The ABCs of Wound Care Auditing

Login toDownload PDF version
Issue Number: 
Volume 6 Issue 6 - August 2012
Caroline Fife, MD, FAAFP, CWS

  Although most clinicians are committed to excellence in patient care and honesty in service charges, the actions of unscrupulous practitioners and companies are bringing increased scrutiny on everyone.

  In February, federal authorities in Dallas arrested a Texas doctor and six others for perpetrating a scheme that cheated the government out of nearly $375 million in Medicare and Medicaid fees by registering homeless people for home healthcare services they never received.

  With only four doctors and 15 nurses on staff, the company owned by the physician in question is said to have certified more than 11,000 patients since 2006, more than any practice in the US. The US attorney’s office in Manhattan described the magnitude of the fraud as “astonishing.” It also raises the question: Why did it take so long to figure out there was a problem?

  The answer likely lies within the numbers. Medicare provides health coverage for 47.5 million people. It processes more than 1.2 billion claims annually, or more than 4.5 million claims per day. In 2010, Medicare spent $516 billion for covered items and services.

  As this article will show, all efforts aimed at uncovering those who file improper payments are focused on the detection of statistical anomalies in various aspects of claims analysis. (This is a theme that is more thoroughly explored in the article “The Coming Audit Storm” on page 18.)

  Despite the efforts of claims-processing contractors, Medicare remains among the top three federal programs with “improper payments.” To combat this problem, the federal government has launched new audits that organizations and providers must contend with. As clinicians, we must recognize that there are people out there who take advantage of the reimbursement system and be knowledgeable as to what can raise red flags regarding our own practices.

  Healthcare providers who are involved in an audit may find themselves overwhelmed in their attempts to comprehend and/or prepare for the investigation.

  The purpose of this article is to help clinicians make sense of the “alphabet soup” that the scope of auditing can appear to be and to present an overview of current governmental auditors, their respective scopes, and the appeals processes that exist.

Governmental Auditors

  There are more than a dozen US governmental auditing bodies currently at work in our healthcare system, which has most recently seen additions that include Recovery Audit Contractor (RAC) audits and Zone Program Integrity Contractor (ZPIC) audits. Other audits such as Comprehensive Error Rate Testing (CERT) have existed for many years, and their auditors may have overlapping jurisdiction.

  Governmental auditors are authorized to investigate claims submitted by any entity or provider that provides Medicare beneficiaries with procedures, services, and treatments. In addition, anyone who submits claims to Medicare and/or one of its fiscal intermediaries, regional home health intermediaries, Medicare Administrative Contractors (MACs), durable medical equipment suppliers, and/or carriers is also subject to investigation.

  Below are brief descriptions of the major auditors and their objectives. We focus on the RAC programs first, then provide an alphabetized list of auditors.


  The Tax Relief and Health Care Act of 2006 made permanent the RAC program to identify improper Medicare payments in all 50 states. RACs engage in two types of claims reviews in order to identify improper payments: automated reviews and complex reviews.

  An automated review is a review of claims data without a review of the actual records supporting the claim. A complex review consists of a review of actual medical records and is used in situations where there is high probability that a claim includes an overpayment. RAC auditors work strictly on commission, receiving anywhere from 9-12.5 percent of everything they collect, and they can extend their reviews as far back as 36 months. The RAC program’s mission is to reduce improper Medicare payments through the detection and collection of overpayments, the identification of underpayments, and the implementation of actions that will prevent future improper payments. Many of these procedures involve data-mining activities based on billing information.

  Some industry experts have suggested RAC audits may impose the largest operational impact to healthcare organizations and providers, in part due to their contingency basis. Recent changes have increased RAC record requests to 500 records every 45 days. The RACs use proprietary software programs to identify potential payment errors in such areas as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding.

  Again, remember that these auditors are looking for statistical anomalies. Thus, it is imperative that you know not only whether you can justify your billed level of service, but whether the distribution of your charges falls in an acceptable range from a statistical standpoint.

  To understand just how successful the RAC program has been, consider these numbers:
    • From March 2005-March 2008, RACs succeeded in correcting more than $1.03 billion in Medicare improper payments, according to the Centers for Medicare and Medicaid Services (CMS). Approximately 96 percent ($992.7 million) were overpayments collected from providers while the remaining 4 percent ($37.8 million) were underpayments repaid to providers. As part of this demonstration project, RACs were given six years of claims data for all Medicare providers to review.

    • The improper payments identified by RACs included:
      1. Payments made for services that did not meet Medicare’s “medical necessity” criteria (eg, therapy sessions that were excessive).

      2. Payments made for services that were coded incorrectly or failed to comply with Medicare/Current Procedural Terminology® guidelines (eg, principal diagnosis on the claim did not match principal diagnosis on the medical records).

      3. Failure to support claims with proper medical documentation (eg, medical records did not adequately describe the procedures reported on the claim).

      4. Submittal of claims to Medicare that should have been submitted to another insurer (eg, failure to meet Medicare “secondary payer” criteria).

      5. Other reasons, such as submitting duplicate claims or using outdated fee schedules.

   (For examples of what should constitute a red flag within your practice, see the feature article “Signs of an Impending Audit” on page 22.) It is important to remember that CMS approves the issues for RACs to review. Each RAC website lists the approved issues they will target (visit Also, Medicare’s Quarterly Provider Compliance Newsletter ( provides information on specific infractions, including problem descriptions and how providers can avoid them.

  Understanding Medicare billing requirements, especially issues that CMS and RACs are targeting, is the best way to prepare for and avoid a RAC audit. If a Medicare provider or supplier receives a claim denial, or a finding of overpayment is made as a result of a RAC review, this denial will be subject to the Medicare Part A and Part B appeals process. The regulations governing this process are contained in the Federal Register. Although medical providers cannot prevent a RAC audit, they can immediately get systems in place for tracking record requests and responding in a timely way. However, the best defense is a good offense. It’s better to understand billing rules and create compliant programs.

Medicaid RAC

  These RACs are tasked with identifying and recovering overpayments made in the Medicaid system as well as reporting fraud and criminal activity.


  Implemented by CMS to measure improper payments in the Medicare Fee-for-Service (FFS) program, the CERT program chooses all claims at random and is designed to pull a random electronic sample of claims processed. CMS outlines the procedure for how records are requested for the CERT program through its Improper Medicare Fee-for-Service Payments Report, which is available at


  The Department of Justice (DOJ) collaborates with many auditing agencies, including the Office of Inspector General (OIG) and the Department of Health and Human Services (HHS). DOJ auditors can work on various civil fraud cases such as healthcare fraud. When a federal or state investigative agency identifies a subject that is under current investigation in multiple states or jurisdictions, the information is sent to the DOJ to develop a nationwide strategy to coordinate resources.


  The goal of the Health Care Fraud Prevention and Enforcement Action Team (HEAT) is to prevent fraud and abuse in the Medicare and Medicaid programs.

  Increased HEAT audits are considered to be the top compliance risk because the program has been incredibly successful in building partnerships between DOJ, HHS, and other agencies. In 2011, the US government dedicated an extra $60.2 million to fund additional teams and investigations.


  MAC audits are used to determine whether particular billed services are medically necessary and should be covered under Medicare.

  All claims submitted to MACs are put through a “scrubber” to check against claim edits and ensure payments are made to certified providers as part of their pre-payment review. In other words, MACs primarily review claims on a prepayment basis. However, the MACs’ prepayment edits can be sent to the RAC for retrospective review. It is anticipated that in the future, the MACs will work more closely with the RACs. According to American Health Information Management Association, if an organization receives a MAC review and identifies a billing or coding error, it is best to self-report any past discharges in order to stop a potential RAC retrospective review.


  The Deficit Reduction Act of 2005 created the Medicaid Integrity Program (MIP).

  CMS has two broad responsibilities under MIP: 1) to hire contractors to review provider activities, and 2) to support states in their efforts to combat fraud and abuse. The Medicaid Integrity Group oversees the MIP through Medicaid Integrity Contractors (MICs) and State Program Integrity Operations.

  MICs conduct audits of Medicaid claims. Unlike RACs and Zone Program Integrity Contractors (ZPICs), whose appeals processes are determined by federal regulations, MIC appeals processes vary by state.1


  Medicaid Fraud Control Units (MFCUs) are certified by HHS and are responsible for conducting state initiatives aimed at investigating and prosecuting providers that defraud the Medicaid program.

  MFCUs may also review complaints of abuse or neglect of nursing home residents or the misappropriation of a patient’s private funds. Their jurisdiction also includes investigating fraud allegations within any federally funded healthcare program. Most are located in each state attorney general’s office.


  The OIG’s mission is to protect the integrity of HHS programs as well as the health and welfare of the beneficiaries of those programs.

  The OIG’s activities are under the authority of the US Inspector General. Since 1993, the OIG has performed audits and investigations of fraud and abuse within governmental programs. If you are notified of an OIG investigation or audit, depending on the nature of the violation, you probably need legal counsel. Note: A RAC auditor may also target issues resulting from an OIG investigation. (Reference the May 2007 OIG report on surgical debridement services.) Clinicians can rest assured that debridement is on the RAC work plan. In addition, the OIG has recommended that RACs focus on evaluation/management (E/M) coding and has provided RACs with the names of 17,000 physicians who are billing high E/M levels of service. RACs have reportedly noted a 17 percent increase in level four and five E/M codes, and have targeted physicians who bill these most frequently. The need for constant statistical data on billed charges will further drive the adoption of electronic health records that are capable of performing the necessary calculations and producing the reports clinicians need to monitor their activity. Therefore, clinicians and hospitals must be capable of conducting the “statistical sampling” that auditors are conducting to avoid audit targets.


  The State Offices of the Medicaid Inspector General (OMIG) represents a group of independent agencies within the individual state departments of health. Their purpose is to improve the integrity of state Medicaid programs by coordinating the fraud and abuse activities of the multiple state agencies that provide Medicaid-funded services. Each OMIG is different but they often work with agencies such as the Department of Mental Health, Office of Children and Family Services, and Office of People with Developmental Disabilities.


  The Payment Error Rate Measurement (PERM) program measures improper payments in the Medicaid program and the Children’s Health Insurance Program (CHIP). CMS has expanded PERM so that it includes Medicaid FFS claims as well as managed care claims and beneficiary eligibility in both the Medicaid and CHIP programs.


  ZPICs became effective in 2009 and are located in seven national regions.1 ZPIC auditors look for cases of fraud by analyzing claims data. While ZPIC audits are similar in many ways to other Medicare audits currently being performed, they do differ in one very important aspect – potential Medicare fraud implications. Of all the current CMS audit initiatives, these audits are often the most concerning for organizations and providers. They use statistical data sampling and extrapolation methods that allow them to recoup overpayments totaling hundreds of thousands of dollars. ZPIC audits should not be taken lightly and organizations should handle these types of audits with due diligence.

Caroline Fife is chief medical officer of Intellicure Inc., The Woodlands, TX, and co-editor of TWC.

References and additional resources for this article can be found online at