Cyber Technology for Medicare Audits


This is what providers can expect in 2022 in the form of new technology audits.

During 2022, healthcare providers will see more options to exploit cyber technologies designed to aid them in management of Medicare audits. Below we review the informational challenges of managing an audit, and then turn to the types of cyber solutions emerging to lend a hand.

For some providers, a Medicare audit plunges their organization into a prolonged angst, not unlike the Kübler-Ross five stages of grief. When providers are working themselves to the bone, an audit can seem a slap in the face, and the first reaction is denial that it is really happening. Often, there is a feeling that it is some type of mistake. Once the reality sets in, the provider typically studies the details of the audit. A common reaction is to become very angry over the seemingly arbitrary and draconian treatment being meted out by the auditor.

More or less all healthcare providers exchange correspondence with the auditor, which at first may appear to be operating in good faith. Providers more often than not argue that the auditor has merely misunderstood the fine work they are doing for their patients. This bargaining often eventually stops as the provider continues to experience the detached and often hateful and shoddy treatment by the auditor. This bargaining phase often lasts through the appeals process, which has a nasty habit of lasting year after year. The backlog in the Medicare audit appeals process is legendary for being so long, and it is not uncommon for either the principal or their attorney to drop out before the case is adjudicated.

Statistically speaking, the appeals process most often is superficial, particularly in the first two phases. This is the period when the carefully constructed arguments made by the provider or their counsel are mostly ignored. As this happens, depression sets in.

The Medicare appeals process can feel uniquely arduous. Years can go by, and the uncertainty itself is a type of torture. Most often, this prolonged railroading leads to a conviction. At this point, the provider learns to accept the result and must either pay up or get out of the business altogether.

Information Challenges of a Medicare Audit

The amount of information floating around in the Medicare system is astonishing. According to the Centers for Medicare & Medicaid Services (CMS), there are 1,155,872 physicians and other practitioners identified by a unique National Provider Identifier (NPI). There are 358,800,764 beneficiaries (patients) listed, and 1,683,295,784 services delivered through this part of the Medicare system.

On average, 310 beneficiaries (patients) are serviced and 1,456 separate services delivered per NPI. On average, five services are provided for each patient. But these averages are deceptive. Some NPIs are quite large (see the Figure.) The maximum number of patients serviced by a single NPI is 1,785,552, and the maximum number of services provided by an NPI is 17,020,304, all in a single year.

Figure: A few NPIs service very large number of beneficiaries and provide a vast number of different services. (Source: Barraclough analysis based on CMS data)

For an institution such as a hospital, the amount of documentation required by an audit can be substantial. When an auditor requests patient records, the provider is required to hand them over. There is a limit to the number of requests the auditor can make. Perhaps the numbers have been revised, but in 2019, it appears to have been an adjustable number, based on how many Medicare claims were submitted.

The auditor could request no more than 1/2 of 1 percent of the claims filed, and this is during any single calendar year. This number is divided into eight sets of 45 days each. So, each month and a half, the auditor can request 1/8 of the annual quota of patient records allowed.

The same is true for giant organizations that provide Medicare Advantage (MA) plans. Humana, for example, has 4.9 million citizens in its  Medicare Advantage plan. If the records for 0.5 percent of its patients were requested in a year, then it would be handing over 3,063 patient files every 45 days. Of course, the numbers are unique for each provider.

How much paper is involved? The average inpatient encounter in one measurement study was 130.4 pages long, with a minimum of 27 pages, a maximum of 559 pages, and containing on average 25.8 different forms.

A standard “banker’s box” used for storing documents is 12.5 inches wide by 15.5 inches deep by 10.5 inches high. Papers stored in this type of container are about 150 pages per inch of thickness. If a set of patient records is 130–559 pages in length, then the amount of storage required is 0.86 to 3.6 inches in thickness. This means that a banker’s box can store between 4.3 and 18 patient case records.

Of course, we are leaving out all of the other documentation involved in an appeal, including letters from the Office of Medicare Hearings and Appeals (OMHA) or the auditor, documentation regarding the provider-attorney relationships, documentation regarding use of statistical, coding, or other experts to prepare the appeal, expert reports, and any appeal documents themselves, plus all of the electronic files associated with these activities. If 30 cases are involved (this is a frequently used number), the patient records would involve two to seven banker’s boxes of papers.

If we assume that the provider is a large organization, the number of cases that can be requested is greater. A Recovery Audit Contractor (RAC) can request 400–600 patient records every 45 days. This may happen eight times per year. At the high end, the provider is required to hand over 744–1,116 banker’s boxes of patient records each year. Assuming that the amount of supplementary correspondence is, on average, about the same volume, then this adds up to 1,488 to 2,232 banker’s boxes of information to handle per year.

To put this in practical terms, we can think of a standard delivery van. These hold 380–530 cubic feet of cargo. For a standard van, that is about 248 boxes. So, we can imagine that each year, about 9 vans’ worth of information is moved in and out of the appeals department of the provider.

Now, of course, the situation is more complex than that. Each time a 45-day cycle begins, a new set of deadlines is imposed on the provider. In the most simplified sense, each case has a minimum of five hard dates for submission of documents. If an average case requires 30 sets of patient records, then each 45-day cycle could involve up to 20 appeals, or 160 separate matters per year. If each has a minimum of four hard deadlines, that is 800 separate deadlines generated by each year’s set of audits. We are not even counting deadlines associated with work involving supporting experts and counsel.

Since appeals can take 4-5 years or more, then we know that deadlines from previous years are carried over to the following years. If we estimate that one-third of the appeal deadlines carry over, then the appeals groups need to handle 1,066 deadlines per year.

Losses from Poor Management of Audits

With so much paper involved and so many deadlines, it should not come as a surprise that people make mistakes, and these mistakes can cost the provider hard-earned money. According to the American Medical Association (AMA), the average hospital loses $4.9 million per year due to mistakes in managing audits. In one case, an office worker went on vacation, and allowed $1.2 million worth of appeals to lapse.

Mismanagement can come in many ways, but the most common are the following:

Failure to meet deadlines for production of documents;

Failure to meet deadlines for filing appeal papers;

Incomplete submission of required documentation; or

Loss of documentation.

Finally, another problem frequently involves the loss of internal “corporate memory” because Medicare appeal times are so lengthy, people move on to other jobs or retire before the final stages of the appeal, and no one remains to know what happened or provide any other details.

I personally have been involved in several cases in which the attorney representing the healthcare provider dies before OMHA gets around to scheduling a hearing for the final stages of an appeal. As they say: de mortuis nil nisi bonum (“of the dead, (say) nothing but good.”).

Cyber Solutions for Medicare Appeals

It is not surprising that information technology software vendors and system integrators have stepped in and started to provide cyber solutions for managing Medicare appeals. As an example, we can cite RevKeep software. This innovative startup has delivered a solution that a provider can use to manage the appeals process.

The RevKeep software is designed to be able to link into the electronic health records (EHR) system of the provider. This linkage is done either directly using application programming interface (API) technology to send secure commands to the EHR server, or through a middleware provider that already has designed an API set to match a specific EHR brand.

This solution has two principal advantages: first, patient files and data never leave a HIPAA-secure environment. Second, RevKeep allows a client to control who has access to the pertinent patient data, through user roles and permissions. For example, attorneys, consultant coders, statisticians, or other experts involved in the appeal can be provided controlled access to the system, again preventing “leakage” of sensitive patient data out of the EHR system. In addition, a log is kept of all access transactions.

Those employees of the provider who are in charge of management of Medicare appeals can share the system and collaborate. This helps prevent problems that might occur if one employee or another is absent, or leaves for another job.

Of course, RevKeep helps the provider manage the overwhelming number of filing deadlines that must be met. It does this by using a type of calendaring system and automated reminders. The advance timing of reminders is selectable by the provider. The key advantage to the reminder system is that all personnel, including any external counsel or consultants, are provided clear notice and warnings of any pending filing.

RevKeep also provides a “dual screen” feature that allows the provider to consult guidelines and references, such as Local Coverage Determination (LCD) or other similar information at the same time the appeal is being composed. It also provides suggestions for the language to use in the responses to the auditor. The system also gets “smarter” over time. By incorporating artificial intelligence (AI) technology, the system will be able to learn how best to write the appeals, since it keeps track of what arguments and submitted data are most often successful.

According to Kevin Lasser, RevKeep’s CEO, “our greatest competition comes from Microsoft Excel,” referring to the fact that most hospitals (and other providers) attempt to manage the complexities of their Medicare appeals on a spreadsheet.

This is woefully inadequate.

Initial productivity estimations indicate that RevKeep achieves an improvement of at least 40 percent. This enables the provider to either cut back on the number of persons being paid to handle Medicare appeals, or to increase the load without having to hire additional staff. Users report that operations that in the past would consume 3–4 hours of time now can be completed in only one hour.

Of course, the specific productivity improvements your organization is able to obtain with this type of system might vary, but if you are running Medicare appeals from an electronic spreadsheet, and have in the past missed any important deadlines, then you might wish to investigate further cyber solutions for your group.

For More Information: cyber technology for medicare audits