Tag Archives: Medicare Administrative Contractor

Mitigate Risk Audit Insurance

Mitigate Medicare Risk with Audit Insurance

Health care providers can mitigate the risks of audits by purchasing insurance. But there are many types of insurance to choose from, and what is covered varies widely from one policy to another. Understanding a few of the basics will help a provider be a smarter consumer.

First, we will examine the threat, then look at ways to mitigate risk.  Finally, we will examine a few channels available to purchase what is needed.

In general, there are three categories of threat challenging a health care provider. The first is a traditional RAC-type audit; the second is the secondary threat of regulatory actions; the third is the possibility of class action suits that might be filed seeking gigantic damages.

Readers of RACmonitor are most familiar with an audit of claims by a RAC, ZPIC or CMIP or other authorized auditor. It starts with an innocent request to review a few claims, then eventually turns into a sample then statistical extrapolation demanding repayment of usually large sums of money. In order to handle this challenge, the provider must hire legal counsel, and a number of experts in statistical and claims analysis to develop a defense. this type of audit is increasing rapidly, so the chances of being audited is skyrocketing.

Regulatory actions pose a second and even more grave threat. The Office of the Inspector General (OIG) can follow up a RAC audit with a Civil Monetary Penalties Law (CMPL) (42 USC Sec. 13201-7) action that can be up to $5,000 per improper claim. But for health care providers, actually there is a vast regulatory shadow.  Other regulatory actions can come from the Health Information and Technology for Economic and Clinical Health Act (HITECH) (Title XIII of Pub.L. 111-5)* which governs your handling of Electronic Health Records (EHR); the U.S Office of Civil Rights (OCR) who is focuses on how you handle personal data; the False Claims Act (FCA) (31 USA Sec. 3729-33; 18 USC Sec. 287); The Anti-Kickback Statute (AKS) (42 USC 1320A-7b(b)); the Physician Self-Referral Law (Stark Law) (42 USC Sec. 1395nn); the Criminal Health Care Fraud Statute (18 USC Sec. 1347); and of course the Health Insurance Portability and Accountability Act (HIPAA) (Pub.L. 104-191; 110 Stat. 1936) which is comprehensive but is generally associated with privacy of patient medical records.  HIPAA is supplemented by a number of state privacy laws that may be triggered simultaneously, leading to a “double” investigation.

(*) The HITECH act is Title XIII of Pub.L. 111-5 which was titled the “American Recovery and Reinvestment Act of 2009”.


Between 2011 and 2012 the number of audits by Medicare Administrative Contractors (MAC) went up by 700%.   This rise in audits by 700% “do not include the reviews performed by the three legacy contractors that continue to provide claims administration services”.   So this means, the number is even greater.


Knowing the role of these different auditors is crucial:

  1. Medicare Administrative Contractors (MAC) – (1) process and pay claims; (2) conduct pre- and postpayment claims reviews; (3) recoup overpayments; (4) remediate underpayments.
  2. Zone Program Integrity Contractors (ZPIC) – perform pre- and postpayment claims reviews (looking for fraud).(*)
  3. Comprehensive Error Rate Testing (CERT) contractors – conduct postpayment claims reviews on a random sample of claims processed by the MACs (to estimate Medicare improper payment rate).
  4. Recovery Auditors (RA) – (1) conduct data analysis; (2) conduct postpayment claims reviews,

The data was collected by the GAO which argued that inconsistencies between the different programs demand that some attempt be made to harmonize the rules and processes.


Reference: Report to Congressional Requesters, Medicare Program Integrity: Increasing Consistency of Contractor Requirements May Improve Administrative Efficiency. GAO-13-522.  (Washington, D.C.: Government Printing Office, July 2013).

Note: (*) The Zone Program Integrity Contractor (ZPIC) companies are (1) Safeguard Services (SGS); (2) AdvanceMed; (3) Cahaba; and (4) Health Integrity.

Original Medicare (Parts A and B Fee-For-Service) Appeals Process

There are five levels to the Medicare Appeals Process, and the timing appears to be ample for what is required.  Here is the amount of delay involved if you wait until the last minute:

120+180+60+60+60=480 days or 16 months.  However, it appears that most if not all cases take much longer than that, particularly as higher levels of appeals are confronted.

Original Medicare (Parts A and B Fee-For-Service) Appeals Process
Original Medicare (Parts A and B Fee-For-Service) Appeals Process

There is a detailed write-up by Elissa K. Moore, R. Brent Rawlings, and Jessica L. Smith of McGuireWoods here.  Title:  “A Primer on RAC Appeals“. Moore also is associated with the Annals of Health Law published at Loyola University Chicago School of Law.