Articles Posted in Audit

Published on:

When a Medicare-enrolled provider or supplier receives a demand to repay an alleged overpayment, especially a massive and statistically extrapolated overpayment that dwarfs the company’s revenue and which the company can never hope to pay back, it often raises the question: who is liable for this alleged debt if the company cannot pay it back? While every company and set of circumstances are different, this question can have a significant impact on how to defend an alleged Medicare overpayment.

Whether the owner, members, or shareholders of the entity that received the alleged overpayment are personally liable generally turns on the corporate nature of the entity. Individually enrolled providers, sole proprietors, and partners in a partnership may generally share liability with the entity that received the overpayment, or may actually be the entity in the case of some individuals. Corporations, LLCs, and other corporate entities may offer more protection for their owners, members, or shareholders, who are generally not liable for the debts of the entity under the principle of “limited liability.” There are exceptions to limited liability which CMS (and other creditors) can attempt to use to collect from owners, but CMS rarely attempts to use these exceptions.

However, owners, members, and shareholders of entities with an alleged Medicare debt should be aware that there may be other impacts. CMS may refer the owner of an entity with an alleged Medicare debt to the OIG for placement on the OIG Exclusion List. CMS may also revoke the current enrollment or deny future enrollment applications of entities affiliated with the owner of an entity with outstanding Medicare debt. Perhaps most importantly, the owner or controller of an entity that knowingly causes the entity to fail to return a Medicare overpayment may create individual liability for themselves under the 60-Day Rule, Civil Monetary Penalties, and – importantly – the False Claims Act. CMS will generally also refer a debt to the US Department of Treasury for collections efforts.

Published on:

In the recently released 2025 Physician Fee Schedule (“PFS”) Final Rule, the Centers for Medicare & Medicaid Services (“CMS”) implemented changes to the 60 Day Rule regarding the return of identified Medicare and Medicaid overpayments. Initially created by the 2010 Affordable Care Act, the 60 Day Rule requires healthcare providers to report and return Medicare and Medicaid overpayments within 60 days of identifying such overpayments. Failing to comply with the 60 Day rule may result in the imposition of a civil monetary penalty or an alleged violation of the Federal False Claims Act.

CMS made two significant changes to the 60 Day Rule in the 2025 PFS Final Rule. First, CMS formalized a six-month period for a good faith investigation before the 60-day clock begins to run. CMS had previously posited in guidance that it believed a provider should generally have up to six months to perform a good faith investigation before the provider is deemed to have “identified” the overpayment. In the 2025 Rule, CMS incorporated this position into the regulation itself, providing that the deadline for reporting and returning an overpayment will be suspended until either the provider completes the investigation or 180 days after the date the overpayment is initially identified, whichever is earlier.

Second, the 2025 Rule dropped the “reasonable diligence” standard and adopted the “knowingly” standard of the False Claims Act. Previously, the provider was deemed to have identified the overpayment if it had or should have determined through reasonable diligence that it had received a quantified overpayment. With the change, the provider will now be deemed to have identified an overpayment when it knowingly receives or retains an overpayment. “Knowingly” is defined by direct reference to the False Claims Act, thus aligning the two standards. Many observers had noted that it was inconsistent for CMS to claim providers would have False Claims Act liability for violating the 60 Day Rule, when the two had different standards. That inconsistency no longer exists.

Published on:

Healthcare fraud, waste, and abuse laws apply to any entity doing business in the healthcare space and especially those submitting claims to government healthcare plans or programs, such as Medicare and Medicaid. The three most important and influential healthcare fraud, waste, and abuse laws are the federal laws: the Physician Self-Referral Statute (commonly called the “Stark Law”), the Anti-Kickback Statute (the “AKS”) and the Eliminating Kickbacks in Recovery Act (“EKRA”). Even a simple business arrangement can require a complex analysis where one or more of these statutes is implicated.

The Stark Law (42 U.S.C. 1395nn) prohibits physicians from referring patients to entities providing “designated health services” covered by Medicare or Medicaid if there is a financial relationship between the physician (or their immediate family) and the entity, except under specific exceptions. The financial relationships can cover employment, direct compensation, investment, and others. The Stark Law is somewhat unique because it does not apply to all Medicare or Medicaid services, but only to specific “designated health services” that are listed in statute and regulations. The Stark Law includes several exceptions, such as in-office ancillary services and fair market value compensation, but each element of the exception must be met for it to apply.

Similarly, the AKS (42 U.S.C. 1320a-7b(b)) prohibits the exchange of “remuneration” to influence patient referrals or generate business for services billed to federal healthcare programs. The AKS applies to all services billed to federal healthcare programs, and “remuneration” is broadly defined to include anything of value. The AKS includes several exceptions and “safe harbors.” A safe harbor refers to a set of circumstances defined by regulations where conduct that would otherwise implicate the AKS is nonetheless permissible if it meets all the requirements of the safe harbor.

Published on:

When a Medicare provider or supplier receives claims denials or an overpayment demand as a result of a Medicare audit, the decision whether and how to appeal the decision, or to simply repay the amount demanded by the Medicare contractor, is usually a business decision. In some cases, it may initially appear that the value of the demand simply does not justify the effort and cost of pursuing an appeal. However, a Medicare provider in this position should be aware that forgoing an appeal may have consequences far above and beyond paying back the amount demanded by Medicare.

In many cases, choosing to forego an appeal is not simply a matter of repaying funds to the Medicare program, but the Centers for Medicare & Medicaid Services (CMS) and its contractors will generally take a decision not to appeal as an admission by the provider that the audit results are correct and that the claims were properly denied. CMS and its contractors may use this perceived admission of ‘guilt’ against a provider later, long after it is far too late for the provider to appeal the audit findings.

For example, a provider may receive a Medicare probe audit. The contractor conducting the probe audit reviews medical records for 10 claims and denies all 10, claiming that the provider did not meet Medicare requirements for coverage. The repayment demand is ‘only’ $3,000. The provider strongly disagrees with the contractor’s allegation, but decides it is not worth it to appeal and simply pays the $3,000. A few months later, the provider receives another probe audit. The contractor reviews 12 claims and denies all 12 for the same reasons as in the first probe audit. Again, the repayment demand is ‘only’ $4,000, so even though the provider strongly believes their claims meet Medicare requirements, the provider chooses to repay the $4,000 rather than expend the time and resources to pursue the lengthy and complex Medicare claims appeal process.

Published on:

In September 2024, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) published a report detailing its recent review of remote patient monitoring (RPM) services furnished to Medicare beneficiaries and recommending additional oversight of RPM services. The OIG’s call for heightened scrutiny in this area is likely an indicator of increased audit activity of providers of these services.

By way of background, remote patient monitoring services typically use digital technologies to collect medical and other forms of health data from a patient in one location and electronically transmit that data to the patient’s healthcare provider in a different location for evaluation and treatment management. In many instances, the data collected is automatically electronically transmitted to providers for review and allows for efficient patient management. In some cases, these technologies can either trigger direct patient engagement or facilitate communication between the patient and provider.

In 2019, the Centers for Medicare & Medicaid Services (CMS) expanded payment for remote patient monitoring services. Shortly thereafter, the availability of Medicare reimbursement for remote monitoring services led to a substantial increase of providers furnishing RPM services. OIG’s report specifically highlights the increase in utilization of RPM services between 2019 and 2022, with Medicare payments for RPM services totaling more than $300 million in 2022, compared to $15 million in 2019.

Published on:

Medicare claims audits can be a complex and frustrating experience for healthcare providers who choose to accept Medicare. If claims are denied during the audit – and they nearly always are – the appeal process can itself take months or years and contains many strategic decisions for a provider to make.

A Medicare audit generally begins when a Medicare contractor requests medical records from a provider. At this stage, it is important to note which type of contractor is making the request (is it a MAC, UPIC, RAC, SMRC, etc.?), which type of review the contractor is performing (pre-payment, post-payment, TPE, PPEO, CERT, is it likely to be statistically extrapolated, etc.?), and any special circumstances of the provider (Has it received similar audits or requests recently? Did it have a recent change of ownership? Does a separate entity possess relevant documentation? Etc.).  Depending on the circumstances of the review, the provider may take additional steps to increase the likelihood that the claims reviewed by the contractor are found payable in the first instance. A provider may choose to submit additional records, retain a clinical expert, engage in additional communication with the contractor, or submit some form of legal brief or position paper. On the other hand, in some cases, it may be more appropriate to simply submit the records and await a response.

If claims are denied during the review, such claims are generally eligible for the Medicare claims appeal process, a complex, 5-step administrative appeals process. First is Redetermination, usually with the same contractor that issued the denials initially. Second is Reconsideration, before a different Medicare contractor. Third is review by an Administrative Law Judge (ALJ), where the provider has the opportunity to conduct a hearing and present witnesses. Fourth is review by the Medicare Appeals Council, the highest level of appeal within the Department of Health and Human Services. Fifth is appeal to federal court, which is usually limited in scope and not appropriate in many cases.

Published on:

The number of Medicare payment suspensions issued by the Centers for Medicare & Medicaid Services (CMS) has grown in recent years. Although generally framed as a temporary and less severe sanction than an outright revocation of Medicare billing privileges, a suspension of Medicare payments can be just as devastating to a Medicare provider or supplier and can in many cases put the provider out of business, leading to significant procedural and due process concerns regarding CMS’ frequent use of payment suspensions.

A Medicare payment suspension is a suspension of a Medicare-enrolled provider or supplier’s ability to receive payment from the Medicare program. Suspensions are usually scheduled to last for 180 days, but they can be extended essentially indefinitely. While a provider may technically continue to treat Medicare patients and submit Medicare claims for payment – the claims simply will not get paid until the suspension ends – for a provider with a high percentage of Medicare patients, a sudden, unforeseen, and indefinite interruption of all Medicare payments can wreak havoc on cash flow and destroy a practice or business as quickly and effectively as any enrollment or licensing sanction. Payment suspensions are also often issued without notice, meaning that a provider’s Medicare payments may abruptly stop, often days before the provider receives a letter informing them of the suspension.

Given the devastating effects of a suspension of Medicare payments, one may think there may be significant procedural, due process, or appeal protections in place for providers. That is not the case. Although federal law only explicitly authorizes CMS to issue payment suspensions where there is a “credible allegation of fraud,” CMS has implemented regulations that also give it the authority to suspend payments any time CMS believes it has “reliable information that an overpayment exists” and that broadly expand the definition of what constitutes a “credible allegation of fraud.” These regulations also give CMS extremely broad authority to issue suspensions without first notifying the provider, while giving the provider very limited appeal rights.

Published on:

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently updated its Work Plan, adding several new audits and reviews. The OIG Work Plan forecasts the projects that the OIG plans to implement over the foreseeable future. These new initiatives are a signal of which areas the OIG views as warranting heightened scrutiny,  and providers in these areas should take note of the OIG’s actions.

One of the most notable projects on the OIG Work Plan focuses on auditing Medicare claim lines for which the payment exceeds the actual charge. CMS contracts with various Medicare Administrative Contractors (MACs) to, among other things, process and pay claims submitted by providers for items and services covered under Medicare Part B. Generally, Part B payments are based on a fee schedule, prospective payment system, or some other method, rather than a cost or charge basis. In most cases, a healthcare provider’s billed charges exceed the amount that Medicare pays for Part B items and services. Under this Work Plan item, the OIG is focused on Medicare payments that exceed the billed charges, which can be overpayments. Providers should keep a close watch on their Medicare remittance advices or explanation of benefits to be aware of any payments that exceed the corresponding billed charge.

In terms of specific healthcare services, the OIG is turning its attention to hyaluronic acid injections, commonly used to treat knee osteoarthritis. While these injections are widely used for joint pain, there are ongoing questions about whether they are worth the cost and being used appropriately. The OIG’s audit will review Medicare reimbursements for these treatments and whether providers are following proper billing procedures.

Published on:

Simply put, Medicare rarely audits dentists because Medicare generally does not cover or pay for dentistry. However, doctors of dental surgery and doctors of dental medicine may perform far more complex surgical procedures than the examinations, cleanings, and fillings that are in the common perception of what a dentist does. Where Medicare does cover and subsequently audits services provided by dentists, the issues raised are generally complex and nuanced. Dentists who bill Medicare should be familiar with the Medicare claims appeal process and some of the issues specific to Medicare coverage of dental services.

The Medicare claims appeal process is a lengthy and complex 5-step process. After the provider receives a determination of claim denials and demand to repay an alleged overpayment, the first appeal step is Redetermination, often before the same Medicare contractor that issues the initial claim denials. Second is Reconsideration before a different Medicare contractor. Third is review by an Administrative Law Judge (ALJ), which may include a hearing – often telephonic – where the provider can present evidence and testimony. Fourth is appeal to the Medicare Appeal Council, the highest adjudicatory body within the Department of Health and Human Services. Fifth is appeal to federal court, which is often limited in scope and may not be appropriate in every case. It can take several months, if not years, for a case to fully work its way through the Medicare claims appeal process, depending on the circumstances.

Medicare audits of services provided by dentists nearly always involve the “dental services exclusion.” By law, the Medicare program does not cover services performed in connection with the care, treatment, filling, removal, or replacement of teeth or structures directly supporting the teeth, which is generally considered to include the periodontium. Procedures on other parts of the mandible or maxilla may be covered where they are medically necessary and meet other coverage criteria. Because of the key distinction between procedures in connection with the teeth and structures directly supporting the teeth, dentists who bill Medicare may consider how they document procedures to clearly document procedures which may not be subject to the coverage exclusion. Procedures on the teeth and periodontium may also be covered where they are inextricably linked to a primary covered service. Further, Medicare contractors may mistakenly interpret the statutory coverage exclusion to mean that Medicare never covers any services provided by a dentist, simply because they are performed by a dentist. However, this assertion is generally inconsistent with the Social Security Act and Medicare guidance.

Published on:

On July 31, 2024, the Centers for Medicare & Medicaid Services (CMS) published the Calendar Year 2025 Physician Fee Schedule (PFS) Proposed Rule. Among other changes, the 2025 PFS Proposed Rule includes additional proposed changes to the so-called “60-day rule” regarding returning identified overpayments. Initially established by the 2010 Affordable Care Act, the 60-day rule requires healthcare providers to report and return Medicare and Medicaid overpayments within 60 days of identifying such overpayments. The potential consequences for failing to comply with the 60-day rule are severe, and can result in the imposition of a civil monetary penalty or an alleged violation of the Federal False Claims Act. Providers should pay close attention to the potential changes to the 60-day rule included in the 2025 PFS Proposed Rule.

The 2025 PFS Proposed Rule is not the first time that CMS has proposed changes to the 60-day rule, and it likely will not be the last. In December 2022, CMS published a proposed rule that would amend the regulations regarding the standard for an “identified overpayment” under the Medicare program. Specifically, the December 2022 Overpayment Proposed Rule proposed to remove the existing “reasonable diligence” standard and adopt by reference the Federal False Claims Act definition of “knowing” and “knowingly.” To date, CMS has not finalized these proposals with respect to identified overpayments under the Medicare program.

In the 2025 PFS Proposed Rule, CMS states that it is retaining the proposals published in the December 2022 Overpayment Proposed Rule, and proposes further changes to revise the regulations regarding the timeframe for reporting and returning overpayments. Currently, the applicable regulations require that an overpayment be reported and returned by the later of:  (1) the date which is 60 days after the date on which the overpayment was identified; or (2) the date any corresponding cost report is due, if applicable. However, under the 2025 PFS Proposed Rule, the deadline for returning a reported overpayment would be suspended under specified circumstances. The 2025 PFS Proposed Rule would create an entirely new regulatory provision to suspend the deadline for reporting and returning overpayments for up to 6 months to allow time for providers to investigate and calculate overpayments. Previously, in 2016 rulemaking regarding reporting and returning of overpayments, CMS discussed that under the “reasonable diligence” standard, providers would be allowed a 6-month period in which to conduct a good-faith investigation of credible information of a potential overpayment. At the time of the 2016 rulemaking, CMS had not proposed to implement this 6-month period into the applicable regulations.

Contact Information