CMS aims to prevent fraud while protecting ‘the good guys'

Medicare is focusing heavily on preventing fraud, but with an eye toward not burdening legitimate clinicians. Learn three things a practice can do to reduce its chances of being audited.

There have been sensational stories in the news media of arrests related to huge fraud schemes in the Medicare program. In a recent briefing, representatives from the Centers for Medicare and Medicare Services (CMS) stated that they want to make things easier on “the good guys” while devising better methods of detecting fraud.

CMS acknowledges that the vast majority of physicians, providers and suppliers are honest and that the agency's policies must take that into account. Unfortunately, that sentiment won't take away the Recovery Audit Contractor (RAC) audits or the other audit programs for physician claims. However, CMS is using two measures to try to alleviate the scrutiny.


The Automated Provider Screening (APS) system was implemented in response to the Affordable Care Act's requirement for the government to begin a regular schedule of Medicare provider revalidations. The revalidations were initially done manually, which turned out to be extremely labor intensive.

In late 2011, CMS moved to using computerized screenings that are tied to numerous national databases, such as those used for Social Security, medical licensing and law enforcement. These automated screenings can be used to striate physicians, providers and suppliers into low-, medium- and high-risk fraud categories.

In addition, CMS has implemented prepayment screenings, which means that all Medicare Part A, Part B fee-for-service, and Part B durable medical equipment claims are screened to detect fraudulent claim activity prior to payment.

CMS believes that the APS system and prepayment screenings will allow it to tailor fraud detection and prevention to meet the actual risks, rather than using tools that sweep entire programs and treat all physicians and providers as if they all pose the same risks.

CMS is launching an RAC prepayment review demonstration in June 2012, bringing more questions from the medical community. The following are ACP members' most frequently asked questions about the RACs.

Q: If our practice is subjected to a Medicare audit, how can I tell which audit program sent the letter?

A: There are four RACs: Diversified Collection Services (Region A), CGI Technologies and Solutions (Region B), Connolly Consulting Associates (Region C) and HealthDataInsights (Region D).

The return address of the envelope will show where it's from. Envelopes from an RAC will have two logos: one from CMS and one from the RAC. In the event that the envelope is discarded after delivery to your practice, the letterhead will also show those same two logos. The body of the letter will tell you the name of the RAC and what is being asked of you. A sample RAC demand letter is viewable online.

Q: Who provides oversight of the RACs?

A: The RACs are under the direction of CMS's Provider Compliance Group Organization, which is the Office of Financial Management.

Q: Are the RACs still paid on contingency?

A: Yes, the recovery auditors are still paid on a contingency basis. CMS pays RAC auditors about 10% of every dollar identified and recouped in perceived overpayments, which totaled about $137 million in the 2009 demonstration project.

Q: Are the audits random or targeted?

A: RAC audits are targeted to find and recover claims overpayments on review issues that CMS has already approved for investigation.

Q: Do physicians review the auditors' work? Do they review the claims?

A: Each RAC is required to have a physician on its full-time staff. However, these positions are sometimes vacant, leaving open the possibility that challenged claims are not reviewed by a physician.

Q: What will be the impact of the RAC prepayment review demo?

A: Up to this point, the RACs have been allowed to focus only on post-payment errors. This will change in the near future, when the RAC prepayment review demonstration launches in June 2012. CMS will authorize certain RACs to perform prepayment audits. ACP is addressing its concerns about the demonstration directly to CMS.

At the same time that the RAC demonstration is starting, prepayment reviews by the Medicare Administrator Contractors (MACs) will begin. CMS officials are trying to prevent the RACs and MACs from hitting overlapping review issues and geographic regions. However, ACP strongly recommends that the agency implement stringent safeguards to prevent overlaps from further burdening physicians.

The RAC demo will run three years, from June 2012 through May 2015. It will focus on categories of claims with high improper payment rates, beginning with short, inpatient hospital stays. It will later branch out to other provider types.

The demos will be in 11 states. CMS has selected the seven states of California, Florida, Illinois, Louisiana, Michigan, New York and Texas because, it says, they are “fraud-prone.” Another four states, Missouri, North Carolina, Ohio and Pennsylvania, were chosen because they have a history of a high volume of short inpatient stays.

The RAC will choose the claims for audit and will tell the MACs to flag those claims. The MACs will then send the demand letters to the providers. The pre- and post-payment medical records are separately calculated, so it is possible that a single facility or practice may be asked for more medical records than the regulations might initially seem to allow.

Q: How can I reduce my chances of being audited?

A: While nothing can completely eliminate the risk, there are key things you can do:

  • Document completely and accurately;
  • Code correctly in both CPT and ICD-9; and
  • Conduct self-audits of your practice to verify your compliance with Medicare program rules.