The process for dealing with Medicare or Medicaid overpayments is essential to any health care organization. The mishandling of overpayments can result in substantial corporate liability, including potential claims of wrongful retention of overpayments in violation of the False Claims Act. Every health care organization should have a corporate compliance program policy (“Policy”) that governs the investigation, quantification, reporting and returning of Medicare and Medicaid overpayments (“Overpayment Policy”). This article provides helpful resources to help your organization create or update its Overpayment Policy.

Applicable Federal and State laws (“Applicable Requirements”)

Here's a checklist to assist you with your Overpayment Policy.

  1. Key Terms. The Overpayment Policy should define certain key terms such as:
  1. “Applicable Requirements,” which includes the ACA, the Sixty Day Rule and any applicable state Medicaid final rules;
  2. “Overpayment” as defined by the Applicable Requirements; and
  3. “Representative” which confirms those key persons and other individuals who are subject to the Overpayment Policy’s requirements. This can include contractors, volunteers, students, and residents.
  1. Potential Overpayments. The Overpayment Policy should require all Representatives to be diligent in their efforts to report facts and circumstances to a designated person that could be a potential overpayment. Facts suggesting a potential overpayment that should be further investigated could include:
  1. An anonymous report through a compliance hotline reporting facts or circumstances of billing noncompliance.
  2. A complaint that a particular item or service was billed but never received by the patient.
  3. A written communication from Medicare or Medicaid officials or contractors raising questions over whether the services were actually provided or the licensure of certain employees.
  4. Results of a coding and billing review, whether done by an independent coding consultant or billing department staff, that identifies billing noncompliance.
  5. A Representative attends a continuing education program and learns that a current Medicare or Medicaid rule has been interpreted and used incorrectly by his or her organization in the submission of claims or in the preparation of cost reports.
  1. Investigation of Potential Overpayments. The Overpayment Policy should require the reporting of any billing issues to a single person, such as the Chief Financial Officer (“CFO”) (or other designated representative like the compliance officer), to investigate and document facts and findings using a pre-approved tracking form, a copy of which would be attached to the Overpayment Policy. The Overpayment Policy should describe the investigation procedures governing the conduct of internal investigations and all related internal reporting obligations. Providers have some flexibility to investigate such issues, though Medicare rules generally limit this time frame to 6 months.
  2. Identification of an Overpayment. The Overpayment Policy should specify that the CFO or designee is responsible for the investigation and “identification,” or confirmation, that an overpayment exists, even if the final amount is yet to be determined.
  3. Quantification, Reporting and Return of Overpayments. No later than 60 calendar days following the “identification” or confirmation that an overpayment exists, the Overpayment Policy should require the CFO, or designee, to complete all steps necessary to quantify, report and return the overpayment to the Medicare or Medicaid program, as appropriate. This provision should also acknowledge that if quantification remains incomplete at the close of the 60 day period, the CFO should consider using claims adjustments and credit balance mechanisms, as well as other appropriate disclosure protocols, in order to demonstrate good faith efforts to comply with the applicable requirements. The CFO or designee should be aware of the procedures for reporting and refunding Medicare and Medicaid overpayments to ensure timeliness. Additional information regarding self-disclosure can be found in the following sources:
    1. Medicare: Providers and suppliers may use the claims adjustment, credit balance, self-reported refund process, or any other appropriate process to report and return overpayments.
  4. Reports. The Overpayment Policy should also specify the timeline within which potential overpayments and any overpayments that are “identified,” are then reported to the corporate compliance officer, the governing body and designated legal counsel, who may determine that other external reporting obligations may be required.
  5. Records. The Overpayment Policy should also specify and require the retention of any and all records, work papers, consultant reports or other information that is created or received leading up to and during the investigation, as well as the process for identifying, quantifying, reporting the overpayment. The Overpayment Policy should also require these materials to be maintained in a confidential manner in accordance with applicable corporate compliance record retention requirements.
  6. Frequently Asked Questions. Lastly, an Overpayment Policy can include a series of “Frequently Asked Questions” to assist employees and clarify the Overpayment Policy’s requirements. The Overpayment Policy should direct employees to the CFO, corporate compliance officer, or otherwise for further questions.