In addition, organizations should gain an understanding of
the increased workload that may result due to these external
audits. For example, RAC auditors are allowed to request up to
500 records every 45 days. Organizations should determine the
staffing needs required to support the process from the point of
request receipt and record copying through the possible denial
and appeal process.
The ABCs of Government Auditors
More than a dozen government auditors are currently at work in
healthcare. Following are descriptions of the major auditors and
the focus of their audits.
CMS implemented the Comprehensive Error Rate Testing
(CERT) program to measure improper payments in the Medicare Fee-for-Service (FFS) program. It was designed to comply
with the Improper Payments Elimination and Recovery Act of
All claims for the CERT program are chosen at random and
designed to pull a random electronic sample of claims. CMS
outlines how records are requested for the CERT program
through its “Improper Medicare Fee-for-Service Payments Report,” available at https://www.cms.gov/apps/er_report.
The Department of Justice collaborates with many of the auditing agencies including OIG and the Department of Health and
Human Services (HHS). In addition, DOJ can perform other audits if requested by other government agencies.
DOJ primarily uses auditors to work on civil fraud cases and
uses these same auditors to work on healthcare fraud. When a
federal or state investigative agency identifies that a subject is
under current investigation in multiple states or jurisdictions,
that information is sent to DOJ to develop a nationwide strategy
to coordinate the multiple efforts and resources. See appendix A
in the online version of this practice brief for a list of DOJ activities in FY 2010.
The goal of the Health Care Fraud Prevention and Enforcement
Action Team is to prevent fraud and abuse in the Medicare and
Medicaid programs by identifying fraud perpetrators and those
abusing the system. The program also focuses on perpetrators
who prey on Medicare and Medicaid beneficiaries.
Increased HEAT audits are considered to be the number-one
compliance risk of 2011 because the program has been incredibly successful in building partnerships between DOJ, HHS, and
other agencies to recover tax-payer dollars. 3 In fact, an additional $60.2 million in funds has been dedicated to fund additional
teams and investigations in FY 2011.4 See appendix B in the online version of this practice brief for a list of HEAT Strike Force
results in FY 2010.
Medicare Administrative Contractors are contracted to perform prepayment medical reviews to ensure services provided
to Medicare beneficiaries are covered and medically necessary.
All claims submitted to MACs are put through a “scrubber” to
check against claim edits and ensure payments are made to certified providers. CMS publishes and maintains these edits, such
as the Outpatient Code Edit (OCE).
Once the claim passes all edits, the MAC calculates the payment amount based on fee schedules, formulas, geographical
adjustments, provider characteristics, and beneficiary copay-ments.
The Medicare Prescription Drug Improvement and Modernization Act of 2003 mandated CMS transition all its fee-for-service fiscal intermediaries and carriers to MACs by 2011. As a
result, 15 A/B MAC jurisdictions were established. In July 2010
CMS posted a notice of plans to consolidate the 15 MACs into 10
jurisdictions, implement a contract limit for the A/B MAC contracts, and enhance the role of the contractor medical directors.
In 2011 MAC audits are expected to be combined with RAC
audits and leverage their resources in identifying payment errors. MACs primarily review on a prepayment basis, while RACs
review on a retrospective system. As the MAC utilizes prepayment edits to identify payment errors, the results may be sent to
the RAC for retrospective review.
If an organization receives a MAC review and identifies that
a billing or coding error has occurred, it is best to self-report
regarding past discharges. By self-reporting, the organization
stops a potential RAC retrospective review, which could also
open the organization to full medical necessity review in addition to a DRG review.
MIP and MICs
The Deficit Reduction Act of 2005 created the Medicaid Integrity
Program (MIP) under section 1936 of the Social Security Act.
MIP is the first comprehensive federal strategy to prevent and
reduce provider fraud, waste, and abuse in the $300-billion-per-
year Medicaid program.
CMS has two broad responsibilities under MIP: to hire contractors to review provider activities and to support states in
their efforts to combat fraud and abuse.
The Social Security Act also required CMS develop the five-year Comprehensive Medicaid Integrity Plan in consultation
with internal and external partners. The Medicaid Integrity
Group oversees MIP through Medicaid Integrity Contractors
(MICs) and State Program Integrity Operations.
There are three primary MICs. Review MICs analyze Medicaid claims data to determine potential provider fraud, waste, or
abuse. Audit MICs audit provider claims and identify overpayments. Education MICs provide education to providers and others on payment integrity and quality-of-care issues.