Audit activity is expanding in the nursing home sector, with improper payments rising and nursing homes continuing to lead in documentation errors. As a result, the Centers for Medicare and Medicaid Services (CMS) is expecting better documentation quality, as well as timely responses.

A nearly 10% rise in improper payments has intensified CMS’ oversight of nursing homes, according to Alicia Cantinieri, managing director of clinical reimbursement and regulatory compliance for Zimmet Healthcare Services Group.

Operators need to have proactive compliance systems in order to protect reimbursement and reduce denials. To mitigate risk, facilities need to strengthen internal communication, while also improving documentation practices, said Cantinieri, who led a webinar on Thursday, discussing Medicare audits, along with strategy and protection for CMS claims and compliance.

And depending on available resources, routine and internal audits can be a crucial aid, along with monitoring iQIES daily for notifications. And, it couldn’t hurt to hire a dedicated staff member to handle additional requests for documentation either, Cantinieri said.

Nursing homes are facing an increasingly complex Medicare audit and denial environment, along with intensifying federal oversight. These trends aren’t expected to lighten up in the coming year, she said, considering rising improper payment rates and more sophisticated data analytics that serve to identify outliers, billing inconsistencies, unsupported diagnoses, and patterns in the Minimum Data Set (MDS).

National improper payments for nursing homes increased from 7.79% in 2021 to 17.2% in 2024, and SNF errors were still in the lead compared to other care settings, according to Cantinieri. Improper payment rates were brought down about two percentage points between 2022 and 2023, but shot right back up again last year.

“The whole reason we got the SNF Five-Claim Probe was because our improper payment rates increased,” said Cantinieri. “Now we’re back up in 2024 to 17.2% error rate, which is not a good direction for us to be going.”

CMS action feeds into the administration’s wider initiative to identify and remove fraud, waste and abuse within the agency.

Understanding contractors and audit intensity

Cantinieri gave a comprehensive breakdown of various Medicare contractors involved in skilled nursing audits, all with different roles and responsibilities.

Medicare area contractors (MACs) make up the majority of these contractors, with private health insurers awarded a geographic jurisdiction to process Medicare Part A, B, and DMS claims for traditional Medicare fee-for-service (FFS) beneficiaries.

The MACs process Medicare FFS claims, issue recoupment letters and explain the appeal process to operators, Cantinieri said. MACs also handle redetermination requests, which is the first stage of the appeal process, and respond to provider inquiries. They establish local coverage determinations (LCDs) and review medical records for selected claims.

MACs handle routine post-pay audits, the most common type of audit an operator will see.

“Every facility is going to get a few of those here and there, because it’s part of the Medicare program, part of CMS. It’s required for program integrity,” said Cantinieri.

The Targeted Probe and Educate (TPE) program is the next level up in intensity, Cantinieri said. TPEs can escalate from just a few claims here and there, all the way up to 100% pre-pay review, a place operators “really don’t want to be,” she said.

Comprehensive Error Rate Testing (CERT) is the next level of scrutiny, which measures the error rate of improper payments in Medicare. CERT contractors review a sample of paid claims to see if they meet Medicare’s rules for coverage, coding, and billing.

Then there’s the Recovery Audit Contractor (RAC), the Supplemental Medicare Review Contractor (SMRC), and the Unified Program Integrity Contractor (UPIC).

At the top of the list is the Health and Human Services Office of the Inspector General (HHS OIG).

“They’re at a level of intensity as far as what they look at,” said Cantinieri. “They all have a different function, even though they’re all looking at our Medicare Part A, Part B claims; they look at them in a different way.”

The RAC identifies and corrects improper payments, Cantinieri said. They go back about three years from the claim pay date and review claims, typically looking at an episode of care. If an error is found they send claim processing back to the MAC to be adjusted for over or underpayment.

“We’re hearing about a lot of RAC audit requests,” Cantineri said. “A lot of RAC audits going on right now in the 2022, 2023 range, some later than that.”

SMRCs use data mining to profile providers, with a focus on service utilization for abnormal patterns. They can conclude that certain trends are happening after medical reviews, and they can refer up to the UPIC for further investigation, Cantinieri said.

“Currently, Meridian has the contract for this,” Cantinieri said of UPIC. “You can go onto Meridian’s website, and see their current and past projects … they’re not required to post all of them. CMS decides what can be posted.”

Examples of UPIC projects include findings of the 3-day stay waiver during the pandemic, and common reasons for claim denials. Previous levels of contractors usually give operators 45 days to submit records, but UPICs only allow between 15 and 30 calendar days. It’s important to know your deadline when working with one of the UPICs, she said, since they have very quick turnaround timeframes.

“Here’s where it gets a little more serious. UPICs are identifying potentially fraudulent Medicare providers. They identify improper payments that are to be recouped by the MACs,” said Cantinieri. “They can withhold or suspend your Medicare payment. They also refer cases to law enforcement for civil or criminal prosecution, and of course, they refer back to the MAC for recoupment.”

OIG contractors audit facilities and make recommendations for correction of issues, and make recommendations to CMS for enforcement and recoupment.

How to avoid moving up in levels of scrutiny

Regardless of scrutiny level, timeliness in responding to additional documentation requests is key, with late or incomplete submissions often landing operators with automatic denials.

The TPE program places providers through up to three rounds of review and education, with those failing to improve running the risk of escalation or continuous prepayment review.

CMS is increasingly comparing MDS data with clinical records to detect discrepancies, Cantinieri said, yet another way federal oversight is intensifying when it comes to audits and denials.

Common denial drivers can be small misses, like absent certifications or insufficient clinical detail. Poorly supported medical necessity could lead to a denial too, along with MDS inconsistencies, Cantinieri said.

New CMS data validation audits for the SNF Quality Reporting Program (QRP) adds more pressure to nursing homes too, she said – notifications of these audits come through the Internet Quality Improvement and Evaluation System (iQIES), and failure to submit requested records could trigger a 2% payment reduction.