Medicare has long used the audit process as a means of finding fraud and abuse among healthcare providers as well as a source of recouping funds that CMS believes were wrongly paid for items or services. This strategy has not gone unnoticed by private payers, many of which have also developed significant programs to audit providers. We have noticed a large increase in private payer audits and fraud investigations in the past few months and more often than not, independent physician practices are often unsure how best to handle this situation. The following are some suggestions on how to respond:
1. Whenever the practice receives a request for records, be sure to keep a copy of the request(s). Never send original records to the payer. If requestors visit your office and the records taken at such time, make sure you copy the records on the spot and get a business card or other detailed information of the individual(s) who take the records. Be sure the designated physician/practice manager is the only one who handles the interaction when possible.
2. I always recommend that every practice have an outside audit performed at least annually. Having your in-house biller perform an audit is unlikely to help find errors. Outside audits do not need to be expensive and having a small sampling of charts reviewed can provide a lot of insight. Be sure to use a certified coder to do an audit, preferably one with expertise in the practice’s specialty. Audits should go through counsel to protect attorney-client privilege. Be sure that appropriate business associate agreements are in place and that all protected health information (PHI) is shared in a HIPAA compliant manner.
3. If you receive a call from a payer to attend an “educational” meeting regarding your medical records/recent record request, be sure to find out the agenda for the meeting in advance. It is highly recommended that you do not walk into any meeting unprepared! Be sure to have your records reviewed prior to any meeting by an outside auditor so that you can intelligently discuss the issues that arise. Do not be afraid to ask to push the meeting date to allow time for a record review.
4. When attending an educational meeting, use it as an opportunity to collect information from the payer and to become familiar with the payer's position. Do not become defensive or argue about codes and information. Ask questions so you know what the payer believes you have done wrong and what the support for their position might be. I often find it helpful to have the outside auditor/consultant attend the meeting as well. When legal counsel attends it can sometimes set the wrong tone, particularly if the payer's lawyer is also present.
5. After the meeting (sometimes weeks or months later), the practice will likely receive a demand letter that will outline the issues and the demanded refund. Typically the payer seeks repayment for that period of time that is allowed by state law or payer contract (i.e. 18 months). They will also apply extrapolate the error rate they have determined to exist across all claims submitted during this time period. This can result in a significant refund demand. There is usually an appeal process outlined in the demand letter and legal counsel can assist in this process. Physicians should understand that even if a practice has corrected the issues covered at the educational meeting (which it should do immediately if it is determined errors have been made), this does not mean the funds are not owed for the period of time covered by the audit. Typically a settlement can be reached between the parties, as well as a payment plan for amounts owed.
Although the audit process is different for every payer, the steps described above (or some variation) can apply for most audits a practice may face. The best way to protect your practice is to review and audit practice records and billing regularly to minimize risk. Practices should also be aware that many payers share information with other payers as well as CMS when particular patterns are discovered, such as overcoding, lack of medical necessity or other potentially fraudulent activities. This means that a single audit can lead to investigation by other payors, including Medicare.