Open Nav Close Nav

The Complete Guide to Medicare Audits

Stethoscope for Medicare patients

If you treat Medicare patients, then you probably already know that there’s an ever-present threat of going through a grueling audit that could put you and your entire practice in trouble. In fact, this threat could be the riskiest part – other than having to continuously browse the Medicare guide – of treating Medicare patients.

Salacious fraud stories might be media favorites and, even though you are doing everything right, there’s always the fear that something could go awry. Your ability to get audits right will depend on your knowledge level and how familiar you are with the Medicare audits themselves. Here are some essential things that you need to keep in mind about these audits:

Types of Medicare Audits

In 2010, the Barack Obama administration launched an initiative that sought to reduce the amount of money spent on subpar Medicare payments. Since the initiative, there have been more efforts to reduce payment errors. Generally, here are some of the audit programs in place:

Recovery Audit Contractor (RAC) Audits

The RAC audits were developed in accordance with the Medicare Modernization Act of 2003. The program reclaims money by reviewing fee-for-service (FFA) claims – a process that has come to be known as a “clawback.”

The RAC audits essentially divide the country into four regions. Every contractor will have to conduct audits in specific regions and will get paid based on the amount that they recover. The RAC audits generally focus on up-coding and the site of care, and focus primarily on medical necessity.

The Certified Error Rate Testing (CERT) Audits

CERT audits are primarily conducted using a “statistically valid random sample of claims.” The auditor will essentially review a specific number of claims to determine whether they are appropriately paid under all applying rules.

Probe Audits

A probe audit will target either a particular specialty or a specific service. Those who meet the criteria for these audits will have a sample of their submitted claims pulled for review before they make payments. Then, they have to add in some additional documentation, which the auditors will formally request.

Note that if you comply, but your documentation is inadequate to support what you have billed, your reimbursement claim won’t go through. In addition to this, if the audit uncovers any perceived fraudulent activity, the Medicare Administrative Contractor (MAC) will take your case up for additional investigation.

Three Audit-Worthy Red Flags

Clean hospital bed in preparation for a Medicare audit

The Medicare policy generally contains myriad regulations and rules. However, for physical therapists, most audits generally come from the following red flags:

  1. The excessive use of the KX modifier, which immediately signals an exception to the therapy cap on a medical necessity basis.
  2. Billing more than the average number of codes based on the date of service.
  3. More than one physical therapist billing under a single provider, as opposed to each physical therapist billing on their own.

Subpar Documentation

While you’ll need to keep an eye out for the practices listed above, you’ll also need to ensure that you don’t fall victim to any of the following mishaps:

  • Failure to provide sufficient levels of PT supervision
  • No physician signatures on documents
  • Unclear signatures – from either the physician or the therapist
  • A patient’s plan of care not containing the right documents
  • Copied signatures in certifications
  • Failure to comply with the CCI edits and the 8-minute rule
  • Insufficient documentation
  • Not fixing the plan of care when due
  • Not supplying records to Medicare in good time
  • Failure to comply with the duration rules from the Local Coverage Decision (LCD)
  • Modifying the documentation following a claim denial

Risky Billing Practices

You could have all of your documentation ready, however, any of the following billing errors could still get you in trouble with Medicare:

  • Billing for services furnished by a student – or services nor furnished at all
  • Unbundling (essentially, billing differently for separate items) and coding (billing for a more expensive service than what you gave). These are seen as attempts to game the coding system.
  • Incorrectly billing for services that a therapy technician provides
  • Wrongfully billing for a co-treatment
  • Not executing an advanced beneficiary notice of noncoverage before providing services that are non-medically necessary
  • Falsely billing Medicare as a medical necessity
  • Deliberately submitting claims that Medicare typically covers without providing any proof of medical necessity in the paperwork
  • Billing for an abnormal frequency or duration, depending on the service

How to Protect Your Practice

It’s important that you and your staff get the right education on the Local and National Coverage Policies. Get your hands on up-to-date Medicare-related CE courses and sign up for compliance training.

It will also help to have a reliable compliance plan in place. Most practices employ a designated compliance officer to ensure that things are done correctly, and the compliance plan will ensure that everyone can recognize potential issues. It also addresses possible plans and procedures that can help in case of misconduct.

In general, the compliance plan will do the following:

  • Include a mission statement that describes its objectives
  • Define the conduct standards that your practice will uphold, including:
    • Training methods for new workers
    • Disciplinary measures in case anyone is found violating the standards
  • Outline and explain the compliance officer’s roles and responsibilities
  • Explain the process of conducting internal audits and the procedures of dealing with violations that audits can identify
  • Provide additional educational content based on services and their risk areas

Preparing for a Medicare Audit Visit

Clean hospital bed in preparation for a Medicare audit

If you do get the dreaded notice that your practice has been scheduled for a Medicare recovery audit, be prepared. This process will usually include a site visit from the officials at the Centers for Medicare and Medicaid Services (CMS). However, it could also be a Medicare Administrative Contractor (MAC) or a zone program integrity contractor (ZPIC).

While many of the items on the list below may feel like the obvious thing to do, it’s essential to remind yourself of them from time to time to get you effectively prepared:

Check the address on the letter and ensure that it is the address of your practice

This tip is critical if you’ve yet to update your physical address or have an incomplete address in the Provider Enrollment, Chain, and Ownership System (PECOS). If this is the case, the auditors could end up visiting the wrong address and not find you. Eventually, they will terminate your Medicare billing practices.

If the address isn’t correct, be sure to change it immediately. Head to the PECOS portal and make the necessary adjustments.

Make contact with the auditors

You will need to confirm that the audit is really happening. Call the auditors to schedule the meeting, and verify both the location and time. Ensure that the auditors are aware if you recently changed your address, or correct it on the portal. Give them your site number and other relevant location details.

Keep copies of all transmitted documents to the auditors

When sending records to auditors, photocopy both sides of the forms. Make sure every page copied is numbered, and be sure to keep copies with yourself and your counsel.

You will also need to add a business letter when sending the documents to your auditors. This letter will need to be well formatted and clearly worded, and it will include everything that you’re sending over.

Promptly send all documents so that the auditors will receive them before the deadline. You can use USPS or overnight delivery service. Hold all receipts and airbills, and track your parcel to ensure that your package gets to the auditors.

Call the auditors to confirm that they’ve gotten what you sent. If they haven’t, you know something is wrong, and you can fix it.

Get in touch with your attorney

You have the right for an attorney to be present during the Medicare audit. This is especially true if it’s the RAC audit, as it’s usually the most common—and potentially the most damaging. Get in touch with your attorney and ensure that he or she is there. Our legal team has decades of experience with the Medicare audit process and can help you as well.

If the visit is at a branch office, make sure the right personnel are there

You will often find that the Medicare audit and the site visit will occur at the branch office that appears on the claim form that you submit to the CMS. If a visit is to be scheduled at one of the offices in your practice, you want to ensure that the office is fully staffed and operational when the auditors get there.

It’s also recommended that one of the doctors or other health professionals be present. If you can’t have one of the doctors at the branch office, you might want to reschedule the visit.

Spruce up the office

Be sure to inspect everything that has to do with the office. Open doors, close cabinets, and have everything looking prim and proper. You will most likely not have any claims denied based on a dirty office, but dirtiness could have you decertified as a Medicare provider.

So, ensure that everything in the office is clean and presentable. Auditors will most likely take pictures of several things – including photographs, diplomas, letters, awards, and licenses. Ensure that none of these are expired – or worse, false.

For Medicare pharmacy audits, the auditors might also inspect cabinets and drawers to snap what’s inside them. Check these as well ahead of time to ensure that they don’t have any expired medications.

Clean examination rooms, patient waiting areas, and washrooms while you’re at it.

Secure all patient records and critical files

California is one of the states that adhere strictly to the Health Insurance Portability and Accountability Act (HIPAA) standards. So, ensure that your security processes are up to code.

Make sure that computer screens aren’t positioned to face visitors or patients. Keep all records and documents – especially the paper-based ones – in file cabinets and rooms. Auditors could check for these and make decisions based on them.

Create a room for the audit meeting

The auditors will most likely want a private, separate room that they can use and have their meetings in. Ensure that the room is clean and that fixtures are in top shape. Remember that the auditors might want to conduct interviews with all employees.

Request ID from all auditors before inviting them in

Most site visits from ZPICs will include at least three people. When they arrive, request their business cards or their ID cards. You have the right to identification when they arrive.

If someone doesn’t have a business card, take down their name, job title, address, and telephone number.

Find a communication liaison between your attorney and the auditors

Ideally, the liaison should be you or your office manager. This liaison will need to know where to find the information that the auditors request. They should be there with the auditors when they inspect the office.

While your attorney will need to be there, he or she might not be able to answer all of the questions about the practice.

Brush up on procedures for pain medications and narcotics

Medicaid and Medicare auditors are briefed to scrutinize healthcare professionals on procedures for prescribing pain medications and narcotics to beneficiaries. So, brush up on California’s opioid regulations and insurance coverage rules for pain management on Medicare, as well as others. You should also ensure that your practice follows all state protocols.

Never guess answers to questions

You should brush up on answers to questions that you may be asked before the auditors visit. However, remember that this isn’t an intelligence test. Your employees will need to answer questions truthfully.


If you are subject to a Medicare audit, make sure to do your due diligence in research before selecting an attorney. Your business is at risk, so it is crucial that your representation has experience and a history of success in this field.

Need to speak with a fraud defense attorney?
Contact us below

      I agree to the terms