“Upcoding” remains a common mechanism of improper payments.
“Healthcare compliance is the process of following rules, regulations and laws that relate to healthcare practices,” according to the PowerDMS Policy Learning Center. Although all healthcare organizations have a compliance department, how the clinical documentation integrity (CDI) department interacts with compliance and supports practices compliant with Centers for Medicare & Medicaid Services (CMS) regulations varies across health systems. The purpose of a compliance program is to prevent, detect, and correct non-compliance to avoid fraud, waste, and abuse.
According to the U.S. Department of Health and Human Services (HHS), some healthcare entities pose a heightened risk to the financial security of Medicare due to the volume of improper payments they incur. Healthcare organizations have a duty to submit proper claims to CMS; however, “upcoding” remains a common mechanism of improper payments. Because compliance is the responsibility of everyone employed by the health system, CDI leadership should be actively engaged in monitoring CMS claims data for potential overpayments that could represent simple errors or process issues resulting in institutional non-compliance. In particular, CDI departments should be gatekeepers meant to avoid “billing for services at a level or complexity higher than services actually provided or documented in the medical record,” according to CMS.
An overpayment is defined by Medicare as one that “exceeds regulation and statute properly payable amounts.” Medicare overpayments can occur due to “incorrect coding and/or insufficient documentation,” both of which should be monitored by CDI and coding leadership. Healthcare entities have 60 days from overpayment identification to report and return a self-identified overpayment to Medicare. Reporting of an overpayment should include a written explanation for the overpayment, e.g., coding error, failure to follow organizational billing practices, etc. The concept of “identification” is broadly applied, as the rule states that this means when a person has or “should have, through the exercise of reasonable diligence” determined an overpayment.
Misusing codes on a claim, such as upcoding (when a provider assigns an inaccurate billing code to a medical procedure or treatment to increase reimbursement) and coding errors are examples of Medicare abuse if the incorrect coding or billing practices are not widespread practices, in which case it could be an example of fraud. CDI and coding professionals are both subject to the federal civil False Claims Act (FCA):
“The civil FCA imposes civil liability on any person who knowingly submits, or causes the submission of, a false or fraudulent claim to the Federal Government. The terms ‘knowing’ and ‘knowingly’ mean a person has actual knowledge of the information or acts in deliberate ignorance or reckless disregard of the truth or falsity of the information related to the claim. No specific intent to defraud is required to violate the civil FCA.”
CMS has a variety of tools to monitor inaccurate payments, including the Comprehensive Error Rate Testing (CERT) Program, Medicare Administrative Contractors (MACs), and the Recovery Auditors. According to CMS, the CERT program reviews a statistically valid stratified random sample of Medicare fee-for-service (FFS) claims to determine if they were paid properly under Medicare coverage, coding, and payment rules. CERT findings create the framework for MAC audits and those performed by Recovery Auditors. While CERT leverages a random sample of claims, the Program for Evaluating Payment Patterns Electronic Report (PEPPER) data provides hospital-specific Medicare claims data. Target areas included in PEPPER were identified by Recovery Auditors and MACs, and are updated periodically.
“PEPPER is an electronic report that provides provider-specific Medicare data statistics for discharges/services vulnerable to improper payments. PEPPER cannot be used to identify the presence of payment errors, but it can be used as a guide for auditing and monitoring efforts to help providers identify and prevent payment errors.”
If you manage a CDI or coding department, you should be reviewing your PEPPER data on a quarterly basis; however, the national download rate is currently at 62 percent. Failure to monitor Medicare claims data included in PEPPER can be an example of “deliberate ignorance or reckless disregard,” according to ACDIS, if your organization is an outlier. Although PEPPER data is not specifically distributed to Recovery Auditors or MACs, both of these Medicare contractors have the ability to request charts related to PEPPER target areas, and have sophisticated data mining techniques to identify outliers.
PEPPER target areas are constructed as a ratio. The numerator includes discharges identified from paid Medicare claims per CMS fiscal year (i.e., October to September) quarter that are identified as potentially problematic because they are likely to be miscoded or result in medically unnecessary services. The denominator is the larger reference group that includes the numerator.
For this article, our focus is coding target areas that include:
Each hospital’s ratio is compared to other hospitals at the state, MAC jurisdiction, and national levels, resulting in a ranking by volume percentage. PEPPER data uses the high outlier threshold of the 80th percentile and a low outlier threshold of the 20th percentile. If the percentage of paid Medicare claims for the specific target area ranks at the 80th percentile or above, the organization is considered a high outlier for that target area. In other words, the percentage range for a particular target area may be from 20 to 75 percent. The 80th percentile may result in all those hospitals with a target area ratio of 68 percent or higher. The ratios among all hospitals and the 80th percentile cutoff will vary from quarter to quarter.
If you are new to PEPPER and integrating a compliance focus into your CDI or coding practices, a good place to start is the National High Outlier Ranking Report. This page of PEPPER data will have red if your organization is a high outlier in any target area across the most recently reported 12 quarters of data, as well as the total number of times your organization was a high outlier for each target area. If your organization happens to be a high outlier for any coding target area, that does not necessarily mean there is a compliance issue. A best practice is to investigate why your organization is an outlier by sampling claims and reviewing documentation to validate the assigned codes and billing. Ask yourself, does it make sense for your hospital to be among the top 20 percent of all hospitals for that particular target area?
CDI departments are increasingly renaming the “I” from “improvement” to “integrity.” Integrity is defined as “the quality of being honest and having strong moral principles.” Reviewing PEPPER data is a way for CDI and coding managers to identify areas that may be vulnerable to overpayment. If outliers exist, investigate the associated claims to validate the coding and billing. If coding or billing errors occurred, determine the cause(s) of the errors, e.g., human error or process issues, and look for ways to prevent future non-compliant coding and billing practices. Even if your organization is not an outlier or the internal investigation does not reveal the potential for overpayment, CDI and coding leadership should ensure there are safeguards in place to prevent non-compliance, and monitor staff adherence to those processes.
Programming Note: Listen to Cheryl Ericson report this story live today during Talk Ten Tuesdays, 10 Eastern.
EDITOR’S NOTE: The author of this article used artificial intelligence (AI)-assisted tools in its composition, but all content, analysis, and conclusions were based on the
A common debate among clinical documentation integrity (CDI) professionals, physician advisors, and coders is what to sequence as the principal diagnosis when a patient arrives
Please log in to your account to comment on this article.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s second quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Prepare for the 2025 CMS IPPS Final Rule with ICD10monitor’s IPPSPalooza! Click HERE to learn more
Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
