Chart requests by payers

Who is looking and why?

Certainly, the notion of getting a request for a moderate number of charts from a payer would not raise much consternation today. Technicians are usually responsible for helping to input information into charts. They may also gather charts and supporting documentation to review before sending to the provider for final review, after which they are sent to the requester. But, techs should also be concerned about some important issues related to these chart requests — even if they do seem “routine.”

Knowing whether the request is valid should be the first consideration (See “Questions to ask,” page 31). Never forget that some people may try to steal practice and patient information — particularly via electronic methodology (although mail scams are still a threat). We often hear of smart people who click on links or respond to “phishing” scams and expose private information or protected health information. Everyone in the office (including technicians) should be able to recognize when “something doesn’t seem right” and how to react. Everyone who looks at mail needs to become familiar with the various parties selected by the government to do these chart reviews since they are not household names.1 Otherwise, an official correspondence might seem like just another piece of junk mail and get discarded.

The entities that ask have a variety of reasons for the requests for documentation. Some of these are far more problematic for your office than others. The following is a list of the significant requesters.

Comprehensive Error Rate Testing (CERT)

Some requests have no specific “agenda” behind them; they are part of periodic, random statistical sampling. CMS notes this: “Each year, CERT evaluates a statistically valid random sample of claims to determine if they were paid properly under Medicare coverage, coding, and billing rules.”

Even the letter to the provider makes the point that the sampling is random. A sample letter to providers posted on the CMS website: “You are receiving this letter because the CERT program has randomly selected one or more of your claims for review. In accordance with 1833 of the Social Security Act, you must provide medical record documentation to support claims for Medicare services upon request.”2 The current CERT contractor is AdvanceMed.

CERT also assigns a specific error type to those they find. Perhaps most importantly, almost two-thirds of the errors found were assigned the designation “insufficient documentation.” Another 20% had not provided medical necessity in the records sent. That’s a message to all of us to step up our games in terms of proper documentation and justification for the services we deliver. Also, with a CERT request, you must provide the notes and can’t charge the government for providing them.

Office of Inspector General (OIG)

The OIG publishes a Work Plan for each year that focuses on specific areas based largely on the perceived risks to Health and Human Services programs such as Medicare.

Know what the OIG Work Plan has chosen to look at. The Work Plan for the next year comes out in the fall of the preceding year. For instance, for 2015, OIG had “Ophthalmological Services – Questionable Billing” on the Plan. The OIG 2016 focus on incorrect billing within ophthalmology may have been an outgrowth of prior OIG reports on ophthalmology released in December 2014.3 In prior years, the use of modifier 25, associated with intravitreal injections, was listed on the Work Plan. Again, you must comply and cannot ask for payment.

Recovery Auditors (RAs)

RAs (formerly Recovery Audit Contractors [RACs]) are entities that compete to win bids to review records for Medicare. Their stated purpose is to help decrease the “payment error” rate, and for this they receive a percentage of the errors they identify.4 Every year, each RA asks CMS to approve a list of topics. Currently, three RAs are assigned to cover the four U.S. regions (one has two regions) — only the Durable Medical Equipment RA has a national purview. The current RA organizations are: Performant Recovery, Cotiviti, and HMS Federal Solutions. The RA program has been quite successful in returning monies from providers and facilities to Medicare since it began in 2010 — the total through CY 2015 was more than $10 billion.5

Supplemental Medical Review Contractor (SMRC)

Unlike RAs, the SMRC has a national scope.6 The current SMRC is StrategicHealthSolutions. It has a number of ongoing projects related to ophthalmology — and one of them has specifically referenced the December 2014 OIG release above as justification for some of their requests.7

Additionally, on its website, the OIG notes: “As a representative of CMS, the Supplemental Medical Review Contractor (SMRC) has a fiduciary responsibility to notify CMS of any identified improper payments and noncompliance with documentation requests …”

Medicare Advantage (MA) plans

MA plans also request records. While the number of records can be quite burdensome, this may be based on the need to justify payments (or even bonuses) from CMS to better manage chronic conditions. These are sometimes referred to as “risk adjustment” audits. Importantly, the number of charts and the timing may be negotiable, and some MA plans might actually pay practices.

Medicare Administrative Contractor (MAC)

Sometimes these record requests happen after payment — in other cases, before. If there is a pattern of insufficient documentation based on previous MAC reviews, the MAC can place a provider or entire specialties on prepayment review, in which the chart documentation must be reviewed for correctness before payment is forthcoming. For example, in 2013, First Coast Service Options (the MAC for Florida) placed all claims from optometrists for CPT code 99215 on 100% prepayment review for a period of time.8

Questions to ask

When you receive a payer request for charts, ask the following:

  • Is the request valid?
  • Which organization is asking?
  • What is the purpose for the request?
  • Are there potential legal concerns?
  • Where can we find all parts of the information so we can comply?
  • How will we get the information to the requestor?
  • Are there immediate or long-term financial considerations?

As you’d expect, providers must comply — but at least you know who your current MAC is!

Zone Program Integrity Contractors (ZPICs) and Program Safeguard Contractors (PSCs)

These requests are based on the assumption of fraud already having occurred. In these cases, it’s best to hire an attorney before responding.

The current ZPICs cover seven different zones (some cover more than one region): NCI (previously AdvanceMed), SafeGuard Services, Health Integrity, and Cahaba Safeguard Administrators.9


Payer requests for charts are common, but the reasons for them can vary widely. Know the organizations asking and their specific focus. While you must comply in most situations, sometimes you can’t get paid for supplying the records. Be sure that your office has a defined process to respond appropriately — failure to do so may result in serious consequences. OP


  1. CMS. MedLearn Matters SE1123. Contractor Entities at a Glance: Who May Contact You about Specific Centers for Medicare & Medicaid Services (CMS) Activities. . Accessed July 31, 2017.
  2. CMS. Comprehensive Error Rate Testing. . Accessed July 31, 2017.
  3. OIG. Medicare Paid $22 Million in 2012 for Potentially Inappropriate Ophthalmology Claims. . Accessed July 31, 2017.
  4. CMS. Recovery Auditing in Medicare Fee-For-Service for Fiscal Year 2015. . Accessed August 23, 2017.
  5. CMS. Medicare Fee For Service Recovery Audit Program. . Accessed July 31, 2017.
  6. StrategicHealthSolutions, LLC. Supplemental Medical Review Contractor Website. . Accessed July 31, 2017.
  7. StrategicHealthSolutions, LLC. Project Y3P0239 — Ophthalmology Services. . Accessed July 31, 2017.
  8. First Coast Service Options. Medicare B Connection (provider newsletter). December 2012. . Accessed July 31, 2017.
  9. American Health Care Association. Zone Program Integrity Contractors. . Accessed July 31, 2017.