Medicare Audits: Protecting Against Adverse Financial Impact

The article below is reprinted with permission from The Capital Issue, a quarterly newsletter published by Lancaster Pollard.

The Institute of Medicine, a branch of the National Academy of Sciences, released a report dated Sept. 13, 2012 asserting the U.S. healthcare system wastes about $750 billion each year due to overpayment, poor billing practices and inaccurate diagnosis.

Fraudulent, wasteful and abusive billing practices in the Medicare reimbursement system have become a routine talking point in households, a staple headline in national news and a heated subject for pundits and politicians. Election cycles present another opportunity to discuss methods of improving the efficiency of every dollar spent by the Medicare Trust Fund.
There are two main fraud audit contractor programs used by CMS to ensure compliance with current billing policies. Recovery Audit Contractors target improper payments while Zone Program Integrity Contractors focus on identifying fraud. Hospitals, physicians, hospices, skilled-nursing facilities and home-health agencies are subject to both programs.

Providers with Medicare revenues should be aware of the regulatory landscape and prepare for the possibility of compliance audits. Protecting against an adverse financial impact (i.e., delayed reimbursement or recoupment of alleged overpayments) begins with developing a compliance plan that includes identifying key personnel to facilitate ongoing training, conduct internal audits, draft appropriate policies and procedures and ensure medical records are organized for easy access.


The primary purpose of Zone Program Integrity Contractors is to identify cases of suspected Medicare fraud, investigate in a thorough and timely manner then take immediate action to ensure monies are not inappropriately paid and any mistaken payments are recovered. This is accomplished through independent firms with the authority to:

  • Analyze data to identify actual or potential payment errors and fraud.
  • Investigate allegations of fraud made by beneficiaries, providers, CMS, HHS' Office of Inspector General and other sources.
  • Recommend administrative actions to deny or suspend payments.
  • Identify overpayments.
  • Recommend exclusion from the Medicare program.
  • Report cases for consideration of civil and criminal prosecution and/or application of administrative sanctions

Auditors may show up with little or no notice to perform a review of billing procedures and compliance to CMS policy. Confirmation of fraudulent or wasteful activity is the objective, not discovering it. The process may include requests for medical records and documentation, interviews with staff and beneficiaries, inspections of facilities and analyses of claims. If a ZPIC auditor finds a sustained or high level of payment error, it can elect to extrapolate overpayment amounts through statistical sample. For example, the auditors test 50 claims and from that sample predict the billing amount for the population of claims; if the total dollar value of claims submitted is much greater than the inferred value, the ZPIC has authority to force recoupment payments to CMS.

Adverse findings can be challenged through an appeals process. Altogether, there are five levels of appeal — beginning with redetermination then reconsideration and ending in a U.S. District Court. The entire process for reversing or modifying a decision can be costly, lengthy and daunting.

Prepayment review, which usually begins once an audit is initiated, is a process wherein a percentage of claims, ranging from 25−100 percent, undergo review before payment is authorized. There is no administrative appeals process to contest being placed on prepayment review or specific method to eliminate it. Providers are subject to very strict Medicare reimbursement limitations during the review. They can experience significant challenges to financial viability because claim determinations are made after services have been provided, thereby impacting cash flow.

Reviews have taken as long as 18 to 24 months. Denied claims can be appealed. Even after review and subsequent approval, it can take as long as 90 to 120 days for reimbursement.

In response to the efforts of several Florida providers and representative associations complaining about the consequences of prepayment reviews, CMS halted the process in August. While this announcement only affects nursing homes in Florida, the long-term-care industry views it as a step in the right direction toward fairness and the restoration of due process.


CMS introduced Recovery Audit Contractors as a demonstration project in 2005 for the purpose of identifying underpayments and overpayments then recouping overpayments. The demonstration project found more $1 billion of improper payments of which 96 percent were overpayments. The program was subsequently implemented on a permanent basis.

Unlike ZPICs, which sign a contract at a specific payment, RACs are paid on a contingent basis for detecting and correcting overpayments and underpayments. This includes both collecting overpayments from providers as well as refunding underpayments to providers.
There are two types of reviews: automated and complex. An automated review is a computerized analysis of claims and coding practices. Typically, only billing errors are found. In a complex medical review, auditors study the actual medical record or other documentation.

RACs have the authority to review three years of provider data and claim submission for hospital inpatient and outpatient services, skilled-nursing facilities, physician, ambulance, laboratory and durable medical equipment. Auditors use internally created and managed computer programs to detect likely payment errors, such as duplicate payments, intermediary mistakes, necessity of service and coding errors. Much like ZPICs, RAC audits can be triggered using statistical analysis of historical submission data and identifying outliers. Claim and medical record discrepancies, rejection rates of claims, and beneficiary complaints can also prompt an examination.

CMS began prepayment review under Recovery Audit Prepayment Demonstration in August. This demonstration project was initially scheduled to begin in January this year, but was postponed to allow for comment, and will run until Aug. 26, 2105. It will involve 11 states — Florida, California, Michigan, Texas, New York, Louisiana, Illinois, Pennsylvania, Ohio, North Carolina and Missouri — and focus on claims with a high risk of fraud, beginning with those involving short stay inpatient hospital services. The program will expand to include specific types of claims with a high incidence of fraud.

The program will attempt to prevent improper payments as well as help providers understand how to accurately bill future claims. As such, there will be a review of claims before they are paid to ensure the hospital or provider complies with all Medicare payment rules. RAPD will not replace prepayment reviews by Medicare administrative contractors (MACs). RACs and MACs are supposed to coordinate activities so as to avoid duplicate efforts.

Audits, credit consequences and planning

A provider's credit profile, which is both qualitative and quantitative, changes once a ZPIC or RAC audit occurs. For instance, the audit, in and of itself, may be an indication of poor billing practices and noncompliance with CMS policies. Additionally, cash flow could be negatively impacted as a result of the audit or pre-payment review. Furthermore, the possibility of a considerable recoupment payment from a finding of overpayment will impact various leverage and liquidity ratios. Many loan agreements and bond documents contain financial covenants directly tied to these same ratios and changes to them may trigger a default.

The best protection against the adverse impact of an audit is the adoption and implementation of appropriate policies and procedures. A sound strategy includes developing a compliance plan. Some recommended actions:

  • Perform a self-audit focusing on known vulnerabilities or areas targeted by auditors.
  • Conduct regular billing and coding training while seeking third party assistance on processes to avoid audits (e.g., admissions screening and case management).
  • Adopt any necessary technology that will assist in the implementation of processes.
  • Identify a single person or group to communicate with an auditor as well as respond to requests for information.
  • Develop a denials management process to monitor and track denials.
  • Develop an appeals process that includes support for claims and involvement of legal counsel.
  • Create a mechanism for employees to file complaints anonymously.
  • Ensure easy access to past medical records that are well-organized.

The opportunity

CMS is attempting to ensure the long-term viability of the Medicare Trust Fund. ZPICs and RACs have proven to be an effective method of detecting, preventing and deterring fraud. Success begets success. As such, providers can anticipate expanded efforts by the government to eliminate waste.

ZPICs and RACs present an opportunity for providers to more thoroughly understand the rules and regulations regarding Medicare reimbursement. A detailed plan for navigating the regulatory environment will mitigate the risks of adverse findings while minimizing any negative impact to the credit profile. Any processes that strengthen financial performance should be welcomed by providers and are always encouraged by the capital markets. As they say, success begets success.

Gerald M. Swiacki is a senior vice president with Lancaster Pollard. He manages the Southeast region and is based out of the firm’s Atlanta office. He may be reached at

Brett T. Murphy, a 2012 summer associate with Lancaster Pollard, is a current MBA candidate at the University of Notre Dame. He may be reached at

More Articles Featuring Lancaster Pollard:

Fees, Valuation and Performance: Understanding Exchange-Traded Funds
Guard Against Inflation: Preserving the Purchasing Power of Your Assets
Mission Possible: Finding Capital for Standalone Hospitals

Copyright © 2023 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars