CBRs show individual providers how their billing patterns for various codes and procedures compare to state averages and the national average for providers within the same field (i.e. physical therapists, chiropractors, etc.). These comparative studies are designed to help providers review their coding and billing practices and utilization patterns with an eye on taking proactive compliance measures. CMS has stated that “the CBR is not intended to be punitive or sent as an indication of fraud. Rather, it is intended to be a proactive statement that will help the provider identify potential errors in their billing practice.” Still, CBRs also may reveal issues that leave providers vulnerable to future audit activity (or put them on notice of overpayments).

CBRs Reveal Billing Outliers

In the past, CMS has issued similar billing reports, such as the Program for Evaluating Payment Patterns Electronic Report (PEPPER) targeting inpatient hospitals. PEPPER focuses on several inpatient risk areas, compiling data used by hospitals to compare their billing practices with those of other hospitals across the nation. Although not currently available to hospitals, CBRs are much like PEPPER in that they provide comparative data to assist providers in visualizing underpayments and overpayments as part of an effort to reveal billing outliers.

CMS awarded Safeguard Services LLC the contract for producing CBRs, awarding Livanta LLC the contract for distributing the reports. CMS has recommended that CBRs be sent out to select provider types that bill for certain services identified as vulnerabilities in the Medicare program.
The first CBRs were sent out in August 2010 to physical therapists, who were chosen due to an identified vulnerability in their billing practices: the use of the “KX” HCPCS modifier, which is a billing requirement used to show that a beneficiary has exceeded the therapy cap but requires additional medically necessary physical therapy services.

CBR Expansion Program

Since then CMS has expanded the number of provider types slated to receive CBRs. The provider types that thus far have been tabbed to receive the reports include chiropractors, ambulance services, hospice, podiatry, sleep studies and spinal orthotics, each having its own vulnerabilities identified by CMS.


A maximum of 5,000 providers in each provider class will be selected to receive CBRs. Medicare updates the data twice a year, so the reports cover one of two dates-of-service time frames: January through June or July through December. Due to CBRs being based on dates of service, the reports typically are not available for at least three months, allowing time for claims to be finalized.

CBRs are not available to anyone but the provider who receives them. The reports do not include patient or case-specific data, only summary billing information, this being a method of ensuring privacy. The providers receiving the reports are directed to use the summary billing information as a tool to help them comply with Medicare billing rules and correct any current billing errors that could lead to future audits.

Likely Audit Candidates

Providers receiving CBRs may wonder what these data reports mean in the context of future audits. CBR data analysis involves the same data-mining tools used by Medicare contractors to identify candidates for audit. Also, in our experience the vulnerabilities identified in the CBRs tend to be the same as those identified by CMS contractors who select providers for audit. Thus, providers who are identified as outliers in CBRs likely will be subject to audits.


Providers can determine whether they have been identified as outliers compared to their peers by reviewing the graphical illustrations included in the CBRs. Providers whose specialty has been identified but have not yet received a CBR may want to view a sample CBR (which can be found on Safeguard’s website) so they will understand the information in the report should it arrive.


CBRs: Next Steps

Upon receiving a CBR, it is vital that providers evaluate the information within and consider conducting an attorney-client privileged internal compliance audit to determine whether any differences in billing patterns are attributable to billing errors or can be explained in other manners  (i.e. a difference in patient population).

Providers also should develop compliance policies to address any identified risk areas. Recipients of a CBR and provider types that have been tabbed to receive the reports should consider contacting a health law attorney to discuss CBR analysis and development of an appropriate compliance plan that will reduce audit risks going forward.

About the Authors

Amy K. Fehn is a partner at Wachler & Associates, P.C.  Ms. Fehn is a former registered nurse who has been counseling healthcare providers for the past eleven years on regulatory and compliance matters and frequently defends providers in RAC and other Medicare audits.

Jennifer Colagiovanni is an attorney at Wachler & Associates, P.C.  Ms. Colagiovanni graduated with Distinction from the University of Michigan and Cum Laude from Wayne State University Law School.  Upon graduation, Ms. Colagiovanni was nominated to the Order of the Coif. Ms. Colagiovanni devotes a substantial portion of her practice to defending Medicare and other third party payer audits on behalf of providers and suppliers.  She is a member of the State Bar of Michigan Health Care Law Section.


Contact the Authors

Share This Article