AHLA's Speaking of Health Law
The American Health Law Association (AHLA) is the largest nonprofit, nonpartisan educational organization devoted to legal issues in the health care field. AHLA's Speaking of Health Law podcasts offer thoughtful analysis and insightful commentary on the legal and policy issues affecting the American health care system.
AHLA's Speaking of Health Law
Know Your Audit! Operational Considerations for Every Kind of Audit
R. Ross Burris, Shareholder, Polsinelli, and Lindsey L. Lonergan, Senior Associate General Counsel, Wellspan Health, discuss current trends and developments related to audits and proactive strategies for dealing with audits. They cover issues related to CMS claim review programs, the increase in commercial audits versus government payer audits, artificial intelligence, Unified Program Integrity Contractor audits, and the 60-day rule. Ross and Lindsey spoke about this topic at AHLA’s 2025 Annual Meeting in San Diego, CA.
Watch this episode: https://www.youtube.com/watch?v=iorXAhX0o9E
Learn more about the AHLA 2025 Annual Meeting that took place in San Diego, CA: https://www.americanhealthlaw.org/annualmeeting
Essential Legal Updates, Now in Audio
AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Premium members. Get all your health law news from the major media outlets on this podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.
Stay At the Forefront of Health Legal Education
Learn more about AHLA and the educational resources available to the health law community at https://www.americanhealthlaw.org/.
This episode of AHLA Speaking of Health Law is brought to you by AHLA members and donors like you. For more information, visit AmericanHealthlaw.org.
SPEAKER_01:Hello and welcome to Know Your Audit, Operational Considerations for Every Kind of Audit. Welcome. I'm Ross Burris. I'm a shareholder at Pulsanelli in Atlanta, focusing in the areas of reimbursement audits and disputes. I'm joined by my friend Lindsay Launergan, Senior Associate Counsel at Wellspan Health. This is a repeat to some degree of a presentation we did at the Age LA annual meeting this year in San Diego. Lindsay, you want to say hi?
SPEAKER_02:Hey, it's we're so thankful everybody's joining us, and we're happy to have the opportunity to do this topic again.
SPEAKER_01:That's right. Yeah, when we did this originally, it's a um a very interactive uh discussion. We had a lot of uh friends in the audience who participated, and I think, well, we technically bribed a lot of them with candy and prizes, but uh they they definitely participated and uh regardless of how we got there, and so it's gonna be a little funny today. It's gonna be just me and you chatting. Uh, we also obviously won't have slides, but we're gonna we're gonna chat anyway and hopefully share some good information and um enjoy what is my second podcast, your first podcast, right?
SPEAKER_02:Yes, and so we are very appreciative for everybody giving me grace as we go through today, and hopefully this will go well.
SPEAKER_01:Right. I know. I mean, I feel like we're gonna do like a true video style podcast. We should be on couches, you know, promoting energy drinks or whatever. We're uh wearing a big hat with my company logo on it, but I guess we'll just have to settle for the virtual backgrounds today.
SPEAKER_02:Yeah, I think we've missed an opportunity to have liquid death water.
SPEAKER_01:That's right. Yeah, liquid death is our sponsor. Um, some kind of new tequila or whatever. Well, uh, listen, let's start off talking about the CMS claim review programs because I think it's always important to know the basic framework of audits. And obviously, this discussion is gonna focus a lot on government payers, uh, Medicare, Medicaid specifically. And then I think we're gonna talk a little bit about some audit trends we're seeing in the commercial space as well. Um, now, as I mentioned, I'm a law firm lawyer. I've been a law firm lawyer most of my career, except a very brief start in government. Uh and so obviously I'm on the outside advising clients a lot on these issues. And typically they don't call the law firm until the audit has gotten messy or they've already gotten the overpayment demand or they've already gotten the investigation. Lindsay, you have the advantage of having been in-house counsel uh and obviously been in a law firm before where you did the same kind of work at the law firm with me many years ago, and now you do it in-house, right?
SPEAKER_02:Absolutely. I've been now in-house for almost 10 years. So I think it's a really compatible relationship. And I think that's the practical strategies that we can bring to everybody on the podcast today is that what I can offer is what we as internal counsel should be looking for and how we work with Revenue Cycle and other departments. And then when we bring in our expert outside counsel, um, you know, not only to help us do better internally, but to get the successful outcomes in the audits we get.
SPEAKER_01:That's right. Um, so let's talk about the different types of claim CMS claim review programs. And as I'm sure everyone who would listen to a podcast like this is aware, the government reimbursement operates on a pay and chase model, meaning like meaning they will pay you, uh, but then they might come back for it later. They might chase you down and get your money. Uh, and so there's two typical types of audit claim review programs we see for CMS, which is a prepayment review to reduce improper payments, and then a post-payment review to recover improper payments. So prepays would mean they're not going to pay you until you submit additional documents or have some type of discussion. And then a post-pay review will be when they come back months, maybe sometimes years later, and ask for documentation related to claims that have already been paid. And if you cannot provide documentation to their satisfaction, you could be facing an overpayment demand. Um, these programs are typically categorized as either complex, and complex means it's going to need a licensed professional to review documentation. Licensed professional, obviously, in this case, would be some type of medical professional. Uh, could be a nurse, could be a doctor, or someone in between, sometimes uh different types of therapists, or a non-complex review. And a non-complex program is typically looking for things like specific documentation. Do you have a delivery slip? Do you have an order? Um, they're not looking at medical necessity or questions of whether the care was provided. It's more a question of do you have all the right signatures and all the right dates and all the right documentation? Um do you want to talk about claim denial determination or do you want me to keep talking?
SPEAKER_02:No, I will take over, give the listeners a break. Umials, obviously, you know, it's our expectation that the people listening um to this, like we did uh in San Diego, this was an advanced session. And so, you know, I think that the people who are listening to us are all the very, you know, heavyweight who've been doing this a long time, folks. So claim denials ultimately, we're gonna go through quickly, you know, it's that it's either a cover, not a covered benefit, that the item or service is statutorily excluded, that it's not reasonably necessary, or it doesn't meet other requirements governed by policy, you know, like national coverage determinations or local coverage determinations. Um, and then Ross, tell me a little bit about you know what program integrity is focusing on at CMS.
SPEAKER_01:So program integrity is typically focused on where where you see them come up a lot in your day-to-day would be enrollment. Uh, so provider screening, uh, revocations, deactivations, things like that. That is where you could often run into program integrity. Uh, but they could also, you could get a uh a fraud or an improper billing audit. Um, you may also see uh program integrity involved in the denial of claims or the collection of overpayments. Uh, program integrity is also behind a lot of the data mining and audits, although many times they're using different types of contractors for that duty, which we'll discuss in a little bit. Um, and then also there's a whole element of education where they are out there providing education on their websites uh through different types of um media. And then of course, you can go to uh program integrity for different types of advisory opinions in certain circumstances. Um and then the other thing I guess you might see them get involved in is uh relates to information sharing. So how you're sharing information across programs or how they share information across programs, and they can sometimes even get involved with groups like law enforcement. So God forbid you ever get involved with a DOJ investigation involving claims. Oftentimes OIG will be involved in that as well, um, especially if the claims involve billing concerns or billing questions.
SPEAKER_02:Right. And so what we really want to focus on um not only with the product or strategies, but we want to talk about the new audit trends that we've been seeing. And so, Ross, what are you seeing in your practice in the space of what I think is a really interesting trend of an increase in commercial audits versus government payer audits?
SPEAKER_01:You know, it's interesting. It's it's always a it's always a push-pull. Like sometimes I feel like when all of our government, sometimes all of our calls from clients and friends and friends seems to be related to government issues. You know, we're dealing with a UPIC on every front or different types of TPEs or different types of investigations. And then the trend will swing and suddenly we're dealing with a lot of commercial audits. And so um, it may be because of change administration where some of the government contractors may be a little unsure of their position in the program. Uh, but we're definitely in some of the big insurance plans, you know, such as United, have seen investigation and scrutiny from the government on how they're administering these plans. So we're seeing a lot more activity recently on the commercial side. Um, a lot more. And the interesting thing about this to me is that these big commercial plans have always had SIU, special investigation units, or at least they've had them for a long time. Um, but their methodol methodology was more like, you know, send a document request, send an audit, uh, maybe they'll put you on like a prepay review system, things like that. We've seen a swing where they are getting a lot more aggressive in reporting activity to the government agencies. In New Jersey, especially, they love to do that. Uh, we've seen a lot of inquiries that involve things like asking for interviews. Uh, we had one payer asked to come on site and do a survey, uh, an add-of-network payer at that. It's not even somebody that we're in contract with that we are, you know, trying to be friends with. It's just somebody that we wanted to get paid for. And they tried to come on site and you know, you know, do a full survey of our client. Uh we we politely declined uh the offer and uh agreed to to to speak and communicate in other ways. But you know, their lawyer and their investigators assured me a lot of people agreed to it, and uh, which I think is is wild that because that is not something I feel like we saw 10 years ago. I I mean in your practice as a as a law firm lawyer, did you ever see commercial plans trying to come on site?
SPEAKER_02:No, I honestly I I think I have seen more on site, even in spaces you wouldn't expect, such as the Office of Civil Rights, which isn't our part here. But you know, it's interesting that you say that because I really do think that's where this session that we're doing today and that we did at the annual meeting is we're really intending to provide proactive strategies for internal folks looking for this. You know, if somebody was coming on site, I think that there's probably a lot of providers who may feel required, right?
SPEAKER_03:Yeah.
SPEAKER_02:And I think it's really important, you know, to work with your payer contracting team and get very crisp now in the sections on information that they can request in the contracts to look for language where it allows them any kind of wholesale access to your site or wholesale access to data and making their, you know, making having uh sorry, making having a requirement for a good faith inquiry, uh suggesting that you're gonna have a communication before people just show up. That's really important. And when you're educating your team, looking out for this so that people are aware if they see letters from commercial or government payers, you know, look for that, you know, maybe that they're having an expectation that they're gonna come on site. So that's really interesting. Uh, you talked about uh the new administration, and I think that is obviously a topic in audits that we're watching and have been watching since January. Um, I think that there was always very clear intentionality from the administration that they intended to target fraud, waste, and abuse. Um, I do think there has been um rumors and suggestions in the industry that, you know, maybe their focus is completely on diversity and other types of topics that weren't uh targeted for fraud and abuse from prior administrations. But, you know, I still think that even though we're eight months in, that uh I'm not seeing anything incredibly unusual other than the communication from the government is that they're still interested in it. But I don't think I've seen either a big increase or decrease in what the government's doing other than normal. Um what are you saying, Ross?
SPEAKER_01:Yeah, certainly not on the Medicare uh or Medicaid, you know, certainly not on the claim audit side. I know that some of my DOJ partners would tell you that they're seeing a lot more um, you know, personal investigations and things like that on the criminal side or individual investigations, but on the audit side, especially by the audit contractors or the or the typical audit agencies like the IG, I don't feel like we've seen any increase. No, I agree with that. Um, I think that's why sometimes it feels like the commercial plans are taking up the gap where they're stepping in. Maybe they're doing more, maybe they feel like they need to do more to justify the government contracts they have, or even on just straight commercial planes, play uh claims, they are investigating more. Um you were touching on something interesting there, which we'll I think we talk a little bit about further. But you know, I I know people always love to hear about what how you advise and uh your clients within the company, within the system, to be prepared for audits. And, you know, talking about gee, I never heard of people coming on site, but some people let it happen. I've 100% had clients where somebody, some well-meaning person at the front desk didn't understand what was going on, thought they had to let people in. And next thing you know, they're rifling around the office, looking in filing cabinets, things like that. That later, when compliance or legal got involved, you realize they probably didn't have a right to do that, or at least it was not an articulated right. And somebody should at the very least ask them to step back, take a breath, and call somebody in compliance or legal who could advise as to what the rules would be for that type of investigation.
SPEAKER_02:Absolutely. I mean, obviously, a lot of us in the provider space work with really well-intended, mission-oriented frontline staff who are about providing health care in their often small communities. So it could easily be someone that they know or they're just very kind. And so, you know, I'm having uh not a struggle, but we're always having the focus that customer service and good customer service is great, but just like you don't want a cyber criminal getting into your data because of your, you know, graciousness to external parties, you know, you have to ask more questions, I think, for people who are asking for access or data. And and that's tough for people who their normal everyday is being very open, caring, you know, people.
SPEAKER_01:That's right. Yeah. So how do you prefer? I know you haven't been in Wellspan that long, but uh, you know, how how do you in an ideal world advise your your you know client bodies or client agencies within your system? How do you uh prepare them for audits out of curiosity?
SPEAKER_02:You know, I think that it it really you have to know who your stakeholders are, and we'll talk at our proactive strategies about identifying those stakeholders. But I always, as legal counsel, try to have a very open and you know, feedback loop conversation with compliance, internal audit, revenue cycle, payer contracting, and others about making sure that all the teams are feedback looping to each other the information you need. Who are we in payer contracting efforts with when your contract is open for negotiation? What are we seeing in sort of the low level onesie twos denial space that could grow? You know, obviously uh it always used to be things about inpatient versus uh outpatient claims. If people were put in patient hospitals, you know, those are the types of things that everybody knows about to look for. But now, you know, as we keep going with our audit things we're seeing new, I do need people, and I say this even in the HIPAA space, like we have to have a little bit more suspicion of everybody who's asking us things, right? Right. Like where you ask people to pause when they look at emails before they click download. You know, I need everybody to do that same kind of scrutiny and hygiene in their verbal interactions or phone interactions. So that's what we're talking about is just telling people to take a pause. You know, if you see something, say something.
SPEAKER_01:Yeah. It's funny. Um it's a podcast, right? We're casual here. Uh, you know, I picture myself on the on the uh on the big couch with Travis Kelsey and the other Kelsey uh talking. Uh Kelsey. Listen, if you if you announce an album drop right now, I'm gonna be I'm gonna freak out. Um the uh anyway, uh I I was giving this speech at the at another hospital association uh a few years ago, and the and I always think of this story because it's so like indicative of of exactly what you're talking about, the kind of people that let them in the door. But this this uh compliance officer from a small health system that had multiple uh facilities around like a very rural area of Georgia told a story that she got a call from someone who the this guy had rolled up literally in an RV and stepped out of the RV in front of the facility, walked in, and started demanding records. Now, luckily, these people were smart enough to call their compliance department who who said, Hey, who is he? Does he have a card? Does he has he brought a piece of paper? Is he explaining who he is? Let me talk to him. Um, but as she's telling the story, this woman from the back of the room, who obviously didn't know her, stood up and goes, I know him. That happened to us. And so apparently that you know there's this guy, just the scourge of the uh the rural health systems in Georgia at least a few years ago, driving around. They said he looked like he'd been in the woods for you know a hundred days. He's you know not professional in the professional attire whatsoever, bringing out some kind of weird ID. And he really was from an agency, but he, you know, yeah, he probably stuffed come from the pig jig, you know. Right, right, yeah, from the big pig jig. Diana. Um all right, we'll do the barbecue cod podcast next. But um, no, it's a great, it's a great point about keeping making sure people are trained to ask why. And luckily this group was trained, and they they said, gee, this this is there's something odd here. You know, he doesn't seem like a typical, you know, Georgia surveyor or you know, government surveyor. There's something very strange going on. Um, so um we're a little bit off topic there, but you know, there's a lot of other audit trends we're seeing. I think I mentioned a moment ago, um in you know, something like the DOJ's investigation into United Healthcare on their administration of plans, I think is gonna cause a lot more trickle-down scrutiny. And the other plans as well, even besides United, who are all, I'm sure, in a position where they feel like their programs are also subject to scrutiny, they're gonna pass that down to the providers. You're gonna see more inquiries, you're gonna see more demands for documentation, you're gonna see more prepay audits, you're gonna see a lot more of that uh from them, uh, from these big plans because they're afraid of their own scrutiny.
SPEAKER_02:Um seeing that, right, in the scrutiny from commercials for the collecting co-pays, seeing a lot of plus for documentation about efforts to collect co-pays or deductibles for patients. I think we're also seeing the commercial payers doing what I would consider almost intrusive audits for out-of-network providers, as you mentioned, you know, where they came, right? You know, working around the state prompt pay statute and seeking additional documentation. And uh you and I both talked about it at AHLA annual meeting in San Diego, that I had uh payers requiring corruptive action plans on out-of-network providers before they would resolve anything. And you know, honestly, it was almost aggressive the CMEs that they were making doctors take, which we, you know, in another lifetime pushed back on and said that we didn't think they had the ability to do it. But that does go back to, I think, really nailing down with your payer contracting what you're seeing in the contracts.
SPEAKER_01:Uh yeah, you know, I've had that situation. Oh, sorry, go on.
SPEAKER_03:Oh, go ahead.
SPEAKER_01:I was saying we've had that situation at least twice that I can think of recently, where incredibly an atom network payer is demanding a corrective action plan from our client. Uh now, but what they have is they have their money in suspension, essentially. Uh they call it payment flag, but it's the same. It's the same as a payment suspension where they are processing claims and mostly approving these claims, but they're refusing to pay you, uh, or in some cases they refuse to fully process them until you resolve some other audit issue with them. It's the only, it's the only hook they have. Now, it doesn't work in every every state. Some states have prompt pay laws that um prevent this type of behavior, but in states where it's allowed, um, it's been extremely burdensome. And they're handing down these corrective action plans that are they almost look like contracts, but without the benefits. Uh, you have all the obligations of being under contract, but you don't have the guarantee of payment. Um, it's it's it's very interesting. And, you know, some people have signed them uh because they need that money badly and they're willing to do it, and other people haven't. Um, but it's definitely a new tactic. It's not something I I would have been sitting here telling you about having seen before two years ago.
SPEAKER_02:No, and I think you know, the next gen of all of this is artificial intelligence, right? And it's everybody's excited about what you can and can't use it for in the health system. Um obviously, what we were looking at is Epic and Microsoft, the things that we can use with our Outlook tools and Epic. But, you know, I have been very interested and have wondered how much artificial intelligence is being used by payers and government payers across the country and what they're doing for denials.
SPEAKER_01:Right. So that's we've had a huge concern about that for a long time. And we've seen a lot of evidence in it and in different types of audits and disputes we have going on, especially with some big commercial payers. And so talking earlier, right, about that what is a complex review? A complex review means it should be reviewed by a professional, a human professional. So that's a doctor, that's a that's a nurse, maybe it's a therapist, depending on the type of claims, but an actual human. And we have we have definitely found evidence, and in fact, we're uh, you know, there's some litigation over it, uh, related to some of these plans, clearly using AI. Um, in situations where they we think these complex reviews should have been conducted by humans. And um, and it's it's interesting. We're only going to see more of it. And and frankly, maybe they're gonna get better at it, and that'll be even harder to identify. But I think that using AI in a situation that is uh written and intended to be done with a human compassion and a human sort of uh intelligence for variation or exceptions and things like that is an abuse. It's an abuse of their of their power and perhaps an abuse of their uh responsibility to manage money on behalf of the government or at the very least on behalf of their members.
SPEAKER_02:You know, it's interesting if you've been watching the TikTok videos about everybody who's been filming their peer-to-peer conversations, the doctors who've been filming their peer-to-peer conversations uh with the various payers, I think they would tell you that they're already artificial intelligence on the other side of the phone, right? Because they won't do, yeah. They won't tell you anything. And so it has been interesting that you're expected as a provider to not use artificial intelligence to do anything that you're expected to do to file a claim. So you would have the same expectation on the other side. But I know that we are only at the genesis of what we're gonna see in these types of audits for that.
SPEAKER_01:That's right. I mean, in the same breath, they'll they'll accuse you of using electronic signatures or things like that. You know, and I'm like, wait a minute, you used a robot to review the medical necessity behind a heart surgery. You're on me for you know, electric electrically signing or electronically signing uh an order. Um yeah, it's interesting. Um the other thing we're seeing that isn't going away is the TPEs, uh the target probe and educate. And I love I actually I say this all the time, and people act like I'm crazy, but I actually love a TPE audit um because it's one of the few types of audits that I can think of where you have a constant conversation with the payer about what they expect. And usually it's Medicare, right? It's Medicare math. And so what this so a TPE is there's multiple levels and they're scary and they ask for a lot of documents, and everybody kind of freaks out at first. Um, and if you fail that first round, then it you ever everybody really gets worried. But then you have the second round and the third round, and on that by usually by the third round, people are getting the documentation right. Many times they found someone good at the Mac who they can call with a question and say, hey, gee, we're confused by this, or is this okay? Should we not do this next time? Things like that. And I've actually been very impressed with the TPE process, even though everybody complains about how onerous they are and how much work they are, and they are. Um, but I have been very impressed with that program in general. Um, you know, you pick, they come in, they you know, they look at 100 claims, they they extrapolate out to the to the ends of the universe, literally, and uh, you know, suddenly you know$100,000 worth of claims is worth you know$10 million worth of claims, and they want everything back, and there's no explanation. They just, you know, they send a statistical report that most statisticians are completely confused by. Um, they deny a few claims got based on you know various reasons, and then they send it back to the Mac. They issue an overcame and demand, and you don't you don't talk to a human ever on those. Maybe it's an ALJ, someone will show up. Um the TP I totally agree.
SPEAKER_02:The TPE audits were definitely and are definitely, if you can have a favorite, my favorite. Uh, I always compare it to I know that you know, one of my first in-house roles, I came in on the front end of a corporate integrity agreement. And I know that everybody feels very challenged by that because it's reputational and otherwise, but frankly, it was a it was a wonderful experience for us for the years that we had it, because I had a shout-out to Amanda Copsey, uh, an OIG monitor, who was my on-call, just like in the targeted probe and educate. You know, you can learn so much from having a phone conversation, you can learn so much from each other. And they listen in the TPE audits just like our OIG monitor listened to us. And so I, you know, again, we're gonna talk in our project strategies about take full, you know, take full effort of these opportunities that you have to get this information so that you are giving them what they want, right? And so I absolutely think it's well worth it to take every advantage when you have someone on the phone who will talk to you.
SPEAKER_01:No, I think that's funny you you mentioned the CIAs because you know, we actually have, I don't really, obviously, I'm not a deal lawyer, I'm a litigator, but I I will occasionally advise on these types of issues for deals. And it's amazing now we actually have you know private equity clients and other folks who love a good CIA. I mean, they don't love going through the process, they don't love the repaying it. But you know, if they see an entity with a CIA, they're they're like, oh, that's great. That's you know, sometimes that can be a mark of of uh of approval, you know, a mark of quality. Um so it's it's interesting, you know. That's and that's exactly the right viewpoint you should have. Now, it doesn't mean it's a it's a full get out of jail free card on every issue that they have, but at least on the issue of the CIA, you can you can presume that they should be um in good shape there.
SPEAKER_03:Absolutely.
SPEAKER_01:Well speaking of nasty audits, I already touched on them a little bit, but the the UPIC audits, and these are still out there, they're still just as painful as they've always been. This is uniform program integrity contractors. Um, there are still several across the country, but the ones you see are Safeguard and Covent Bridge. Um, if you haven't had an audit in a while, you may remember these as ZPICs, uh, but they changed the name on them a few years ago. Very much the same thing. See them a lot in Medicare Part A, but um, we see them the most, frankly, in Diddy Post, DEME, um, prosthetics, and orthotics, although that you can see them in other circumstances than we have. We see them for ambulance and hospice and other areas as well. A lot of home health. Um UPICs are particularly nasty because they're outside contractors, they're outside contractors even from the Mac. So, you know, if Palmetto is your Mac, then they still use Covent Grids or Safeguard. Um, and they the hard thing about a UPIC is if it's bad enough, they'll put you on payment suspension. And the suspensions are very, very uh difficult because they they suspend all claims. So even if they're just concerned with a certain type of claim, everything is suspended until the audit is resolved. And they should technically be resolved in 90 days, but if there's any allegation or concern of fraud, they can extend it almost indefinitely. So we've seen UPEX go on for years where there's an allegation of fraud. They just keep re-epping the suspension, which as you can imagine, is an absolute company killer in those circumstances. Um, and so they can do things like on-site reviews. We have seen it. We have seen them even try to interview patients, which is incredible to me. Uh, I had in a hospice context one time. I was just trying to picture that interview, Lindsay. Like, hi, Miss Lonergan, are you really dying? I can't even imagine what that must have been like for the people who had to sit through that. But um, they can and they will, although thankfully it's rare. Um, but these are definitely the hardest kind of audit you'll deal with. And as I already touched on, unlike the TPE or even to some degree an OIG audit, you're not having a conversation with a human. You are uh you're boxing up records, sending them out, hoping for the best, and then you get a big report, and that's it. Um, the report will likely use a statistical tripolation from someone who's completely separate than the reviewer. Um, you'll have to hire your own statistician to make sense of it. And most of the time they don't make sense. Um, but if you do. Get one of those, I highly encourage you to review your program integrity manual and to hire someone or find someone who understands statistics very well because they are often done wrong, even today. Uh, and they can be fought, but it's a big process. It's multiple levels of appeal. Usually don't get a lot of traction on those until the ALJ, and they're just really onerous process. Um, the other really nasty thing about a UPIC that I've seen before is that they can also be referred, they will sometimes be referred to the DOJ. So you don't just deal with the UPIC, um, then you could also be dealing with the Department of Justice, US attorney, who then has to kick the tires on this UPIC investigation and figure out if it's something that needs to become a full-blown DOJ investigation. So very difficult.
SPEAKER_02:So I think we're gonna move, you know, to um returning overpayments, and we're gonna hit briefly on the 60-day rule. Um I do want to go back and say lawyers don't do math, so you should always hire a statistician. Uh, none of us went to law school to do math, right? Um, in terms of 60-day, again, I think everybody understands what the 60-day rule from the original Affordable Care Act requires. But, you know, the top the big news is in the calendar year 2025 Medicare Physician fee schedule, CMS updated the 60-day rule to change the definition of an identified overpayment to when a provider knowingly receives or retains an overpayment. The term knowingly has the meaning that's set forth, as we know, in the Federal Civil False Claims Act, which provides that a provider knowingly receives or retains an overpayment when they one know about the overpayment, two, act with deliberate indifference to whether an overpayment exists, or three, act with reckless disregard of a potential overpayment. Most importantly, under the new rule, a provider does not need to quantify the provider overpayment for it to be considered identified. Uh finally, the updated rule tweaked the time frames. Obviously, it's always said that there was a 60-day deadline, um, but you can have it suspended for 180 days when you're doing a good faith investigation. But crucially unchanged is that overpayments must be reported if identified within the six-year look back period. Um, making sure that your internal audit or investigation, if you're doing a 60-day rule, you know, you have to think critically about when did the impact change that created the potential overpayment, and is there any reasonable belief that it goes back six years? You know, I again I'm not gonna hit this too hard because I really think that for most of us that are especially in the weeds of this, we don't think the rule has changed at all. Uh for my part, right?
SPEAKER_01:You know, it doesn't it definitely doesn't change it in practice. Like the way we advise clients to to really comply with this is it's not changing the way that our clients are doing it.
SPEAKER_02:It's not. And you know, to me, if you have people who are really leaning hard into the six months, you know, you want to make sure, and what I've always done, but perhaps weren't done, is you want to be able to demonstrate in proof that you are making, you know, a good faith forward effort throughout the six months. Um, I think that sitting because your executive is thinking about it while they're on vacation for two months is not great. But many people uh information, also you, you know, there were people who could argue, maybe even me, uh made an argument that, you know, if you held the button on the equals on your calculator until you were ready to do it. But I think it's if you're, you know, people who are acting reasonably, acting in good faith as we all should, there's really nothing to the 60-day rule that has changed. I think it's just demonstrating that you need to show that good faith effort the whole time.
SPEAKER_01:You know, I always think of when I when I get worried about potential enforcement or that a client's taking too long, I think of some of the enforcement cases. And, you know, one of the big ones that was out there initially was a group that, you know, paid back a relatively low amount over multiple years. Um, they would just kind of like they sort of slow rolled this audit over like two or three years. I think it was like New York Medicaid or something like that. And you know, they just really, really took way too much of their sweet time on it. And which, of course, you know, you're not gonna let your client do. So we we try to keep them within that six months. And and like I said, if it's a small amount or if it's a it's an easily identifiable amount, we remind them that six months is not a guarantee. If you know today exactly how much you were overpaid, we don't need to look it up. Uh we don't need to figure anything else out with it, then you don't get that six months.
SPEAKER_02:Absolutely. You know, and I think um you have to always think about the impact of what does that overpayment mean, right? You know, you you should take think carefully that when you return an overpayment, you are indicating back to the government that that was not a proper service or a billable service or a medically necessary, whatever it is. And so you do have to be critically thinking about what's the impact on other claims, because post Escobar, obviously, uh, and Escar, the Supreme Court case that talked about, you know, what's material to the government for repayment. If you are actively proactively returning that money, you are telling them that you think it's material to the government. And so that is where I do encourage everybody to think critically as a group and make sure you have a multidisciplinary stakeholder group determining what those overpayments are, because you don't want overpayments being returned in one area and not another just because those people didn't talk to each other.
SPEAKER_01:Yep. Oh yeah, gosh, that's a good point.
SPEAKER_02:Yeah, and I do think, you know, Escobar is so interesting. Uh proactively, my recommendation always is to be very knowledgeable about what your local district court says because those are the people who want it, and being very knowledgeable about what your company has done in the overpayment space for the last six years and going through that. Um, and as we get into proactive strategies, we'll talk about that.
SPEAKER_01:Yep, I like that.
SPEAKER_02:So, thinking of our time here and we want to keep our people engaged, I do think going into proactive strategies is the best. So, you know, number one, uh, as I've said, is you have to have an audit response team. You can call it Bob's team if you want, but I think it's really important for the organization, you know, to have strong processes and policies related to its response to overpayment. It's typical that I go into a job and that people are somewhat aligned, but I think again, the point about what does an overpayment mean to the government and you returning it is not something everybody thinks about. So revenue cycle, internal audit, compliance, quality clinical review, and finance. You want all of those people communicating with each other so that you know what's going on, and that your organization's response and identification of an overpayment is driven by your organization's policies and procedures, right? Especially those that address risk tolerance. You know, uh, we could spend another after we do our barbecue uh podcast.
SPEAKER_01:Our barbecue podcast.
SPEAKER_02:Right. We could do a podcast about local.
SPEAKER_01:We can put our barbecue sauces in front of our screen like they do, and be like be like, listen, when you get a TPE on it, finish your barbecue, and then uh call back to eat your barbecue before you give people access to your records. That's right. Invite your reviewer over, have a barbecue.
SPEAKER_02:Um I think it's important, you know, to uh maybe we could test barbecue sauces while talking about low for bright. You know, we don't know about the low for bright regulatory review, what that will have. But again, there's so many nuances to what's an overpayment, what's your risk tolerance is, what it means for the organization. 100%. You have to have those conversations um internally before anybody can ever help you externally, right?
SPEAKER_01:Agreed. And and you need to decide, yeah, there's nothing more, and as an outside lawyer, there's nothing more awkward for us than when we get a call from a client and they're trying to explain the situation and they start arguing with each other. And this happens all the time, where you know, well, we we we think we have this big issue. Here's what happened. Well, I don't think that's the issue, Susan. I think it's really this. And like, you know, well, how do we do it over here? Well, in my department, before when we had something like this, we we didn't refund it. And here's how we justified it. And this other group said, oh my God, are you kidding? You didn't refund that. We have to refund that in this now, you know, and we've seen that before. So you're you're 100% right. Like getting everybody on the same page as to risk tolerance for audits and risk tolerance for overpayments and things like that is so important. And unfortunately, it's not always something that your outside lawyers can do for you.
SPEAKER_02:No, and I think obviously as organizations ebb and flow, um and we're having the struggles in academic medicine, you don't want people to feel uncomfortable in conversations that you're invading their lane, right? But I think that the lawyers can bring forth that there is judgment calls that have to be made, and the judgment calls need to be backed up with consistency because an inconsistent judgment over and over is the death knell, right? I think that that's most or you know, most explained in you know what I deal with is unprivileged investigation documents, right? And if you look at those over six years, you have everybody's stamp, their flavor, their you know, where they worked and what their you know beliefs are.
SPEAKER_01:I heard my friend, the consultant over here, they looked at it, they never engaged through counsel, probably not even privileged or questionably privileged. Um yeah, I mean, a role we do step into a lot as a firm. And it it takes a lot of thought and manpower when we do this, but we do occasionally are asked to step in and say, okay, look, we've got two competing arguments here in the organization as to what we should do with this tranche. And we need you, don't, you know, they almost we almost become like an arbitrator uh of a decision here. So, you know, you've got Lindsay and her camp, and they're concerned about this, and here's why. You've got this other camp over here, they're also concerned, but they have a different um, you know, they have different take on how much of an issue it is. And, you know, what do you think, Paul Tanelli? What do you think as a firm? And as a firm, we have a lot of work on that. Because I that's not something Ross needs to answer on on the fly on his own. I need to talk to my partners and say, hey, partners in Denver, partners in Dallas, how how do we answer this question? Because God forbid, I don't want you calling me and getting a different answer than you got from my partner in Denver. Um, because you know, we need to, we all need to be on the same page with these things. There's nothing worse than somebody, you know, getting a different opinion from a different person at your firm, and then you have to resolve the two. So um I think internally and externally, that needs to be those conversations need to be had.
SPEAKER_02:Absolutely. And so ultimately the takeaway in this uh strategy is don't let the UPIC be the reason you meet for the first time. Because before it happens, have a strategic audit response team that has already dealt with the tough questions before you have to. And you know, that's tough when people have day jobs, but ultimately uh it's so important.
SPEAKER_03:That's a great point.
SPEAKER_02:Yeah, I think second, and also you know, ancillary to this is that audit response team needs to see what internal resources you have to respond to an audit so that you know what external resources you need. And frankly, this is a spectrum as well, right? Again, don't let the UPIC be the reason that you find out that Bobby Sue is a great hospice record reviewer. You know, the audit response team needs to inventory your resources, including your employees, to see what's available clinical or otherwise. And you have that because they're doing the onesie twosies now. But I think you know, this is where external and internal counsel can work together to build some internal proficiency that pays dividends. It doesn't mean you don't use external counsel again. It doesn't mean you don't have to go through the painful first two weeks of saying, What is here?
SPEAKER_01:When I'm asking you for all these documents, you're like, if that guy emails me one more time asking for something, I'm gonna lose my mind. Yeah. No, unfortunately, we have to be that guy a lot. No, I'm always a little proud, I'm always kind of proud, actually, when a client, when we've been through an audit or two and an appeal or two together, and then I get a call six months later and they say, Hey, we got another audit, but this time, you know, we did it ourselves and we did these cover sheets. We did, you know, we prepared the documentation this way, and you know, we did pretty well at the first level, but now we need your help. And I'm always like kind of like a proud parent where I'm like, oh, okay, so we all we all learned something together. You guys handle that one on your own, you don't need to pay me, and I don't have to babysit and ask for every document and creation. Um, and now I get to come in for the fun part at the hearing or or take on the really hard ones where nobody's listening to you. Um, and and you can handle that other part. That that's ideal. I I I think of that as a win in my practice.
SPEAKER_02:And I think you and I, right, when my left the law firm and you came in, we learned that together. We had a very simple audit that was no more than$10,000 about an inpatient case. And we had an external resource because for me, putting an external clinical reviewer or statistician or physician reviewer on a stand of any type is a risk. I have had it go very thoroughly, where they did great when you were prepping them and then they fell apart on the stand versus like long-standing individuals in your organization building that expertise pays dividends, and they have the ability to pivot with internal information and resources in a way. And again, shout out to Kim Whitley if she's listening. You know, you and I had that experience where you and she were able to have a just really excellent ALJ experience in Georgia. So that was such a great example of where you get external resources. And third strategy, educating employees about when you see a government letter, do something.
SPEAKER_03:Yeah.
SPEAKER_02:Ultimately, that is another opportunity of internal education, is where failure to respond is not good enough. So absolutely, you want an audit response team so that people know where things are supposed to go. Yeah.
SPEAKER_01:What do you think, right? Like if the guy rolls up in an RV, uh, he's not bringing you barbecue sauce, then you need to you need to question what is is is he really there legitimately? Um, but that's part of a good response plan. Yeah, gee, this is weird. This smells odd to me. I'm gonna call Lindsay and find out what I should do here.
SPEAKER_02:Um absolutely. And then the audit response team, again, another strategy is making sure you fully participate and defend all denials. Again, that one is even a$10,000 claim can cause you problems. And that's true for everything. Every letter that comes in matters, and every denial matters. Because if you let the denial go, you have implicitly told the government that was a claim that shouldn't have been sent out.
SPEAKER_01:That's always my concern. Yeah. I mean, especially if it's a quote, if it's a I always tell people this if it's a one-off medical necessity issue or documentation issue, and we're not going to get the documentation from the doctor or whoever, it's impossible. Maybe you let it go. Um, but if it's a systemic issue, if this is how we've documented these, or this is how we've done this for a long time, then you can't let one or two go. Um, because it it does, it does begin to feel like precedent. And um plus I always feel like it's it's like blood in the water for the sharks, right? Where they they suddenly feel like, oh gee, you know, if we we just you know saber rattle a little bit at this client, this hospital or this this physician's office, whatever it is, then we'll get a refund. So, and I I feel like sometimes you have to push back um in order to get them to back off.
SPEAKER_02:You know, we could go on and on about this at our barbecue podcast, but ultimately, you know, these things are in closing are that this is a complex audits, gray law, but you have the opportunity with your external counsel to have a strategic approach to how you operationalize audits. While they differ in scope and focus, everything has a common thread of needing accurate documentation, clear billing practice, and an established response protocol. Proactively preparing is absolutely so much value for your money.
SPEAKER_01:So, what you're saying is, Lindsay, you think we need to do uh this presentation again at the annual meeting next summer?
SPEAKER_02:Absolutely. We absolutely will want to see you in New York. It's the first time AHLA will be in New York since 2014. So we hope that you'll join us there and we will bring our barbecue sauces and we'll bring it to New York City. We appreciate everybody joining us today. Thanks y'all. Thank you.
SPEAKER_00:If you enjoyed this episode, be sure to subscribe to AHLA Speaking of Health Law wherever you get your podcasts. For more information about AHLA and the educational resources available to the health law community, visit AmericanHealth Law.org and stay updated on breaking healthcare industry news from the major media outlets with AHLA's Health Law Daily Podcast, exclusively for AHLA comprehensive members. To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org slash daily podcast.