Preparing for, and responding to, recovery audit contractor (RAC) reviews can be intimidating. You can lessen the pain, however, by understanding Medicare billing and coding rules and requirements, and being proactive in implementing controls to ensure compliance.

RACs Review Across the Nation

Section 302 of the Tax Relief and Health Care Act of 2006 made the Recovery Audit Program permanent, and required that it be expanded to all 50 states by 2010. The Recovery Audit Program’s mission is to reduce Medicare improper payments by detecting and recovering overpayments, identifying underpayments, and developing methods to prevent future improper payments. There are four RACs, each serving a specific region in the country (see next page for the regional split).

RACs review claims on a post-payment basis following Medicare policies. RACs are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director. There are two types of reviews: automated and complex. Complex reviews require a medical record to complete the review. According to the Statement of Work for the Recovery Audit Program, “The Recovery Auditor shall not attempt to identify any overpayment or underpayment more than three years past the date of the initial determination made on the claim. The initial determination date is defined as the claim paid date.”

What to Watch

Each RAC publishes a list of improper coding issues approved by the Centers for Medicare & Medicaid Services (CMS) on its website. Each issue indicates which type of provider(s) is subject to review. Many of the inpatient issues relate to medical necessity for certain diagnostic-related groups (DRGs) and are considered to be “complex” reviews. For outpatient facility services and physician practices, many of the approved issues are automated. These issues test for Medicare billing and coding guideline compliance, which CMS publishes on its website.

Some examples of approved issues include:

• Once-in-a-lifetime procedures (e.g., “welcome to Medicare” exam)
• Medically-unlikely edits (expected units per encounter)
• Add-on codes without a primary code
• National Correct Coding Initiative (NCCI) column 1/column 2 edits
• Procedures with no corresponding device code
• Minor surgery and other treatments billed as an inpatient stay
• Outpatient services within 72 hours of admission
• Exact duplicate outpatient claims
• Outpatient claims billed within a prospective payment system (PPS) inpatient admission
• Skilled nursing facility (SNF) consolidated billing

Prepare to Prevail

Don’t wait for a RAC to knock on your door. Be proactive and follow these RAC review preparatory tips:

Research improper payments found by RACs, the Office of Inspector General (OIG), and comprehensive error rate testing (CERT).

• Review the RAC-approved issues on each contractor’s website.
• Peruse the OIG and CERT audit reports online.

Conduct an internal assessment to identify if you are in compliance with Medicare rules. For example:

• Take one RAC-approved issue per week and do your own random audit of claims to identify questionable areas of compliance.
• Use existing quality assurance/audit professionals to incorporate RAC-approved issues into your routine audit process.
• Review existing bill scrubber edits/rules to ensure edits are in place to capture claims with specific codes (or code pairs). For example, there should be a pre-billing edit to catch claims that have an implant procedure code, but no implantable device code.

Identify corrective actions to promote compliance.

• Educate charge entry (or coding) staff when trends of non-compliance are noted.
• Implement a quality assurance process (either human or automated) to review complex claims prior to claims release.
• Be sure to maintain the most updated provider manuals and CMS regulations, and disseminate the information to all appropriate parties.
• Review the RAC-approved issues periodically for changes.
• If issues are found, work with the billing office to determine whether it is appropriate to re-bill the noncompliant claims.

Prepare to respond quickly to RAC requests.

• Understand who receives RAC request letters and ensure he or she is educated about the importance of a timely response.
• Have a process in place to release records as requested within the appropriate time frame.
• Be sure whoever is releasing the information understands the components of the legal medical record and where to find all required information.

Appeal when necessary (within 120 days).

• There are specific steps to take when appealing decisions outlined in detail on the CMS and RAC websites.
• Appeal when you disagree with the decision; appeals must be completed in a timely manner.

Learn from past experiences; track denials and look for patterns.

• When a RAC repayment is made, correct the problem going forward. Educate the offending department(s) to ensure they understand how to charge and code correctly. If you have multiple facilities, share knowledge across all facilities.
• Work with your billing office to identify trends of billing denials prior to RAC reviews; follow the same mitigation steps to avoid future RAC findings.
• Review pre-billing edits to identify patterns of misuse and educate the departments accordingly.

Don’t Be Afraid to Appeal

Do not wait for RACs to request records or data before conducting these internal assessments. Keep in mind that RAC reviewers are not necessarily certified coders. Moreover, they are human, and they make mistakes. If you feel repayment is requested in error, appeal the decision. It is well worth the expended resources when you win an appeal.

Remember to be proactive—don’t wait for a RAC to appear. If one has not already visited you, it is only a matter of time. No provider is exempt from RAC review. Conduct internal assessments based on the published, approved issues. If your claims are submitted in compliance with Medicare regulations, you should not encounter any serious issues with a RAC.

Amy Lee Smith, MBA, CPC, CPC-H, CPMA, CIA, CRMA, is manager of internal audit at Bon Secours Health System, Inc., where she primarily performs coding and billing audits. She earned her bachelor’s and master’s degrees in business administration with a concentration in finance from The College of William and Mary in Virginia. Ms. Smith is also a Certified Internal Auditor and certified in risk management assurance.

“Compliance” often conjures up images of boring lectures, law enforcement, huge fines, scary “I’m from the government and I’m here to help” mentality, and worse. In reality, compliance is an integral part of the health field. And with health care reform and the Patient Protection and Affordable Care Act (ACA), compliance programs are mandatory.

Compliance is also inextricably linked to coding. With health care reform putting pressure on accurate documentation, coding, and billing, there are many benefits to having strong and accurate coding skills, a positive coding-compliance team, and an effective compliance program to ensure correct reimbursement. Having good partnerships may also strengthen an organization’s overall compliance program by increasing a hospital or medical practice’s revenue. Finally, coding and compliance working together can support audit or recoupment efforts and quality measurements; and cooperation can help meet electronic health record (EHR) meaningful use requirements.

Fraud. Waste. Abuse.

These three little words form the government’s mantra for audits and legal actions conducted by the Office of Inspector General (OIG), the U.S. Department of Justice (DOJ), the Office of Civil Rights (OCR), and the Centers for Medicare & Medicaid Services (CMS). As these government agencies look for ways to prevent fraud, waste, and abuse, there are four important federal laws that form the framework for an effective compliance program. Appropriate and effective coding is tied to each of them:

• False Claims Act (31 USC§3729).
  This Civil War era statute has been revised over the years to strengthen the legal underpinnings and penalties for any individual or entity that presents a false (i.e., inaccurate or wrong) claim to the government (i.e., Medicare or Medicaid or other federal health insurance program). When a submitted claim from a hospital is inaccurate, there is the potential that the False Claims Act is being violated.

• Anti-kickback Statute (42 USC§1320a). This law prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals or generate federal health care program business. This law directly affects referrals from physicians to hospitals for services and patient care.
• Stark law (42 USC§1395) or the physician self-referral law. Stark law is named after the California congressman who spearheaded the massive legislation. This law prohibits a physician from referring Medicare patients for designated health services to an entity with which the physician (or an immediate family member) has a financial relationship. Given the breadth of this law, any hospital referrals from a physician who receives any form of compensation from that hospital need to be regulated and monitored. Because hospitals, clinics, and physicians are inextricably linked, it is critical to meet the safe harbors, or exceptions, provided in these comprehensive laws regulating provider-hospital relationships. Huge fines, penalties, Corporate Integrity Agreements (CIAs), exclusion from Medicare, and jail are consequences of violation. Although typically not directly involved in physician financial arrangements, coders should at a minimum have confidence that all physician/hospital financial arrangements are appropriate. Coders are often the first to see irregular patterns of referrals, elevated service levels, and inappropriate orders—all possible signs of violations. You can ask managers, compliance officers, and legal departments how physician financial arrangements are monitored. When necessary, question any inappropriate or excessive referrals from a particular provider.
• Health Insurance Portability and Accountability Act (HIPAA) (45 CFR Parts 160, 162, and 164). This law, familiar to all coders, governs the transmission of medical records containing important medical information. HIPAA—under the purview of the OCR—also regulates the disclosure of patient protected health information (PHI). Professional coders know the importance of adhering to strict confidentiality when dealing with the thousands of bits of private medical information coming across their desks each day. With implementation of EHRs, HIPAA kicks in with full force. The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 increased regulations and requirements for preventing and reporting PHI breaches. For instance, a PHI breach affecting more than 500 patients in one geographical area requires notification to the U.S. Department of Health & Human Services (HHS), notification to affected patients within 60 days of learning about the breach, establishing a specific hotline number for patients to call, and other possible consequences. Data nationally indicates the cost for mitigating and responding to each breach is over $200 per record. Any misuse of patient PHI can cause the OCR to audit, investigate, and fine the perpetrator. The OCR has initiated over 100 HIPAA audits in 2012 to review practices of hospitals, clinics, and physicians across the United States. More HIPAA audits are probably on the horizon.

These four main laws, along with Medicare and Medicaid rules and regulations, and other state and federal laws, provide tools to guide effective compliance and coding practices. These laws also provide the leverage for the government to audit and review coding practices, patterns, and claims.

You Can’t Stick Your Head in the Sand

Historically, coders have said, “I just code what is given me; compliance is not my concern.” And in the past, perhaps, knowledge or awareness of some of the aforementioned compliance laws were not on the coder’s radar.

The landscape has changed. As these laws are revised and updated, deliberate knowledge is being removed as a requirement for violation. Laws now contain the verbiage “known or should have known.” For instance, the Anti-kickback Statute is an “intent-based” statute. This means that specific intent to violate the Anti-kickback Statute must be shown to prove a violation. Historically, however, federal courts have interpreted this statute broadly, ruling, for instance, that intent to violate this statute may be inferred from other circumstances.

Conversely, the Stark law is a “strict liability” law. This means that under Stark, lack of deliberate intent or knowledge is not an excuse and proof of intent is not necessary. If there is an improper or illegal physician financial arrangement in place, every referral from that physician is affected as long as the arrangement was noncompliant, and all claims coded and submitted by that physician are suspect.

The False Claims Act was modified in 2009 to make it clearly illegal—defining it as “fraud”—for a hospital or physician to knowingly keep overpayments or money paid to them due to a billing error or wrong payment (i.e., “credit balance”). Entities now have 60 days to repay an overpayment after they know, or should have known, about the improper payment.

In a nutshell: Ignorance of compliance in the changing health care landscape is not bliss. Compliance offices will need to work closely with coding and billing offices to ensure systems and practices are in place to adhere to strict law compliance.

The Government Is Watching

Hospitals and physician practices have seen an exponential increase in government audits and claim reviews. Coders will often be the front end of defense and offense when government auditors review and audit health claims.

The Recovery Audit Contractor (RAC) program is perhaps the most familiar these days, but Medicaid integrity contractors (MICs), Zone Program integrity contractors (ZPICs), Medicare administrative contractors (MACs), and the Comprehensive Error Rate Testing (CERT) program are closely related. All are designed to help the government discern fraud, waste, and abuse—and to recoup federal health care dollars that have been improperly paid.

The U.S. government has repeatedly reported that incorrect claims cost the taxpayers billions of dollars. Consequently, over the past several congressional sessions (both Republican and Democrat led), the OIG enforcement budget has increased dramatically. Government data shows that every dollar invested in compliance recoups anywhere from six to 10 dollars for the government.

The same holds true for third-party payers who have increased their scrutiny of claims, instigating their own independent reviews and audits. From a taxpayer viewpoint, RAC, MIC, MAC, ZPIC, OIG enforcement, etc. are all good ways to ensure Medicare/Medicaid dollars are being paid accurately. But from a hospital or physician practice viewpoint, these programs have added huge administrative burden and costs.

Good News for Coders

The “good news” for professional coders is that these governmental and third-party payer audits reinforce the importance of accurate coding, professional coding standards, and the involvement of coding in an entity’s overall compliance program.

One of the key seven elements of an effective compliance program, according to the OIG, is to have regular auditing and monitoring in place. The basis for most audits of claims is the medical documentation, underlying medical necessity, and then how that translates into the codes and the bill. Coders should increasingly be called upon to help review coding internally, set up effective coding practices, protocols, and procedures, and meet accurate coding benchmarks.

David Lane, PhD, CHC, CPC, CAPPM, is chief compliance and privacy officer at Hawaii Health Systems Corporation.

The surgical package is a reimbursement concept that bundles all typical care related to a specific surgical service into a single payment. Many surgeons find information about what is bundled confusing, and either inappropriately bundle all of their work into a single payment or bill separately for services that should be included in the package. Even more confusing is when two physicians “split” services bundled into the surgical package. In such cases, careful coordination of billing is necessary.

Define What Is Included

CPT® defines the surgical package as the operation, and also includes:

• Local infiltration, metacarpal/metatarsal/digital block, or topical anesthesia
• Subsequent to the decision for surgery, one related evaluation and management (E/M) encounter on the date immediately prior to or on the date of the procedure (including the history and physical)
• Immediate postoperative (post-op) care, including dictating operative notes and talking with the family and other physicians
• Writing orders
• Evaluating the patient in the post-anesthesia recovery area
• Typical post-op follow-up care

Medicare guidelines bundle additional services, including:

• Preoperative visits after the decision is made to perform surgery, beginning with the day before the day of surgery for major procedures and the day of surgery for minor procedures
• Intra-operative services that are normally a usual and necessary part of a surgical procedure
• Complications following surgery—all additional medical and surgical services required of the surgeon during the post-op period due to complications not requiring additional trips to the operating room (OR)
• Post-op visits (follow-up visits in the post-op period of the surgery related to recovery from the surgery)
• Post-surgical pain management by the surgeon
• Supplies, except those identified as exclusions
• Miscellaneous services integral to the surgical procedure, such as dressing changes; local incisional care; removal of operative pack; removal of cutaneous sutures and staples, line, wires, tubes, drains, casts, and splints; insertion, irrigation and removal of urinary catheters, routine peripheral intravenous (IV) lines, nasogastric (NG) and rectal tube; and changes and removal of tracheostomy tubes

Payment for all of these services is considered part of the global payment and may not be billed separately. To bill separately for any of these services could lead to duplicate payment.

Define What Is NOT Included

Not everything is bundled into the surgical package. The following services are never bundled and are separately billable during the global period:

• Care of pre-existing conditions
• Care of new problems arising during the post-op period
• Care of the underlying disease process when this is not cured by the surgical procedure
• Services of other physicians, except where the surgeon and the other physician(s) agree on a transfer of care
• Diagnostic tests and procedures, including diagnostic radiological procedures
• Treatment for post-op complications that require a return trip to the OR
• Procedures that are planned to be performed in stages
• Immunosuppressive therapy for organ transplants

One of the most challenging issues related to separately billable services is the fourth bullet above: “Services of other physicians, except where the surgeon and the other physician(s) agree on a transfer of care.”

This exception is meant to clarify that medically necessary care outside the surgeon’s skill set is separately billable when performed by a physician in another specialty. For example, the surgeon is expected to take care of the patient’s post-op wound and manage healing. But, if the patient develops an infection and the surgeon needs assistance from an infectious disease (ID) specialist, the ID physician may bill separately for his or her services.

This is not a “blank check” to bill separately for services that are part of the surgical package when performed by other physicians. Medicare and other payers do not intend to pay twice for the same services. When the American Medical Association (AMA) Relative Value Update Committee (RUC) values surgical procedures, it includes the costs associated with the surgical package—including the history and physical (H&P) or clearance for surgery, typical inpatient follow-up care (which can include critical care level services for some procedures), and outpatient follow-up visits with removal of stitches and staples, dressing changes, and other appropriate post-op care. When these services, which are already paid as part of the surgical package payment, are performed by other physicians, there are a number of factors to consider when deciding how to bill.

Pre-op H&P

A pre-op H&P is included in the surgical package; however, if the patient has medical conditions that require separate clearance and management beyond the standard H&P, these services can be billed separately. These circumstances might occur if the patient develops a new problem, or experiences another significant status change in the days prior to surgery (e.g., A urologist schedules a patient for a transurethral resection of the prostate (TURP). Because the patient also has a heart condition, the urologist sends the patient to a cardiologist for preoperative clearance). To establish medical necessity for the visit, you’ll need to link the appropriate diagnosis or signs and symptoms to any E/M service reported.

If the surgeon routinely sends his or her otherwise healthy patients to primary care physicians for clearance, even when there is no medical necessity for that service, the primary care physicians are in a tough spot. The clearance is part of the surgical package and shouldn’t be paid twice. There is also no medical necessity for a separate E/M service unrelated to the surgery. This means that the primary care physicians cannot bill for services, or must send patients back to the surgeon for this care.

If the surgeon reduces his package payment, primary care physicians can bill for the standard pre-op care; although, CMS dictates the surgical package should not routinely be broken. Unless the patient cannot reasonably receive this service from the surgeon because of geographic distance or other factors, Medicare considers it abuse to cause unnecessary extra costs and risks in processing two claims (one for the surgeon and one for the primary care physician).

Inpatient Follow up

Highly complex postop management is typical for patients who have had heart surgery, brain surgery, transplants, and other procedures requiring close monitoring in the intensive care unit (ICU)—even when everything is normal—and the reimbursement for that level of post-op care is included in the package payment. This can be a problem in hospitals with “closed” ICUs staffed by certified intensivists. If the intensivists try to bill their services in the post-op period, when the monitoring is simply the appropriate critical care level monitoring required after the procedure, they will find that these services are included in the package reimbursement and are not separately billable.

Find Billing Solutions

If the surgeon hands off work for which he or she has already been paid as part of the surgical package, the physician who performs this work must be careful how he or she bills.

If the surgeon has reduced his or her package billing using modifier 54 Surgical care only, the other physician(s) involved in the patient’s care can bill for his or her services using modifiers 55 Postoperative management only and 56 Preoperative management only. If this happens routinely, it’s possible the practice will be questioned because it adds claims processing costs to the payer, and is unnecessary if there is no reason for splitting the package.

Some surgeons have found that having this care provided by someone else with whom they have developed special contracts is very beneficial to them and to the patient. The surgeon pays another physician separately for the pre-op work included in the package payment. This can be especially advantageous because the patients get good care; the surgeons are not stuck in the clinic when they’d rather be in the OR; and the primary care physician providing follow-up care gets reimbursed for his or her work. Surgeons choosing this option should be careful to prove the full surgical package was performed for the patient because this issue is under Office of Inspector General (OIG) and recovery audit contractor (RAC) scrutiny.

Surgeons may hire someone into the practice to handle these patient care services, which resolves the aforementioned problems. With appropriate documentation, these individuals may bill separately for those medically necessary services identified as separately billable, and may be motivated to do so because they do not have surgical reimbursement to offset the cost of their practice.

When looking for ways to resolve payment issues related to the surgical package, physicians and surgeons must consider OIG, Medicare administrative contractor (MAC), RAC, and zone program integrity contractor (ZPIC) issues, as well as Medicaid and commercial payer issues. Proper surgical package billing should be a priority in any surgical office, or any other practice that collaborates with surgeons for care related to surgical procedures.

Marcella Bucknam, CPC, CPC-H, CPC-P, CPC-I, CCC, COBGC, CCS, CCS-P, is internal audit manager at Chan Healthcare. She is the long-time consulting editor for General Surgery Coding Alert, and has presented at five AAPC national meetings.