Blog Post

CMS Audits: Who, What, and Why

Increases in CMS audits for rehab therapy providers isn't a figment of your imagination. Learn why there's been an increase and what to do.

Mary Daulong
5 min read
September 6, 2019
image representing cms audits: who, what, and why
Share this post:


Get the latest news and tips directly in your inbox by subscribing to our monthly newsletter

This post about CMS Audits comes from Ascend 2019 speaker Mary R. Daulong, PT, CHC, CHP, President and CEO of Business & Clinical Management Services, Inc. Want to see Mary speak about audits during a live interactive session? Register for Ascend here. Curious about the rest of the speaker lineup? Check it out here.

Does it seem like there have been more audits of therapy documentation and billing recently? It is not a figment of your imagination; they are happening at a record pace. Unfortunately, each payer has its own reasons for initiating audits, so assuaging why you were selected can be a daunting task. 

After reading an article in Healthcare Finance—written by Dawn Crump, VP of Audit Management Solutions for HealthPort—I realized that providers who merely respond to requests for records are leaving very valuable data on the table. According to Crump, “Regardless of which health plan auditor sends a record request, providers should capture robust demographic data about each case reviewed.” While the average practice likely does not utilize audit technologies, we must recognize that our payers are using some, if not all, of the available audit tools. Crump goes on to provide “the most important data elements to be captured, tracked and monitored relating to audits” (which I’ve included below). After all, she says, “Plans are basing your next provider contracts on audit cases. Know what's in them!”

To that end, if you’re the subject of an audit, Crump advises paying close attention to: 

  1. “Dates of service
  2. “Patient/service type
  3. “DRG or other codes
  4. “Original payment
  5. “Review or denial reason”

Outpatient Therapy Audits

While Crump’s focus is mainly on hospital providers, I’ve connected the above list to applicable elements for outpatient therapy Medicare providers and suppliers (based primarily on guidance from the Medicare Program Integrity Manual). Below is a rundown of the types of CMS audits outpatient therapy providers/suppliers are typically subject to.

Traditional Medicare and Medicaid perform these types of audits: 

  • Medicare Administrative Contractor (MAC) 
  • Comprehensive Error Rate Testing (CERT)
  • Recovery Auditors (RACs)
  • Supplemental Medical Review Contractors (SMRC)
  • Unified Program Integrity Contractors (UPICs)—formerly known as Zone Program Integrity Contractors (ZPICs); Program Safeguard Contractors (PSGs); and Medicaid Integrity Contractors (MICs)

Medicare Advantage, Medicaid, and commercial payers perform this type of audit:

  • Risk Adjustment and Medical Records Reviews (MRRs)

Review activities performed by the above contractors are classified according to how, what, and when they carry out the reviews. Reviews can happen at the prepayment and/or post-payment stage. Only MACs and UPICs audit records on a prepayment basis; the others perform only post-payment claims and records reviews. Not all auditors review the same material or use the same processes, but all reviews are based on regulations. For instance, both prepayment and post-payment auditors vary what data they review based on the purpose of the audit, which then dictates whether they perform a medical record review, a non-medical record review, or an automated review. 

Medical Record Reviews: Medical record reviews are initiated via a letter from the auditor, which typically states the reason for the audit, what will be reviewed, what the timeframes are, and what appeal options are available. The Advanced Document Request (ADR) is then followed by a list of beneficiaries and dates of service to be reviewed.

Non-Medical Record Reviews: Non-medical record reviews use manual intervention, but only to the extent that a reviewer can make a determination based on information on a claim. It does not require clinical judgment, because the claim tells the story. 

Automatic Reviews: Automatic reviews differ from non-medical reviews, because the payment decision is made at the system level and clinical records are not reviewed; clear policies are the basis for the denial.

How you respond to an ADR can influence the overall outcome of the audit, because auditors work at a deadly pace. If you can reduce the energy expended in the audit process by submitting legible and organized records you will at least start on the right foot. The initial communication from CMS generally indicates the reason for the review, but don’t shy away from asking questions if directions or requests are not clear. 

Another proactive measure you can take is to study your remittance advice notices to see if there is a denial trend and, if there is one, start corrective action or appeals immediately. Ignoring denials could be considered reckless disregard, which could be considered a potential violation of the False Claims Act.

Dates of Service

Dates of service is at the top of Crump’s list for good reason. Audits based on specific dates can be triggered by many factors, but in most situations, they are randomly selected. One thing is for certain, though: when the auditor requests a specific date or dates, he or she is expecting all documentation leading up to and including those dates so that medical necessity and the need for skilled intervention can be verified. As we know, in 2006, Medicare stated that the progress report—not the daily note—is used to justify medical necessity. The treatment daily note’s purpose is to demonstrate that the charges rendered were indeed the services performed. So, don’t fail to include the evaluation, signed plan(s) of care, progress reports, and discharge report (if applicable), as well as the notes for the dates of service specified.

In most cases, therapists are audited based not on a particular medical diagnosis, but rather on services rendered as identified by CPT codes. This is an area that truly tells the story via the claim. Data analytics assist the auditors in analyzing raw data in order to identify aberrant coding and billing behavior. The redundant use of the same codes and/or code sets can be red flags implying that clinical decision-making is scant or rousing suspicions of fraud.

Top Three Audit and Report Types

The top three audits or reports that Part B therapy providers are experiencing are:

1. Comparative Billing Report Program (CBR)

An educational tool for providers, this report provides data on providers’ Medicare billing trends, allowing providers to compare their billing practices for certain CPT codes against their peers in a specified geographical area. Its purpose is to help the provider understand Medicare’s billing guidelines and rules. It is prudent, but not required, for the provider to communicate with the CERT contact individual to discuss the report and take action as necessary.

2. Comprehensive Error Rate Testing Program (CERT)

The purpose of this audit is to measure payment compliance based on statutory requirements. This audit has the potential to impact the MAC as well as the provider.  Both overpayments and underpayments are considered improper payments. Improper error categories are:

  • Insufficient documentation
  • No documentation submitted
  • Lack of documented medical necessity
  • Incorrect coding 

Each year, there are CERT reviews of approximately 50,000 claims based on a statistically valid stratified random sample of claims, both paid and denied. The CERT audit begins with a request for records, which generally only includes a few dates of service. Patient records are requested from the billing provider or supplier, and if no documentation is received within 75 days of the initial request, the claim is counted as an error. Once the review is completed, the CERT program notifies the MAC, and the MAC repays underpayments and recoups overpayments. MACs are graded on the number of improper payments that, down the road, can result in the loss of the contract with Medicare.

The CERT program estimates the number of improper payments discovered and reports that estimate to the Department of Health and Human Services, where the improper payment rate is calculated and subsequently reported to Congress. Agencies must delineate what corrective action they will take—or have taken—to reduce improper payments. 

3. Targeted Probe and Education Program (TPE)

This program is also considered educational and is designed to help reduce claim denials and appeals. MACs carry out TPEs and base their selection of providers and suppliers on data analysis focused on high claim error rates or unusual billing practices—as well as billed items and services that have high national error rates and are a financial risk to Medicare. Keep in mind that the MACs derive their “targets” from claims, which is yet another example of how the claim tells the story.

So, at this point, you may be asking, “What are unusual billing practices?” Based on my years of experience with audits and appeals, some of those unusual practices are:

  • Redundant coding: Utilizing the same CPT code or sets of codes regardless of the patient’s condition or diagnosis.
  • Flat or non-progressive coding: The interventions represented by CPT codes on the claim do not demonstrate a move from simple interventions to more challenging activities throughout the episode of care.
  • Generic coding: The use of CPT codes without regard to their definition or the purpose of the service.
  • Payment-focused coding: Billing codes based on their position on the fee schedule (i.e., choosing the highest-paying codes).
  • Volume coding: Numerous individuals billing under one National Provider Number (NPI). 

Once the auditor receives and reviews the documentation, he or she generally focuses on one or more of these documentation and coding requirements:

  • Completed and timely plans of care with dated signatures
  • Developed functional and measurable long-term goals based on impairment levels per standardized tests, environmental and social factors, and comorbidities and complexities 
  • Documented skilled interventions and provider interaction in the treatment encounter (daily) note
  • Documented treatment and visit time, in minutes, that correlates to units billed
  • Completed and timely progress reports with all required elements documented
  • Validated modifier utilization (e.g., procedures documented as performed at separate and distinct times for modifier 59 use, or KX threshold modifier supported by documented medical necessity)

The TPE Program provides ample opportunity for the provider or supplier to improve his or her documentation and/or coding. With each ADR, there is an associated educational session followed by a 45-day “learning curve period.” If there is a high error rate, then a second round of ADR will follow once the initial time period has elapsed, giving the TPE auditor the option to request 20 to 40 more charts to validate improvement. Should the provider or supplier not demonstrate significant improvement, then the auditor may call for a third round of charts and education.

The TPE has a total of three rounds of ADRs and education. Should the provider or supplier fail to improve his or her documentation and/or coding, the TPE auditor has the option to initiate pre-payment audits or to refer to a higher-level auditor such as UPIC.

Now that you have the basics under your belt, you will be better prepared to organize and submit records that meet or surpass the TPE auditor’s expectations. For more information on these audits, please mark your calendars for September 20, 2019, from 11:35 AM to 12:35 PM. I will be presenting Medicare’s Targeted Probe and Education Review: Why Would They Pick You? at Ascend. As an attendee, you will receive ADR support documents to assist in the management of your clinical and billing records submission in the event of an audit.

Mary Daulong, PT, CHC, CHP, has a very diverse physical therapy practice background that includes private practice ownership. She established Business & Clinical Management Services, Inc in 2000, and has been dedicated to working with healthcare professionals in the areas of federal and state compliance, off-site audits and on-site surveys, and payment and coverage policy consultation, including billing, coding, and documentation. Her company also provides compliance policies and procedures manuals specifically for outpatient therapy services and provider enrollment services. Mary has been certified in healthcare compliance since 2002, and is also certified as a HIPAA professional. She has been an active member of the APTA for more than forty years, during which she actively participated and chaired numerous committees at the national and component levels. She has also presented courses and webinars at the state and national levels for more than thirty years with rave reviews.


KLAS award logo for 2024 Best-in-KLAS Outpatient Therapy/Rehab
Best in KLAS  2024
G2 rating official logo
Leader Spring 2024
Capterra logo
Most Loved Workplace 2023
TrustRadius logo
Most Loved 2024
Join the PXM revolution!

Learn how WebPT’s PXM platform can catapult your practice to new heights.

Get Started
two patients holding a physical therapist on their shoulders