AHLA's Speaking of Health Law
The American Health Law Association (AHLA) is the largest nonprofit, nonpartisan educational organization devoted to legal issues in the health care field. AHLA's Speaking of Health Law podcasts offer thoughtful analysis and insightful commentary on the legal and policy issues affecting the American health care system.
AHLA's Speaking of Health Law
Audit Defense: What Health Care Providers and Attorneys Need to Know
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Harriet Wall, President and CEO, LW Consulting, Inc., speaks with Rachel Hold-Weiss, Partner, Benesch Friedlander Coplan & Aronoff LLP, about the ins and outs of Unified Program Integrity Contractor (UPIC) audits and corporate integrity agreements (CIAs). They discuss how UPICs decide who to audit, what a UPIC audit appeal process is like, what providers should do within 48 hours of receiving an initial letter from a UPIC, advice for attorneys making an appeal at the administrative law judge level, and how providers can prevent UPIC audits. They also discuss how providers should respond to a CIA, how CIAs have changed over time, and how providers can avoid a CIA. Sponsored by LW Consulting.
Watch this episode: https://www.youtube.com/watch?v=RHdKopHJpfg
Learn more about LW Consulting: https://lw-consult.com/
Essential Legal Updates, Now in Audio
AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Comprehensive members. Get all your health law news from the major media outlets on this podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.
Stay At the Forefront of Health Legal Education
Learn more about AHLA and the educational resources available to the health law community at https://www.americanhealthlaw.org/.
This episode of AHLA Speaking of Health Law is sponsored by LW Consulting. For more information, visit LW-consult.com.
SPEAKER_02Hello everyone. My name's Harriet Wall. I'm the president and CEO of LW Consulting. And I am here with my colleague, Rachel Holdweiss. And we are going to talk about audit defense. Just a little bit about LW. We are a woman-owned business based in Harrisburg, Pennsylvania, and we serve acute and post-acute care sectors of the industry. More than 50% of our work is done under attorney client privilege. So we're very well versed in working with attorneys. And we also serve as an independent review organization for providers with reporting responsibilities under a corporate integrity agreement and help with compliance program readiness and cost reports and other audit and documentation related services. Rachel, thank you for joining me on the podcast today and taking time to share your expertise. Would you please introduce yourself to the listeners?
SPEAKER_03Yeah, thank you so much, Harriet. My name is Rachel Holdweiss. I'm a partner at the Law Firm of Venice, Friedlander, Copeland, and Aronoff. I'm in their health group in New York. I represent providers across the spectrum in regulatory compliance, auditing, and appeals of work, which is where Harriet and I do a lot of work together. I'm also a physician assistant, and I can't believe I'm saying it's now 30 years, but I'm licensed to practice and I did practice as a PA. So from the clinical side, um, it uh have a different different perspective. And from the legal side, we work together with LW for many of our clients to work on the appeals that uh so many of our clients are going through now.
SPEAKER_02Well, that thank you, Rachel. Um you know, there are a lot of different types of government contractor auditors and commercial payer audits. And while the audit defense strategies may vary by audit types, there are similar elements as well. However, the unified program integrity contractor, or better known as UPIC audits, they really seem to stand out as a type that evokes a higher level of concern than the others. I know you're deeply entrenched in helping providers defend against UPIC audits and investigations, and we've done a lot of that work together as well. Rachel, how serious is a UPIC audit?
SPEAKER_03Well, I would say a UPIC audit is pretty serious because, as the name implies, it's an integrity contractor. So, as you mentioned, there are a lot of contractors uh that are looking at providers across the board. But once you have integrity in the contractor's name or integrity as part of what they're looking for, they're automatically looking for fraud. Now, that doesn't mean just because you have an audit you've committed fraud or they suspect you are of committing fraud, but there's something aberrant. And so the UPIC auditor will be looking at your claims, prepay or postpay, um, to see if there actually is some fraudulent activities. And there are three UPIC auditors, so not too many, it's not like the Macs that they're all across the board. They're divided jurisdictionally by the country. So the names of just are SGS, um, north and south, and then you've got uh Covent Bridge and you've got Clarence. So if you get a letter from any of those, that's automatically a UPIC. They don't do anything else but that.
SPEAKER_01And how do the UPICs decide who to audit?
SPEAKER_03So there are a bunch of different factors. Um, UPICs can get referrals from the other auditors, the Alphabet Soup that we haven't, you know, uh talked about, that's a whole session in and of itself. Um so they can get referrals because somebody, some other auditor didn't audit and found something that they think the UPIC should look into. Um many of the UPIC audits are targeted by industry. For example, any of the hospice providers, particularly in what we call the hot states, you know, the six states that were under additional scrutiny, uh the UPIC auditors were very, very active. California is obviously the most. Um there are certain um other types of uh products, like we do a lot of wound care work for wound care providers who use skin substitutes. If you don't use skin substitutes, you're probably not gonna get the UPIC audit if you've used the skin substitute. There's a lot of a chance you're gonna get that. So it's either topical like that, um, it's referral-based. And then the last category is that, as we said, there's something aberrant about you, your your provider, uh, you as a provider or the provider, that they're different than their peers, um, whether it's in the same um industry or it's the same or the jurisdictionally, something stands out from the claims data.
SPEAKER_02Um, what is the appeal process for a UPIC audit? Oh my gosh.
SPEAKER_03Okay. So there it's not only for the UPIC audits technically, it's really for any uh appeal that falls into the appeals category. There are five levels of appeal. Uh the first level is a redetermination, um, and that is after the MAC sends a demand letter. So the UPIC will issue a decision, and then at some point, it could be quick, it could be longer, depending on who the MAC is. You're going to get a letter from, or the provider will get a letter from the MAC saying you owe us X amount of dollars. Usually that dollar amount matches the UPIC audit findings. There are times that it hasn't, and that's a whole process in and of itself. And then the next level of appeal is called a reconsideration. Then you have administrative law judge or ALJ appeal, then you have the Medicare Appeals Council or DAB, and then you have federal district court. And the appeals process is lengthy, it is costly, it is very time consuming. But most importantly, what a lot of providers don't know is when they get those letters, um, if they get them, because sometimes they get stuck somewhere and they don't even get those demand letters, and then uh recoupment begins, is the time frame that's identified on those letters at the first two levels, uh read the redetermination, um, the demand letter and then a redetermination decision. Um, they tell you at the read at the demand letter that you, if you want to appeal, or if you get an EOB in certain cases, it'll say you have um 120 days to appeal. What they don't tell you is if you don't file an appeal, if they don't have it on record by 30 days, and then recruitment will begin. And then same thing at the next level of appeal, it says you have 180 days to file, but if you don't have it in within 60 days, then recruitment will begin. And so if if you don't want to have an uh recruitment started, um, although interest will continue to accrue and there are pluses and minuses, you need to actually meet a much earlier deadline than what's identified in the letter. And a lot of providers are not aware of that because that other part is not noted on any of the letters that the providers get.
SPEAKER_01Wow, that's a big detail to leave out, isn't it? Really?
SPEAKER_03Yeah, and then a lot of times it can severely impact cash flow because all of a sudden the providers think that they have 120 days to appeal, and then 45 or 50 days in, they start to have these huge recoupements on their remittance advices, and then they don't know what what's happening, and then they have to try to backtrack. And theoretically, and I say this because it doesn't always work, once you file the appeal, the Mac is supposed to stop the recoupment, but there is a disconnect in many Macs between the appeals process and the financial process. So it doesn't always work as smoothly as it should.
SPEAKER_02Rachel, when a provider receives that first initial letter from the UPIC, what should they do in that first 48 hours?
SPEAKER_03Um so the first thing you need to do is not panic. Okay. Um and hopefully, as a provider, you've established a process to respond to appeals generally. So at least you have something in place. But um, if not, what you need to do, the first thing you need to do is look at the timing of what the response timing is for you to submit a response. Because a not non-response is considered a denial for the UPIC, and that's an automatic, you then automatically have to appeal. So you've lost any chance to go to that level. So the first thing you need to do is look at the timing. Um, if you need additional time, um uh so let's say for some reason you didn't get the letter until much later in the process, you've only got a week or two to submit. Oftentimes the UPIC auditors will um give a bit of an extension. Um I've never had more than 15 days, um, but they usually will give that, or most cases they'll give that. So I would say in that 48 hour first 48 hours, if you've hit that timeliness issue, definitely pick up the phone and see if you can uh can get that extension. Um your team, whoever is going to be gathering the records, you need to start putting that team together. You need to look at um the patients that they're requesting, how many, because the UPICs don't have have a uh a finite limit. It's um they you need to just know how many you're dealing with in the time frame. Um you need to read the letter very carefully and see whether this is a what we call a straight audit. Are they just pulling X number of records or are they doing this as an extrapolated based on a statistical methodology? Because if they've done a statistical analysis or pulled the records based on some sort of statistical methodology, chances are that the finding is going to be extrapolated out as well. And that's where you know statisticians are critical. So you need to take the first 48 hours and assess where you are, what they're looking for. Is there a common common theme depending on what provider type you are? But is it a location? Is it a code? Is it a particular referral source? Is it a service location? Whatever it is, see if there are any common themes, get the team together who's going to be working on this, and make sure you have a good project plan.
SPEAKER_02Wow, that's some great advice. You know, as a veteran of the ALJ hearing, what advice do you have for other attorneys making an appeal at that ALJ level?
SPEAKER_03So what I would say is um, I remember my first one, it was definitely an interesting experience. Um ALJs are not uniform and they're not bound by the same set of guidelines. So there's no if you're a litigator and you're used to going into a court system where there's precedent and they generally precedent has to be followed, or you can appeal that precedent of if they don't abide by that precedent, you have enough basis for appeal. Each ALJ is independent. So there is no precedential value. So you could win 15 cases, and number 16, the judge will say, So, you know, I don't have to abide by that. So that that's the first thing that's a little bit um you know different when when people go up to ALJ. Um also um we have had experiences where ALJs are really interested in the case, ask really good questions. You can tell that they've prepped beforehand, they understand the context, they because they're not clinicians, right? So sometimes they understand what's going on. And then there are other cases where you can tell that they're completely disinterested and they have no care for the case that's before them. So that's really hard, and you have to not take it personally, um, because you know you prep for so many hours and you're going up before the ZALJs and you you've done all this work. Um, so that that can be a little tough. Um the other thing that I would say is, and this is not a blanket because there are legal reasons to sometimes take all of the cases up if there's a legal strategy involved. But if there is no um overarching legal strategy that you need to get into federal district court or you're going to go to the DAB level, um, if it's purely a clinical case with based on records, not in an industry that there are lawsuits being filed overall and things like that, um, I would say also look at with an objective view, or if you're using consultants, which definitely should do that, um, look an objective view as to whether the claim should go to ALJ in the first place. Um, is it you know, it will it withstand the laugh test? Can you stand there in front of the ALJ and adequately defend that case? So sometimes the answer is yes, um, sometimes the answer is no, but again, there's an overarching legal strategy. But you don't just want to throw the kitchen sink at the ALJ because oftentimes that that can backfire.
SPEAKER_02Oh, great advice. Do you have any tips for organizing the material to present to an ALJ?
SPEAKER_03So, generally speaking, um, the ALJ will get the record from anything you filed down below. And actually, at the reconsideration level, that's the last time you can submit documentation, unless there's good cause. So typically the ALJ records either rely upon what has already been submitted if there's really nothing new, um, and then there's just legal arguments. But if you need a full-blown real full submission, more fulsome submission to the ALJ, again, not submitting the patient records again, um, then it would be organized as if you'd be organizing and literally filing a brief with the citations, the exhibits, everything attached, not just references. Um, if there's something new that came up on reconsideration, the reconsideration decision that wasn't addressed before, obviously this is the opportunity to put it out there. Um and also when you should make sure that if you are going to have experts, whether it's clinical experts, statistical experts, or others, that you have all your ducks in a row set up with those experts before you get to the point that the ALJ hearing is scheduled in two weeks and you know, schedules don't line up. So the organization is going to depend on um uh how much of an uh legal arguments need to be made, and that's really gonna depend on what type of appeal is being filed.
SPEAKER_01Do you have a favorite ALJ story?
SPEAKER_03Um I have a uh I have two actually, so I'm I'm gonna go with two. So the first ALJ story, which is a positive one, is my client um and I were on uh on the phone because the ALJ hearings are all done by phone, and we're waiting for the judge to come, and the judge doesn't come, and we can't hang up because you have to stay for the allotted time. And about 25 minutes in, the judge gets on the phone and says, Oh, you're here. And we said, you know, yes, Your Honor. And he goes, Well, this hearing's been canceled because I ruled in your favor. I don't know why my asset my assistant didn't cancel it. So have a great weekend, everybody. It's Friday. So that that was my one positive. Um, my one real negative, and this was one of those that, you know, it's very frustrating, we had an ALJ. Um, it just happened to be for a hospice client, um, and there were about 40 cases that had gone up, and we had booked two days um with the judge, and we had a statistician, and it was it was a very complex case. And the judge ended up only giving us four and a half hours on one day to do everything. And this was a Tuesday. Um, the judge was located in New Mexico, and Monday morning at 10 a.m. in my office, I was delivered a 46-page decision. So um the judge had clearly pre-written the decision. That was one of those we could tell the judge really wasn't interested. Um, and we we really didn't feel like we had the opportunity to fully present our case over there. So it was very frustrating, but we couldn't we couldn't show clear error at that point. Um, so that was my positive and negative. My two most memorable positives and negatives. Well, to wrap up this segment, what are your top takeaways that you'd like to share? Um if you get a UPIC audit, you're not alone. Chances are that your colleagues, your competitors, your everybody else around the country is getting them. So don't panic. Um it you might want to consider very early on getting outside help. Um, as Harriet, as you mentioned earlier, that most of the work that you do is or half the work you do is through attorney client privilege. Um, it's critical that consultants do this through attorney client privilege for a whole whole host of reasons. Um, so if you have uh a great consultant that you've worked with, fantastic. If not, you need to find one that has expertise in the area of your provider specialty. Not every consultant is created equal, and not every consultant who's great has expertise in every area. And um the last thing that I say this all the time is if you are going to have an attorney help you, which we recommend because you can't do these appeals unless you have a big group. Um, it's very hard to do these appeals successfully yourself. Um, make sure you have a healthcare attorney working with you, not your local real estate or your investment attorney or anything like that. You need you know you need somebody who knows the industry and how to do these types of appeals, not just a regular great litigator.
SPEAKER_02Absolutely. And I I I will say, call Rachel, she's the best. Thank you.
SPEAKER_03Thank you, Harriet. So now I've told you my side of the legal side. So let's turn a little bit to Harriet and you know, look at it from the consultant's perspective. So, you know, uh nobody wants to have a UPIC audit, Harriet. So, what are some tips and tricks that you have from the consulting and compliance side to help providers um hopefully not end up on that list?
SPEAKER_02Well, eliminate vulnerabilities. It always starts with good documentation, and with that, medical necessity is paramount. And establishing that in the documentation that the treatment provided was reasonable and necessary. So that means including details like complexity, your thinking about it, analysis, and a risk assessment. What are the options? What are the alternatives? Um we've seen a lot of what I consider excessive templates and check boxes creeping into documentation and often to the detriment of really telling the patient's story. Um, but it starts with the chief complaint. So why is the patient being seen? There are some don'ts. Don't say um follow-up, chronic condition that just doesn't give enough detail. So do say patient is is presenting for blood in the urine or consult requested by Dr. Brown for evaluation of PTSD. Use signs, symptoms, diagnoses, conditions, something like that in the chief complaint. Um, beyond good documentation, pay more than cursory attention to the compliance fundamentals. Do a risk assessment annually and make sure that risk assessment takes into account the OIG work plan, emerging regs, TPE audit trends in your industry segment. Um, speaking of industry segments, use that DOJ industry segment specific compliance guidance. That's really important. Um, make sure that you have a good compliance framework. Is the structure supported both financially and with the proper level of expertise? Is your compliance officer certified? Is the compliance officer supported with um uh HCCA Healthcare Compliance Association membership? I highly recommend that. And and um also funding for conferences. Being a compliance officer can be a very lonely job in an organization, and it's important to network and have uh other people in the industry that are available to be sounding boards. Um make sure, and Rachel mentioned this, make sure there's an audit response process and that staff have been trained to identify those letters when they come in. We have seen so many times those letters don't reach the intended uh person, and you know, whether they get thrown away or sent to an incorrect address, uh, addresses haven't been updated. It's really not great to start at the second level of appeal and miss that whole first level. That's not a good place to be. Um, some other ways to eliminate um or minimize those vulnerabilities, just wise use of technology. So we're seeing a lot of AI uh creep in, and how often are those pre populated fields changed uh for new scrubber in a SNF? We recently saw um pulling in diagnoses from uh Hospital stay and past medical history that aren't supported as active diagnoses in the current stay? So making sure that in that case the MDS team verifies each of the diagnoses as active, and is the triple check process effective? And most importantly, is there a culture of compliance? Are senior leaders visibly supporting compliance in the organization?
SPEAKER_03And I would add to that, I mean, that's a pretty extensive list, but I would also add pre-bills. Sometimes, you know, the people want the money in the door and they don't look at what's going out before they get that money in the door. So that's something else I think that's uh that's critically important. And and to your point about um, you know, the the top folks top down. Um I used to work with somebody um and she used to say there's an Italian saying that the fish thinks from the head, right? If the if the folks at the top are not going to be compliant, you're not gonna have a compliance organization or if they're not kept in the loop. So uh you know definitely you you listed a ton of important factors on hopefully trying to uh minimize, because I don't think we can say avoid, but sort of minimize the risk of getting a UPIC audit. So sometimes, right, we talk that's on the front end, but sometimes on the back end, right, there's already been a big problem. And there is a corporate integrity agreement because the provider um had serious issues and they weren't thrown out of the Medicare or Medicaid programs, but they are now under intense scrutiny and monitoring to prevent an exclusion, right? And and there are very strict parameters that are set for that. So um tell me your experience, you know, talk let's tell talk to the group about um about a CIA. You know, what do you do when you have that CIA? How do you respond to a CIA and what types of uh uh programs and activities can you expect to be required and put into place?
SPEAKER_02Well, I'll steal your line from the UPIC first, don't panic. But there is a lot of action to take. You know, you have to find a qualified independent review organization or IRO. And I would recommend if those circumstances for which the CIA resulted have not yet been remediated to do that very, very quickly. And it in many cases, those things have been worked on in the settlement process. So the the CIA requires extrapolation. Uh, and so the sooner you can start auditing and correcting changes, the lower the overpayment error rate will be at the end of the audit. So make those corrections all during that first reporting period. Don't wait for the audit results, and that will um get you in the habit of making doing your internal audit, external audit, and and making those changes along the way. Um we just love to see the improvements from year to year.
SPEAKER_03And how long are corporate integrity agreements typically? So, what can a provider expect?
SPEAKER_02The corporate integrity agreements are typically five years. There can also be uh integrity agreements for smaller entities that are three years, but most typically it's a five-year process.
SPEAKER_03So so choose your uh IRO very well because you're gonna be with them for a long time, long partnership.
SPEAKER_01Yeah.
SPEAKER_03Um, so so do you have you asked me about my favorite story at the ALJ. Do you have one when working um with uh an organization that had a CIA?
SPEAKER_02Yes, it is a long relationship, like you mentioned, and it is just wonderful to watch when an organization embraces the uh culture of compliance and really takes it as an opportunity for change, sometimes providing overdue resources to compliance. Uh, my favorite story right now is um an organization that moved a 14% decrease in their overpayment error rate from year one to year two. That's a lot harder. That's a lot. And it's a big organization with a lot of facilities. So even more so the heavy lift in the education and training, and what a great accomplishment that was.
SPEAKER_03Yeah, but a lot of resources, like you said, it's financial and and and people resources as well. You know, a lot of time and effort. So so you've done this for quite a while. Um, what what have you seen as a change in the way the government has put together the CIAs and and the processes that they're utilizing for um for organizations and providers?
SPEAKER_02Yeah, LWCI has done this type of work for a long time. So we've seen the OIG move from um being able to net over and under payments into the cycle of furtime that was not allowed in the calculations, and now we've seen that come back where it is being allowed. I got to attend a session at the latest um HCCA annual conference a few months back, and some of the OIG monitors were presenting a session on uh changes to come, and one involves AI, and now both the provider and the IRO have to disclose and attest to how they used AI in either audit and development of the report. And so we've started including that in all of our um reporting period documentation.
SPEAKER_03Yeah, but the government doesn't have to tell you when they use AI, right? They do not. Yeah, so so sometimes you can tell when it's AI, right? We've we we've definitely had that. I'm not saying what's CIA specifically, but um you can definitely, yeah, there's some been some interesting changes with that. Um, so you know, we talk about how to minimize or try to avoid the severe impacts of of the UPIC audit. Can you really avoid a CIA? I mean, is that something you can prevent?
SPEAKER_02It goes back to the same list that I already went through. So just eliminate or minimize vulnerabilities, mitigate, do that annual risk assessment, and just be vigilant in auditing and uh monitoring.
SPEAKER_03Okay. And um, you know, you talk about that provider who had um, you know, that 14% decrease. Um does that mean that they could get off of the CIA sooner if they're that good? Because, you know, I I improved we get this question all the time. You know, isn't the judge gonna care that I improved so much? And aren't they gonna take into account what I did afterwards?
SPEAKER_02That's not usually what we see.
SPEAKER_03Yeah, that that's not typical, right? Unfortunately. Um, so what other tips and tricks or you know, some other thoughts that you might have that because you gave a ton of them already. I'm not so sure there's you know too much more in the arsenal, but uh what else can you can you tell people?
SPEAKER_02Well, I guess I just want to leave everybody with good clinical documentation is fundamental, but how do you know if your documentation is good? It really relies on that um internal and external auditing. We really need to have that objective third-party look once in a while because sometimes you don't know what you don't know. And and because we always did it that way is isn't um defensible uh when you get into litigation and um audits, and then appropriately resource and executive support for the compliance function. So that that's a wrap for me. Uh thank you, Rachel, again for doing this with me. It's been fun, and I want to thank all the listeners as well for um making it to the end. Have a great day, everybody.
SPEAKER_00If you enjoyed this episode, be sure to subscribe to AHLA Speaking of Health Law wherever you get your podcasts. For more information about AHLA and the educational resources available to the health law community, visit American Health Law.org and stay updated on breaking healthcare industry news from the major media outlets with AHLA's Health Law Daily Podcast, exclusively for AHLA comprehensive members. To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org slash daily podcast.