The Centers for Medicare & Medicaid Services (CMS) administers Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP). To maintain the financial integrity of these public health programs, CMS uses a system of audits and reviews known as “CMS checks.” These oversight activities ensure that payments are accurate, services are medically necessary, and public funds are protected. This article examines the mechanisms, processes, and consequences associated with these regulatory checks.
Defining CMS Oversight and Payment Integrity
CMS oversight is rooted in Payment Integrity, ensuring that the proper amount is paid to legitimate providers for necessary services delivered to eligible beneficiaries. Given the scale of federal healthcare expenditure, a structured system of checks is necessary to protect taxpayer dollars and maintain program sustainability. This regulatory function is a core component of the agency’s mission.
A primary driver for all CMS checks is the detection and prevention of Fraud, Waste, and Abuse (FWA). Fraud involves intentional deception to obtain unauthorized benefits, such as billing for services never provided. Waste involves the overuse of services or inefficient practices resulting in unnecessary costs. Abuse includes actions that cause unnecessary costs without meeting professionally recognized standards.
While fraud is a criminal matter handled by law enforcement, CMS and its contractors focus on identifying improper payments. These payments result from coding errors, insufficient documentation, or lack of medical necessity. The improper payment rate in the Medicare Fee-for-Service program is measured annually, highlighting the need for these oversight mechanisms. CMS uses review data to identify vulnerabilities, adjust payment policies, and prevent future errors before claims are paid.
Key Types of CMS Audits and Reviews
CMS relies on a network of specialized contractors, rather than conducting all reviews internally, each with a distinct role in ensuring payment accuracy. These contractors use sophisticated data analysis to target claims for review, focusing oversight on high-risk services or providers with unusual billing patterns.
Recovery Audit Contractors (RACs) identify and correct improper payments—both overpayments and underpayments—made on claims that have already been paid. RACs perform automated reviews, which use computer logic to flag claims, and complex reviews requiring human review of medical documentation. These contractors are paid on a contingency basis, receiving a percentage of the improper payments they successfully identify and recover.
The Comprehensive Error Rate Testing (CERT) Program measures the national Medicare Fee-for-Service improper payment rate. CERT contractors review a statistically valid, random sample of Medicare claims annually to determine compliance with coverage, coding, and billing rules. The resulting error rate is a metric used by CMS to gauge payment system effectiveness and inform the priorities of other contractors. CERT findings measure payment accuracy stemming from errors like insufficient documentation or lack of medical necessity, rather than identifying fraud.
Medicare Administrative Contractors (MACs) are responsible for processing claims and making payments to providers in a specific geographic region. They also conduct routine medical review activities, including both pre-payment and post-payment reviews. MACs often target services or providers identified as having high error rates from CERT or RAC findings. Pre-payment reviews are particularly impactful, as they suspend a claim before payment is made, requiring the provider to submit supporting documentation to receive reimbursement.
The Supplemental Medical Review Contractor (SMRC) conducts nationwide medical reviews at the direct request of CMS. The SMRC often focuses on specific national program vulnerabilities. These reviews are project-based, allowing CMS to centralize and coordinate oversight on high-risk areas identified through data analysis. The SMRC acts as a centralized resource for large-volume medical reviews across different Medicare product lines.
The Audit Lifecycle and Provider Response
The typical CMS review process begins when a contractor, such as a MAC or SMRC, selects a provider’s claims based on data analysis suggesting a high probability of error. The provider is formally notified of the selected claims, often receiving an Additional Documentation Request (ADR). The ADR is the formal request for all medical records and supporting documentation necessary to substantiate the claims.
The provider’s response to the ADR must be timely, as Medicare mandates a specific timeframe for submitting requested records, typically 45 calendar days. Failure to submit documentation within this period results in an automatic claim denial, categorized as a “no documentation” error. This places a significant administrative burden on providers to maintain organized, complete, and readily available medical records.
Once the contractor receives the documentation, a qualified reviewer, such as a nurse or certified coder, examines the records against Medicare coverage, coding, and medical necessity rules. For complex reviews, this process can take several weeks or months. The contractor then issues an initial determination notification, informing the provider whether the claims were correctly paid, underpaid, or resulted in an overpayment.
Outcomes of CMS Review and Appeal Rights
The result of a CMS check can have significant financial consequences, most commonly an identified overpayment. When an overpayment of $25 or more is identified, the MAC issues a demand letter requesting repayment. If the provider does not repay the amount or initiate an appeal within 30 days of the demand letter, interest begins to accrue on the outstanding balance.
To recover the debt, CMS may implement recoupment, offsetting the overpayment amount against future Medicare payments owed to the provider. If the review identifies systemic errors, CMS may require the provider to implement a Corrective Action Plan (CAP) to address the root causes and prevent recurrence. For serious non-compliance, Civil Monetary Penalties (CMPs) may be imposed.
Providers who disagree with an overpayment determination have the right to challenge the finding through a formal, structured five-level administrative appeal process.
Appeal Levels
The first level is a Redetermination, filed with the MAC that made the initial decision, and must be submitted within 120 days of receiving the determination notice. The second level is a Reconsideration, conducted by an independent Qualified Independent Contractor (QIC).
If the amount in controversy meets a specific annual threshold, the provider can proceed to the third level, a hearing before an Administrative Law Judge (ALJ). The fourth level is a review by the Medicare Appeals Council. The fifth and final level is Judicial Review in Federal District Court, assuming the controversy threshold is met. Filing an appeal within specified timeframes generally prevents the recoupment process from moving forward until a decision is reached at the first or second appeal level.