Lessons Learned: Medicare Audit Survival
The author was business office manager of a large, single-specialty group in South Florida from 1999 to 2008. The practice underwent an OIG audit during that time. Here, she shares some lessons learned from that experience.
Receiving a registered letter with the return address “Office of the Inspector General” (OIG) is a shock that makes your blood run cold. It means: AUDIT!
I was the business office manager of a large, single-specialty group in South Florida when a letter from the OIG arrived. To say the practice was caught off-guard is an understatement. We knew we had a few weak spots, but we were working diligently to bring all coding and billing protocols into compliance.
Being a south Florida practice, several circumstantial factors may have contributed to the OIG’s decision to select us for audit:
- Although the recent population explosion in Florida has slowed, 17 percent of the state’s population is Medicare beneficiaries. As baby boomers (those born between 1946 and 1964) begin to retire, Florida will once again see an influx of Medicare-eligible individuals relocating to escape colder climates. The OIG and the Centers for Medicare & Medicaid Services (CMS) are aware targeting Florida providers under the False Claims Act (FCA) is a lucrative source of revenue that could increase exponentially in coming years.
- The Department of Health and Human Services (HHS) has established the Medicare Fraud Strike Force (MFSF) in southwest Florida, specifically to identify fraud and abuse in a geographic area long considered a hotbed of Medicare fraud and abuse.
- Recovery Audit Contractors (RACs) were initiated in three states: Florida, California, and New York in 2008. They can go over paid claims as far back as four years and receive a percentage of overpayments. CMS is expanding RACs nationwide in by the end of 2010.
For 17 months after the initial notice, there was no further communication from the OIG until a request arrived for documentation on 200 patients’ services, totaling 481 procedures performed between 1996 and 1998.
Unless you have tried to find all patients’ visit documentation for the past five years, you can’t appreciate the situation’s intensity. Lesson learned: Modern technology has vastly improved a practice’s ability to retain all the necessary support through scanned documents, touch screens, integrated scheduling, voice recognition, electronic storage, etc. If you can afford it, my advice for your practice is to employ modern health record technology for easy retrieval of patient documentation.
Fraud is well known as intentionally billing Medicare for never performed services or billing phantom patients. The lesser of known fraudulent abuse is inadvertently using inappropriate billing and coding practices. Another lesson learned: In any audit, regardless of practice specialty or geographic location, there are common areas of risk, including:
Over-reporting one procedure code
If there are an unusual number of patients receiving a service, question it.
Inconsistent coding among partners in a group
As a coder, you can identify if one partner always indicates a Level 5 evaluation and management (E/M) service. Possibly, that physician does see the most difficult cases; however, it’s a red flag to be questioned.
Billing new patients
Coding the highest-level code for a consult or new patient is not always warranted. Be sure you have all the criteria and documentation to support the visit coded.
Upcoding or downcoding E/M visits
Always code the appropriate level that the visit’s documentation supports. In 2007, OIG surveillance of E/M billing in Illinois alone yielded $32 million in collections from physicians for upcoding E/M visits. On the other hand, downcoding is not a safeguard against an audit.
Using improper modifiers
Know and properly apply all modifiers. Remember, some modifiers bypass Medicare edits and allow claim payments even if they are not in compliance. Use a modifier only when appropriate and the documentation can support its use. Overuse is a certain red flag to CMS.
For example, if multiple biopsies are taken on the same breast through different sites, modifier 59 Distinct procedural service would be appended to the second and all subsequent units of 19103 Biopsy of breast; percutaneous, automated vacuum assisted or rotating biopsy device, using imaging guidance to identify the biopsies as taking place at separate locations.
You may not use modifier 59 to bill multiple units for multiple locations in every case, however. For instance, modifier 59 is not appropriate with 70540 Magnetic resonance (eg, proton) imaging, orbit, face, and/or neck; without contrast material(s) if two or three areas are evaluated. The code is inclusive of all three areas, even if the referrer is interested in evaluating only one of the areas.
Service or diagnosis coding is not supported by the order
If a pelvis MRI is ordered, and your report documents a chest MRI, you cannot bill Medicare or the beneficiary for the pelvis MRI.
There are several unbundling variations. One is separately billing for a supply or service covered by or bundled into one CPT® code. Another form of unbundling would be spacing out services normally completed at a single visit.
For example, the service described by 72270 Myelography, 2 or more regions (eg, lumbar/thoracic, cervical/thoracic, lumbar/cervical, lumbar/thoracic/cervical), radiological supervision and interpretation should not be billed as 72255 Myelography, thoracic, radiological supervision and interpretation and 72265 Myelography, lumbosacral, radiological supervision and interpretation. Because the services described separately by 72255 and 72265 are included in the service described by 72270. Unbundling occurs if you report the component services separately on the same claim.
Using terms like probably, rule out, and perhaps
Under an audit, these terms generally don’t stand up as a diagnosis. Instead, code the patient’s presenting signs and symptoms, the diagnosis as verified by testing, or an appropriate V code.
Referring practices can prompt audits
If a practice to which you refer is audited, there is an excellent possibility that your practice will be contacted by the OIG to provide proof of the ordered service, as should be documented in your patient chart. Any apparent vulnerability in your records could alert the OIG to potentially fraudulent activity in your own practice.
For instance, in our attempt to gather supporting information from our referrers, it wasn’t unusual for a practice to tell us they had no documentation in their patient record for the office visit, or the order. In some cases, they couldn’t even locate the chart from five years ago.
Get Through an Audit Successfully
Comprehensive, legible notes; appropriate signatures; copies of prescriptions; accurately filled-in Advanced Beneficiary Notices (ABNs); and completed history sheets, are just a few of the resources you will need to determine accurate CPT® and ICD-9-CM codes, as well as support your claims when audited. In short: documentation is crucial.
A minimum of once a year, compare all pre-printed procedure and diagnosis codes on charge slips and cheat sheets to the national coverage determinations (NCDs) and local coverage determinations (LCDs) circulated by CMS to ensure they reflect the latest changes. Update computer software annually to include new CPT® and ICD-9-CM codes, and to delete old codes.
After you’ve updated everything, how do you ensure that everyone in your practice is on the same page when it concerns documentation and compliance?
If the practice does not have coding and billing policies in place, suggest their creation and implementation to the practice administrator or office manager. If the practice does have policies, review them to ensure they are current. In any audit, the first thing you’ll be asked for is your internal policy manual.
The critical requirements of any compliance plan that an auditor will look for are:
- All services must be clearly and appropriately documented
- Employees shall not present any billing claim the employee knows to be false, fictitious, or fraudulent
- Ongoing audits and reviews will be conducted to ensure accurate and appropriate bills are submitted to Medicare, Medicaid, and other payers
- Employees will seek to ensure, to the best of their knowledge, compliance with federal, state, and local requirements
- Maintain a conduit to encourage open communication to facilitate reporting of suspected violations and areas of concern
- Response to identified offenses, to include disciplinary action if appropriate and steps to prevent further similar offenses
When our audit was finally over and filed with the OIG, the practice paid a settlement in excess of $2 million, and was placed under a five-year Corporate Integrity Agreement.
Although not levied in our case, additional penalties can include exclusion from the Medicare program. Exclusion from federal health care programs effectively ends employment chances in any health care environment because any entity that receives federal dollars as payment for medical services cannot employ in any capacity an excluded individual. The current OIG Exclusions List includes not only physicians, but nurses, accountants, administrators, owners, and clerical staff members (eg, coders).
Often, the overall attitude of coders and other clerical staff is, “The problem doesn’t involve me,” and/or “An audit will never happen to my practice.” Such confidence is unwarranted. Everyone in a practice is responsible for ensuring compliance. If you are in any way involved in billing and/or coding medical services for a Medicare beneficiary, an audit can have personal ramifications for you. And, as I have learned, no practice is exempt from scrutiny.