iThe Centers for Medicare and Medicaid Services (CMS) rely heavily on audit contractors to uncover fraud, waste, and abuse under the Medicare and Medicaid programs. This includes Medicare Administrative Contractors (MACs) and Recovery Audit Contractors (RACs), among others. Under CMS’s “fee-for-service” model, MACs and RACs are incentivized to identify overpayments to participating providers, and they take an aggressive – and often loosely-controlled – approach to imposing recoupments, pre-payment review, and other penalties.
Given the risks of facing a MAC or RAC audit, healthcare providers that bill Medicare and Medicaid need to be well-prepared. This means not only ensuring that they have clear documentation of billing compliance, but also ensuring that they have audit defense protocols in place. Healthcare providers cannot afford to allow MAC and RAC audits to simply run their course, but instead must take a proactive approach to preventing unfounded determinations and unwarranted recoupment demands.
“MAC and RAC audits can be dangerous for healthcare providers. If providers do not take the necessary steps to defend themselves effectively, they can face substantial penalties based on both justified and unjustified determinations that they have fraudulently billed Medicare for services, equipment, and supplies.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
How Can Healthcare Providers Defend Themselves During MAC and RAC Audits?
With all of this in mind, what can – and should – healthcare providers do to defend themselves during MAC and RAC audits? Depending on the specific circumstances presented, there are a number of possible defense strategies. Here are seven examples of defense strategies that healthcare providers can use to protect themselves when a MAC or RAC comes knocking:
1. Taking a Proactive Stance and Intervening in the Audit from the Outset
When facing a MAC or RAC audit, it is imperative for providers to take a proactive stance and intervene in the audit from the outset. By making clear that they (or their legal counsel) will be playing an active role in the audit process, providers can set the tone for the audit, and they can set the expectation that they (or their legal counsel) will be involved every step of the way.
Typically, healthcare providers learn about MAC and RAC audits when they receive a request for documents and a “notice” that auditors will be visiting their premises at a specified date and time. It is at this point that providers should respond with a clear indication that (i) they expect all pertinent laws, rules, and regulations to be followed, and (ii) all communications should go through the provider’s legal counsel.
2. Conducting an Internal (and Attorney-Client Privileged) Medicare Billing Compliance Audit
Upon learning of a MAC or RAC audit, healthcare providers should conduct their own internal Medicare billing compliance audits in order to determine what (if anything) the MAC or RAC auditors will find. This internal audit should focus specifically on the billings that will be subject to review in the RAC or MAC audit, and it should be conducted with the oversight of the provider’s legal counsel in order to establish the protections of the attorney-client privilege.
After completing an internal Medicare billing compliance audit, providers should review the results of the audit with their legal counsel. Based on this review, the provider’s legal counsel will then be able to develop a tailored defense strategy for the MAC or RAC audit.
3. Presenting Affirmative Documentation of Medicare Billing Compliance
If a provider’s internal Medicare billing compliance audit confirms the accuracy of the provider’s program billings, then the best defense strategy might be to present affirmative documentation of compliance. However, providers must always be wary of providing documentation to MACs, RACs, and other audit contractors voluntarily. Providers must be absolutely certain that the documentation they provide cannot be used against them for any purpose, and they must also ensure that providing any documentation will not result in a waiver of the attorney-client privilege.
When deciding whether to present affirmative documentation of compliance, healthcare providers must ensure that they have a clear understanding of the Medicare billing rules and regulations—and that their billing personnel have not inadvertently made mistakes without their knowledge that have resulted in improper billings. If mistakes have been made, recoupments may be warranted, but providers will want to address any mistakes on their own accord rather than having them uncovered through a MAC or RAC audit.
4. Challenging MAC or RAC Auditors’ Methodologies and Calculations
One of the most important reasons why healthcare providers need to play an active role in the audit process is so that they can promptly identify flaws in auditors’ methodologies and calculations. Unfortunately, these flaws are quite common; and, if they go undetected, they can lead to unwarranted recoupment demands and other penalties. While it may ultimately be possible to challenge these unwarranted penalties on appeal, as discussed in greater detail below, this approach typically involves more time, cost, and risk than proactively avoiding the need for an appeal.
5. Challenging MAC or RAC Auditors’ Reliance on Inapplicable Medicare Billing Rules
In addition to flawed methodologies and calculations, another common issue during MAC and RAC audits is auditors’ reliance on inapplicable Medicare billing rules. Typically, this involves either: (i) applying the current Medicare billing rules to past billings that were governed by a prior set of rules; or, (ii) applying outdated Medicare billing rules to providers’ recent billings.
In order to uncover this type of mistake, providers must rely on legal counsel with extensive knowledge of both the current and prior versions of the Medicare billing rules. Providers also need legal counsel capable of analyzing their Medicare billings on an individualized basis in order to determine whether specific demands for recoupments are unjustified in light of the rules that apply.
6. Addressing Unfavorable Audit Determinations Before They are Made Final
Once a MAC or RAC issues a final determination, this starts the formal appeals process. However, in many cases, it will be possible to address unfavorable audit determinations before this stage. By taking a proactive approach, collecting documentation of billing compliance, and documenting auditors’ mistakes, providers and their legal counsel will often be able to delay the issuance of a final determination until any and all issues are resolved.
7. Preparing to Go Through the Medicare Audit Appeals Process
If it is not possible to avoid an unfavorable MAC or RAC audit determination, then the focus of a provider’s defense efforts may need to shift to challenging the outcome of the audit on appeal. There are multiple stages of appeal for MAC and RAC audits, each of which has its own timelines, standards, and procedures.
When appealing the outcome of a MAC or RAC audit, it is necessary for providers to have a specific reason for challenging the auditors’ determinations. Simply being dissatisfied or having generalized complaints about the process is not enough. Some examples of potential grounds for challenging a MAC or RAC determination on appeal include:
- Application if inapplicable Medicare billing rules
- Misinterpretation of applicable Medicare billing rules
- Reliance on unsound auditing methodologies
- Failure to seek an expert opinion
- Ignoring relevant information disclosed by the provider
- Exceeding the MAC’s or RAC’s scope of authority
What if a MAC or RAC Audit Leads to a Federal Medicare Billing Fraud Investigation?
In addition to the risk of recoupments, pre-payment review, and other penalties, MAC and RAC audits also carry the risk of facing a federal Medicare billing fraud investigation. If auditors determine that a provider has intentionally or systematically overbilled Medicare, then they may choose to refer the provider to CMS, the U.S. Department of Justice (DOJ), or the U.S. Department of Health and Human Services’ Office of Inspector General (HHS OIG) for possible civil or criminal prosecution.
This is a risk that providers must consider when defending against MAC and RAC audits. The risk of facing a federal investigation should inform not only the seriousness with which providers approach the audit process but also how they respond to any actual or perceived compliance failures.
If a MAC or RAC audit appears likely to lead to a federal Medicare billing fraud investigation, then this should factor into the provider’s audit defense strategy. The provider will need to be extremely careful about choosing what information it provides to MAC or RAC auditors—as this information could end up in the hands of CMS, DOJ, or HHS OIG agents. At the same time, providers will need to weigh the benefits of voluntary disclosure—and whether it may make sense to engage with federal authorities proactively in order to get out in front of any potential civil or criminal allegations.
Ultimately, making informed decisions during a MAC or RAC audit requires a comprehensive understanding of both the facts and law involved—including the pertinent Medicare billing rules and regulations. By taking a proactive approach, conducting an internal compliance audit, and developing a targeted and custom-tailored defense strategy, providers can mitigate their risk of recoupment liability as well as their risk of facing additional consequences in a follow-on federal Medicare billing fraud investigation.
