The Recovery Audit Program: The Big Business of Medicare Audits

The MACs (Medicare Administrative Contractors) audit claims submitted by providers within their jurisdictions.  These organizations are mostly insurance companies who administer the contracts awarded by CMS to process claims submitted electronically by providers in a given geographic area.   As part of this responsibility, these MACs are required to make sure that the claims submitted are complete and submitted in accordance with the rules developed by Medicare to assure that these claims are for services that are medically necessary and properly documented.

They work similar to the IRS, examining submitted claim data for outliers and patterns of suspicious behavior.   Like the IRS, they perform this service as part of their contractual obligation to the government, not as a revenue generating activity.

From 2005 to 2008 CMS created a demonstration program that used a small team of professional auditors to identify Medicare overpayments and underpayments to healthcare providers in randomly selected states.  The results of these initial audits was the recovery of over $900 million in overpayments and the distribution of $38 million in underpayments to healthcare providers.

Congress acted quickly to create new legislation to expand this program in 2006, creating a permanent national recovery audit program designed to recover these overpayments for the entire country.  On the surface, these types of legislative efforts are ideal for members of congress who wish to credit themselves for preventing waste and fraud in government and seem to be in the best interest of the country.  If you are a healthcare provider and have experienced this process, you may have a different perspective.

The RAC (Recovery Audit Contractor) program was created in 2006 and the responsibility of these additional audits was distributed to four RAC organizations that became responsible for equal portions of the country.  Their four districts overlaid the existing twelve districts for the MACs.

Unlike the MACs, the recovery of overpayments is the only duty of these contractors.  They operate independent of the MACs and healthcare providers frequently have to deal with both organizations separately auditing different claims for different reasons at the same time.  There is one very important distinction to the RAC program.  The RACs work on commission rather than a contractual fee for their services.  This distinction means that CMS has created a new business that is very profitable for these four organizations to the degree that Medicare payments are identified as “overpayments”.

If you view this effort as a business, without the noble objectives of preventing fraud and abuse and returning needed funds to the Medicare trust fund for future beneficiaries, there are some basic business assumptions that can be verified by simple common sense.  These facts that I am about to present are from a staff report to the Senate Special Committee on Aging.  This report documents the sources of these facts.  This report also includes several actual case studies of hospitals, physicians and provider groups that have been adversely affected by this new industry.

In fiscal year 2013, Medicare financed healthcare for 51 million individuals at a cost of $604 billion, of this total, Medicare reported an estimated $50 billion in improper payments.  Despite the efforts to reduce these improper payments, the rate increased from 8.5% in 2012 to 10.1% in 2013.  Improper payments are measured by statistical analysis of claims performed by the CERT (Comprehensive Error Rate Testing) program.

Improper payments occur when claims to not comply with Medicare payment policy.  For example, a patient receives dialysis treatment from a clinic and each treated is billed separately or a patient is treated for diabetes when their medical record does not show that the patient has diabetes.

The systems developed by CMS are designed to catch these improper payments before, during and after the payment is made.  The first line of defense is the MAC systems that process claims. These systems are modified to include new business rules that identify potential conditions in submitted claims that would result in overpayments and these edits reject the claims before they are processed.  This information is returned to the provider within a few hours of the claims being submitted in the form of the 277CA response file.  Providers can use this information to review these claims and correct the issue, if possible, and then resubmit the claim.  Claims with errors at this level, are not processed beyond this point.

This “pre-submission” checking also includes additional claim edits available to providers and their billing system vendors through distribution of software components and electronic tables by CMS to the provider community.  These include CCI (Correct Coding Initiative) edits that examine the appropriateness of charges appearing together on a claim, MUE (Medically Unlikely Edits) that look at the units of service provided for particular services by HCPCS code, and OCE (Outpatient Code Editor), a computer program provided by Medicare that can be incorporated in billing systems to apply the edits contained in the code to the outpatient claims being processed.  These solutions are supposed to be implemented through software purchased by providers for processing their claims so that these problems are detected and addressed before a claim is submitted.  Medicare updates these systems quarterly to reflect new business rules.

The next step in the process is the adjudication of the claim.  At this step, the payment for the claim is calculated.  This payment is modified by additional business rules regarding the status of the claim and specific charges it contains.  Adjustments are then created to document the difference between the charges on the claim and the payment.  If the total of the adjustments equals the charges, it is a denied claim.  Other adjustments reflect the enforcement of Medicare policy regarding the proper payment for the submitted services and partial payments are made.  This applies to all claims that are not denied since Medicare never pays exactly what is charged by the provider.

This portion of the process relies on claim data only and the ability of providers to create compliant claims and to adhere to the business rules available to their software vendors through the Medicare front-end edits.  It cannot detect claims for services that were never rendered or compare the electronic claim data to the related documentation in the medical record of the patient.  For this portion of analysis, audits are a necessary task in order to make sure that sufficient oversight of this aspect of the process is in place to prevent legitimate fraud and abuse.

The problem that currently exists, from the perspective of healthcare providers, is the transition of this oversight effort from the administrative role of the MACs to protect the validity of claims to the business opportunity currently presented to the RACs.

The RACs operate like collection agencies, earning a commission on the overpayments identified between 9% and 12.5% in contingency fees based on the amount.  Unlike collections for self-pay, collection of the overpayment is not an issue.  Once the payment is identified as an overpayment, it is collected from the provider by CMS through deductions of these overpayments from future Medicare payments for compliant current billable services.

For the RAC, it is the identification of the overpayment that provides revenue to their business.  This provides an incentive for this new industry find more overpayments and may explain the significant increase in identified overpayments from 2012 (8.5%) to 2013 (10.1%), despite efforts from CMS and providers to improve compliance.

When the overpayment is collected, the RAC receives their commission.   The provider has 120 days to present an appeal.  The actual appeal may take years to complete.  If the provider wins the appeal, he is given the money back that was previously withheld, including interest.  The RAC must pay back their commission for identifying the overpayment, but there is no penalty in addition to this amount.  There are also no incentives in the RAC agreements to accurately define overpayments or to keep the overturned appeal rates down.  The only downside for a RAC if their overpayment determination is overturned on appeal, is that they have to return the same amount they collected months or years earlier.  This presents little risk or control on the efforts of the RAC to accurately identify the overpayments.  The bottom line is the more they can find, the more profitable they become.  

For the provider, any identified overpayment is always a losing proposition.  Even if they win on appeal, the administrative cost of working with the RACs complying with documentation requests and the services associated the appeal process increases the administrative cost of processing Medicare claims substantially.  The case studies provided in the Senate report show how this would be the case for all types of healthcare organizations subjected to this process.

So how big of a problem is this issue?  How accurate are the RACs in identifying overpayments?  The best way to measure this would be the rate that these overpayments are overturned on appeal.  The Senate report acknowledges that this statistic varies widely depending on who you are talking to.

CMS reports that providers appeal 26.3% of all claims with RAC overpayment determinations and that 26.7% of these are overturned on appeal.  This may include counting the same appeal more than one time because they can be submitted on different levels.  The OIG found that in 2010 and 2011 providers appealed 6% of the overpayments and about 44% were overturned on appeal.

Given the business model created for RACs, it is not surprising that the overturned appeal rate is so high, by anyone’s measure.  This is tolerated by CMS and congress given the increased revenue this process generates for the Medicare trust fund.  From the provider perspective, the impact can be devastating and the cost can be a continuous burden on provider organizations that must absorb the immediate loss in revenue associated with the overpayment determination.

How can the provider best deal with this situation?  As mentioned earlier, any interaction with the RACs is a losing proposition.  Your strategy as a provider should be to limit their opportunity to find the “low hanging fruit” associated with the claims produced by your organization.

Make sure that all of the front-end edits available from CMS are deployed by your claims processing software.  You should never experience violations of the CCI, MUE and OCE edits if this logic catches these conditions before claims are submitted.

Examine your remittance data.  Remittances are more than just tools for posting payments and adjustments to your AR system.  They can tell you everything about the status of your claims processed by CMS.  Look at your claims that get denied and why.  Implement procedures to prevent future denials for the same reasons.

RACs are not going away, they are going to get bigger.  In the Senate report, they noted that first among the CMS strategies to improve the compliance rate is to grow the RAC program.  My belief is that this will have the opposite effect.  Like all businesses, you have to thrive in your environment as your competitors struggle. RACs are not going away, make sure you are not an attractive target.  


By: Kalon Mitchell, President MEDTranDirect