AAPACN is dedicated to supporting post-acute care nurses provide quality care.

The Long, Long List of Potential Medicare/Medicaid Claims Auditors

Audit and medical review are terms that understandably put a lot of nursing homes on edge. The newsmakers in the Medicare/Medicaid billing arena are the U.S. Department of Justice (DOJ) and the Office of Inspector General (OIG) at the U.S. Department of Health and Human Services (HHS), which lead some significant collaborative efforts.


On the civil side, DOJ and the OIG regularly work with other agencies and law enforcement to coordinate False Claims Act (FCA) lawsuits, accruing more than $2.8 billion in FCA settlements and judgments just in fiscal year (FY) 2018 ending Sept. 30, 2018. It’s fairly common for nursing homes to be targeted in FCA lawsuits. For example, skilled nursing facilities (SNFs), their executives, and even their consultants paid more than $41 million to resolve FCA allegations in FY 2018, mostly related to rehabilitation therapy services that weren’t reasonable, necessary, and skilled, as well as for grossly substandard quality of care. In addition, there were several FY 2018 FCA cases tangentially involving nursing homes (e.g., a company facing FCA allegations related to paying nursing homes kickbacks).


On the criminal side, the now 11 DOJ/OIG-led Medicare Strike Force teams based in high-fraud areas nationwide have charged more than 3,700 defendants who submitted over $14 billion in false Medicare billings since the program’s inception in 2007 under the interagency Health Care Fraud Prevention and Enforcement Action Team (HEAT). In June 2018, the Strike Forces led the nation’s largest-ever healthcare fraud enforcement action (aka Takedown Day), charging more than 600 doctors, nurses, and other licensed medical professionals in fraud cases worth more than $2 billion in false billings.


The Strike Forces partner U.S. Attorney’s Offices, the FBI, and the OIG with other federal and local law enforcement agencies and state Medicaid Fraud Control Units. Using advanced data analysis techniques to find aberrant billing levels, suspicious billing patterns, and emerging schemes, the Strike Forces investigate and prosecute cases involving fraud, waste, and abuse in federal healthcare programs, including Medicare and Medicaid. Thus far, nursing homes haven’t been a significant target of the Strike Forces. In FY 2018, Strike Force teams brought only one case indirectly involving nursing homes.


The Center for Program Integrity (CPI) runs point on healthcare fraud, waste, and abuse at the Centers for Medicare & Medicaid Services (CMS). These efforts start with a focus on improper billing and move all the way up to outright fraud and abuse, including working with the DOJ/OIG civil and criminal teams. Here are the key CMS contractors that could send nursing homes an additional documentation request (ADR) letter related to Medicare or Medicaid claims.


Medicare Administrative Contractors (MACs)


MACs are private health insurers that contract with CMS to process Medicare Part A and Part B (A/B) medical claims or durable medical equipment (DME) claims for traditional Medicare fee-for-service (FFS) beneficiaries in multi-state regions, according to the CMS What Is a MAC? page. Currently, there are 12 A/B MACs. Most SNFs can find their MAC by clicking on their state on the Review Contractor Directory—Interactive Map because providers are generally assigned to the MAC that covers the state where they are located. However, what’s called a qualified chain home office can request that its SNFs be handled by the MAC for the home office’s state. For more information, see the CMS Provider Assignment page.


CMS describes MACs as “the hub of the Medicare FFS program” because they have ties to multiple program components, ranging from the quality improvement organizations (QIOs) and the CMS regional offices to the other program integrity contractors. In addition to processing claims and performing related activities (e.g., dealing with cost reports, educating providers, etc.), MACs conduct both prepayment and postpayment medical reviews. Note: See “Did You Know? Learn Which Medicare Contractor Does What” at the end of this article for a summary of the types of reviews conducted by each Medicare auditor.


On Oct. 1, 2017, the CPI and the MACs implemented a national streamlined medical review process called Targeted Probe and Educate (TPE). These MAC reviews only target providers “who have historically high claim denial rates, who have billing practices that vary from their peers, or when evidence suggests that there is a potential risk to the Medicare Trust Fund,” says the Provider Selection subsection of Section 3.2.5, Targeted Probe and Educate (TPE), in Chapter 3, “Verifying Potential Errors and Taking Corrective Actions,” of the Medicare Program Integrity Manual.


The Overview subsection of Section 3.2.5 explains the basics of the TPE process:


“The purpose of Targeted Probe and Educate (TPE) is to decrease provider burden, reduce appeals, and improve the medical review/education process. … TPE reviews can be either prepayment or postpayment and involve MACs focusing on specific providers/suppliers that bill a particular item or service. A round of TPE typically involves the review of 20 – 40 claims, per provider/supplier, per service/item, and corresponding education. In rare circumstances, CMS may approve a probe sample of other than 20 – 40 claims. This process is repeated for up to three rounds. MACs discontinue the process if/when providers/suppliers become compliant. Providers/suppliers who remain non-compliant after three rounds of TPE are referred to CMS for further action.”


A key feature of TPE is individualized education. This can occur during a round of TPE for easily curable errors (e.g., missing documentation and missing signatures), and it also occurs post-probe. “At the conclusion of each round of 20 – 40 reviews, providers/suppliers will be sent a letter detailing the results of the reviews and offering a 1-on-1 education session. … During a … 1-on-1 education session (usually held via teleconference or webinar), the MAC provider outreach and education staff will walk through any errors in the provider/supplier’s 20 – 40 reviewed claims. Providers/suppliers will have the opportunity to ask questions regarding their claims and the CMS policies that apply to the item/service that was reviewed,” explain Q&As 7 – 8 in the Targeted Probe and Educate Q&As.


MACs can remove providers from TPE for the particular item/service under review after any round if the MAC decides the provider shows low error rates or sufficient improvement in error rates. The MACs use data analysis to monitor TPE-discontinued providers and will conduct a follow-up review in one year—or earlier if the data analysis indicates billing pattern changes or other risks. In addition, MACs that suspect fraud will refer those providers to the UPIC at any time during the TPE process. Note: For additional information about the potential for multiple TPE probes, see Q&A 16 in the Targeted Probe and Educate Q&As.


For additional information about TPE and other MAC activities, review the following resources:


·         The CMS TPE webpage.

·         The CMS TPE information sheet.

·         The CMS TPE video.

·         Exhibit 46.1, MAC Unified Postpayment ADR Sample Letter, in the “Exhibits” section of the Medicare Program Integrity Manual. Note: MACs also give providers written notice of provider-specific prepayment reviews. Once that written notice is given, ADRs for suspended claims are issued via the Fiscal Intermediary Shared System (FISS) Direct Data Entry (DDE) application.

·         The Medical Review section of each MAC website often has valuable information about TPE, ADRs, review topics, etc.


Note: This coming July, providers may see some relief in the never-ending quest to identify and appropriately route audit notification letters to the correct staff. CMS has mandated that many contractors be able to deliver the electronic version of the ADR letter, aka the Electronic Medical Documentation Request (eMDR), via the Electronic Submission of Medical Documentation (esMD) system. This mandate will apply to both prepayment and postpayment ADR letters for affected contractors. For more information, see transmittal 2195.


Recovery Auditors


The congressionally mandated Medicare FFS Recovery Audit program uses Recovery Auditors, formerly known as Recovery Audit Contractors (RACs), to identify past improper payments. There are five Recovery Auditors. The Region 1 – 4 Recovery Auditors conduct targeted postpayment reviews of both Part A and Part B claims. The Region 5 Recovery Auditor reviews DME, home health, and hospice claims nationwide. SNFs can find their Recovery Auditor by clicking on their state on the Review Contractor Directory—Interactive Map.


Subsection C in Section 1.3.1, Types of Contractors, in Chapter 1, “Medicare Improper Payments: Measuring, Correcting, and Preventing Overpayments and Underpayments,” of the Medicare Program Integrity Manual explains why Recovery Auditors are needed:


“Although CMS, through the MACs, ha[s] undertaken actions to prevent future improper payments, it is difficult to prevent all improper payments, considering that the Medicare FFS program processes more than 1 billion claims each year. The CMS uses the Recovery Audit program to detect and correct improper payments in the Medicare FFS program and provide information to CMS and review contractors that could help protect the Medicare Trust Funds by preventing future improper payments.”


While each Recovery Auditor has always been required to publicly post its CMS-approved audit issues, in 2018 CMS also developed centralized databases of Approved RAC Topics and Proposed RAC Topics. The December 2018 Medicare Fee-for-Service Recovery Audit Program Additional Documentation Limits for Medicare Institutional Providers (i.e. Facilities) explains how Recovery Auditors calculate each provider’s baseline annual ADR limit and ADR cycle limit (i.e., the maximum number of claims that can be included in a single 45-day ADR cycle). It also discusses when and how each provider’s adjusted ADR limit is calculated, as well as the different look-back period limits for audits that apply when a Recovery Auditor decides to use the adjusted ADR limit vs. the baseline annual ADR limit.


Recovery Auditors have a strong working relationship with the MACs. When Recovery Auditors identify improper payments, MACs adjust the claims, recoup overpayments, and return underpayments. In addition, the MACs conduct systematic, ongoing analysis of the claims and data from the Recovery Auditors, as well as from the CERT program and other sources, to develop their own intervention efforts (e.g., prepayment reviews) that are focused on the most significant errors.


Note: Recovery Auditors, MACs, CERT, UPICs, and the SMRC all refer quality-of-care issues to the relevant quality improvement organization (QIO), state licensing/survey and certification agency, or other appropriate entity.


For additional information about the RACs, review the following resources:


·         Chapter 3, “Verifying Potential Errors and Taking Corrective Actions,” of the Medicare Program Integrity Manual, which provides information about Recovery Audit operations. Also see the current statement of work for Region 1 – 4 contractors.

·         The CMS Medicare Fee-for-Service Recovery Audit page.

·         Exhibit 46.3, Recovery Auditor Unified Postpayment ADR Sample Letter, in the “Exhibits” section of the Medicare Program Integrity Manual.


Supplemental Medical Review Contractor (SMRC)


In February 2018, the CPI contracted with the DME MAC Noridian Healthcare Solutions to serve as the nationwide SMRC. The goal of the SMRC is two-fold. First, the SMRC works to reduce Medicare improper payment rates by conducting medical reviews, as well as by doing research and data analysis (e.g., profiling of providers, services, or beneficiary utilization) to identify provider noncompliance. Second, the SMRC also is charged with developing ways to make Medicare and Medicaid medical review more efficient, according to CMS’s SMRC webpage.


Having a centralized medical review (MR) resource that can perform large-volume MR nationally allows for a timely and consistent execution of MR review, activities and decisions,” explains Subsection D of Section 1.3.1, Types of Contractors, in Chapter 1, “Medicare Improper Payments: Measuring, Correcting, and Preventing Overpayments and Underpayments,” of the Medicare Program Integrity Manual.


Using topics and timeframes determined by CPI, the SMRC performs service-specific medical reviews of Part A, Part B, and DME claims to determine compliance with coverage, coding, payment, and billing requirements. “Such reviews are assigned through CMS formal notifications and focus on analysis of national claims data issues identified by federal agencies, such as the Office of Inspector General (OIG), Government Accountability Office (GAO), CMS internal data analysis, the Comprehensive Error Rate Testing (CERT) program, and professional organizations, and/or analysis reports such as First-Look Analysis Tool for Hospital Outlier Monitoring (FATHOM) report, and Program for Evaluating Payment Patterns Electronic Report (PEPPER),” explains the Noridian Healthcare Solutions SMRC website.


For additional information about the role of the SMRC, see the following resources:


·         Chapter 3, “Verifying Potential Errors and Taking Corrective Actions,” of the Medicare Program Integrity Manual explains the basic medical review rules that the SMRC must follow.

·         Exhibit 46.5, SMRC Unified Postpayment ADR Sample Letter, in the “Exhibits” section of the Medicare Program Integrity Manual.

·         The Noridian Healthcare Solutions SMRC website has multiple resources, including information on: how to respond to ADRs; current and past review projects; and how to request discussion-and-education sessions when providers disagree with findings. The site also provides multiple customer service contact points, as well as a set of program FAQs.


Unified Program Integrity Contractors (UPICs)


The UPICs may be slightly confusing because parts of the Medicare Program Integrity Manual and some MLN Matters articles still refer to their now-gone predecessors, including the Zone Program Integrity Contractors (ZPICs), the Program Safeguard Contractors (PSCs), and the Medicaid Integrity Contractors (MICs). UPICs are CMS contractors that conduct data analysis, investigations, and audits across both the Medicare and Medicaid programs. These organizations proactively detect, prevent, and deter fraud, waste, and abuse.


CMS made the transition to this more centralized system to consolidate investigative resources and efforts. Specifically, UPIC activities relate to Medicare Part A, Medicare Part B, DME, home health and hospice, Medicaid, and the Medicare-Medicaid data match program (i.e., a program to generate leads for fraud and abuse investigations by matching Medicare and Medicaid data at the provider and beneficiary level). Like MACs, UPICs conduct prepayment and postpayment medical reviews. However, their prepayment reviews are limited to medical record reviews.


Currently, three UPICs—Qlarant Integrity Solutions (formerly Health Integrity); SafeGuard Services, including its subcontractor IntegriGuard; and AdvanceMed—handle five geographic jurisdictions across the United States: West, Southwest, Midwest, Southeast, and Northeast. Providers can find their UPIC by clicking on their state on the Review Contractor Directory—Interactive Map.


The UPICs, operating under the umbrella of the CPI, go where fraud allegations and leads take them, working with everyone from the MACs, CMS, and the OIG to state Medicaid agencies, Medicaid Fraud Control Units, and law enforcement, including the FBI. “[C]ases typically get referred from the MACs resulting from beneficiary/provider and whistleblower complaints. Cases may also be referred from the OIG Hotline and CMS Fraud Alerts,” explains UPIC SafeGuard Services in one of nine frequently asked questions about UPIC activities. In addition, MACs, the CERT contractor, the SMRC, and Recovery Auditors will refer to the appropriate UPIC when medical reviews identify potential fraud.


Note: MACs, RACs, the SMRC, and UPICs all can choose to conduct postpayment review onsite at the provider’s location.


For more information about UPICs, see the following resources:

·         Chapter 4, “Program Integrity,” of the Medicare Program Integrity Manual, including Section 4.2.1, Examples of Medicare Fraud; Section 4.2.2, Unified Program Integrity Contractor, which provides a detailed summary of what UPICs do; and Section 4.7.1, Investigations.

·         The UPIC page at the DME MAC Noridian Healthcare Solutions summarizes information from Chapter 4 with a handy review of UPIC Functions and Non-UPIC Functions.

·         Exhibit 45, ZPIC Prepayment and Postpayment Notification Letter, in the “Exhibits” section of the Medicare Program Integrity Manual. Note: CMS hasn’t yet updated the letter using UPIC terminology.

·         Chapter 1, “Medicaid Integrity Program (MIP),” of the Medicaid Program Integrity Manual, including Section 1.2, Background, which describes the primary activities of the UPICs related to Medicaid.

·         Chapter 2, “Exhibits,” of the Medicaid Program Integrity Manual, including Exhibit 2, Sample desk or Field Audit Notification Letter.


Comprehensive Error Rate Testing (CERT) program

Every year, the CERT program publishes a national Medicare FFS improper payment rate in the HHS Agency Financial Report, as well as providing more detailed information in the annual Medicare FFS Improper Payments Report, according to the CMS CERT site.


Section 12.3, The Comprehensive Error Rate Testing (CERT) Program, in Chapter 12, “The Comprehensive Error Rate Testing Program,” of the Medicare Program Integrity Manual explains how this rate is produced:


“[T]he CERT review contractor evaluates a random sample of Medicare FFS claims to determine if they were paid properly under Medicare coverage, coding, and billing rules. If these criteria are not met, the claim is counted as either a total or a partial improper payment, depending on the category of error at issue. The CERT program considers any claim that was paid when it should have been denied or that should have been paid at another amount (including both overpayments and underpayments) to be an improper payment. The findings can be projected to the entire universe of Medicare FFS claims because the CERT program ensures a statistically valid random sample. Therefore, the improper payment rate calculated from this sample is considered to be reflective of all of the paid claims in the Medicare FFS program during the year.”


There are two CERT contractors: a review contractor that does the medical reviews and a statistical contractor that calculates the improper payment rate. The current CERT review contractor is AdvanceMed, which maintains the CERT public website. This website provides detailed information about what each contractor type does, how to submit ADR documentation, the initial ADR schedule and contact information, how to submit disaster attestation letters, sample initial and follow-up ADR letters, and additional resources.


Note: Medicaid has its own version of the CERT program: the Payment Error Rate Measurement (PERM) program. PERM uses a 17-state rotation cycle so that each state is reviewed every three years.



Did you know? Learn which Medicare contractor does what




Contractor Type

Medical Record Review

Non-Medical Record Review

Automated Reviews

Medical Record Review

Non-Medical Record Review































Most of the claim review activities completed for the purpose of identifying inappropriate billing and avoiding improper payments are divided into three distinct types: Medical Record Review, Non-Medical Record Review, and Automated Review. The chart below indicates which contractors perform which types of review:


Source: Adapted from Section 3.3.1, Types of Review: Medical Record Review, Non-Medical Record Review, and Automated Review, in Chapter 3, “Verifying Potential Errors and Taking Corrective Actions,” of the Medicare Program Integrity Manual. This section also provides information about how each of these reviews is conducted by each relevant contractor type.


For permission to use or reproduce this article in full or in part, please complete a permissions form.

Meet the volunteers who review LTC Leader articles and FAQ content. They represent the best and brightest minds in LTC, and we thank them.


Copy link
Powered by Social Snap