The number of and type of entities that audit Medicare claims has been on the rise for years.  The information provided here describes the various types of audits that you may encounter as a home infusion provider.

CERT – Comprehensive Error Rate Testing

CMS developed the CERT Program to produce a national Medicare FFS improper payment rate. After the claims process, CERT randomly selects a statistically – valid sample of Medicare FFS claims and requests documentation from the provider/supplier that submitted the sample of Medicare FFS claims.  

The CERT contractor will then send a letter requesting documentation from that provider/supplier that submitted the sampled claims. The initial request will include a request letter, claim attachment cover sheet, the medical documentation requested and instructions for completion. It is imperative that a response is submitted even if you do not have all of the requested documentation.  If no response is received Medicare will consider it an overpayment and will issue a recoupment.

Once received, CERT review professionals review the claim and the supporting documentation to determine whether the claim was paid appropriately according to Medicare coverage, coding, and billing rules. To accurately measure the performance of the ACs/MACs and to gain insight into the causes of errors, CMS calculates both a national Medicare FFS improper payment rate and a provider compliance error rate and publishes the results of these reviews annually.

Timeframe to respond:30 days

Sample CERT Letter 

The DME MACs have a number of “Dear Physician” letters that are helpful when seeking to obtain supporting documentation in the case of an audit.  Click here for a PDF of the Enteral CERT letter.  Click here to view the Jurisdiction C Dear Physician Letter requesting documentation. 

Pre-Payment Reviews – Probe Reviews performed by MACs

DME MACs conduct PROBE (pre-payment reviews) for certain types of claims that have a history of high rates of improper payments. A  “development” letter will be sent to the provider/supplier requesting additional documentation  before paying claims.

Development letters contain specific requests for information that will be used to determine if the billed items comply with Medicare’s reasonable and necessary requirements. These reviews are the result of CERT analysis and previous reviews.  The result from these could change policy/coding and/or review guidelines. 

Timeframe to respond: 30 calendar days but will allow up to 45 for the response to be received. If no response is received within 45 days the claim will be denied.

Sample letters

MAC Pre-Payment Sample Letter Region A

MAC Pre-Payment Sample Letter Region C

MAC Pre-Payment Sample Letter Region D

Click here to access self-audit tools that the Jurisdiction A DME MAC has made available on the following requirements::

  • Prescription (Order) Requirements
  • Proof of Delivery (POD)
  • Refill Requirements

RAC -Recovery Audit Program

The purpose of  the Recovery Audit Program  is to detect and correct past improper payments (over/under payments) so that MACs can recover overpayments and implement actions that will prevent future improper payments. A Recovery Audit is done on a post payment basis, however the Recovery Auditor will not review previously reviewed claims that were done by another entity.

The Recovery Auditor can look back as far as 3 years from the date the claim was paid. If the provider/supplier receives a demand letter identifying an overpayment by the Recovery Audit Program and disagree with the decision, they can appeal through the normal Medicare appeals process.

The Recovery Audit Program also allows the provider/supplier an opportunity to discuss the improper payment determination (this is outside the normal appeal process so the provider/supplier will still need to follow the normal process during this time). It is imperative to remember the timelines for all levels of appeal.

Below are the Recovery Auditors for each region:

Performant Recovery is taking over as the Recovery Audit Contractor (RAC) for Medicare DMEPOS claims in all 4 Jurisdictions. Learn more at CMS Recovery Audit Program web resource.

Timeframe to respond: Submit within 45 calendar days. If no response received within the 45 days the claim will be denied.

Sample Letters:

Jurisdiction A

Jurisdiction B

Jurisdiction C

Jurisdiction D


ZPICs –Zone Program Integrity Contractors

 ZPICs have oversight of Medicare A and part B, hospice care, home health and durable medical equipment (DME). A ZPIC audit is different than a RAC or MAC audit. The primary purpose of a ZPIC audit is to identify fraud, and while this makes ZPIC audits more serious than most, bear in mind that these audit targets are selected based on sample data analysis.

A ZPIC audit may be performed as the result of other audits, and after a ZPIC audit, a MAC or RAC may be referred.  The ZPICs will notify the selected provider/supplier by written notice prior to the provider-service specific review beginning.  The ZPICs will also alert the provider/supplier as to whether it is a prepayment or post payment review.

There are three primary reasons for conducting a ZPIC audit: 

  • analysis of rates (high rates of utilization of ultra-high resource utilization groups, or RUGs)
  • whistleblower complaints, and/or
  • results of other audits.

Timeframe to respond:  Submit within 30 calendar days. If no response received within the 30 days the claim will be denied.

Sample Letter: 

For additional information of ZPICS please see MLN Matters® Number: SE1204 The Role of the Zone Program Integrity Contractors (ZPICs), Formerly the Program Safeguard Contractors (PSCs) 


SMRC – Supplemental Medical Review Contractor

The Centers for Medicare & Medicaid Services (CMS) has contracted with StrategicHealthSolutions, LLC, a Supplemental Medical Review/Specialty Contractor (SMRC) to perform and/or provide support for a variety of tasks aimed at lowering the improper payment rates and increasing efficiencies of the medical review functions of the Medicare and Medicaid programs.

One of the primary tasks will be conducting nationwide medical review as directed by CMS. The medical review will be performed on Part A, Part B, and DME providers and suppliers. Services/Provider Specialties to be reviewed will be selected by CMS, Provider Compliance Group/Division of Medical Review and Education (DMRE). The SMRC will evaluate medical records and related documents to determine whether Medicare claims were billed in compliance with coverage, coding, payment, and billing practices.

Timeframe to respond: 

Sample SMRC Letter 


UPICs –Unified Program Integrity Contractors

CMS is developing a “unified program integrity strategy” that merges some Medicare and Medicaid audits and investigations, exploits data mining and aligns the work of regional contractors with CMS’s vision.

The CMS Center for Program Integrity will hire 5 to 15 new UPICs.  The UPICs would replace zone program integrity contractors (ZPICs) — including their Medicare-Medicaid data match function—as well as Medicaid integrity contractors and program safeguard contractors. However, Medicare administrative contractors and recovery audit contractors will continue their audits and reviews. “The MAC activities are not changing as a result of the Unified Program Integrity Contractor (UPIC) strategy,” a CMS spokesman says.

Each UPIC will perform audits and investigations in a set of states, the RFI says. They will “partner with CMS to identify and prioritize leads for audit and investigation” and use CMS’s Fraud Prevention System, a data mining operation that identifies vulnerabilities from multiple sources. The RFI says UPICs would be required to recommend administrative actions (e.g., Medicare and Medicaid payment suspensions and civil monetary penalties); do prepayment reviews; refer possible fraud cases to law enforcement; and “interact with and utilize a robust CMS-developed IT toolset to perform its work, while also bringing its own IT capabilities to CMS’s anti-fraud mission.” In determining targets, UPICs will keep certain “overarching principles” in mind, such as patient harm, prevention of overpayments and multistate fraud, the RFI says.