Medicare CERT Audit Defense

Medicare Comprehensive Error Rate Testing (CERT) audits present risks for both providers and carriers. If your company or practice is facing a CERT audit, it is important that you consult with defense counsel promptly.

Lynette Byrd
Attorney Lynette Byrd
Healthcare Fraud Team Lead
Former Federal Prosecutor
Nick Oberheiden
Attorney Nick Oberheiden
Healthcare Fraud Team
Kevin M. Sheridan
Kevin M. Sheridan
Healthcare Fraud Team
Former FBI Special Agent
Wade McFaul
Wade McFaul
Healthcare Fraud Team
Former HHS-OIG Assistant Special Agent-in-Charge

The U.S. Centers for Medicare and Medicaid Services (CMS) use several means to assess and enforce compliance with the Medicare billing rules and regulations. One of these means is the Comprehensive Error Rate Testing (CERT) audit. While CMS briefly suspended its CERT program in the early stages of the recent pandemic, the program is back in full force, and CMS is using the program to seek recoupments and refunds from both providers and carriers.

Unlike other types of Medicare audits, CERT audits do not necessarily target providers directly (although, as discussed below, providers will often be directly involved). Instead, they can target providers, carriers, or other fiscal intermediaries that administer billings and payments between providers and Medicare. CERT audits can cover Medicare Part A, Part B and durable medical equipment (DME) payments, and they can involve the review of a substantial volume of Medicare billings submitted on behalf of one or more providers.

About the Medicare CERT Audit Program

The Medicare CERT audit program, “measures payment compliance with Medicare [Fee for Service] program federal rules, regulations, and requirements.” However, while the CERT program is a measurement tool, it is also a tool that CMS uses to secure recoupments and refunds for overbilled amounts. Additionally, even though CERT audits most often examine fiscal intermediaries’ billing practices, any alleged billing violations can result in liability for the providers on behalf of whom improper billings were submitted.

Through the Medicare CERT audit program, CMS seeks to identify “improper payments,” and it notes that, “[b]oth overpayments [and] underpayments are considered improper payments.” However, when identifying the types of improper payments targeted in Medicare CERT audits, CMS exclusively lists the following:

  • Payments to ineligible recipients
  • Payments for ineligible services
  • Duplicate payments
  • Payments for services not received
  • Payments in incorrect amounts

As a result, Medicare CERT audits primarily focus on uncovering overpayments. This means that providers and carriers targeted in these audits must be proactive about defending themselves and disputing any unwarranted recoupment or refund demands.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former Assistant U.S. Attorney


Ellen Comley
Ellen Comley

Senior Counsel


Roger Bach
Roger Bach

Former Special Agent (OIG)

Steven Taylor
Steven Taylor

Healthcare Compliance Consultant

Susan Sage
Susan Sage

Healthcare Auditor

Responding to a Medicare CERT Audit Letter

Medicare CERT audits begin with the delivery of a letter to the targeted provider or carrier. CMS conducts a limited number of CERT audits annually, with each audit focused on claims submitted from July 1 through June 30 in the period preceding the fiscal year in which the audit is conducted.

Understanding Providers’ and Carriers’ Legal Obligations

Upon receiving notification of a Medicare CERT audit, a provider or carrier has a number of responsibilities. Most significantly, the provider or carrier must provide all documentation requested in the letter to CMS. As CMS’s Sample Part A Initial CERT Letter explains:

“Federal law requires that providers/suppliers submit medical record documentation to support claims for Medicare services upon request. Providers/suppliers are required to send supporting medical records to the CERT program. . . . Providers/suppliers are responsible for obtaining and providing the documentation as identified on the attached Bar Coded Cover Sheet. . . .”

This alone can be a substantial undertaking. It also presents many potential risks. While CERT audits are intended to allow CMS to recover overpayments, improperly billing Medicare can also lead to civil or criminal penalties under the U.S. False Claims Act and other federal laws.

A Medicare CERT audit letter will include a deadline for delivering the relevant documents to CMS. Even if a provider or carrier cannot locate all of the requested documents, “[a] response is still required.” Failing to duly respond to a Medicare CERT audit letter can itself lead to legal issues for providers and carriers; and, as a result, providers and carriers must get to work promptly upon receiving one of these letters from CMS.

Providing Documents and Communicating with CMS During a CERT Audit

When responding to a CERT audit letter, ensuring full compliance with CMS’s request is important. But, equally important, if not more so, is ensuring that the response does not include any documents that the provider or carrier is not required to disclose.

Generally speaking, providing records to CMS during a CERT audit does not raise patient privacy concerns under HIPAA—CMS has made this clear. Instead, the greater risk is that providers or carriers will inadvertently or unknowingly disclose information that exposes them to the potential for additional scrutiny, which could in turn lead to additional recoupment demands, prepayment review, and other penalties.

When representing providers, carriers, and other entities during Medicare CERT audits, we work closely with our clients to ensure that they provide the necessary documents – and only the necessary documents – to CMS. We also communicate with CMS on behalf of our clients, intervening in the audit process to help ensure that it does not result in unwarranted recoupment or refund demands. While it may be possible to challenge the outcome of a Medicare CERT audit after the fact, it is generally less time-consuming and more cost-effective to present an effective defense during the audit process.

Assessing Risk Before, During, and After a Medicare CERT Audit

Due to the potential negative outcomes of a Medicare CERT audit, it is important for companies and practices that are facing these audits to carefully assess their risk. This includes assessing their risk before, during, and after the audit.

Once an audit letter has been received, it is important for the recipient to promptly conduct an internal Medicare billing compliance assessment. This assessment should be conducted in coordination with outside legal counsel to ensure that it is subject to the attorney-client privilege. The information gathered during this assessment will inform the subsequent steps the company or practice takes in response to CMS’s letter.

Companies and practices should continue to assess their risk during Medicare CERT audits in real time. If the audit uncovers something unexpected, or if the audit reaches a misguided conclusion, this must be identified and addressed promptly. Likewise, once the audit concludes, it will be necessary to assess the audit’s implications—whether this means providing additional training, updating the company’s or practice’s Medicare compliance program, or preparing for a potential Medicare fraud investigation.

FAQs: What Providers and Carriers Need to Know about Medicare CERT Audits

Why is My Company or Practice Being Targeted in a Medicare CERT Audit?


CMS selects providers, carriers, and other entities to target in Medicare CERT audits at random. When conducting these audits, CMS also selects, “a stratified random sample” by claim type—including Medicare Part A; Medicare Part B; and Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS).

Who Conducts a Medicare CERT Audit?


The Centers for Medicare and Medicaid Services (CMS) conduct CERT audits. CMS relies on “medical review professionals” to both (i) review submitted documentation to determine if claims are proper, and (ii) assign improper payment error categories. These medical review professionals include nurses, medical doctors, and certified coders. Even so, it is not uncommon for Medicare CERT audits to result in improper classification of providers’ billings; and, as a result, it is imperative that carriers and providers play an active role in the process.

What Do Health Care Providers Need to Know about Medicare CERT Audits?


Even when a Medicare CERT audit targets a carrier or other fiscal intermediary, it is still important for providers to play a role in the process. Typically, when auditing fiscal intermediaries, CMS will send documentation requests to the providers whose billings are under review. If neither the intermediary nor the provider submits documentation substantiating a claim, then the claim will be classified as “no documentation”—and deemed improper as a result.

What are the Consequences of Failing to Provide Requested Documentation in Response to a Medicare CERT Audit?


Failure to provide requested documentation in response to a Medicare CERT audit can have immediate financial consequences. As CMS’s Sample Part A Initial Letter states, “If the provider/supplier fails to send the requested documentation or contact CMS by [the deadline], the provider’s/supplier’s Medicare contractor will initiate claims adjustments or overpayment recoupment actions for these undocumented services.” It can also raise questions as to why a provider or carrier failed to provide the requested documentation, and this can in turn lead to further inquiry.

When Can a Billing Be Deemed “Improper” During a Medicare CERT Audit?


During Medicare CERT audits, providers’ billings can be deemed “improper” on various grounds. Some of the most common reasons for billing reversals during these audits include: insufficient documentation, lack of medical necessity (or proof of medical necessity), incorrect coding, services provided by someone other than the billing provider, and billed supplies or equipment being ineligible for Medicare reimbursement.

Contact Oberheiden P.C. for More Information

If you have received a Medicare CERT audit letter, we encourage you to contact us promptly for more information. Our federal health care fraud defense lawyers and Medicare compliance consultants work with companies and providers nationwide. For a complimentary initial consultation, call 888-680-1745 or request an appointment online today.

If you need help
defending your medical license
you should contact us today

Contact the
Experienced Attorneys of Oberheiden P.C.
Now for a Confidential Consultation

Contact Us Now