The Law: Audits 101

There is one word that can elicit groans, inspire fear, and unleash migraines in grown adults just by its very mention.

Audit.

Every practice worries about the possibility of an audit, whether by Medicare or a private payer. The sad truth, however, is that few physicians know what to do when an audit actually occurs. If an audit comes to your practice, should you be worried?

Absolutely, says Tom Powell, senior consultant for Healthcare Administrative Partners, LLC, in Media, Penn. “When an auditor comes to visit, despite what they say or how they behave, they’re there for one reason: They believe you are doing something wrong.”

No matter how you look at it, an audit is a serious matter. If your practice is going to survive the process, it needs to be prepared. We’ve asked a panel of experts for the best approach to surviving - and even avoiding - a Medicare or private payer audit.

Why me?

While there are some who argue that audits help protect against and eliminate fraud, Douglas M. Nadjari, a partner with Kern Augustine Conroy & Schoppmann, a Lake Success, N.Y. law firm that caters primarily to healthcare professionals, takes a less charitable view of the auditing process.

“It is a way for the insurance companies to balance their books,” says Nadjari. “It is not about quality assurance. It is about finding a way to nickel and dime not every physician, but many physicians so that they can try to maximize their profit.”

Not surprisingly, most audits focus on billing and coding practices. Whether it’s Medicare or a third-party insurance company performing the audit, chances are good that it’s the practice’s recordkeeping that will be scrutinized. For that reason alone, it’s important that everyone in your practice keep patient records organized and comprehensive.

The first questions an auditor will be looking to answer are:

• Do the consult notes support the patient diagnosis?

• Was the service provided medically necessary?

• Was the service appropriately coded?

If your patient records demonstrate all of the above, then you’re already halfway to surviving an audit.

However, if your records don’t answer these questions, don’t even consider altering or falsifying them. That kind of fraud carries heavy criminal penalties, and the chances are excellent that you’ll get caught. No matter how hard you try to cover your tracks, there is always a stray piece of paper (lab results, a patient bill) that will uncover the lie.

What triggers an audit?

In theory there is such a thing as a random audit, but it’s very rare. Some practices receive letters saying they have been randomly selected for an audit, but there’s usually something more to it.

“In 15 years of doing this I have not yet come across a circumstance in which an audit was truly random,” says Powell. “Now, I have had numerous times where they have said they were random, but as you get further involved in the process you discover that they are not.”

Most audits are triggered by coding issues, says John Mott, a certified professional coder and president of Medicare Audit Consultants in Quincy, Ill. Mott should know. Having been contracted to audit practices for insurance providers, he understands what providers and Medicare auditors are looking for.

“It’s usually going to be medical codes that are outdated,” he says. “They’re looking for things that are out of the ordinary, things that would stand out - and particularly the higher reimbursement areas.”

Among the red-flag items that can trigger an audit are:

Being an outlier. In the old days, a physician performed a service, submitted a claim, and got paid for it. Now, Medicare and private payers feed claims data into a database that compares your practice with other practices in the same geographical area and the same medical specialty. If your gastroenterology practice bills with greater frequency or uses a certain code at a higher rate than that of your peers, it’s something Medicare and insurance companies will want to investigate.

Miscoding. This probably seems obvious, but you would be surprised how many practices systematically miscode and never realize it. If your physicians or staff members aren’t up to date on the latest codes, or if your billing staff resubmits rejected claims using the same outdated codes, eventually your practice will attract scrutiny.

Most physicians anticipate trouble if they are found to be “upcoding” - that is, using a higher-level, higher-reimbursement code for a lower-level service - but did you know the opposite practice also can trigger an audit? “I’ve also seen it on the other side, where a practice was undercoding,” says Mott. “You wouldn’t think that would be a problem.”

Normally it isn’t. After all, what insurance company will be upset that your practice is taking too little money? But if the provider starts examining records, it might discover other mistakes. If your practice is undercoding some services, then perhaps you are upcoding others. An auditor will likely uncover the latter and ignore the former - which costs you money.

Unbundling. This is a variant of miscoding where a physician might code a series of procedures individually when they should be grouped under a single code. Evaluation programs usually pick up unbundled procedures immediately, but if your practice makes a habit of submitting these for reimbursement, it will lead to an audit.

Whistleblowers. Most practices don’t realize it, but one big area that can contribute to an audit is when an employee (or former employee) or a patient reports the practice.

“In my experience, the employee reporting you is not as much of a concern as patients,” says Powell. “And it’s not so much one patient, but when carriers receive a series of similar patient complaints.”

What is an audit, exactly?

Technically, any request for information from a carrier is an audit. Practices often receive letters asking for consult notes and patient records, but those are just routine … right?

“I can tell you there is nothing benign or routine about it,” says Nadjari. “If they are sending you a polite letter [asking for] your records, all sorts of bells and whistles should go off at that point. It means that you are being looked at.”

Nadjari recommends contacting legal counsel as soon as you receive a request for information. Getting an outside opinion from a lawyer or a coding consultant can help.

The last thing you should do is ignore requests for information. If you receive four letters asking for records on four separate patients, but you fail to respond to any of them, those requests get moved up to the next level of attention. This usually results in a more formal announcement of an investigation - what most of us think of when we use the word “audit.”

“I have probably been involved in 50 or so audits,” says Powell. “A handful have been triggered by complaints, but most of them have been triggered because the practice did not resolve some lower-level issue.”

Be cooperative, but give carriers only the information they are asking for. Most practices have a tendency to try and inundate the insurance company with extras: consult notes, unrelated patient records, self-analysis of billing and coding. Avoid the temptation to try and bring the audit to a rapid close. “You can’t talk your way out of it,” explains Powell.

How to handle an audit

After you’ve provided the necessary records to the carrier - or talked with legal counsel about it - the next thing to do is look at the information the carrier has requested. Try to find the common thread in what the insurance company has asked to see. Keep in mind that the carrier has requested this information because they believe it may indicate wrongdoing on the practice’s part. A billing and coding consultant can help you determine if you’ve made any of the mistakes listed above. If you have, you can try to make corrections before the carrier either widens the scope of the audit or assesses a penalty.

If you’re lucky, the carrier will look at the records, see there isn’t a problem, and send you a letter indicating that the case is closed. More likely, your practice will receive a letter demanding repayment. If the repayment is restricted only to the records requested, then it is up to you to decide whether your practice miscoded or not.

In the case of Medicare, regulations regarding repayment have changed. In the past, repayment amounts were negotiable. Now Medicare auditors are prohibited from negotiating repayment for any amount less than $100,000. “What happens is you have to go through this arduous redetermination process that has several layers,” says Nadjari.

That means submitting multiple requests, a report from an independent billing and coding expert, and sometimes testimony from the physician if it is a question of medical necessity. The investment of time and effort may not be worth it for small repayment amounts.

With private payers, you need to look at your provider agreement with that particular insurance company. Sometimes you can negotiate the repayment amount, take the case to arbitration, or litigate. It all depends on your agreement, the amount owed, and the merits of your case.

However, the decision letter from the carrier might ask for a substantial repayment amount based on extrapolation. Based on the records you submit, the insurance company determines the percentage of billing mistakes included. They then apply that percentage to every related instance of the procedure or code in question to extrapolate an amount that your practice owes over a certain period of time. For example, a carrier might look at 10 cases, see mistakes in five, and extrapolate repayment due in 50 percent of the 400 related procedures your practice performed over the last three years.

Sound unfair? That’s because it usually is.

Nadjari and others have had success in trying to show that extrapolations are not based on a statistically valid sample. If the carrier used only a small number of requested records to extrapolate the repayment amount, you may be able to prove that the sample was not valid.

At least when it comes to Medicare, you should almost always try to appeal large repayment amounts. Lower-level Medicare auditors are frequently poorly trained and make numerous mistakes, says one of our experts. And physicians have been winning as many as 70 percent of their Medicare audit appeals.

Avoiding a lawsuit

Of course, the best thing is never to get audited in the first place. So what can you do to protect yourself? “One of the things we recommend is that physicians have a compliance plan,” says Nadjari.

A compliance plan shows that the practice is aware of proper protocols for billing, coding, and patient care. A good compliance plan should also make provisions for regular auditing of your billing practices. That way you can uncover mistakes before Medicare or a third-party payer does. If you find mistakes, be sure to self-disclose to carriers and make repayment when needed (see “The Joy of Self-Disclosure”).

Powell has an additional recommendation. “Perform patient satisfaction surveys . . . You will hear about it if patients can’t get an appointment or if there are billing problems. You will hear about it first, before the carrier will.”

Robert Anthony is a former staff writer for Physicians Practice. He has written extensively about healthcare and medical practices for more than 10 years. He can be reached via editor@physicianspractice.com.

This article originally appeared in the March 2008 issue of Physicians Practice.