, LLC (California, Nevada, American Samoa, Guam, Hawaii, Mariana Islands)
  • Zone 2: AdvanceMed Corporation (Alaska, Arizona, Idaho, Iowa, Kansas, Missouri, Montana, Nebraska, North Dakota, Oregon, South Dakota, Utah, Washington, Wyoming)
  • Zone 4: Health Integrity, LLC (Texas, Colorado, New Mexico, Oklahoma)
  • Zone 5: AdvanceMed Corporation (Alabama, Arkansas, Georgia, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Virginia, and West Virginia
  • Zone 7: SafeGuard Services, LLC (Florida, Puerto Rico, Virgin Islands)

Two remaining ZPIC contracts are still pending:

  • Zone 6: (Pennsylvania, New York, Maryland, Washington D.C., Delaware, Maine, Massachusetts, New Jersey, Connecticut, Rhode Island, New Hampshire, Vermont)
  • Zone 3: (Minnesota, Wisconsin, Illinois, Indiana, Michigan, Ohio, Kentucky)

State of Alaska/Washington Medicaid


  • PERM Audits: Payment error audits
    • Department is conducting billing audits through outside contracting firm, currently Meyers & Stauffer in conjunction with the Office of Inspector General. Each year 80 desk audits and 27 field site audits must be conducted.
  • SURS Audits: Surveillance and Utilization Review
    • First Health state payment contractor conducts these audits when fraud is identified.
    • The audit is turned over to the State’s Attorney General Office to conduct a criminal investigation.
  • Program Integrity Audits:
    • Check different patterns on claims, check different patterns on type of patients or services billed.
  • Quality Assurance Audits:
    • Common findings are non-documented services, program violations such as family/guardians providing services, client rights ignored or violated, incorrect procedure codes and/or modifiers, duplicate claims payments, deficient financial records, certification/licensure issues, inaccurate provider enrollment information. Those audits have changed from prior QAA. Now they are being done to find errors for PERM audits to target specific areas.
  • Reimbursement Audits (Alaska only):
    • Performed by Meyers & Stauffer or Office of Rate Review on facility’s cost reports, year end conformance reports and budget reports. Their audit findings reduce facility rates.
  • Medicare/Federal Audits:
    • CPT procedures inconsistent with diagnosis time billing review / look at time needed to perform compared to time billed and high CPT codes. Looks if provider billing patterns and trends correlate to history billing. Checks utilization program admissions and discharges drawing more Medicare/Medicaid than previous or discharge high activity patients faster.
  • CERTS Audits:
    • Currently being conducted by AdvanceMed. AdvanceMed is a separate contractor from Noridian.
    • The purpose of a CERT is to randomly select a sample of claims in a calendar year, request medical records from the providers who submitted claims, review the claim and medical records to see if the claims comply with the medical coverage, coding and billing rules. Errors will be assigned to claims paid incorrectly or denied. Facilities who do not submit all required documentation will be classified as non-responders and treated as errors.
  • Noridian Billing Audits:
    • The audits look for inadequate documentation, lack of necessity, unsigned physician orders, duplicate claims, improper coding or ordering services, billing improper services, review one day service, lesser over three day stays, admission criteria, observation, bundled services, APC, anesthesia and recovery.

Fraud Audits

Medicare and Medicaid Fraud Billing Audits are on all healthcare providers’ screens. The various audits, PERM, SURS, and CERTS that are being performed by Medicare and Medicaid have made it difficult for providers to deal with the complexity of all the fraud audits. Our firm was hired as reimbursement consultants on nine of those Medicaid and Medicare audits in the last five years. We have been able to overturn $26 million of requested overpayments. On several of the audits, our providers paid nothing back to the Intermediary.

Myers & Stauffer LC were the contract auditors who performed DMA audits in Alaska. The purpose of DMA audits for this period and the previous cycles of audits, have been to recover millions of dollars of alleged improper payments made to Alaska providers by the Medicaid agency. The audits that have been issued also include large fines and penalties.

The contract auditors make mistakes, do not find the supporting data, or they misinterpret the regulations, statutes, Medicaid manuals or Intermediary’s practicing methodology. Frequently the auditors do not recognize the documents they are searching for.

Financial Consultants of Alaska & Washington defended a provider last year in a case where the Intermediary demanded $8,000,000 back from a facility. After a considerable effort we were able to get the case entirely dismissed and the facility was not required to pay anything back to the Intermediary. Recently we were hired to work on two audits for Community Mental Health Centers in Alaska; the Intermediary had demanded $879,000 from one of the Centers. After our firm audited the records, we were able to get the Center’s payback to the Intermediary reduced to $14,000.

Myers and Stauffer have started their fourth cycle of Medicaid Fraud Audits. In this fourth cycle, unlike prior audits, Medicaid plans to include IHS/Tribal facilities.

The U.S. Federal District Court in Washington recently affirmed CMS’s decision to require a Critical Access Hospital (CAH) to repay Medicare $275,000 noting that the facility’s recordkeeping did not support an increase of 731% in routine costs as listed in the facility’s Medicare Cost Report.

Unidentified Critical Access Hospital No. 1 v. Leavitt, No. 07–5020 RBL (W.D. Wash. Dec. 6, 2007). This court case underscores the importance and necessity of accurate and documented “data reporting on the Medicare Cost Reports.” There are also other lessons CAHs can learn from this case. In this particular case, the hospital changed its nursing staff reporting on its Medicare Cost Report from how it was calculated and reported in prior years. The change in reporting caused a 731% increase in routine costs for acute care over how this data was reported on the Medicare Cost Report for prior years. Not surprisingly, the Medicare fiscal intermediary challenged this dramatic increase.

CMS focused on the hospital’s lack of supporting records that would enable CMS to verify the accuracy of the 731% increase. While this case clearly underscores the need for thorough and accurate recordkeeping, it also contains other important lessons and warnings.

In today’s healthcare regulatory climate, healthcare providers should assume that any dramatic increase in any cost center will trigger a very high level of scrutiny from the state and federal governments. Given the increased activity of state Medicaid fraud control units, PERM audits, CERT audits, and the other audits performed by the state and federal governments, providers are well advised to make sure that they have all of the documentation necessary to support large increases in any cost center. If you are going to show a 700+% increase in routine costs you should just assume that either CMS will question this or you will be subjected to an audit. This type of increase invites additional scrutiny so you should be prepared to defend it. The good reimbursement firm will safeguard your facility when they prepare the Medicare and Medicaid cost reports. This will ensure that your facility will never encounter this situation.

Congress has appropriated over $160 million for Medicaid Fraud enforcement. This increased enforcement is expected to net over $1 billion in recovery from healthcare facilities. A new $8 million Medicare contract was issued in January 2008 to Price Waterhouse for the purpose of conducting Medicare Fraud Audits. The State of Washington like most states today also has a growing Medicare and Medicaid Fraud unit.


State’s Medicaid is conducting the following Fraud Audits:

  • Payment Error Rate Measure Audits, Quality Assurance Audits
  • Department of Medical Assistance Audits
  • Surveillance and Utilization Review Subsystem (SURS)
  • Myers and Stauffer Billing Fraud Audits

Federal Medicare is conducting the following Fraud Audits:

  • Noridian Billing Audits
  • CERTS Audits
  • CMS – Fraud Unit
  • Pre-pay Noridian Audits
  • Post Pay Audits
  • Cert-post-pay/ Advanced Med Audits
  • RAC-ZPIC Medicare/Medicaid Audits