Products & Technology

Surviving the Audit Tidal Wave

How software systems can save providers from drowning in CMS’s pre- and post-payment audits.

Surviving the Audit Tidal WaveSince the beginning of 2011, providers have been struggling with a tsunami of pre- and post-payment Medicare audits that has upended the home medical equipment industry on a scale equal to that of competitive bidding. All of a sudden, providers were neck deep in a storm surge of requests for documentation, and didn’t necessary have the tools or business processes in place to respond to the requests. And the longer the process, the longer their funding was held in limbo.

And while providers might hope the tide of audits will subside, there’s little chance of that. CMS’s commitment to Medicare audits has been immense. CMS ramped up its “program integrity” budget over the past two years, building up a vast reservoir of auditing resources, and virtually nothing standing between providers and a sea of pre- and post-payment review. In the fiscal year of 2010, $311 million was invested for program integrity; a 50 percent increase from 2009’s outlay. Why? Audits get CMS money. Approximately $3 billion was recovered in 2010, and the government estimated it would recover more $10 billion in 2011 (last year’s official totals were not available at press time).

Moreover, not only has the volume of audits been ramped up, but the intensity of the auditing process. Some types of CMS audits, such as ZPIC audits, can be extremely aggressive. Let’s take a look at the three main types of audits currently besieging providers and how they audit providers:

Comprehensive Error Rate Testing (CERT). These are post-payment audits conduced by the conducted by CERT contractor (AdvanceMed). These audits randomly select a sample of approximately 120,000 submitted claims, and request medical records from providers who submitted the claims. The claims and medical records are reviewed for compliance with Medicare coverage, coding and billing rules. Key areas of focus for the CERT audits are diabetic test strips, power mobility and oxygen.

Recovery Audit Contractors (RAC). The mission of these post-payment audits is to detect overpayments and underpayments, and to implement actions that will prevent future improper payments. RACs randomly select claims and reviews result from data analysis; they can’t audit claims simply because they represent a high dollar amount. These audits can go back three years from the date the claim was made, but can’t go past Oct. 1, 2007. These audits combine what is called “automated” reviews conducted by software systems, and “complex” reviews, which are conducted by auditing staff. Recent focus areas for the RACs are pharmacy supply and dispensing fees billed by a DME supplier; wheelchair bundling; and urological bundling.

Zone Program Integrity Contractors (ZPIC). This is part of CMS’s Benefit Integrity Audits, and was originally conducted by Program Safeguard Contractors, but has transitioned to the ZPICs. These are proactive, prepayment audits that aim to identify and prevent fraud, waste, and abuse of incoming claims. These very aggressive, specified audits can even result in the ZPIC auditors referring some instances to law enforcement agencies. The ZPICs also maintain a list of providers that require future monitoring based on past history. There are seven ZPIC zones covering all geographies served by Medicare, from Guam to the Virgin Islands and all points in between. The contractors serving the seven ZPIC zones are SafeGuard Services LLC (zones 1 and 7), NCI Inc. (zones 2 and 5), Health Integrity LLC (zone 4) and Cahaba Safeguard Administrators LLC (zones 3 and 6).

The difference before Medicare upped the audit ante with these three types of audits and afterwards has been night and day. Now providers are receiving hundreds to thousands of requests a month for claims documentation, according to Wayne van Halem, CFE, AHFI, president of The van Halem Group LLC, a firm that helps providers respond to and appeal audits.

“We’ve seen anywhere from one or two a week, upwards to thousands over a two- or three-week period,” says van Halem, who at one time was an auditor and national appeals director with Medicare. “It is not uncommon for a provider to be put on 100 percent pre-payment review, or even a 50 percent pre-payment review by ZPIC. Imagine the additional workload associated with you now having to respond hard copy to every single claim that you submit, especially when you think about some larger providers that submit hundreds of claims a day. It’s a huge workload issue because of the volume.”

And an issue felt industry-wide. “We have had some of our existing clients who are undergoing audits and it’s a real difficulty for them,” says Ed Bauer, national sales manager for HME software company Noble House. “It interrupts their cash flow and is very costly to respond.”

There is definitely one truth regarding audits: they’re not going anywhere anytime soon. Given CMS’s emphasis on program integrity, providers must put in place the assets that will help them keep their heads about the audit waters. “It has pretty much become a norm of operations,” says Noble House President Richard Mehan. “Audits are expected and anticipated.”

The Electronic Life Jacket

With the staggering and inescapable threat of audits holding providers’ funding in limbo until they can prove their claims are legitimate, providers must develop ways to respond not only accurately, but quickly, so that they can retain and regain their funding as fast as possible. One of the key tools to help providers make the audit process as smooth and rapid as possible is software. The billing, claims and management systems they have in place often can help providers respond to audits in many ways. Without a doubt, information technology has become a central asset in providers’ audit response strategies, Van Halem says.

“Software plays an important role,” he says. “It’s so hard these days to prevent audits, because [auditors] are doing so many of them, and because a lot of them widespread; they’re not focusing on a particular thing. So it’s really hard to leverage technology to avoid audits. But all these technological advances help your operation run smoother … which makes it easier to respond to an audit when it does occur. Software won’t help providers avoid an audit, but it will help them prepare for, respond to and weather an audit.”

“Having a modern software platform, where you can appropriately get access to the data or deliver the reporting required, and having the people to take the time and that have the expertise to monitor that stuff appropriately is the most important piece to the puzzle,” says Steve Andrews, general manager of customer services for HME software company Brightree LLC.

Billing software houses all documentation electronically which inherently makes responding to audits much easier for HME providers. When audited the provider is made aware of what documentation it needs to provide auditors to demonstrate a claim’s validity and can use its information technology to quickly find that documentation and send it to auditors. And the software system should help provider ensure that it is doing that, Bauer says.

“How do you respond to a request for information? By having the information at the ready,” he explains. “To make sure the T’s are crossed and the I’s are dotted. Through our software, we assure that the documentation will be in place.” In an HME software system, when an order is taken and claim is started, documentation and the requests to referral partners and other parties for necessary documentation should be generated and tracked and managed through the software’s workflow process.

“Having document management be a part of your software plan is extremely important,” Andrews says. “You have to have the ability to not only store the documents in a way that they’re facilitating visibility to what you have not received, but also easy accessibility in the event that you do get audited on an item so that you can quickly prove that you have the item and that it meets all of the criteria.”

So, a key component in an HME software system’s audit features is document imaging, Bauer says. The system must house all the necessary documents in a way that is easy and fast to search to help providers quickly respond to audits.

“With in the proper use of our software, documents are tracked and monitored and imaged, and we are also interfacing with the carriers for proof of delivery, which has also become a critical portion of the audits, as well,” Mehan adds. “It’s another form of documentation to confirm that the patients are being serviced properly. So we’ve responded by automated the process.”

Looking for Patterns

But documentation is only one part of the process. Because of the sheer volume of audits that providers go through, they must also find a way to make sense of all their audited claims. So, reporting and monitoring systems that can help them determine factors such as how many claims are in audit, at what step in the process they are at, how many dollars are outstanding, and which audits need to go to appeal is very important, especially when a provider is dealing with high volumes of audited claims, van Halem explains.

“We know a company that was responding to hundreds and hundreds of requests, and they weren’t tracking it properly in their system,” he recalls. “Several months later they realized that they missed their appeal deadline on 700 and something claims, because it wasn’t being tracked properly in their system. Reporting tools are so underutilized in this industry.”

“It’s important to not only important to respond to audits quickly and accurately, but to continue to monitor your operations as Medicare would,” Andrews says. “So that you are focusing on the correct issues and the appropriate risks. With Brightree, not only do we have canned reports, but we have a robust ad hoc capability for customers to look at their data.”

Andrews and van Halem, who often work together, both note that, reporting tools can help warn HME providers about their exposure to audits through selfauditing. This is especially true considering that much of the auditors’ processes focus on data analysis to find anomalies. The process is called predictive modeling, and is nothing new, van Halem says. It has been used in the financial industry for years to detect fraudulent transactions. So, if the auditing process is automated, why shouldn’t the providers analyze their claims using similar, automated methods?

“Ninety-five percent of Medicare audits result from data analysis,” van Halem explains. “[Auditors] are analyzing the same data that providers send them, so providers should be conducting their own data analysis.”

For instance, an increase in denials puts a provider at audit risk, but if a provider isn’t monitoring that element of their claims processing, then it won’t realize it is at an audit risk. But if it is, then the provider can respond quickly to understand what is causing the spike in denials, correct the issue, and then ensure that it will be in a position to respond to the audits if they come along.

Bearing that in mind, van Halem says it is working with its Atlanta, Ga. neighbor Brightree to develop and apply auditors’ analysis to provider data.

“We’re trying to work with them to implement a program where we develop algorithms — the same algorithms that Medicare looks at — and we highlight the data coming in as a notification to the provider saying, ‘You are an outlier in this particular area and need to be prepared to explain it in case Medicare comes in for an audit,’” he explains.

The process then would be similar to how income tax software gives taxpayers a heads up that they run the risk of audits because of certain portions of their federal or state income tax claims.

“The providers can do that themselves,” van Halem adds. “They can look at their data to see within a product category how often they are billing the highest reimbursed code, or look at modifiers and all of that.”

And if a provider does run into a situation where it can detect that certain claims it is processing are going to run a higher risk of being audited, then it can adjust for that. In fact, some types of claims that could have a higher audit risk can be very simply explained.

“Some of them are very reasonable explanations,” van Halem says. “One common algorithm that Medicare runs is that it looks at a correlation between a referring physician and a provider. For example, when I was an investigator, we ran that regularly and came across an oxygen supplier for which a hundred percent of its referrals came from the same physician practice. It was three physicians at one practice. As a result of that, we audited the provider and found that one physicians of the practice owned the oxygen company. So it was a clear violation of federal self-referral laws and he got in trouble as a result of it.

“On the flip-side of that, we have a client that is being audited and we noticed that a majority of the claims that were being audited were from the same physician,” he continues. “So we looked at our client’s data and determined that about 60 percent of the overall referrals from this physician came from the physician. That’s an enormous amount. It looks strange. But when we looked at it more, we found that the provider only had three referring physicians, because they were located in a very small, rural area. There were only three physicians in town, and the other two physicians made up the remaining 40 percent. But because they looked differently, they were being audited.”

Other key sorts of claims that CMS is monitoring included, power mobility devices, oxygen, diabetic supplies, Group 2 support surfaces, PAP devices, orthotics, beds, enteral nutrition, high-strength lightweight wheelchairs, complex rehab, TENS units and frequently requested re-supplies, Andrews notes. There is a wide variety of types of claims and activities that can generate an equally wide variety of red flags.

“It’s a rich list,” he says. “But after taking a look at why those categories have become targets, it’s because they comprise the higher reimburse codes. Auditors are looking for multiple mobility products being dispensed on the same day; they’re looking for the fact that a provider hasn’t exceeded the maximum allowed amount for certain codes with certain patients; they’re making certain that all of your claims aren’t coming from the same referring NPI; they’re making certain that claims for high-end equipment have the appropriate predecessor products dispensed; … they’re looking for spikes in your overall billing dollars and volumes; they’re appropriately looking on the flip-side for spikes in denials on particular items or dollar categories; and they’re looking to make certain that within your DME that everything you dispense is not for the same exact diagnosis codes.”

The Human Equation

But, while technology is important, there’s a human element to audits that must be involved, as well. Documentation is a subjective process that can’t be entirely addressed with a mouse-click, Andrew says.

“You have to be looking for dates, signatures, and diagnosis ‘story lines’ that get sewn together through multiple documents,” he explains. “So ensuring that you have trained, qualified people that understand the requirements they should be looking for in that documentation is imperative.”

So, the team must be constantly monitoring the company, but using the trends it finds to constantly improve the company’s processes and procedures.

“In this process, the key characteristics that you have to have as an organization, is someone who understands the data, and can perform the analysis against the data,” Andrews says. “Number two, you need to have a process that you can manage throughout your software whereby the individuals are conscious of the Medicare requirements and monitoring for those throughout the process.

“I think you have to have a self audit process in place whereby you identify the trends and anomalies within your own business from a data perspective and appropriately perform self-audits with regularity (my suggestion is monthly),” he continues. “And then making amendments to your process to accommodate any shortfalls you’re finding in the documentation process, so that when you get audited you have the ability to quickly respond to objections from CMS so that it doesn’t impact your cash flow.”

In the end, it’s a marriage of smart tools and smart people.


“Having a software package that helps you ensure that your people can follow a repeatable, predictable process is critical,” Andrews explains. “Then having that document management system that facilitates that collection and storage of that documentation so that it can be easily referenced is kind of the whole pie.”

This article originally appeared in the February 2012 issue of HME Business.

HME Business Podcast