Receive an SIU Records Request? Don’t Panic
Keep calm, know your responsibilities and risks, have a plan, and carry on.
If your physician office receives a request for records from a health plan’s special investigations unit (SIU), your best defense is knowing the options, responsibilities, and duties attached to the request.
Understand the SIU and FWA
The SIU is part of the compliance division of most major insurance companies. Each state has an administrative code generated in the legislature that gives the SIU its marching orders. This administrative code outlines the responsibilities, rights, and duties of the SIU in that state. SIUs are monitored by the U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG). The state inspector general works with the SIU to investigate allegations of fraud, waste, and abuse (FWA).
Fraud is submitting documentation or claims intentionally to gain benefits to which a person or entity is not entitled. Waste is the overutilization of services or other practices that result in unnecessary costs. Abuse is seeking payment for items or services for which there is no legal entitlement). Examples of FWA include:
- Medical identity theft (using another person’s medical identity to obtain healthcare goods, services, or funds not otherwise entitled to)
- Theft of provider identifiers (prescription pads)
- Claims intentionally sent in for a patient using another patient’s identity
- Billing for services, supplies, or tests not medically necessary
- Billing for durable medical equipment items not furnished
- A well visit at the same time as a sick visit, without proper documentation
- Billing for a higher level of service than the documentation supports (upcoding)
- Billing for a power device such as a wheel chair when a manual device is provided
- Procedures or services commonly performed together, but billed separately to generate higher payment (unbundling) by improper use of modifiers
- Anti-kickback statute violations
- Stark Law violations
Methods to detect FWA vary, but the first step in detection is usually a report from a concerned party, self-disclosure from a provider, or a result of data mining. The first two are rare, and often result from possible identity theft or an internal audit. In such cases, an SIU may perform a preliminary investigation and, if appropriate, will refer to the OIG for the state.
Data mining most often is used in retrospective reviews and involves pulling a data report from internal sources to identify areas of concern, trends, or outliers for review. This is usually when a letter is generated requesting records for review.
Respond Properly to a Records Request
If you receive a records request from an SIU, open it immediately and direct it to the appropriate person. This can either be the office manager, the physician, or in larger practices, the manager/supervisor of the medical records department. If someone other than the office manager or physician is responsible for processing record requests, the request should be reviewed with the office manager or physician prior to releasing the records. The reason is the physician is ultimately responsible for what is in the record and should review its contents before it’s sent to the SIU.
Note the Due Date
Don’t ignore the request, assuming it will go away. The consequences of not complying with the request can include recoupment of money, prospective review of future claims, referral to the OIG, and/or removal from the panel of approved providers for the health plan.
Communication is Crucial
If the provider disagrees with the request, has concerns about the request, or has questions, it’s best to reach out to the health plan SIU. This can be done through the provider representative assigned to the doctor by the health plan, or by reaching out directly to the manager of the SIU.
Provide Only the Records Requested
Sending records not included in the request can be a HIPAA violation, and may slow the review process. The request letter will include instructions about submitting the records. The simplest way is to make copies of the requested records and mail them certified, with a return receipt requested. Depending on the number of records requested, you may transfer the records to a CD or external hard drive, sent by certified mail. Be sure to password protect the information, and send the password by separate communication. You may fax records only if the requesting organization provides a secure fax number.
Know Your Rights
Engaging legal counsel is not recommended unless there are concerns about laws or regulations concerning the request. Legal counsel can be brought in if a disagreement over the results occurs, or if there is a conflict over the requirements of the request. Generally, the requests are simple record review requests accompanied by a letter outlining the necessity of the records, the focus of the review, and contact information for questions concerning the request.
Keep in mind that when an individual signs up with an insurance company, that person signs an agreement allowing the insurance company access to their medical records. The only records excluded from this agreement are behavioral health/psychiatric records — but even those records are subject to review under specific circumstances.
SIU Records Requests Frequently Asked Questions
Q. Does a special investigations unit (SIU) records request mean the provider has done something wrong?
A. Not necessarily. It does mean the SIU has identified an area either by data mining, referral, or the Office of Inspector General (OIG) Work Plan.
Q. What is the OIG Work Plan and how does it figure into the SIU reviews?
A. The OIG Work Plan is a document published by the OIG (usually federal) outlining various areas of investigation the OIG will focus on for the coming year; it also lists when different reports are expected to be released, etc. An effective SIU reviews and factors the OIG Work Plan into the fraud, waste, and abuse plan for their unit.
Q. Why is my provider being singled out?
A. Usually, a single provider is not being singled out. Each SIU has an audit plan for the year, these include trends identified the previous year, the OIG Work Plan, and claims that meet a pre-determined threshold for review. If the provider falls within the category, they are subject to review.
The Centers for Medicare & Medicaid Services, Key Message and Tips for Providers: Common Types of Health Care Fraud
Medicare Fraud & Abuse: Prevention, Detection and Reporting:
Evelyn Kim, MBA, CPC, CPMA, CRC, is the manager of the Special Investigations Unit for a Medicaid health plan. She has 15 years of experience in coding, including specialties such as orthopedics, podiatry, radiology, and risk adjustment. She has served as a past president of the San Antonio, Texas, local chapter.