Is Community Care required to have a Program Integrity (Fraud, Waste & Abuse - FWA) program?

Yes. The requirement begins at the federal level. The Centers for Medicare & Medicaid Services (CMS) asserts a commitment to combat Medicaid provider fraud, waste and abuse which diverts dollars that could otherwise be spent to safeguard the health and welfare of Medicaid recipients. In 2006, the Deficit Reduction Act (DRA) was signed into law and created the Medicaid Integrity Program (MIP) under section 1936 of the Social Security Act. CMS responsibilities under the MIP include:

  1. a. hire contractors to review provider activities, audit claims, identify overpayments, and provide education on Medicaid program integrity issues
  2. b. provide support and assistance to States in their efforts to combat provider fraud and abuse

On the state and county levels, Community Care works closely with the Primary Contractors, Department of Human Services (DHS), Bureau of Program Integrity (BPI), and Office of Mental Health and Substance Abuse Services (OMHSAS) to carry out the program integrity activities as required in HealthChoices.

Where can I find information regarding Pennsylvania HealthChoices FWA requirements?

The Behavioral Health HealthChoices Program Standards and Requirements (PSR), including Appendix F Fraud and Abuse describes the requirement for each behavioral health managed care organization (BHMCO) to operate a Special Investigations Unit (SIU) to conduct FWA detection, deterrence, and prevention activities. The PSR also outlines provider obligations with regard to compliance as a condition to enrollment in the provider network.

The PSR can be found on the DHS Website at

Why does Community Care's Special Investigations Unit (SIU) conduct compliance (FWA) audits?

As part of Community Care's contracts with the counties and state to serve as a BHMCO, Community Care commits to complying with applicable FWA laws, regulations, and standards and to perform FWA (compliance and program integrity) activities that includes conducting provider audits. Community Care must also assure that providers are complying with laws and regulations as articulated in each provider contract.

Are FWA audits the same as Quality reviews?

No. Quality reviews compare services delivered to members against benchmarks to determine the level of consistency with established standards, practices and also with regulations, to an extent. Areas of focus may include accessibility to covered services, appointment availability, coordination of care, quality of care, and record keeping. An FWA compliance audit is focused on billing compliance, reviewing the claims billed by the provider and determining if the documentation in the member's medical record supports the billing of the claim. Under the CMS/Medicaid program, only claims with accompanying documentation that meets billing and program/clinical regulatory requirements are permissible to be billed by the provider and paid by Community Care. If any FWA issues are noted during a Quality record review, Quality staff are expected to refer the issue/documentation in question to the SIU. The opposite is also expected if Quality issues are noted during an FWA audit.

How does the SIU determine which provider or level of care to audit?

Community Care must assess the risk for FWA across the provider network. This includes auditing individual practitioners as well as facilities located in the community, ambulatory and inpatient settings. Annually, the SIU develops an audit schedule in conjunction with the Primary Contractor. The following are considerations for including a provider on the audit schedule: audit history, high spend or paid claims, outlying patterns of claims submissions, data-mining results, re-audit of previous findings or when a provider is determined to be high risk for FWA. Also, self-reports/self-audits may be submitted by providers and audits may be conducted as the result of a referral or hotline.

What is the difference among fraud, waste, and abuse?

In brief, fraud involves an "intentional deception" leading to an unauthorized benefit. Committing fraud may lead to penalties and criminal prosecution. Waste may relate to receiving benefit/payment for delivering unnecessary services. Abuse involves actions that are inconsistent with sound fiscal, business, or behavioral health practices resulting in an unnecessary cost or in reimbursement, often non-compliance with regulations. The federal and state government establish regulations and laws related to a service. Compliance with these laws and regulations, as evidenced through documentation, is considered to be the minimum required standard which permits a provider to bill for a service and submit a claim.

Though my agency did not commit fraud, why were we required to repay Community Care as a result of an audit?

Consistent with state and federal practices, provider requirements related to SIU audit findings may include education, corrective action planning and/or repayment regardless of whether the nature of the finding is fraud, waste, or abuse. While certain findings may be suspicious of fraud, the SIU does not make a legal determination as to whether an audit finding is fraud. Most deficiencies found in SIU audits relate to abuse. For example, documentation does not comply with state or federal regulations related to the services being billed and paid. Please review the SIU policies on the Community Care website for a full description of fraud, waste and abuse and the compliance auditing program.

What are proactive steps a provider must take to maintain compliance with SIU Policies & Procedures?

  • Know your agency's compliance plan.
  • Include annual all staff FWA training in your compliance plan.
  • Assure that your assigned compliance person monitors the Community Care website for updates, including: SIU policies and procedures, training, resources, and alerts.
  • Know all state and federal regulations and laws, including Medical Assistance/Medicaid regulations that apply to each of your program and levels of care.
  • Read, understand, and apply the FWA policies published on Community Care's website.
  • Be aware of Community Care provider alerts. When an alert is released, do not assume the alert does not apply to your agency without first reading and, if necessary, investigating the information.
  • Develop and implement a schedule for conducting self-audits and compliance activities routinely in your agency.
  • Assure audit findings are addressed in your compliance activities and the results and corrective action is applied across all of your levels of care and locations.
  • Conduct reviews of employees on monthly basis to insure they are not precluded from participation in the Medicaid Program.

Do Providers have to participate in the audit and with financial consequences identified through the audit?

Yes. Cooperation with SIU audits is written into the provider's agreement with Community Care as required by state and federal regulation.

What is the difference between a retrospective claims review audit and a prospective payment claims audit?

The SIU conducts prepayment and retrospective claims review audits. Retrospective audits consist of the auditor selecting a group of claims and services that occurred in the past, for which the provider has been paid prior to the audit. A prepayment claims audit is a process of holding claims at the point of submission by the provider, and auditing each claim, paying only those claims which are found to have no deficiencies in review of the medical record.

What is extrapolation?

In extrapolation, a statistically valid random sample of claims is audited, and the findings are applied to a larger group of like claims. Extrapolation is typically used to determine overpayment amounts when there is evidence of a sustained or high level of payment error, or education has not corrected previously identified payment errors.

How can a provider prepare for an upcoming audit by the SIU?

Carefully, read all written correspondence that will be sent to you from the clinical auditor who will be conducting the review. Ask questions. Assure that your agency's billing compliance and clinical/program regulatory compliance staff work together. Assure that any documentation that is submitted for the audit supports each claim that was billed, is complete, and accurate. Assign an individual to review and prepare the documentation to be sent for review who is knowledgeable of required documentation for billing purposes. Also, assure there are no missing pieces of documentation. Review the documentation for accuracy, organization, and completeness before it is submitted for the audit. Adhere to all identified deadlines associated with the audit.

What are some avoidable problems providers encounter during an audit?

  • Not having the correct person review the documentation before it is submitted
  • Not reviewing the actual documents that are submitted for the audit
  • Omitting or failing to submit requested documents
  • Incomplete documents
  • Clerical errors or omitting documents or signature pages through the photocopy process
  • Assuming documents in the audit letter do not apply to the level of care
  • Electronic Medical Record printing, dating or signature capture

Contact the auditor if issues are encountered during the document preparation for consultation.

What can a Provider expect relative to communication regarding the audit

The SIU will assign a clinical auditor who will send written notification of an audit and will also contact you to discuss the audit via telephone. An audit confirmation letter will detail the time-frame of the claims review, the member's records selected for review, and examples of the type of documentation that will be examined. The auditor will review the contents of the letter and you will be afforded the opportunity to ask questions. Once the audit is complete, an exit interview will be conducted by the auditor followed by a results letter at the conclusion of an audit. This also includes instructions regarding the appeal process.

What documentation does a Provider need to produce and how can a Provider submit their documentation?

Most audits are conducted by the auditor at their desk. Some are conducted in the field in the provider's facility. A provider must submit any documentation necessary to support the claims that were billed (that include member/staff/physician signatures when required). This includes, but is not limited to:

  • All progress notes, treatment or service plans and updates
  • Encounter forms
  • Consents for treatment
  • Behavioral plans, plans of care, intakes
  • Evaluations and assessments
  • Agency compliance plan evidencing annual FWA training
  • Precluded provider screening policy and a sample of completed monthly screening
  • Licenses, accreditations
  • Other documents as requested.

For desk audits, providers may submit documentation through the mail or electronically. The chart documentation can be photocopied and mailed in a secure package. The documentation can also be transferred to a USB drive equipped with bit locker and mailed in a secure package. The preferred method of submitting documentation is via UPMC's secure cloud-based system. This system allows 24-hour access to the documents by the provider until the submission deadline and includes a tracking feature. Electronic health records can usually be exported in a PDF format for submission through the UPMC system.

What items is an auditor examining during the audit? Regulations?

Auditors compare the provider's medical record documentation with SIU policies and procedures, Medical Assistance regulations and bulletins, state and federal laws and regulations and other guidance, and Community Care Fee schedule, Provider Contracts, Manuals, Standards and Provider Alerts. Please review and have a working knowledge of the FWA policies & procedures located on the Community Case website. These include:

  • FWA #001 Compliance Program
  • FWA #003 Compliance Auditing
  • FWA #010 False Claims Act
  • FWA #011 Audit Appeal
  • FWA #015 Chart Documentation, Audit Exceptions and Corrective Action Plan
  • FWA #018 Prepayment Claims Hold Audit

Why didn't the auditor accept additional documentation after the audit started?

CMS notes a pattern of fraudulent document production may occur when documents are submitted after being identified as missing. Community Care's policy has been endorsed by the OMHSAS.

What are common findings that are considered to be FWA?

  • Treatment/service/other plans not signed and dated, as required
  • Missing, incomplete, or insufficient encounter form, progress note, treatment plans, consents for treatment
  • Billing for non-billable services
  • Billing for services not rendered
  • Member not seen by physician
  • Potential falsified claims, encounters
  • Identical or nearly identical progress notes, treatment plans
  • Overlapping services
  • Documentation supports fewer units than billed
  • No breaks in time from one venue or member to another
  • Services not performed by the billing provider
  • Incorrect code or modifier resulting in reimbursement difference
  • Group therapy session > 10 or < 2 members
  • Bundled/unbundled billing when not permissible
  • Rounding-up of units
  • Billing for travel time when prohibited

Refer to policy FWA #015 Chart Documentation, Audit Exceptions and Corrective Action Plan Appendix A: EXCEPTION TABLE for a full listing of the primary items reviewed during a routine audit.

Why do auditors contact consumers during an audit?

The Department of Human Services requires the BHMCO to verify the delivery of services to Medicaid members by various means as members do not receive an explanation of benefits. Service verification is also completed by validation of encounter form completion. Please refer to Provider Alert: Encounter Forms.

What happens if there are deficiencies found in the audit of a Provider?

Some deficiencies may result in education. Some deficiencies require reimbursement to Community Care for one or more of the claims paid. Providers may be required to develop a corrective action plan. A re-audit or other follow-up activity may occur to assure provider compliance.

Why might a Provider be asked to produce a Corrective Action Plan (CAP) in response to an audit? What should be included?

Any audit in which a deficiency is found requires a CAP in accordance with BPI requirements. The CAP should include the following: the change that will be made to address the identified issue, the person(s) responsible for making the change, and the date the process will be implemented.

Who is notified of the audit results in addition to the provider?

The results of an audit are reported to Community Care's Network Relations Director, Senior Program Director, Regional Director, Chief Operating Officer, and Compliance Officer. The results are also sent to the Contract Administrators and Office of Mental Health & Substance Abuse Services representatives. A report will also be filed with the BPI and, as required, with the Medicaid Fraud Control Section of the PA Attorney General’s Office.

What are some reasons that the SIU would file a BPI report?

  • Audits requiring repayment to Community Care
  • Audits requiring Corrective Action Plan
  • Potential violation the Federal False Claims Act
  • Falsified claims/encounters
  • High dollar financial impact found with deficient claims
  • Provider self-reports
  • Abuse of recipient (physical, sexual, emotional)
  • Denial of service (access, necessary referrals, specialist referrals, underutilization)
  • Practitioner identified as precluded from the Medicaid program
  • Practicing while lost license/license expired
  • Provider, subcontractor, or employee who are suspended, resign, or voluntarily withdraw after initiation of an FWA audit
  • Controlled substance questionable prescribing
  • Criminal conviction
  • Notification/request from BPI
  • Potential systemic or operational issues in one of the following areas: balance billing, billing or payment error, duplicate billing, unbundling codes, up-coding, inappropriate modifier use, medical necessity, services not rendered, missing/insufficient documentation
  • Inconclusive, inadequate, or suspicious audit findings or other discretionary reasons, including situations which may lead to a determination of a credible allegation of fraud

Can a Provider dispute the results of the audit? How?

Yes. There is a process in place for a provider to appeal the results of an audit. The provider must submit a written appeal with any supporting documentation to contest each claim that the provider disputes is deficient. If there is more than one deficiency associated with a claim line, the provider must address each deficiency being appealed. The completed written appeal must be submitted to the auditor within 20 business days of the audit results letter. The Audit Appeals Committee will hear the provider's appeal and make a determination. Please refer to policy FWA #011 Audit Appeal for the complete appeal process.

What happens if I discover FWA in my agency or practice?

Any occurrence of fraud, waste, or abuse discovered within an agency or practice should be investigated and reported to the SIU in accordance with regulation and the agency’s compliance plan. Your compliance plan must address reporting FWA findings. If needed, contact your local SIU office for assistance in filing a self-report or to obtain a copy of the Community Care SIU self-report guideline. The guideline provides information related to required report information and the method by which to report the amount of repayment due to Community Care, if applicable.

Are there penalties for submitting false claims? Is there protection for individuals who report fraud?

Yes, submitting false claims can lead to sanctions, fines and even prosecution. Yes, individuals who report fraud are covered under whistleblower protection. Community Care's FWA Policy #010 False Claims Act is based on the requirement in the Deficit Reduction Act, Section 6032(A), which requires Community Care to establish a written policy, for all employees and of any contractor, which provides for information on the prevention and detection of fraud, waste, and abuse in federal health care programs. This policy and procedure details information about the Federal False Claims Act, state law pertaining to civil or criminal penalties for false claims or statements, whistleblower protections and administrative remedies for false claims and statements.

How can I report suspected fraud, waste, or abuse?

Contact the Community Care FWA telephone hotline at 1-866-445-5190 or email hotline at Callers may leave a voicemail message including their name and telephone number where they can be reached along with details surrounding the issue. Reports can also be made anonymously to the hotlines. Please see the Fraud, Waste & Abuse Policies and Procedures as well as the FWA Acronyms and Glossary on the Community Care website for additional information. Providers may also submit a report directly to the BPI.

Where can a Provider find more information about fraud, waste, and abuse?

FWA information can be found in several places. Community Care has fraud, waste, and abuse information on the website.