CERT Audits: Must-Know Insights and Protective Measures

Learn the ins and outs of CMS’s routine CERT audits to minimize stress, stay compliant, and safeguard your practice from financial consequences.

Concerned woman looking at a paper document.

Audit requests often elicit groans, anxiety, and fear from healthcare practice owners. They can be expensive, time-consuming, and have financial consequences. Federal program audits can also trigger worries about compliance with the complicated Centers for Medicare and Medicaid Services (CMS) rules.

Nevertheless, audits are an integral part of the healthcare system. Federal law requires that agencies like CMS review their programs annually to reduce and recover improper payments. One way CMS meets this requirement is by completing CERT audits. 

What Is a CERT Audit?

“CERT” stands for CMS’s Comprehensive Error Rate Testing program. CMS uses the CERT program to review a random sample of Medicare fee-for-service claims and determine if they were paid properly under Medicare coverage, coding, and payment rules.

CERT audits help CMS determine whether Medicare’s Administrative Contractors (MACs, which function as regional arms of the Medicare program and process claims) are properly paying those claims. CERT audits focus mainly on whether coding and billing are correct. 

During a CERT audit, CERT contractors randomly select claims paid under the Medicare fee-for-service systems. Samples of claims are chosen from each claim type: Part A, Part B, and Durable Medical Equipment, Prosthetics, Orthotics, and Supplies. Then, the CERT contractor sends medical records requests to the providers who submitted those claims. Reviewers examine the claims with the associated records to determine whether the claim was paid correctly or denied under Medicare’s coverage, billing, and coding rules.

CERT audits are not provider-specific. That is, they don’t include all of a provider’s claims. Instead, they are claim-specific. While this might not seem as intimidating, CERT audits hit many providers who submit claims at a given time. Consequently, predicting when you might receive a records request associated with a CERT audit is impossible.

Understanding the Focus of CERT Audits

A CERT audit aims to identify improperly paid claims, which can include overpayments or underpayments. CERT audits might deem a claim as improperly paid if the audit reveals missing or insufficient information, a lack of medical necessity, or incorrect coding. 

More specifically, CERT audits aim to identify 

  • payments to ineligible recipients 
  • payments for ineligible services
  • duplicate payments
  • payments for services not actually received 
  • payments for incorrect amounts

Responding to a CERT Audit Notification 

If you receive a CERT audit records request, it’s crucial to respond promptly to meet the specified deadline. Typically, if CMS does not receive a response within 75 days of the initial request, CMS will classify the claim as “no documentation” and count it as an error. CERT will still review documentation provided after 75 days if received before the end of the reporting period. Failure to respond can flag you in CMS systems and trigger additional types of audits. 

A failure to respond or CMS’s eventual determination of an improper claim can result in claims adjustments or clawbacks. So while CERT audits can be less rigorous or daunting than other types of audits, they can still hold similar consequences. 

Strategies for Protecting Your Practice

CERT audits can arise unexpectedly, but that doesn’t mean you can’t prepare. You can protect yourself by implementing policies and procedures and

  • maintaining accurate and complete records for every patient encounter
  • reviewing Medicare’s coverage, billing, and coding rules and keeping up with any changes
  • having a compliance plan
  • training employees on your billing practices
  • working with third parties, including your biller, to conduct periodic internal audits. If there are systematic errors in your billing, catching them early can reduce the extent of any damage

The above steps are helpful at any stage. If you’re actively involved in an audit, you’ll also want to do the following:

  • Understand who is asking for information and what type of audit it is. Is it a CERT audit or a different kind?
  • Meet any deadlines associated with the request.
  • Cooperate with auditors to make the audit go smoothly, and reduce the risk of additional investigation.

Receiving a records request as part of an audit can be scary, and the requirements can be hard to grasp. An experienced healthcare attorney will identify your obligations and determine how best to respond.

If you want to understand how best to prevent harmful audit consequences or are unsure how to proceed, contact a healthcare lawyer who can help create solutions for your practice. Jackson LLP has licensed attorneys in several US states. If you practice in any of them, schedule a free consultation to find out if we fit your needs.

This blog is made for educational purposes and is not intended to be specific legal advice to any particular person. It does not create an attorney-client relationship between our firm and the reader. It should not be used as a substitute for competent legal advice from a licensed attorney in your jurisdiction.

Free Attorney Consultation

Book Now
Skip to content