Medicare CERT Audit Defense

Medicare Comprehensive Error Rate Testing (CERT) audits present risks for both providers and carriers. If your company or practice is facing a CERT audit, it is important that you consult with defense counsel promptly.

The U.S. Centers for Medicare and Medicaid Services (CMS) use several means to assess and enforce compliance with the Medicare billing rules and regulations. One of these means is the Comprehensive Error Rate Testing (CERT) audit. While CMS briefly suspended its CERT program in the early stages of the recent pandemic, the program is back in full force, and CMS is using the program to seek recoupments and refunds from both providers and carriers.

Unlike other types of Medicare audits, CERT audits do not necessarily target providers directly (although, as discussed below, providers will often be directly involved). Instead, they can target providers, carriers, or other fiscal intermediaries that administer billings and payments between providers and Medicare. CERT audits can cover Medicare Part A, Part B and durable medical equipment (DME) payments, and they can involve the review of a substantial volume of Medicare billings submitted on behalf of one or more providers.

About the Medicare CERT Audit Program

The Medicare CERT audit program, “measures payment compliance with Medicare [Fee for Service] program federal rules, regulations, and requirements.” However, while the CERT program is a measurement tool, it is also a tool that CMS uses to secure recoupments and refunds for overbilled amounts. Additionally, even though CERT audits most often examine fiscal intermediaries’ billing practices, any alleged billing violations can result in liability for the providers on behalf of whom improper billings were submitted.

Through the Medicare CERT audit program, CMS seeks to identify “improper payments,” and it notes that, “[b]oth overpayments [and] underpayments are considered improper payments.” However, when identifying the types of improper payments targeted in Medicare CERT audits, CMS exclusively lists the following:

• Payments to ineligible recipients
• Payments for ineligible services
• Duplicate payments
• Payments for services not received
• Payments in incorrect amounts

As a result, Medicare CERT audits primarily focus on uncovering overpayments. This means that providers and carriers targeted in these audits must be proactive about defending themselves and disputing any unwarranted recoupment or refund demands.

Put our highly experienced team on your side

Dr. Nick Oberheiden

Founder

Attorney-at-Law

John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Lynette S. Byrd

Former Assistant U.S. Attorney

Partner

Amanda Marshall

Former U.S. Attorney

Local Counsel

Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach

Former Special Agent (OIG)

Gamal Abdel-Hafiz

Former Supervisory Special Agent (FBI)

Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen

Former Supervisory Special Agent (FBI)

Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

Responding to a Medicare CERT Audit Letter

Medicare CERT audits begin with the delivery of a letter to the targeted provider or carrier. CMS conducts a limited number of CERT audits annually, with each audit focused on claims submitted from July 1 through June 30 in the period preceding the fiscal year in which the audit is conducted.

Understanding Providers’ and Carriers’ Legal Obligations

Upon receiving notification of a Medicare CERT audit, a provider or carrier has a number of responsibilities. Most significantly, the provider or carrier must provide all documentation requested in the letter to CMS. As CMS’s Sample Part A Initial CERT Letter explains:

“Federal law requires that providers/suppliers submit medical record documentation to support claims for Medicare services upon request. Providers/suppliers are required to send supporting medical records to the CERT program. . . . Providers/suppliers are responsible for obtaining and providing the documentation as identified on the attached Bar Coded Cover Sheet. . . .”

This alone can be a substantial undertaking. It also presents many potential risks. While CERT audits are intended to allow CMS to recover overpayments, improperly billing Medicare can also lead to civil or criminal penalties under the U.S. False Claims Act and other federal laws.

A Medicare CERT audit letter will include a deadline for delivering the relevant documents to CMS. Even if a provider or carrier cannot locate all of the requested documents, “[a] response is still required.” Failing to duly respond to a Medicare CERT audit letter can itself lead to legal issues for providers and carriers; and, as a result, providers and carriers must get to work promptly upon receiving one of these letters from CMS.

Providing Documents and Communicating with CMS During a CERT Audit

When responding to a CERT audit letter, ensuring full compliance with CMS’s request is important. But, equally important, if not more so, is ensuring that the response does not include any documents that the provider or carrier is not required to disclose.

Generally speaking, providing records to CMS during a CERT audit does not raise patient privacy concerns under HIPAA—CMS has made this clear. Instead, the greater risk is that providers or carriers will inadvertently or unknowingly disclose information that exposes them to the potential for additional scrutiny, which could in turn lead to additional recoupment demands, prepayment review, and other penalties.

When representing providers, carriers, and other entities during Medicare CERT audits, we work closely with our clients to ensure that they provide the necessary documents – and only the necessary documents – to CMS. We also communicate with CMS on behalf of our clients, intervening in the audit process to help ensure that it does not result in unwarranted recoupment or refund demands. While it may be possible to challenge the outcome of a Medicare CERT audit after the fact, it is generally less time-consuming and more cost-effective to present an effective defense during the audit process.

Assessing Risk Before, During, and After a Medicare CERT Audit

Due to the potential negative outcomes of a Medicare CERT audit, it is important for companies and practices that are facing these audits to carefully assess their risk. This includes assessing their risk before, during, and after the audit.

Once an audit letter has been received, it is important for the recipient to promptly conduct an internal Medicare billing compliance assessment. This assessment should be conducted in coordination with outside legal counsel to ensure that it is subject to the attorney-client privilege. The information gathered during this assessment will inform the subsequent steps the company or practice takes in response to CMS’s letter.

Companies and practices should continue to assess their risk during Medicare CERT audits in real time. If the audit uncovers something unexpected, or if the audit reaches a misguided conclusion, this must be identified and addressed promptly. Likewise, once the audit concludes, it will be necessary to assess the audit’s implications—whether this means providing additional training, updating the company’s or practice’s Medicare compliance program, or preparing for a potential Medicare fraud investigation.

FAQs: What Providers and Carriers Need to Know about Medicare CERT Audits

Contact Oberheiden P.C. for More Information

If you have received a Medicare CERT audit letter, we encourage you to contact us promptly for more information. Our federal health care fraud defense lawyers and Medicare compliance consultants work with companies and providers nationwide. For a complimentary initial consultation, call 888-680-1745 or request an appointment online today.