Spring 2022

Audit Alley: Getting Back to Normal: Planning for RAC Audits
By Karen M. Karban, RHIT, CDIP, CCS
For The Record
Vol. 34 No. 2 P. 8

It’s probably safe to say that most people are eagerly awaiting the long-anticipated “return to normal.” Unfortunately for those in health care, “normal” may mean dealing with our own version of The Good, the Bad, and the Ugly, aka, a resurgence in Recovery Audit Contractor (RAC) audits.

After two-plus years of the public health emergency (PHE) and repeated delays and suspensions of regulations and enforcement activities, the Centers for Medicare & Medicaid Services (CMS) appears poised to launch aggressive review activities. With an overall budget approaching $1.2 billion, Health and Human Services has the funding to increase fraud, waste, and abuse investigations, including the Recovery Audit Program.

Based on funding and already-documented instances of COVID-19 fraud and telehealth abuses, it is safe to assume that RAC audits will once again come to the forefront. Not unlike the obnoxious relative at holiday dinners who has been absent for a few years, health care organizations must have a plan in place for how to deal with the RACs.

Due in large part to the PHE, the resulting suspension of select reporting requirements, and frequent guideline changes, it is critical that health care organizations return to square one with RAC audit preparation. The first task is to understand the role of the RAC and how to hold it accountable.

CMS is required to protect the Medicare Trust Funds against inappropriate payments that pose a risk to the funds. The official resumption of Medicare Fee-For-Service medical review activities occurred last July. (The RAC Program pertains exclusively to Medicare Fee-For-Service claims.)

Upon conclusion of the original RAC Demonstration Project in 2008, four regions were established to cover review activities, with a fifth nationwide region devoted entirely to durable medical equipment and home health/hospice reviews. Regions I to IV were established to perform postpayment review on all Medicare claim types and provider types to identify overpayments as well as underpayments made under Part A or Part B of Title XVIII of the Social Security Act.

Review Types
The charter for RACs delineates two types of reviews that may be performed: automated and complex. Automated reviews rely on analysis of claims data to make a determination. These determinations are based on clear policies outlined in the law, regulations, or other guidance. Examples of automated reviews include multiple units billed for a service when local coverage determinations, national coverage decisions, or National Correct Coding Initiative edits clearly state only one unit is allowable. Some examples of this type of edit include the following:

• billing for multiple blood draws in a single day;
• billing add-on codes when the base code has not been coded and billed;
• billing for multiple initial therapy assessments when only one is allowed; and
• automated reviews occur out of sight of the provider until notification of an overpayment appears on a remittance advice: “adjustment based on recovery audit.”

Complex reviews require in-depth analysis to fully assess facility and/or provider documentation to determine whether the service was covered, was reasonable, and met medical necessity criteria. When conducting these reviews, RACs operate under specific requirements to have certified coders as part of their team in addition to other experienced clinicians. Complex reviews start with the issuance of an additional documentation request (ADR).

The date of the ADR starts the clock on the review activities associated with complex reviews. Facilities and providers have 45 days from the date of issuance of the ADR to deliver the requested documentation to the RAC. Assuming that the documentation is provided according to published time constraints, the RAC then has 60 days to complete its review and issue a review results letter. Each complex review requires the generation of such a letter at the conclusion of the review. If there were no findings, ie, no errors, the RAC process concludes. If there were findings consistent with errors, a discussion period and potential appeals process begins.

RAC Limitations
Despite RACs being charged with finding both overpayments and underpayments, the latter can be of particular concern to organizations. If the facility has completed a surgery in which a device has been implanted and the HCPCS code is not included or otherwise billed for, it might be assumed that this qualifies as an underpayment. However, the RAC will not recognize this as an underpayment and the claim risks being denied entirely.

Holding the RAC accountable requires that facilities and providers are aware of limitations that may work in their favor. For example, health care organizations must be aware that there is a limitation on the number of ADRs that can be issued in any given month. It’s also important to note that if the RAC fails to request the maximum allowable number of records in a given month, it can’t make up for that deficit in subsequent months.

Other limitations include the following:

• RACs cannot review records previously reviewed as part of another CMS program such as a demonstration project or preauthorization program.

• RAC reviews are restricted to the approved issues list, which can be found on the CMS site or the RAC site.

• RACs must accept documentation in electronic format but also have a mechanism for accepting hard copies of patient medical records.

If the thought of complying with RAC audits appears daunting, you are not alone. The health care industry has endured so much in the past two years that dealing with an increase in RAC audits may seem overwhelming when so many other items—some seemingly more important than RAC audits—require attention.

Slow and Steady
The best strategy may be to approach it “one bite at a time.” By implementing any of the following suggestions, organizations can proactively tackle the anticipated increase in RAC audits:

• Establish an internal review team complete with a project manager.

• Review the Statement of Work governing the RAC in your region.

• Conduct a mock audit, AKA a defense audit, of patient medical records using the approved issues list and rebill as allowable. If the PHE has negatively impacted staffing that would have usually tackled this project, consider seeking outside help from a reputable vendor.

• At the conclusion of the mock audit, identify areas of concern and conduct internal education to mitigate future issues.

• Track ADRs as soon as the request is received, review CMS-permitted dates of service (there’s a three-year limit on look-back requests), and verify insurance information. RACs can only review Medicare Part A and Part B claims; there is no provision for reviewing Medicare Advantage (Part C) or Medicare Prescription (Part D) cases. Creating a spreadsheet or licensing one of the available RAC tracking systems is the easiest way to manage this effort. The American Hospital Association website has a comprehensive list of these tools. Some due diligence will be required; the list was first published in 2011, so the vendors listed may no longer offer some products.

• Understand the rules governing overpayments and underpayments.

• Implement a denials management program to identify trends and take corrective actions before they become an approved issue and subject to RAC auditing.

• Coding validation is an approved issue for inpatient and outpatient settings and ambulatory surgery centers. Quality monitoring of the coding process is essential. Particular attention should be paid to the requirement that the highest level of accuracy is present when reviewing coding.

• Consider using the approved issues list as part of your annual coding compliance plan.

• Routinely monitor remittance advices for adjustments based on recovery audits to drive adjustments to the internal audit plan.

To stay ahead of RAC audits, smart health care organizations will adopt as many of these initiatives as possible.

— Karen M. Karban, RHIT, CDIP, CCS, is vice president of revenue cycle management at iMedX.