In a June 19 article I wrote for RACmonitor titled “Four Myths about IPPS Best Practices – And Why You Shouldn’t Believe Them,” I noted that one of the most common misconceptions in our industry is that there will be no more audits until April 1, 2015 at the earliest – or, as some are even thinking, that audits are gone for good.

This certainly is not the case, as Medicare Administrative Contractors (MACs) have been keeping more than busy with their probe-and-educate audits, which have produced an average denial rate of approximately 65 percent.

But probe-and-educate audits are merely the tip of the iceberg. Regardless of whether the Medicare Recovery Auditors (RACs) come back in full force or as a new-and-improved version of their current makeup, hospitals need to keep a close eye out for a number of other auditors that have been cruising below the radar and conducting their audits without delays.

This article will address some of the lesser-known auditors operating in today’s healthcare landscape and where they are going to focus their efforts.

RAC Activity Associated with Outpatient Claims

The RACs may have slowed (albeit temporarily) their activities in inpatient short stay review as well as scrutiny of claims related to critical access hospitals for admission dates after Oct. 1, 2013, but there are still many Centers for Medicare & Medicaid Services (CMS)-approved issues related to outpatient claims for which the RACs are free to continue auditing. 

One of the hottest topics among all RACs in the last year has been the auditing of outpatient therapy claims above the $3,700 threshold. CMS has given the green light for all RACs to not only audit outpatient hospital claims with values greater than that figure, but also claims from comprehensive outpatient rehabilitation facilities, outpatient rehabilitation facilities, and home health and skilled nursing facilities (SNFs).

Following a 2012 audit by the U.S. Department of Health and Human Services Office of Inspector General (HHS OIG), CMS and its contractors started paying close attention to SNF claims, and in particular higher-paying resource utilization groups (RUGs). Basically, the OIG believes a pattern exists in which SNFs place patients into higher-therapy RUGS for greater reimbursement. CMS has permitted RACs to review SNF coding validation for claims, SNF medical necessity of claims, as well as manual medical components of outpatient hospital claims that surpass the $3,700 threshold.

On April 1, 2014, Congress extended the therapy caps exception process and related manual medical review (MMR) process for outpatient therapy claims through March 31, 2015. Although CMS currently has paused the review of MMRs, beginning immediately, facilities should be prepared to respond to additional development requests (ADRs) for all therapy services furnished beyond the $3,700 threshold, because the “pause” began in February. CMS has indicted that it expects RACs to conduct post-payment review on these claims once the MMRs resume. 

Other more recent and widely approved audit issues among the RACs include review of critical access hospital and outpatient hospital claims for blepharoplasty procedures and intensity-modulated radiation therapy (IMRT) procedures; outpatient hospital claims for cataract surgery; administration of Herceptin and Rituximab; inappropriate use of modifier 74; drug and biological administration in excessive frequency; drug and biological administration in excess of prescribed duration; polysomnography procedures billed with incorrect diagnosis codes; and cardiac rehabilitation. 

Sticking with the Plan

In December 2006, the Tax Relief and Health Care Act of 2006 was enacted, with Section 302(a) establishing a permanent Medicare RAC program. A new paragraph was added to section 1893 of the act, requiring the establishment of a national RAC program for Medicare Part A and Part B. The national Medicare Fee-For-Service (FFS) Recovery Auditor program was established on Jan. 1, 2010.

Section 6411(b) of the Patient Protection and Affordable Care Act amended section 1893(h)(1) of the act by requiring the establishment of RAC programs for Medicare Parts C and D as well.

CMS expects to award contacts to Part C RACs by the end of the 2014 fiscal year, and the agency likely will require several months for implementation. In the meantime, health plans are performing internal audits, often subcontracting them out to RAC-like entities such as HDI.

Blue Cross Blue Shield (BCBS) contracts with HDI to conduct its audits in a number of states, including Florida, Idaho, and Michigan. BCBS of Ohio is beginning to start the audit process, so it is possible that it could contract with HDI to perform these audits as well.

Medicaid RACs

Following the success of the Medicare RAC program, CMS added a Medicaid RAC program as part of health reform regulations passed in 2010. CMS received such a high volume of responses to the proposed rule that it delayed the deadline for states to start their own programs.

The final rule for the Medicaid RAC program was issued in September 2011, but it allowed states to request extensions. Some states took advantage of this option, and to date there are still a handful of states that have not even taken the initial steps in developing a Medicaid RAC program. For this reason, states are at many different stages of initiation and implementation of their respective programs.

Vermont, for example, is one of the few states that doesn’t currently maintain a contract signed with a RAC. Other states, such as California, have assigned a RAC to perform their audits but are only in the first phase of data analysis and have not yet sent the first round of determination letters.

Still other states have started reviewing cases but have kept the scope of audits and reviews extremely limited. Missouri, for example, has limited the Medicaid RAC audits to claims associated with pharmacy services, durable medical equipment (DME), and behavioral health. Alaska has a fully operational Medicaid RAC program, although it is very conservative in what it chooses to review, and as a result it maintains a low audit volume.


On the other end of the spectrum, Iowa, Kentucky, Michigan, Minnesota, and Wisconsin, among other states, already have been through multiple rounds of audits and the subsequent appeals processes. The highest volumes of denials come out of Iowa, Maine, Minnesota, and North Carolina. It is important to note that these Medicaid RAC contracts are time-based. For example, the RAC contract for Ohio, one of the first states to have full Medicaid RAC implementation, has already expired. CGI operated as Ohio’s original Medicaid RAC and the contract term ended without renewal in June 2013. A new Ohio Medicaid RAC contract has not been signed, although one is pending before the state legislature. Similarly, in Arizona a Medicaid RAC program was implemented, but the state had difficulty executing the program, and as a result audits have not occurred in a while.

Health Management Systems has emerged as the Medicaid RAC with the most jurisdictions. Currently, it is performing Medicaid audits for more than 30 states. To put it simply, if you are not currently residing in a state in which Medicaid RAC audits are being conducted, you soon will be.

Supplemental Medical Review Contractors

When CMS added yet another review contractor to the mix – the Supplemental Medical Review Contractor (SMRC) – in late 2013, it wasn’t quite clear why another layer was needed in an already overburdened and complex auditing framework.

CMS contracted with StrategicHealthSolutions LLC, tasking the company with lowering improper payment rates and increasing efficiencies of the medical review functions of the Medicare and Medicaid programs. These nationwide medical reviews, as directed by CMS, will be performed on Part A, Part B, and DME providers and suppliers, focusing on medical records and documents that will help them determine whether Medicare claims were billed in compliance with coverage, coding, payment, and billing guidelines. The focus of the reviews may include vulnerabilities identified by CMS internal data analysis, the Comprehensive Error Rate Testing (CERT) program, professional organizations, and federal oversight agencies.

According to StrategicHealthSolutions’ website, some hot topics and areas of audit interest include: home health agency claim review of face-to-face encounter documentation; review of polysomnography services; review of ultra-high intensity RUGs (IV codes billed with dates of service from Oct. 1, 2011 to Sept. 30, 2012 for SNF claims); diabetic testing strips; review of full vial Herceptin administration claims to identify overpayments based on wastage; and claims for mechanical ventilation services totaling less than 96 hours.

Finally, Look Out for the UPICs!

Last year, CMS announced that it would consolidate a number of the functions currently performed by several contractors conducting audits and investigations across Medicare and Medicaid with the formation of the Unified Program Integrity Contractors (UPICs).

The scope of the UPICs will encompass functions currently performed by Zone Program Integrity Contractors (ZPICs), Program Safeguard Contractors (PSCs), and the Medicaid Integrity Contractors (MICs). There are plans for the program to incorporate other portions of Medicare, including Part C and Part D, but for the time being the UPICs will address only Parts A and B of Medicare.

The primary areas to be pursued by UPICs are anticipated to include:

  • Patient abuse or harm;
  • Ability to prevent future fraud, waste, or abuse by taking administrative actions to remove providers or suppliers from the affected program, or otherwise prevent inappropriate future payments;
  • Multi-state fraud;
  • Particularly costly potential overpayments;
  • Likelihood for an increase in the amount of fraud or the emergence of a pattern, including the potential that findings can be used to refine CMS’s anti-fraud prevention efforts and analytic models;
  • Fraud complaints made by Medicare supplemental insurers;
  • Law enforcement requests for assistance that involve court-imposed deadlines;
  • Law enforcement requests for assistance in ongoing investigations that involve interagency initiatives or projects;
  • Law enforcement requests for early administrative actions to prevent or mitigate losses to the affected program(s); and
  • Other new elements that may be identified by CMS through technical direction.

UPICs will be tasked with reducing fraud, abuse, and waste within CMS, and they will operate under multiple legislative authorities.

CMS has not yet begun to consolidate and contract the UPICs, and the agency only recently issued a sources sought notice seeking information from small businesses that they believe will have the capabilities to perform the requested services. It is not anticipated that any contracts will be awarded until mid- to late 2015.

In Closing

Don’t be fooled and don’t let down your guard; the audits are still out there. The contractors I mentioned in this article may not get the press that the Medicare RACs get, but they still can have a negative impact on you if you are not careful.

The best defense against these types of audits remains the same as when facing off against their big brothers: get it right from the start and ensure that proper documentation is included in the record.

About the Author

Dr. Ralph Wuebker serves as chief medical officer of Executive Health Resources (EHR). In this role, Dr. Wuebker provides clinical leadership within EHR and works closely with hospital leaders to ensure strong utilization review and compliance programs. Additionally, Dr. Wuebker oversees EHR’s Audit, Compliance and Education (ACE) physician team, which is focused on providing on-site education for physicians, case managers, and hospital administrative personnel and on helping hospitals identify potential compliance vulnerabilities through ongoing internal audit.

Contact the Author

To comment on this article go to

Share This Article