After recently getting word that he was the subject of a CMS audit, a physical therapist did what most providers in his place typically do — he reviewed the records the agency requested. To his horror, he discovered that documentation for a $300,000 service he had billed to Medicare was particularly weak.

Panicked and not thinking clearly, he altered his records in an attempt to hide the errors he detected. However, he failed to re-date his revisions before sending the requested documents to CMS.

It never occurred to him in that desperate moment that CMS already had the records in question. Upon receiving his altered versions, the agency enlightened him.

“I was surprised he didn’t go to jail,” says David Glaser, a healthcare lawyer based in Minneapolis. But the physical therapist was compelled to return the $300,000 he had incorrectly billed.

This provider’s fear-driven reaction to his audit notice is not uncommon among physicians in similar situations. Glaser and other experts say this needn’t be the case. Having a good compliance plan in place — and following it carefully and consistently — can put you in a very confident position should you be hit with a Medicare or
Medicaid audit.

But whether you are ultracompliant or not, there are several steps and strategies to keep in mind should the day arrive when your practice gets that dreaded communiqué.

Tag — You’re It

OK, so say an audit letter has arrived. It states, “Please send us 15 charts from date A to date B.”

What then?

Glaser says it’s a good idea to contact your attorney first. She will help you determine whether CMS is simply conducting a routine audit of you and several other practices for benchmarking purposes or if you specifically are under investigation by its fraud unit. It’s often hard to tell by the letter’s content.

“Sometimes the letters that are a big deal don’t look like they are, and vise versa,” says Glaser. “To be safe, if you get a letter with a bird on it [the logo for the U.S. Department of Health & Human Services], call your lawyer.”

If it appears you are under investigation for fraud, Glaser says your attorney will likely employ a consulting company to conduct an internal audit of the requested records before you hand them over to CMS or the Office of the Inspector General, which handles CMS’s fraud cases. When your attorney works directly with the consultants she hires to review your records, what’s in them is privileged and thus not discoverable, Glaser explains.

However, if you leave the lawyer out of it and hire your own consulting company to audit the requested records, you are obligated to tell the government about any mistakes or problems you find. Glaser says he recently worked with a doctor who learned that lesson the hard way. He conducted his own internal audit without consulting an attorney and discovered that he had coded a visit improperly. When CMS realized he had this information and did not submit a correction immediately, he was hit with fraud charges.

Kenneth Hertz, a consultant for the Medical Group Management Association, says that if your attorney determines that a CMS audit is likely not a fraud investigation, it’s still a good idea to conduct your own “very focused internal audit” or hire a billing and coding consulting company do one for you. “That way, you can get a sense of what’s in the records CMS wants, and you yourself can determine if there was an overpayment or underpayment problem of any sort, or whether you stand out in comparison to your peers,” says Hertz.

But be sure to not call your internal audit an “audit,” warns Glaser. Instead, call it a “review.” “The government likes to seize on that [term],” Glaser says. It assumes that conducting an “audit” implies knowledge of mistakes or wrongdoing.