Articles Posted in Fraud & Abuse

When a Medicare-enrolled provider or supplier receives a demand to repay an alleged overpayment, especially a massive and statistically extrapolated overpayment that dwarfs the company’s revenue and which the company can never hope to pay back, it often raises the question: who is liable for this alleged debt if the company cannot pay it back? While every company and set of circumstances are different, this question can have a significant impact on how to defend an alleged Medicare overpayment.

Whether the owner, members, or shareholders of the entity that received the alleged overpayment are personally liable generally turns on the corporate nature of the entity. Individually enrolled providers, sole proprietors, and partners in a partnership may generally share liability with the entity that received the overpayment, or may actually be the entity in the case of some individuals. Corporations, LLCs, and other corporate entities may offer more protection for their owners, members, or shareholders, who are generally not liable for the debts of the entity under the principle of “limited liability.” There are exceptions to limited liability which CMS (and other creditors) can attempt to use to collect from owners, but CMS rarely attempts to use these exceptions.

However, owners, members, and shareholders of entities with an alleged Medicare debt should be aware that there may be other impacts. CMS may refer the owner of an entity with an alleged Medicare debt to the OIG for placement on the OIG Exclusion List. CMS may also revoke the current enrollment or deny future enrollment applications of entities affiliated with the owner of an entity with outstanding Medicare debt. Perhaps most importantly, the owner or controller of an entity that knowingly causes the entity to fail to return a Medicare overpayment may create individual liability for themselves under the 60-Day Rule, Civil Monetary Penalties, and – importantly – the False Claims Act. CMS will generally also refer a debt to the US Department of Treasury for collections efforts.

In the recently released 2025 Physician Fee Schedule (“PFS”) Final Rule, the Centers for Medicare & Medicaid Services (“CMS”) implemented changes to the 60 Day Rule regarding the return of identified Medicare and Medicaid overpayments. Initially created by the 2010 Affordable Care Act, the 60 Day Rule requires healthcare providers to report and return Medicare and Medicaid overpayments within 60 days of identifying such overpayments. Failing to comply with the 60 Day rule may result in the imposition of a civil monetary penalty or an alleged violation of the Federal False Claims Act.

CMS made two significant changes to the 60 Day Rule in the 2025 PFS Final Rule. First, CMS formalized a six-month period for a good faith investigation before the 60-day clock begins to run. CMS had previously posited in guidance that it believed a provider should generally have up to six months to perform a good faith investigation before the provider is deemed to have “identified” the overpayment. In the 2025 Rule, CMS incorporated this position into the regulation itself, providing that the deadline for reporting and returning an overpayment will be suspended until either the provider completes the investigation or 180 days after the date the overpayment is initially identified, whichever is earlier.

Second, the 2025 Rule dropped the “reasonable diligence” standard and adopted the “knowingly” standard of the False Claims Act. Previously, the provider was deemed to have identified the overpayment if it had or should have determined through reasonable diligence that it had received a quantified overpayment. With the change, the provider will now be deemed to have identified an overpayment when it knowingly receives or retains an overpayment. “Knowingly” is defined by direct reference to the False Claims Act, thus aligning the two standards. Many observers had noted that it was inconsistent for CMS to claim providers would have False Claims Act liability for violating the 60 Day Rule, when the two had different standards. That inconsistency no longer exists.

When a Medicare provider or supplier receives claims denials or an overpayment demand as a result of a Medicare audit, the decision whether and how to appeal the decision, or to simply repay the amount demanded by the Medicare contractor, is usually a business decision. In some cases, it may initially appear that the value of the demand simply does not justify the effort and cost of pursuing an appeal. However, a Medicare provider in this position should be aware that forgoing an appeal may have consequences far above and beyond paying back the amount demanded by Medicare.

In many cases, choosing to forego an appeal is not simply a matter of repaying funds to the Medicare program, but the Centers for Medicare & Medicaid Services (CMS) and its contractors will generally take a decision not to appeal as an admission by the provider that the audit results are correct and that the claims were properly denied. CMS and its contractors may use this perceived admission of ‘guilt’ against a provider later, long after it is far too late for the provider to appeal the audit findings.

For example, a provider may receive a Medicare probe audit. The contractor conducting the probe audit reviews medical records for 10 claims and denies all 10, claiming that the provider did not meet Medicare requirements for coverage. The repayment demand is ‘only’ $3,000. The provider strongly disagrees with the contractor’s allegation, but decides it is not worth it to appeal and simply pays the $3,000. A few months later, the provider receives another probe audit. The contractor reviews 12 claims and denies all 12 for the same reasons as in the first probe audit. Again, the repayment demand is ‘only’ $4,000, so even though the provider strongly believes their claims meet Medicare requirements, the provider chooses to repay the $4,000 rather than expend the time and resources to pursue the lengthy and complex Medicare claims appeal process.

The number of Medicare payment suspensions issued by the Centers for Medicare & Medicaid Services (CMS) has grown in recent years. Although generally framed as a temporary and less severe sanction than an outright revocation of Medicare billing privileges, a suspension of Medicare payments can be just as devastating to a Medicare provider or supplier and can in many cases put the provider out of business, leading to significant procedural and due process concerns regarding CMS’ frequent use of payment suspensions.

A Medicare payment suspension is a suspension of a Medicare-enrolled provider or supplier’s ability to receive payment from the Medicare program. Suspensions are usually scheduled to last for 180 days, but they can be extended essentially indefinitely. While a provider may technically continue to treat Medicare patients and submit Medicare claims for payment – the claims simply will not get paid until the suspension ends – for a provider with a high percentage of Medicare patients, a sudden, unforeseen, and indefinite interruption of all Medicare payments can wreak havoc on cash flow and destroy a practice or business as quickly and effectively as any enrollment or licensing sanction. Payment suspensions are also often issued without notice, meaning that a provider’s Medicare payments may abruptly stop, often days before the provider receives a letter informing them of the suspension.

Given the devastating effects of a suspension of Medicare payments, one may think there may be significant procedural, due process, or appeal protections in place for providers. That is not the case. Although federal law only explicitly authorizes CMS to issue payment suspensions where there is a “credible allegation of fraud,” CMS has implemented regulations that also give it the authority to suspend payments any time CMS believes it has “reliable information that an overpayment exists” and that broadly expand the definition of what constitutes a “credible allegation of fraud.” These regulations also give CMS extremely broad authority to issue suspensions without first notifying the provider, while giving the provider very limited appeal rights.

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently updated its Work Plan, adding several new audits and reviews. The OIG Work Plan forecasts the projects that the OIG plans to implement over the foreseeable future. These new initiatives are a signal of which areas the OIG views as warranting heightened scrutiny,  and providers in these areas should take note of the OIG’s actions.

One of the most notable projects on the OIG Work Plan focuses on auditing Medicare claim lines for which the payment exceeds the actual charge. CMS contracts with various Medicare Administrative Contractors (MACs) to, among other things, process and pay claims submitted by providers for items and services covered under Medicare Part B. Generally, Part B payments are based on a fee schedule, prospective payment system, or some other method, rather than a cost or charge basis. In most cases, a healthcare provider’s billed charges exceed the amount that Medicare pays for Part B items and services. Under this Work Plan item, the OIG is focused on Medicare payments that exceed the billed charges, which can be overpayments. Providers should keep a close watch on their Medicare remittance advices or explanation of benefits to be aware of any payments that exceed the corresponding billed charge.

In terms of specific healthcare services, the OIG is turning its attention to hyaluronic acid injections, commonly used to treat knee osteoarthritis. While these injections are widely used for joint pain, there are ongoing questions about whether they are worth the cost and being used appropriately. The OIG’s audit will review Medicare reimbursements for these treatments and whether providers are following proper billing procedures.

Simply put, Medicare rarely audits dentists because Medicare generally does not cover or pay for dentistry. However, doctors of dental surgery and doctors of dental medicine may perform far more complex surgical procedures than the examinations, cleanings, and fillings that are in the common perception of what a dentist does. Where Medicare does cover and subsequently audits services provided by dentists, the issues raised are generally complex and nuanced. Dentists who bill Medicare should be familiar with the Medicare claims appeal process and some of the issues specific to Medicare coverage of dental services.

The Medicare claims appeal process is a lengthy and complex 5-step process. After the provider receives a determination of claim denials and demand to repay an alleged overpayment, the first appeal step is Redetermination, often before the same Medicare contractor that issues the initial claim denials. Second is Reconsideration before a different Medicare contractor. Third is review by an Administrative Law Judge (ALJ), which may include a hearing – often telephonic – where the provider can present evidence and testimony. Fourth is appeal to the Medicare Appeal Council, the highest adjudicatory body within the Department of Health and Human Services. Fifth is appeal to federal court, which is often limited in scope and may not be appropriate in every case. It can take several months, if not years, for a case to fully work its way through the Medicare claims appeal process, depending on the circumstances.

Medicare audits of services provided by dentists nearly always involve the “dental services exclusion.” By law, the Medicare program does not cover services performed in connection with the care, treatment, filling, removal, or replacement of teeth or structures directly supporting the teeth, which is generally considered to include the periodontium. Procedures on other parts of the mandible or maxilla may be covered where they are medically necessary and meet other coverage criteria. Because of the key distinction between procedures in connection with the teeth and structures directly supporting the teeth, dentists who bill Medicare may consider how they document procedures to clearly document procedures which may not be subject to the coverage exclusion. Procedures on the teeth and periodontium may also be covered where they are inextricably linked to a primary covered service. Further, Medicare contractors may mistakenly interpret the statutory coverage exclusion to mean that Medicare never covers any services provided by a dentist, simply because they are performed by a dentist. However, this assertion is generally inconsistent with the Social Security Act and Medicare guidance.