Medicare CERT Audit Defense
Medicare Comprehensive Error Rate Testing (CERT) audits present risks for both providers and carriers. If your company or practice is facing a CERT audit, it is important that you consult with defense counsel promptly.
The U.S. Centers for Medicare and Medicaid Services (CMS) use several means to assess and enforce compliance with the Medicare billing rules and regulations. One of these means is the Comprehensive Error Rate Testing (CERT) audit. While CMS briefly suspended its CERT program in the early stages of the recent pandemic, the program is back in full force, and CMS is using the program to seek recoupments and refunds from both providers and carriers.
Unlike other types of Medicare audits, CERT audits do not necessarily target providers directly (although, as discussed below, providers will often be directly involved). Instead, they can target providers, carriers, or other fiscal intermediaries that administer billings and payments between providers and Medicare. CERT audits can cover Medicare Part A, Part B and durable medical equipment (DME) payments, and they can involve the review of a substantial volume of Medicare billings submitted on behalf of one or more providers.
About the Medicare CERT Audit Program
The Medicare CERT audit program, “measures payment compliance with Medicare [Fee for Service] program federal rules, regulations, and requirements.” However, while the CERT program is a measurement tool, it is also a tool that CMS uses to secure recoupments and refunds for overbilled amounts. Additionally, even though CERT audits most often examine fiscal intermediaries’ billing practices, any alleged billing violations can result in liability for the providers on behalf of whom improper billings were submitted.
Through the Medicare CERT audit program, CMS seeks to identify “improper payments,” and it notes that, “[b]oth overpayments [and] underpayments are considered improper payments.” However, when identifying the types of improper payments targeted in Medicare CERT audits, CMS exclusively lists the following:
- Payments to ineligible recipients
- Payments for ineligible services
- Duplicate payments
- Payments for services not received
- Payments in incorrect amounts
As a result, Medicare CERT audits primarily focus on uncovering overpayments. This means that providers and carriers targeted in these audits must be proactive about defending themselves and disputing any unwarranted recoupment or refund demands.
Responding to a Medicare CERT Audit Letter
Medicare CERT audits begin with the delivery of a letter to the targeted provider or carrier. CMS conducts a limited number of CERT audits annually, with each audit focused on claims submitted from July 1 through June 30 in the period preceding the fiscal year in which the audit is conducted.
Understanding Providers’ and Carriers’ Legal Obligations
Upon receiving notification of a Medicare CERT audit, a provider or carrier has a number of responsibilities. Most significantly, the provider or carrier must provide all documentation requested in the letter to CMS. As CMS’s Sample Part A Initial CERT Letter explains:
“Federal law requires that providers/suppliers submit medical record documentation to support claims for Medicare services upon request. Providers/suppliers are required to send supporting medical records to the CERT program. . . . Providers/suppliers are responsible for obtaining and providing the documentation as identified on the attached Bar Coded Cover Sheet. . . .”
This alone can be a substantial undertaking. It also presents many potential risks. While CERT audits are intended to allow CMS to recover overpayments, improperly billing Medicare can also lead to civil or criminal penalties under the U.S. False Claims Act and other federal laws.
A Medicare CERT audit letter will include a deadline for delivering the relevant documents to CMS. Even if a provider or carrier cannot locate all of the requested documents, “[a] response is still required.” Failing to duly respond to a Medicare CERT audit letter can itself lead to legal issues for providers and carriers; and, as a result, providers and carriers must get to work promptly upon receiving one of these letters from CMS.
Providing Documents and Communicating with CMS During a CERT Audit
When responding to a CERT audit letter, ensuring full compliance with CMS’s request is important. But, equally important, if not more so, is ensuring that the response does not include any documents that the provider or carrier is not required to disclose.
Generally speaking, providing records to CMS or their CERT review contractor during a CERT audit does not raise patient privacy concerns under HIPAA—CMS has made this clear. Instead, the greater risk is that providers or carriers will inadvertently or unknowingly disclose information that exposes them to the potential for additional scrutiny, which could in turn lead to additional recoupment demands, prepayment review, and other penalties from the CERT documentation contractor.
When representing providers, carriers, and other entities during Medicare CERT audits, we work closely with our clients to ensure that they provide the necessary documents – and only the necessary documents – to the CERT contractor from CMS. We also communicate with CMS on behalf of our clients, intervening in the audit process to help ensure that it does not result in unwarranted recoupment or refund demands. While it may be possible to challenge the outcome of a Medicare CERT audit after the fact, it is generally less time-consuming and more cost-effective to present an effective defense during the audit process.
Assessing Risk Before, During, and After a Medicare CERT Audit
Due to the potential negative outcomes of a Medicare CERT audit, it is important for companies and practices that are facing these audits to carefully assess their risk. This includes assessing their risk before, during, and after the audit.
Once an audit letter has been received, it is important for the recipient to promptly conduct an internal Medicare billing compliance assessment. This assessment should be conducted in coordination with outside legal counsel to ensure that it is subject to the attorney-client privilege. The information gathered during this assessment will inform the subsequent steps the company or practice takes in response to CMS’s letter.
Companies and practices should continue to assess their risk during Medicare CERT audits in real time. If the audit uncovers something unexpected, or if the audit reaches a misguided conclusion, this must be identified and addressed promptly. Likewise, once the audit concludes, it will be necessary to assess the audit’s implications—whether this means providing additional training, updating the company’s or practice’s Medicare compliance program, or preparing for a potential Medicare fraud investigation.
FAQs: What Providers and Carriers Need to Know about Medicare CERT Audits
Why is My Company or Practice Being Targeted in a Medicare CERT Audit?
CMS selects providers, carriers, and other entities to target in Medicare CERT audits at random. When conducting these audits, CMS also selects, “a stratified random sample” by claim type—including Medicare Part A; Medicare Part B; and Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS).
Who Conducts a Medicare CERT Audit?
The Centers for Medicare and Medicaid Services (CMS) conduct CERT audits. CMS relies on “medical review professionals” to both (i) review submitted documentation to determine if claims are proper, and (ii) assign improper payment error categories. These medical review professionals include nurses, medical doctors, and certified coders. Even so, it is not uncommon for Medicare CERT audits to result in improper classification of providers’ billings; and, as a result, it is imperative that carriers and providers play an active role in the process.
What Do Health Care Providers Need to Know about Medicare CERT Audits?
Even when a Medicare CERT audit targets a carrier or other fiscal intermediary, it is still important for providers to play a role in the process. Typically, when auditing fiscal intermediaries, Medicare Administrative Contractors will send documentation requests and medical records requests to the providers whose billings are under review. If neither the intermediary nor the provider submits documentation substantiating the claims, then the Medicare claims will be classified as “no documentation”—and deemed improper as a result.
What are the Consequences of Failing to Provide Requested Documentation in Response to a Medicare CERT Audit?
Failure to provide requested documentation in response to a Medicare CERT audit can have immediate financial consequences. In their CERT reports, CMS can state no documentation, insufficient documentation, medical necessity, incorrect coding, and other errors when analyzing your documentation. As CMS’s Sample Part A Initial Letter states, “If the provider/supplier fails to send the requested documentation or contact CMS by [the deadline], the provider’s/supplier’s Medicare contractor will initiate claims adjustments or overpayment recoupment actions for these undocumented services.” It can also raise questions as to why a provider or carrier failed to provide the requested documentation, and this can in turn lead to further inquiry.
When Can a Billing Be Deemed “Improper” During a Medicare CERT Audit?
During Medicare CERT audits, providers’ billings can be deemed “improper” on various grounds. Some of the most common reasons for billing reversals during these audits include: insufficient documentation, lack of medical necessity (or proof of medical necessity), incorrect coding, services provided by someone other than the billing provider, and billed supplies or equipment being ineligible for Medicare reimbursement.
Contact Oberheiden P.C. for More Information
If you have received a Medicare CERT audit letter, we encourage you to contact us promptly for more information. Our federal health care fraud defense lawyers and Medicare compliance consultants work with companies and providers nationwide. For a complimentary initial consultation, call 888-680-1745 or request an appointment online today.