By now, every provider should be aware of the alphabet soup of auditors that could come knocking at the door. There has been more and more activity by RACs and a large push to educate providers about RACs. However, less attention has been paid to the Medicaid fraud and abuse detection, enforcement and prevention program, now known as the Medicaid Integrity Program (“MIP”). With increased activity by and funding for MIP, providers should be wary.
In Virginia, as in most other states, there is great concern over the increasing cost of the Virginia Medicaid program. 27% of Virginia’s state budget growth from fiscal years 2001-2010 was due to Medicaid spending. Virginia’s Medicaid spending topped $4.8 billion in fiscal year 2009. Providers in all states should expect increased MIP audit activity.
Section 6034(e)(3) of the Deficit Reduction Act of 2005 requires CMS to contract with auditors to review Medicaid claims for fraud and abuse - Medicaid Integrity Contractors (“MICs”). Each state is covered by three MICs, the review MIC, audit MIC, and education MIC. In Virginia, the three MICs are: Thomson Reuters (review MIC), Health Integrity, LLC (audit MIC), and Strategic Health Solutions LLC (education MIC). Review MICs are responsible for selecting providers for audit using certain algorithms to mine Medicaid data for aberrations. DMAS may also select providers to be audited. The audit MIC performs the audit. Providers may be subject to one of three different types of audits: 1) a focused desk or onsite audit, 2) a comprehensive desk or onsite audit at the provider’s facility, or 3) a cost report audit.
What’s the difference between RACs and MICs? MICs do not have a limited look back period. Unlike RAC auditors, MIC auditors are not paid on a contingency fee basis. MIC auditors also are not limited as to the quantity of records they can audit, and providers only have 15 days to produce records (as opposed to 45 days under a RAC audit). While MIC audits are intended to focus on fraud and abuse, simple overpayment claims also can result. Appeals of MIC overpayment claims are governed by the state Medicaid appeal process, but fraud and abuse claims will be governed by federal and state fraud and abuse laws. Such fraud claims may be criminal or civil claims and go directly to federal or state courts without administrative appeal.
What can providers expect? A provider selected for audit will receive a notification letter that it is subject to an audit. Providers are given 15 days to respond and submit additional documentation. Health Integrity will hold an Entrance Conference. Upon conclusion of the audit, Health Integrity will hold an Exit Conference and share a draft audit with CMS for its approval. The state and the provider both have an opportunity to review and comment on the draft audit. CMS reviews comments from the state and provider and finalizes the audit report. CMS determines the final overpayment claim, and the state then must pursue the claim.
What can providers really expect? Unfortunately, providers have indicated to us, and we have seen, that MIC audits turn what were simple overpayment claims into federal and state false claim cases. The threat of civil monetary penalties and possible Medicaid and Medicare exclusions swing settlement negotiations in favor of the government, and providers face harsh demands (extrapolation and 5 year self-audit periods) even where the violations are more form than substance, e.g., services clearly provided but documentation did not meet “audit standards.”
Providers should reinvigorate their compliance programs and conduct self-audits. If a MIC audit notice is received, providers should be sure to present the best defense from the start of what is a high risk audit with a significant potential for higher overpayment claims and financial penalties.