The CERT study gives one the opportunity to identify potential errors the same way that the auditors do.

With nearly a million physicians in this country, how do auditing organizations determine who to audit? As of 2011, a total of 100 percent of Medicare fee-for-service claims started being passed through the Fraud Prevention System: a series of predictive analytics algorithms that help identify claims that may have been billed incorrectly.

But while those results help to target particularly high-risk providers, there is much more to the “audit/don’t audit” decision than just risk. For most auditors, because they are private contractors, their remuneration, bonuses, and/or contract continuation are tied to results – and make no mistake, results are measured in dollars returned to the trust fund. So before an auditor embarks on an audit, it may engage in some form of expected value (EV) calculation that they use to determine the return on investment (ROI).

Calculating EV and ROI requires some advance notion of how much the auditor is likely to find in overpayments versus the cost of doing the audit. And for these types of calculations, many will rely upon the CERT, or the Comprehensive Error Rate Testing study.


The Centers for Medicare & Medicaid Services (CMS) established the CERT program to calculate a national paid claims error rate for all Medicare fee-for-service programs. The CERT program calculates the error rates for all Medicare Administrative Contractors (MACs), carriers, and fiscal intermediaries (FIs). Reading the CERT documentation, one might find themselves under the impression that records are obtained only from the contractor. This, however, is not the case. In order to assess things like medical necessity, proper documentation, and the like, the agency also requests the medical records from the practices that match the claims samples, adding to the administrative costs of doing business. In general, the sampling methodology includes the following:

  • Randomly selecting around 50,000 claims submitted to the payors during a given reporting period.
  • Requesting medical records from the healthcare providers that submitted the claims in the sample.
  • When medical records were submitted by the provider, reviewing the claims in the sample and the associated medical records to see if the claims complied with Medicare coverage, coding, and billing rules (and if not, assigning errors to the claims).
  • When medical records were not submitted by the provider, classifying the case as a “no documentation” claim and counting it as an error.
  • Sending providers overpayment letters/notices or making adjustments for claims that were overpaid or underpaid.

It’s also important to note that CMS counts underpayments as errors, as well as overpayments. For the 2017 fiscal year, CMS paid out some $390 billion in claims, and of these, around $36 billion (9.5 percent) were paid in error. This simply means that, in the opinion of the auditor, the claim was paid in part or full disagreement with established guidelines, rules, and regulations – or in contrast to the documentation provided. Regarding the 9.5 percent error rate, 0.3 percent represented underpayments. Now, while that may seem trivial, 0.3 percent of $390 billion is over $1 billion, which I would not consider to be crumbs. For example, procedure code 99212 was underpaid 16.9 percent of the time. If you reported 10,000 of these last year, it is statistically likely that some 1,700 were underpaid (or under-documented). So while you are creating your risk assessment, it is probably a good idea to create an opportunity assessment as well.

Within the study, CERT specifies the reason for the improper payment. For example, for 2017, a total of 64.1 percent of claims were paid when it was later determined that there was not sufficient documentation to support the procedure or service. A total of 13.1 percent of payments were made in error due to incorrect coding, while medically unnecessary errors accounted for 17.5 percent of all improperly paid claims. I find the latter statistic interesting, because my experience is that many in our industry consider medical necessity to be the most important coding and billing issue. According to CERT, insufficient documentation accounts for nearly five times the number of error determinations.

From the compliance officer’s perspective, CERT can be a gold mine for building a risk assessment because the study looks at error rates for specific procedure codes, which brings us back to our point on profiling. If CERT identifies specific procedure codes that are associated with high error rates, then it’s only a matter of time before those same codes are used by the auditing agencies as a primer to develop an audit risk profile. Looking at the error rate also provides the auditors with the base data for their EV calculations.

Looking at the 2017 report, for example, we see that CERT reported that of all the 99233 codes reviewed, over 50 percent were paid in error. Of the 99214 codes reviewed, 7.1 percent were paid in error. For calendar year 2016, a total of 23,702,514 claims that included 99233 were submitted to CMS, which paid out $1.8 billion to those providers. If, as stated above, half were paid in error, then nearly $900 million was paid improperly. Imagine for a moment that you are an auditor and you come across a practice that got paid a million dollars on code 99233 last year. Statistically speaking, that means that there is a 50 percent probability that at least half of those were overpaid. This is an easy step from EV to ROI. For 99214, CMS paid out around $7 billion for 103 million encounters, at an error rate of 7.1 percent; this would account for nearly $500 million in potential improper payments. And the list goes on.

The point is this: these auditing agencies, some of which are paid a commission on what they are able to recover from a practice, are going to go for the low-hanging fruit first. So a practice that is reporting a higher number of these 99233 and 99214 codes than their peers may substantially increase their risk of audit and review.

The takeaway here, at least for me, is that the CERT study gives me the opportunity to identify potential errors the same way that the auditors do. And for my money, that’s something you can take to the bank.

And that’s the world according to Frank.


Frank Cohen

Frank Cohen is the director of analytics and business Intelligence for DoctorsManagement, a Knoxville, Tenn. consulting firm. He specializes in data mining, applied statistics, practice analytics, decision support, and process improvement. He is a member of the RACmonitor editorial board and a popular contributor on Monitor Monday.

You May Also Like

A Call to Order

A Call to Order

Inpatient admission orders don’t necessarily have to be written. Last month, I participated in a webinar about the Two-Midnight Rule for the Association for Healthcare

Read More

Leave a Reply

Your Name(Required)
Your Email(Required)