“Upcoding” remains a common mechanism of improper payments.
“Healthcare compliance is the process of following rules, regulations and laws that relate to healthcare practices,” according to the PowerDMS Policy Learning Center. Although all healthcare organizations have a compliance department, how the clinical documentation integrity (CDI) department interacts with compliance and supports practices compliant with Centers for Medicare & Medicaid Services (CMS) regulations varies across health systems. The purpose of a compliance program is to prevent, detect, and correct non-compliance to avoid fraud, waste, and abuse.
According to the U.S. Department of Health and Human Services (HHS), some healthcare entities pose a heightened risk to the financial security of Medicare due to the volume of improper payments they incur. Healthcare organizations have a duty to submit proper claims to CMS; however, “upcoding” remains a common mechanism of improper payments. Because compliance is the responsibility of everyone employed by the health system, CDI leadership should be actively engaged in monitoring CMS claims data for potential overpayments that could represent simple errors or process issues resulting in institutional non-compliance. In particular, CDI departments should be gatekeepers meant to avoid “billing for services at a level or complexity higher than services actually provided or documented in the medical record,” according to CMS.
An overpayment is defined by Medicare as one that “exceeds regulation and statute properly payable amounts.” Medicare overpayments can occur due to “incorrect coding and/or insufficient documentation,” both of which should be monitored by CDI and coding leadership. Healthcare entities have 60 days from overpayment identification to report and return a self-identified overpayment to Medicare. Reporting of an overpayment should include a written explanation for the overpayment, e.g., coding error, failure to follow organizational billing practices, etc. The concept of “identification” is broadly applied, as the rule states that this means when a person has or “should have, through the exercise of reasonable diligence” determined an overpayment.
Misusing codes on a claim, such as upcoding (when a provider assigns an inaccurate billing code to a medical procedure or treatment to increase reimbursement) and coding errors are examples of Medicare abuse if the incorrect coding or billing practices are not widespread practices, in which case it could be an example of fraud. CDI and coding professionals are both subject to the federal civil False Claims Act (FCA):
“The civil FCA imposes civil liability on any person who knowingly submits, or causes the submission of, a false or fraudulent claim to the Federal Government. The terms ‘knowing’ and ‘knowingly’ mean a person has actual knowledge of the information or acts in deliberate ignorance or reckless disregard of the truth or falsity of the information related to the claim. No specific intent to defraud is required to violate the civil FCA.”
CMS has a variety of tools to monitor inaccurate payments, including the Comprehensive Error Rate Testing (CERT) Program, Medicare Administrative Contractors (MACs), and the Recovery Auditors. According to CMS, the CERT program reviews a statistically valid stratified random sample of Medicare fee-for-service (FFS) claims to determine if they were paid properly under Medicare coverage, coding, and payment rules. CERT findings create the framework for MAC audits and those performed by Recovery Auditors. While CERT leverages a random sample of claims, the Program for Evaluating Payment Patterns Electronic Report (PEPPER) data provides hospital-specific Medicare claims data. Target areas included in PEPPER were identified by Recovery Auditors and MACs, and are updated periodically.
“PEPPER is an electronic report that provides provider-specific Medicare data statistics for discharges/services vulnerable to improper payments. PEPPER cannot be used to identify the presence of payment errors, but it can be used as a guide for auditing and monitoring efforts to help providers identify and prevent payment errors.”
If you manage a CDI or coding department, you should be reviewing your PEPPER data on a quarterly basis; however, the national download rate is currently at 62 percent. Failure to monitor Medicare claims data included in PEPPER can be an example of “deliberate ignorance or reckless disregard,” according to ACDIS, if your organization is an outlier. Although PEPPER data is not specifically distributed to Recovery Auditors or MACs, both of these Medicare contractors have the ability to request charts related to PEPPER target areas, and have sophisticated data mining techniques to identify outliers.
PEPPER target areas are constructed as a ratio. The numerator includes discharges identified from paid Medicare claims per CMS fiscal year (i.e., October to September) quarter that are identified as potentially problematic because they are likely to be miscoded or result in medically unnecessary services. The denominator is the larger reference group that includes the numerator.
For this article, our focus is coding target areas that include:
Each hospital’s ratio is compared to other hospitals at the state, MAC jurisdiction, and national levels, resulting in a ranking by volume percentage. PEPPER data uses the high outlier threshold of the 80th percentile and a low outlier threshold of the 20th percentile. If the percentage of paid Medicare claims for the specific target area ranks at the 80th percentile or above, the organization is considered a high outlier for that target area. In other words, the percentage range for a particular target area may be from 20 to 75 percent. The 80th percentile may result in all those hospitals with a target area ratio of 68 percent or higher. The ratios among all hospitals and the 80th percentile cutoff will vary from quarter to quarter.
If you are new to PEPPER and integrating a compliance focus into your CDI or coding practices, a good place to start is the National High Outlier Ranking Report. This page of PEPPER data will have red if your organization is a high outlier in any target area across the most recently reported 12 quarters of data, as well as the total number of times your organization was a high outlier for each target area. If your organization happens to be a high outlier for any coding target area, that does not necessarily mean there is a compliance issue. A best practice is to investigate why your organization is an outlier by sampling claims and reviewing documentation to validate the assigned codes and billing. Ask yourself, does it make sense for your hospital to be among the top 20 percent of all hospitals for that particular target area?
CDI departments are increasingly renaming the “I” from “improvement” to “integrity.” Integrity is defined as “the quality of being honest and having strong moral principles.” Reviewing PEPPER data is a way for CDI and coding managers to identify areas that may be vulnerable to overpayment. If outliers exist, investigate the associated claims to validate the coding and billing. If coding or billing errors occurred, determine the cause(s) of the errors, e.g., human error or process issues, and look for ways to prevent future non-compliant coding and billing practices. Even if your organization is not an outlier or the internal investigation does not reveal the potential for overpayment, CDI and coding leadership should ensure there are safeguards in place to prevent non-compliance, and monitor staff adherence to those processes.
Programming Note: Listen to Cheryl Ericson report this story live today during Talk Ten Tuesdays, 10 Eastern.
The year is swiftly flying by meaning coding errors can multiply in volume over time costing your facilities dollars every single day. Arch, carotid, and
The healthcare industry’s landscape shifted dramatically with the implementation of the Transparency in Coverage (TiC) Final Rule. For compliance professionals navigating this regulatory terrain, understanding
Please log in to your account to comment on this article.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This first session in our 2026 IPPS Masterclass will feature an in-depth explanation of FY26 changes to ICD-10-CM codes and guidelines, CCs/MCCs, and revisions to the MCE, presented by presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 ICD10monitor. Powered by MedLearn Media.
Prepare for the 2025 CMS IPPS Final Rule with ICD10monitor’s IPPSPalooza! Click HERE to learn more
Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
