When it happens, it will likely be a day like any other.
You’ll be seeing a patient out the door, and returning to your office when your CA waves you over with a panicked look and says, “We’re being audited.” Will you be ready?
Few things are likely to worry you more than the possibility described above. It might even give you nightmares. But what is the actual likelihood of this happening and what should you do if it does? Are there measures you can take to avoid being audited? We found a group of experts who work in this area and asked for their advice for audit preparation.
Playing the odds
You can face more than one type of audit. Of course the Centers for Medicare and Medicaid Services (CMS) are known to pursue healthcare providers aggressively. The Office of Inspector General (OIG) operates under the Department of Health and Human Services to battle fraud, waste, and abuse in federal healthcare programs. For the past several years, the OIG’s work plan has named chiropractic as a particular area of attention.
In addition, unless you operate a 100-percent cash-only practice, third- party payers will review your billing against that of your peers, considering any deviation from the norm to be a red flag. Raise enough of those, or raise the wrong type, and you can expect to come under scrutiny.
Added to this mix is the ever-present risk of the IRS wanting a good look at your finances. This article will focus on insurance audits, but much of the advice can apply to virtually any type of audit you could experience.
David Pinkus, DC, CPC, works in this area and, according to him, most doctors will experience at least one audit during their career. Brad Cost, a billing and EDI specialist, says that, “Typically, a provider will experience an audit at least once but what triggers it is a factor. A payer audit is much more likely than an OIG audit.”
Another specialist in this field is Stuart E. Hoffman, DC, who thinks that all chiropractors, over the course of a career, will have at least one request for more information or notes, which is known as a “review audit.” With this type of audit, the insurance carrier seeks to determine not only medical necessity but also that the services billed were actually provided and properly documented. If the review audit demonstrates deficiencies, it can—and generally does—lead to a formal audit.
“Medicare, by law, has a mandate to do Comprehensive Error Rate Testing (CERT) Program reviews of a percentage of all professions— including chiropractic. And these audits, although cyclical, will generally affect approximately 50 to 75 percent of the profession,” Hoffman says.
Nature of the beast
Not all audits are alike, and it helps to know the types that you’re potentially facing.
David Klein, CPC, notes that there are three types of audits you should be aware of, as they are the ones you’re most likely to encounter: “CERT contractors audit Medicare providers, working with the Medicare Administrative Contractor (MAC), to insure that they are paying correctly and that the providers’ documentation holds up.
“The CERT audits can expand, meaning if they identify something, it can develop into something else,” Klein says. He also sees commercial audits, or post-payment reviews, of the type conducted by insurers like Aetna and Blue Cross.
“These audits are usually questioning 20, perhaps 40 records, and typically are going back around two years, looking for overpayments. The MACs do these types of audits too,” Klein says. Another type to watch for are the Zone Program Integrity Contractor (ZPIC) audits. Think of ZPICs as the enforcers for Medicare. “If you get a letter that says, ‘Special Investigative Unit,’ it’s the payer’s auditing department. A ZPIC audit notice will say that it’s from ZPIC, and they’ll be looking for some kind of fraud or abuse. These audits are for big- ticket items and are pretty aggressive.”
There are also Recovery Audit Contractors, who are Medicare’s “hired guns,” who look at areas where they are likely to find high rates of errors, gaining commissions from any improper overpayments they collect from the provider. None of our experts are seeing many RAC audits right now, although they were more common in past years.
OIG versus CMS
The differences between OIG and CMS audits aren’t enormous, but you should be aware of the distinction between them. Both types of audits look at records for accuracy; but Medicare focuses on specific requirements for the Medicare format of documentation and demonstration of medical necessity based on functional improvement.
As Ted A. Arkfeld, DC, explains, OIG audits are “very serious, with fraud usually being suspected.” The chief difference between the two agencies is their scope. “While CMS focuses on medical necessity, billing issues, and potential insurance fraud, OIG audits determine whether the CMS is using taxpayer funds properly, not to uncover fraudulent or incorrect reporting by individual physicians,” Pinkus says. He goes to explain some of the questions CMS might have about your records, looking at initial and subsequent visits combined:
- Does the record show a significant neuro-musculoskeletal condition?
- Is there a precise subluxation documented by physical exam or X-ray?
- Does the exam substantiate the condition and the subluxation?
- Is the complaint consistent with the subluxation level?
- Is there a primary diagnosis of subluxation and a secondary ICD diagnosis that bears a direct relationship to the primary level of subluxation?
- Is there a treatment plan?
- Is the adjustment clearly recorded in the record as being done each visit with the specific vertebral segment identified?
- To substantiate the need and frequency of ongoing care, does your documentation note a response to treatment, e.g., increased range of motion, increased function, decreased pain, etc.?
- Do the subjective complaints and objective findings reflect qualitative and quantitative factors when describing onset, duration, intensity, frequency, and location?
- Is the adjustment therapeutic or maintenance? (Maintenance is non- covered by Medicare.)
They’ll also be looking for overutilization of the adjustment code 98942. If you’re providing improper inducements to treat, they’ll be looking for that, too. For a complete rundown of what the government is looking for, see the OIG’s Annual Work Plan.1
If you visit the OIG website at oig.hhs.gov, you’ll see that their enforcement activities are at a much higher level of violation than minor documentation errors. Cost explains that an OIG audit is typically triggered by the following:
- Compliance issues
- Fraud and abuse
- Third-party complaints
- CMS analytics
- Disgruntled employee reports
“If you are experiencing a OIG audit, typically you will need a lawyer. Your case might even be a referred to the DOJ for criminal action,” Cost says. “For a CMS audit you need a big bank account; for an OIG audit you need an orange jumpsuit.”
Not so “random”
Insurance companies are continuously looking at your claims submissions and overall billing profile compared to peers in your geographic area. Either a computer or a seasoned auditor will flag your practice if an audit is warranted.
Pinkus says: “Chiropractors are low- hanging fruit, as we say.” Hoffman says that insurers may do some random audits, but thinks most are triggers by “outliers,” where the services billed are out of line with accepted and community standards. For example:
- High-level E&M codes like 99204 and 99205 done routinely
- Billing 98942 and 98943 routinely
- Routine billing of four or more services per visit
- Long-term use of passive care modalities
- No changes in treatment protocol
- Old onset date on claim form
- Extended care for non-complicated conditions
- Similar protocols of care regardless of diagnosis
- Unusual or repeat diagnostic testing
- Care that appears to be preventive or supportive
- Patient making complaints to insurer
“So yes, although the audit may state that it’s random, in most instances they are looking for unusual patterns and protocols that are more likely to be improperly documented,” Hoffman says.
Klein is also finding that a substantial number of his clients are facing audits triggered by the 59 and 25 modifiers. Inappropriate use of modifier 59 can generate overpayments, so this is a natural place for auditors to look.
If you’re using modifier code 59, you should be billing for two services on the same visit. “It attests that I’m addressing another limb or part of the body, thus a separate and distinct procedure,” Klein says.
Modifier 25 is used when you’re doing an assessment above and beyond the adjustment. “There are times where I need to do a much more in- depth assessment. For example, if I’m treating for low-back pain, and the patient says ‘I just hurt my knee,’ then
I’d have to investigate and develop a treatment plan for that, which would justify modifier 25.”
A chiropractor shouldn’t be using these modifiers very often. “That’s the kind of thing that draws a flag and can trigger an audit,” Klein says.
Common pitfalls and missteps
In addition to algorithms and analytics employed to catch unusual behaviors, auditors have learned to spot common mistakes or signs of improper billing. For example, Arkfeld says to avoid “cookie-cutter chiropractic,” where everyone receives the same treatment throughout all dates of service.
As you’ve probably surmised, you can’t “fly under the radar” by down- coding, or providing free services, as this will cause your profile to stand out from your peers. Another risk is basing your treatment plans on philosophy or technique alone. “Medical necessity will always win in a battle between philosophy and technique,” Arkfeld says.
Hoffman has found that a common problem is simply not responding to an audit request. “Not only does it immediately place those visits into a potential recovery or non-payment status but it will lead to further investigation,” he says.
Common errors and omissions as reported by Medicare CERT reviews of chiropractic practices include the following:
Illegible documentation. If the reviewer cannot decipher the documentation, it may result in the denial of a claim.
Missing or illegible provider signature. Note that stamp signatures are not acceptable.
Incomplete or missing beneficiary information. Also, the medical record should be clearly dated and correspond to the date of service billed.
Lack of patient’s specific subjective complaint. The area of complaint should correlate to the area of subluxation cited and treated.
Lack of functional status. Documentation should describe a patient’s current level of functioning and activities of daily living.
Treatment plan and goals not documented or addressed. The treatment plan must include the recommended level of care (duration and frequency of visits), and specific treatment goals and objective measures to evaluate the treatment effectiveness.
Documentation supporting maintenance. Maintenance therapy is a non-covered benefit. Also, documentation of a chronic condition with no documentation to support exacerbation or improvement.
Fraud, abuse, and compliance issues are the leading reasons Cost sees triggering audits. “Another mistake is when providers do not bill to the highest level of specificity. If you are billing at a lower specificity, you could look like a fraudster in the comparison.”
The best defense
Now that you know what the hunters are looking for, you probably want to know how to avoid them entirely.
What does a good audit defense plan look like?
The best way to counteract or reduce the likelihood of an audit is to do your own. A compliance plan consists of three main parts:
- Written policies and standards of conduct for you and your staff;
- A baseline audit, which proactively identifies areas of risk in advance, and;
- Taking the policy and internal audit and ensuring that you’re following your own procedures. “The OIG says all small practices need their own compliance program. The ACA mandates that,” Klein says.
Pinkus adds two more elements: “You should document that you’re training yourself and your staff on compliance standards through team meetings; and conducting ongoing monitoring of your practice compliance.”
Hoffman says that a good defense plan includes learning the requirements of good documentation in such a way that your notes themselves are the defense. “This is why there are continuing education courses that emphasize ethical and proper documentation, and these are a part of every chiropractor’s yearly hours,” he says.
Regarding your own internal practice audit, Hoffman advises that you note any deficiencies and how you acted to correct them, which becomes a kind of protection. An outside auditor can see while your older files may not have been compliant, the problem was detected and corrected internally. “There is always growth and improvement sought by doctors of chiropractic, which is why it is called a ‘practice’ and not a ‘perfect,’” he says.
One point raised by the experts is that a compliant EHR system can add a layer of defense, too. They aren’t a magic bullet, but they can help to keep your documentation and billing compliant. You, as the doctor, still need to know what to document. And you don’t want your notes to look like carbon copies; they should be tailored to each patient.
“When documentation is worded exactly like or similar to previous entries, the documentation is referred to as cloned documentation,” Hoffman says.
In the worst-case scenario, if (and when) you are the subject of an audit, don’t panic. Read the notice carefully, and provide the requested information as quickly as possible. “Do not change your records,” Arkfeld says. “They are what they are at that time. Get professional help from either a compliance consultant or healthcare attorney or both.”
Hoffman suggests performing an internal audit so you can try to address any issues that might have been flagged prior to the auditor discovering them. Your good-faith efforts at correcting any deficiencies can help. If you face an on-site audit, “have everything ready for the auditor, be polite, and answer questions to the best of your ability,” Arkfeld says.
He tells his client’s that audits are here to stay, and you either come out of one positively (which means you are not repaying any monies), or negatively (which means you are paying the insurer back). “There is nothing to fear from an audit if you have prepared and have your coding and documentation in order. This is where compliance programs are a must for chiropractors,” he says.
According to Pinkus, “Experiencing and surviving an audit, though not pleasurable to any extent, is an opportunity for self-review and to learn what you are doing right, what you are doing wrong, and how to bulletproof yourself from a future audit.”
Audits can also be business-changing experiences. “When you survive an audit, it is a badge to be proud of since it usually means that you are not only a good healthcare provider, but a good businessperson,” Cost says.
And finally, an audit can reveal errors in your billing that work to your favor. Sometimes, after enacting a compliance program and correcting detected faults, a practice will discover that money was being left on the table and collections thereafter increase.
1 Office of Inspector General. “Work Plan: Fiscal Year 2016.” U.S. Department of Health and Human Services. http://oig.hhs.gov/reports-and- publications/archives/workplan/2016/oig-work- plan-2016.pdf . Published Nov. 2015. Accessed April 2016.