The Centers for Medicare and Medicaid Services thinks it is overpaying you. That probably comes as no surprise, nor will the news that CMS has devised yet another scheme for taking back money that it has already paid to you.
The new reel-in is called a recovery audit contractor (RAC) audit, and if this is the first you've heard of it, you probably don't practice in California, Florida, New York, Massachusetts, or South Carolina.
Those states were the sites of a pilot program conducted over the last 3 years to test the RAC system. The total amount recovered so pleased CMS that it has now authorized a nationwide rollout.
Here's how it works: CMS has divided the country into four regions and put an RAC in charge of each one. Region A (Northeast states) is covered by Diversified Collection Services; Region B (the Midwest) by CGI Technologies and Solutions; Region C (the South) by Connolly Consulting Associates; and Region D (the West and Southwest plus Alaska and Hawaii) by HealthData Insights.
Each RAC has its own unique procedures and criteria for audits. You can learn more about your RAC's idiosyncrasies, and confirm which region includes your state, at the CMS Web site: www.cms.hhs.gov/RAC/
RACs are paid a percentage of any overpayments they can identify and collect from providers. They are supposed to identify underpayments too, but in the pilot program that amounted to less than $38 million, compared with over $900 million in overpayments.
They will mostly be looking for only four basic transgressions:
▸ Incorrect payment amounts (either too much or too little).
▸ Noncovered services, including those that are not considered “reasonable and necessary.”
▸ Incorrect coding.
▸ Duplicate payments.
The RACs are required to have good cause to audit your claims. They cannot randomly select claims or focus only on high-paying claims. And they can only look back a maximum of 3 years—and no earlier than Oct. 1, 2007. That's a relatively short period of time requiring your review, and a relatively small number of transgressions to look for.
So now is the time for your staff to start getting out Medicare EOBs (explanation of benefits) and determine where you might be vulnerable on the past 2 years' claims. And once you identify any vulnerabilities, you can take steps to audit-proof future claims.
So far, the RACs have mostly targeted hospitals, nursing homes, home health care organizations, and medical equipment companies, but anyone who bills Medicare is fair game.
If an RAC wants to look at your records, they must make the request in writing and they must tell you what they are looking for. They are limited by law to auditing no more than 10% of the average number of Medicare claims you file each month. The law states they must pay the costs of copying records, both paper and electronic.
The law provides you 45 days to respond to an RAC's request for patient records. It also specifies a “discussion period,” so if your records are requested, don't rush to send them. Call the RAC and discuss!
If a repayment is demanded, you have 120 days to appeal that determination, in the same way (and by essentially the same process) that conventional Medicare audit determinations are appealed.
In case you're wondering, RAC audits will not replace regular Medicare audits. However, the RACs will not be permitted to audit claims that have already been audited conventionally.