by Frank Cohen, MBA, MPA
March 9th, 2018
With nearly a million physicians in this country, how do auditing organizations determine whom to audit? As of 2011, 100% of all Medicare fee-for-service claims are passed through the Fraud Prevention System, a series of predictive analytics algorithms that help to identify claims that may be have been billed incorrectly. While those results can help to target particularly high risk providers, there is much more to the audit/don't audit decision than just risk. For most auditors, because they are private contractors, their remuneration, bonuses, or contract continuation are tied to results-and make no mistake, results are measured in dollars returned to the trust fund. So, before an auditor embarks on an audit, they may engage in some form of expected value (EV) calculation that they use to determine the ROI of that audit.
Calculating EV and ROI require some advance notion of how much the auditor is likely to find in overpayments vs. the cost of doing the audit. And for these types of calculations, many will rely upon the CERT, or the Comprehensive Error Rate study.
CMS established the Comprehensive Error Rate Testing (CERT) program to calculate a national paid claims error rate for all Medicare Fee-For-Service programs. The CERT program calculates the error rates for all Medicare Administrative Contractors (MACs), Carriers, and Fiscal Intermediaries (FIs). Reading the CERT documentation, one might be under the impression that records are obtained only from the contractor. This, however, is not the case. In order to assess things like medical necessity, proper documentation and the like, the agency also requests the medical record from the practices that match the claims sample, adding to the administrative costs of doing business. In general, the sampling methodology includes:
Randomly selecting around 50,000 claims submitted to the payers during a given reporting period.
Requesting medical records from the health care providers that submitted the claims in the sample.
Where medical records were submitted by the provider, reviewing the claims in the sample and the associated medical records to see if the claims complied with Medicare coverage, coding, and billing rules, and, if not, assigning errors to the claims.
Where medical records were not submitted by the provider, classifying the case as a no documentation claim and counting it as an error.
Sending providers overpayment letters/notices or making adjustments for claims that were overpaid or underpaid.
It's also important to note that CMS counts underpayments as errors, as well as overpayments. For fiscal year 2017, CMS paid out some $390 billion in claims and of these, around $36 billion (9.5%) were paid in error. This simply means that, in the opinion of the auditor, the claim was paid in part or in full in disagreement with established guidelines, rules and regulations, or in contrast to the documentation provided. Of the 9.5% error rate, 0.3% represented underpayments. Now, while that may seem trivial, 0.3% of $390 billion is over $1 billion, which I would not consider to be crumbs. For example, procedure code 99212 was underpaid 16.9% of the time. If you reported 10,000 of these last year, it is statistically likely that some 1,700 were underpaid (or under documented). So, while you are creating your risk assessment, it is probably a good idea to create an opportunity assessment, as well.
Within the study, CERT specifies the reason for the improper payment. For example, in 2017, 64.1% of claims were paid where it was later determined that there was not sufficient documentation to support the procedure or service. 13.1% of payments were made in error due to incorrect coding while medically unnecessary errors accounted for 17.5% of all improperly paid claims. I find the latter statistic interesting because my experience is that many in our industry consider medical necessity to be the most important coding and billing issue. According to CERT, insufficient documentation accounts for nearly five times the number of error determinations.
From the compliance officer's perspective, CERT can be a gold mine for building a risk assessment because the study looks at error rates for specific procedure codes, which brings us back to our point on profiling. If CERT identifies specific procedure codes that are associated to high error rates, then it's only a matter of time before those same codes are used by the auditing agencies as a primer to develop the audit risk profile. Looking at the error rate also provides the auditors with the base data for their EV calculations.
Looking at the FY 2017 report, for example, we see that CERT reported that, of all the 99233 codes reviewed, over 50% were paid in error. Of the 99214 codes reviewed, 7.1% were paid in error. For calendar year 2016, 23,702,514 claims that included 99233 were submitted to the CMS and CMS paid out $1.8 billion to those providers. If, as stated above, 50% were paid in error, then nearly $900 million were paid improperly. Imagine you are an auditor and you come across a practice that was paid a million dollars last year on code 99233. Statistically speaking, that means that there is a 50% probability that at least half of those were overpaid. This is an easy step from EV to ROI. For 99214, the CMS paid out around $7 billion for 103 million encounters and at an error rate of 7.1%, this would account for nearly $500 million in potential improper payments. And the list goes on.
The point is this; these auditing agencies, some of which are paid a commission of what they are able to recover from a practice, are going to go for the low-hanging fruit first. So a practice that is reporting a higher number of these 99233 and 99214 codes than their peers may substantially increase their risk of audit and review. The takeaway here, at least for me, is that the CERT study gives me the opportunity identify potential errors the same way that the auditor's do. And for my money, that's something you can take to the bank.
This Week's Audit Tip Written By:
Frank Cohen, MBA, MPA
Frank Cohen is the Director of Analytics and Business Intelligence for DoctorsManagement, LLC. His areas of expertise include applied statistics, data mining, predictive analytics and process improvement.