Skip to Main Content

insightsarticles

Medicare Final Rule for FY 2023 Inpatient Rehabilitation Facility Prospective Payment System

08.18.22

Release Date: July 27, 2022 
Federal Register Publication Date: August 1, 2022 
Effective Date: October 1, 2022  

The Centers for Medicare & Medicaid Services (CMS) issued a final rule that would update Medicare payment rates and policies for Inpatient Rehabilitation (IRF) Prospective Payment System (PPS) and IRF Quality Reporting Program (QRP) for the fiscal year 2023, as well as other provisions. Following is a summary of the major provisions of this final rule. 

IRF PPS Final Changes to Payment Rates: 

CMS finalized a 3.9% net increase in FY 2023 Medicare IRF PPS rates and a 0.6% decrease in outlier payments to maintain outlier payments at 3% of total payments. Net overall IRF payments will increase by 3.2%, or an estimated $275 million (note: the net overall increase is 3.2% due to rounding). Components of the increase are broken down as follows: Table of IRF PPS Final changes to Payment Rates

Major Final Provisions: 

  • Apply a 5% cap on any decrease in IPF’s wage index to mitigate negative effects of year-to-year variation in wage index 
  • IRF teaching payment adjustment to reflect higher costs similar to the IPPS indirect medical education (IME) adjustment.  
  • IRF QRP expands quality data reporting requirements to include all IRF patients, regardless of payor, beginning on October 1, 2024 
  • Outlier threshold amount increased from $9,491 to $12,526 for FY2023.  
  • Labor-Related Share remains the same as FY2022 at 72.9%. 
  • Standard Payment Conversion factor is $17,878 for FY2023 
  • Update to IRF Cost-to-Charge Ratio (CCR) ceiling and urban/rural averages for FY2023.  
    • Estimated national average CCR of 0.466 for rural IRFs. 
    • Estimate national average CCR of 0.392 for urban IRFs. 
    • National Ceiling of 1.41 for FY2023 

Sources:  

CMS-1767-F Medicare Program; Inpatient Rehabilitation Facility Prospective Payment System for Federal Fiscal Year 2023 and Updates to the IRF Quality Reporting Program. 

Related Industries

Related Services

Consulting

Business Advisory

Related Professionals

Principals

BerryDunn experts and consultants

Release Date: July 27, 2022
Federal Register Publication Date: July 29, 2022
Effective Date: October 1, 2022

The Centers for Medicare & Medicaid Services (CMS) issued a final rule that would update Medicare payment rates and policies for Inpatient Psychiatric Facility (IPF) Prospective Payment System (PPS) for the fiscal year 2023, as well as other provisions. Following is a summary of the major provisions of this final rule.

IPF PPS Final Changes to Payment Rates:

CMS finalized a 3.8% net increase in FY 2023 Medicare IPF PPS rate and a 1.2% decrease to the outlier payments to maintain outlier payments at 2% of total payments. Net overall IPF payments will increase by 2.5%, or an estimated $90 million increase (note: the net overall increase is 2.5% due to rounding). Components of the increase are broken down as follows:

Table of IPF PPS Final Changes to Payment Rates

*Market based update for FY23 would be the highest implemented due to recent high inflationary trends impacting the outlook for price growth over the next several quarters.

Major Final Provisions:

  • Apply a 5% cap on any decrease in IPF’s wage index to mitigate negative effects of year-to-year variation in wage index
  • IPF Federal per diem base rate from $832.94 to $865.63
  • IPF Labor-Related Share from 77.2 percent to 77.4 percent.
  • Update to IPF Cost-to-Charge Ratio (CCR) ceiling and urban/rural averages for FY2023.
    • National Median CCR of .05720 for rural IPFs.
    • National Median CCR of .4200 for urban IPFs.
    • Rural ceiling of 2.0412
    • Urban ceiling of 1.7437

Sources:

CMS-1769-F Medicare Program; FY 2023 Inpatient Psychiatric Facilities Prospective Payment System-Rate Update and Quality Reporting-Request for Information.

Article
Medicare Final Rule for FY 2023 Inpatient Psychiatric Facility Prospective Payment System

Release Date: July 07, 2022
Federal Register Publication Date: Scheduled for July 29, 2022
Effective Date: January 1, 2023
End of Comment Period: September 6, 2022

The Centers for Medicare & Medicaid Services (CMS) issued a proposed rule that would update Medicare payment rates under the Physician Fee Schedule (PFS) for the calendar year 2023, as well as other Part B provisions. Following is a summary of the major provisions of this proposed rule.

PFS Proposed Changes to Conversion Factor:

  • PFS conversion factor reflects the statutory update of 0%, expiration of the 3% increase in PFS payments for CY2022 provided by the Consolidated Appropriations Act of 2021 (CCA), 1.55% reduction necessary for changes in relative value units for budget neutrality, and anesthesia-specific practice expense and malpractice adjustments of 0.53%.

Major Provisions Proposed:

  • Future rebasing and revision of the Medicare Economic Index (MEI) cost share weights that would use publicly available data from the US Census Bureau NAICS 6211 Offices of Physicians to set PFS payments rates. Using new MEI cost weights for PFS rate setting would not change overall spending on PFS services but would likely result in significant changes to payments among the various PFS services. Therefore, CMS is not proposing the use of the newly proposed method for CY2023 rate setting and is seeking comment on the proposed updated MEI cost share weights to calibrate payment rates and update the geographic practice cost indices (GPCI) under the PFS in the future.
  • Changes in coding and documentation for Other Visits (hospital inpatient, hospital observation, emergency department, nursing facility, home or residence services, and cognitive impairment assessment) intended to reduce administrative burden using a similar approach to changes finalized in the CY2021 PFS final rule for office/outpatient Evaluation and Management (E/M) visit coding and documentation. Also propose to maintain the current billing policies that apply to E/M visits while potential revisions are considered for future rulemaking. 
  • Delay the Split (or Shared) E/M visits policy finalized in CY 2022 related to the definition of substantive portion as more than half the total time. Until CY 2024, clinicians will continue to have a choice of meeting the definition of substantive portion based on history, physical exam, medical decision making, or more than half of the total practitioner time spent.
  • Proposing to cover several services that were temporarily available as telehealth services during the PHE through CY 2023 on a Category III basis and extending the time these services are temporarily included on the telehealth services list for a period of 151 days following the end the PHE. 
  • Telehealth claims would require the appropriate place of service (POS) indicator to be included on the claim instead of modifier “95” after the period of 151 days following the end of the PHE. For Medicare telehealth services furnished via audio-only technology modifier “93” would be available, where appropriate. 
  • Establish a new General Behavioral Health Integration (BHI) service for monthly care integration where mental health services performed by Clinical Psychologists (CP) or Clinical Social Workers (CSWs) is the focal point of care integration. This new General BHI service would also allow a psychiatric diagnostic evaluation to serve as the initiating visit. 
  • Make an exception to the direct supervision requirement under “incident to” regulations to allow behavioral health services provided by auxiliary personnel (such as licensed professional counselors and licensed marriage and family therapists) incident to the services of a physician or non-physician practitioner (NPP) to be allowed under general supervision of a physician or NPP, rather than under direct supervision.
  • Proposing new HCPCS codes and valuation for Chronic Pain Management and treatment services (CPM) that would include a bundle of services furnished during a month. 
  • Opioid Treatment Program (OTP) would revise the pricing methodology for the drug component of the methadone weekly bundle and the add-on code for take-home supplies of methadone. CMS also proposes to allow the OTP intake to be furnished via two-way audio-video communications technology when billed for the initiation of treatment with buprenorphine, when authorized by the Drug Enforcement Administration (DEA) and Substance Abuse and mental Health Services Administration (SAMHSA). Audio-only communication technology to initiate treatment with buprenorphine would also be permitted where audit-video technology is not available. 
  • Create a new G-code for audiologists to bill for services without a physician referral for non-acute hearing or balance assessments unrelated to disequilibrium, hearing aids or examinations for the purpose of prescribing, fitting, or changing hearing aids. Billing the new G-code would be limited to once every 12 months.
  • Expand coverage for certain colorectal cancer screening tests by reducing the minimum age to 45 years and considering a follow-up screening colonoscopy after a Medicare covered at-home test to be a preventative service.
  • Preventive vaccine administration would receive annually updated payment amount based on the increase in the MEI and adjustment for geographic locality. Also, CMS proposes to continue the additional payment for at-home COVID-19 vaccinations and clarifies that policies regarding the administration of COVID-19 vaccines and monoclonal antibody products will continue until the Emergency Use Authorization (EUA) declaration for drugs and biological products is terminated.
  • CMS proposes a variety of changes for the Quality payment Program and Medicare Shared Savings Program.

Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs):

  • Add the new chronic pain management and behavioral health integration services to the RHC/FQHC-specific general care management HCPCS code, G0511.
  • Policies to extend telehealth flexibilities for 151 days after the PHE would be applicable to RHCs and FQHCs as well. 
  • Provider-based RHC’s payment limit per visit would be established by using a 12-consecutive month cost report. 

Sources: 
CMS-1770-P Medicare and Medicaid Programs; CY 2023 Payment Policies under the Physician Fee Schedule and Other Changes to Part B Payment Policies; Medicare Shared Savings Program Requirements; Medicare and Medicaid Provider Enrollment Policies, Including for Skilled Nursing Facilities; Conditions of Payment for Suppliers of Durable Medicaid Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS); and Implementing Requirements for Manufacturers of Certain Single-dose Container or Single-use Package Drugs to Provide Refunds with Respect to Discarded Amounts

Article
Medicare Proposed Rule for CY 2023 Medicare Physician Fee Schedule

Read this if you are a Skilled Nursing Facility (SNF) providing services to Medicare beneficiaries.

There are a few Skilled Nursing Facilities (SNF) reimbursement opportunities on the Medicare cost report. Two of them could reimburse providers for sizable expenses that the majority of SNFs experience every year: the Utilization Review (UR) and Medicare bad debts. 

Utilization Review: Medicare cost report opportunities

UR meetings historically focused on managing lengths of patient stay and reducing costs. The implementation of the SNF value-based purchasing program and the related incentive payment adjustment, which resulted in a reimbursement rate increase or reduction by up to 2%, led some facilities to increased physician or medical director involvement in the UR management in order to improve clinical outcomes. 

With the increase in physicians’ UR time, there frequently is a cost increase for SNFs. CMS Provider Reimbursement Manual – Part 1, Chapter 21, Section 2126.2, outlines the requirements for 100% reasonable Medicare program UR cost reimbursement.  The only mechanism for SNFs to get reimbursement for these costs is through the Medicare cost report. 

Why is this important? BerryDunn maintains a database of SNF Medicare cost report filings and analyzes the data annually, looking for trends and opportunities to help providers optimize available reimbursement. The cost report data shows that from 2016 to 2019 only 1.95% of rural SNFs and 2.82% of urban facilities claimed reimbursable Medicare UR costs. Of the facilities claiming UR costs, the median requested reimbursement was $9,000 or $2.07 per Medicare patient day. 


Figure 1 Source: HCRIS as filed full utilization SNF cost reports, 2017 - 2019

Optimize your reimbursement: Utilization Review checklist available

To support SNFs with reimbursement for these costs, BerryDunn’s healthcare consulting team has developed a checklist that provides insight on the Medicare cost report opportunities. Download the Utilization Review checklist.

Article
Leaving money on the table? Reimbursement opportunities for Skilled Nursing Facilities

Read this if your company is a benefit plan sponsor.

While plan sponsors have been able to amend their 401(k) plans to include a post-tax deferral contribution called Roth for more than a decade, only 86% of plan sponsors have made it available to participants, according to the Plan Sponsor Council of America. Meanwhile, despite the potential benefits of such plans, just a quarter of participants who have access to the Roth 401(k) option use it. Plan sponsors may want to consider adding a Roth 401(k) option to their lineup because of the potential tax benefits and other advantages for plan participants.

A well-designed Roth 401(k) may be an attractive option for many plan participants, and it is important for plan sponsors considering such a feature to design the plan with the needs of their workforce in mind. It is also critical to clearly communicate the differences from the pre-tax option, specific timing rules required, and the tax-free growth it offers. Additionally, plan sponsors should be mindful of potential administrative costs and other compliance requirements in connection with allowing the Roth option.

Roth 401(k)s: The basics

A Roth is a separate contribution source within a 401(k) or 403(b) plan that differs from traditional retirement accounts because it allows participants to contribute post-tax dollars. Since participants pay taxes on these contributions before they are invested in the account, plan participants may make qualified withdrawals of Roth monies on a tax-free basis, and their accounts grow tax-free as well.

Participants of any income level may participate in a Roth 401(k) and may contribute a maximum of $20,500 in 2022—the same limit as a pre-tax 401(k). Contributions and earnings in a Roth 401(k) may be withdrawn without paying taxes and penalties if participants are at least 59½ and it’s been at least five years since the first Roth contribution was made to the plan. Participants may make catch-up contributions after age 50, and they may split their contributions between Roth and pre-tax. Similar to pre-tax 401(k) accounts, Roth 401(k) assets are considered when determining minimum distributions required at age 72, or 70 ½ if they reached that age by Jan. 1, 2020.

Only employee elective deferrals may be contributed post-tax into Roth 401(k) accounts. Employer contributions made by the plan sponsor, such as matching and profit sharing, are always pre-tax contributions. If the plan allows, participants may convert pre-tax 401(k) assets into a Roth account, but it is critical to remember that doing so triggers taxable income and participants must be prepared to pay any required tax. In addition, plan sponsors must be careful to offer Roth 401(k)s equally to all participants rather than just a select group of employees.

Qualified distributions from a designated Roth account are excluded from gross income. A qualified distribution is one that occurs at least five years after the year of the employee’s first designated Roth contribution (counting the first year as part of the five) and is made on or after age 59½, on account of the employee’s disability, or on or after the employee’s death. Non-qualified distributions will be subject to tax on the earnings portion only, and the 10% penalty on early withdrawals may apply to the part of the distribution that is included in gross income. Participants may take out loans if permitted in the plan document. 

First steps for plan sponsors

A common misconception among plan sponsors is that a Roth offering requires a completely different investment vehicle. The feature is simply an added contribution option; therefore, no separate product is needed.

When considering the addition of a Roth 401(k) option, it is important for plan sponsors to check with service providers to determine whether payroll may be set up properly to add a separate deduction for the participant. Plan sponsors may also need to consider guidelines for conversions, withdrawals, loans, and other features associated with the Roth contribution source to ensure the plan document is prepared and followed accurately.

Education is an important component of any new plan feature or offering. Plan sponsors should check with service providers to see how they may help to explain the feature and optimize its rollout for the plan. One-on-one meetings with participants may be very helpful in educating them about a Roth account.

A word about conversions

If permitted by the plan document, participants may convert pre-tax 401(k) plan assets (deferrals and employer contributions) to the Roth source within their plan account. The plan document may allow for entire account conversions or just a stated portion. When assets are converted, participants must pay income taxes on the converted amount, and the additional 10% early withdrawal tax won’t apply to the rollover. Plan sponsors should educate participants on the benefits of converting to the Roth inside the company 401(k).

Collaborate with the right service providers to educate your participants

The right service providers may review your current plan design, set up accounts properly, actively engage and educate your participants, and offer financial planning based on individual circumstances to show how design features like a Roth account may benefit their situation. If you would like to start the conversation about adding a Roth option or enhancing your participant education program, contact our employee benefits team. We are here to help. 

Article
Plan sponsor alert: Roth 401(k) remains underutilized despite potential benefits

Read this if you are a Maine business or pay taxes in Maine.

Maine Revenue Services has created the new Maine Tax Portal, which makes paying, filing, and managing your state taxes faster, more efficient, convenient, and accessible. The portal replaces a number of outdated services and can be used for a number of tax filings, including:

  • Corporate income tax
  • Estate tax
  • Healthcare provider tax
  • Insurance premium tax
  • Withholding
  • Sales and use tax
  • Service provider tax
  • Pass-through entity withholding
  • BETR

The Maine Tax Portal is being rolled out in four phases, with two of the four phases already completed. Most tax filings for both businesses and individuals are now available. A complete listing can be found on maine.gov. Instructional videos and FAQs can also be found on this site.

In an effort to educate businesses and individuals on the use of the new portal, Maine Revenue Services has been hosting various training sessions. The upcoming schedule can be found on maine.gov

Article
New Maine Tax Portal: What you need to know

Read this if you are responsible for cybersecurity or are a member of a board of directors.

The board’s role in the oversight of organizational risk is increasingly complicated by cybersecurity concerns. Cybersecurity risk is pervasive and will affect companies in a variety of ways. The responsibility for detailed cyber risk oversight within the board should be well documented and communicated, and may often touch various committees across the board, including but not limited to risk, audit, and compliance. With the increasing complexity surrounding cybersecurity, it is also important for the board to evaluate existing experience and skills, identify gaps, and address those gaps through succession planning or leveraging advisors.

Additionally, all directors need to maintain continual knowledge about evolving cyber issues and management’s plans for allocating resources with respect to the preparedness in responding to cyber risks. Such knowledge helps boards assess the priority-driven and investment decisions put forth by management needed in critical areas.

Here are some critical questions that boards and management should be considering with respect to mitigating cyber security risk for their organizations. They may be useful as a starting point for boards to use in their discussions and as a guide when looking at their oversight of management’s plans for addressing potential cyber risks.

General

  • What is the threat profile and risk tolerance of our organization based on our business model and the type of data our organization holds?
  • Is the cyber risk management plan documented, including the identification, protection, and disposal of data?
  • Has the cyber risk management plan been tested?
  • Does our organization’s cybersecurity strategy align with our threat profile and risk tolerance?
  • Is our cybersecurity risk viewed as an enterprise-wide issue and incorporated into our overall risk identification, management, and mitigation process?
  • What percentage of our IT budget is dedicated to cybersecurity?
  • Does that allocation conform to industry standards?
  • Is it adequate based on our threat profile?
  • What are stakeholder demands and priorities for cybersecurity? Data privacy? Data governance? What interactions has the company or board had with shareholders regarding cybersecurity?
  • What is the interaction model between senior management and the board for communications regarding cybersecurity?
  • Has the regulatory focus on the board’s cybersecurity responsibility been increasing? If so, what is driving that focus?

Board cybersecurity oversight

  • How is oversight of cybersecurity structured (committee vs. full board) and why? Is this structure well documented in the appropriate governance charters?
  • Is cybersecurity an area considered and reported as a director competency? If so, have skill/experience gaps been identified together with plans to resolve those gaps?
  • Is there a cybersecurity expert on the board?

Overall cybersecurity strategy

  • Does the board play an active part in determining an organization’s cybersecurity strategy?
  • What are the key elements of a good cybersecurity strategy?
  • Is the organization’s cybersecurity preparedness receiving the appropriate level of time and attention from management and the board (or appropriate board committee)?
  • How do management and the board (or appropriate board committee) make this process part of the organization’s enterprise-wide governance framework?
  • How do management and the board (or appropriate board committee) support improvements to the organization’s process for conducting a cybersecurity assessment?

Risk assessment: risk profile

  • What are the potential cyber threats to the organization?
  • Who is responsible for management oversight of cyber risk?
  • Has a formal cyber assessment been performed? Does it need to be updated?
  • Do management and the board understand the organization’s vulnerabilities and how it may be targeted for cyber-attacks?
  • What do the results of the cybersecurity assessment mean to the organization as it looks at its overall risk profile?
  • Is management regularly updating the organization’s inherent risk profile to reflect changes in activities, services, and products?

Risk assessment: cyber maturity oversight

  • Who is accountable for assessing, managing, and monitoring the risks posed by changes to the business strategy or technology and are those individuals empowered to carry out those responsibilities?
  • Is there someone dedicated full-time to our cybersecurity mission and function, such as a Chief Information Security Officer (CISO)?
  • Is our cybersecurity function properly aligned within the organization? (Aligning the CISO under the CIO may not always be the best model as it may present a conflict. Many organizations align this function under the risk, compliance, audit, or legal functions, while others with a direct or “dotted line” reporting to the CEO.)
  • Do the inherent risk profile and cybersecurity maturity levels meet risk management expectations from management, the board, and shareholders? If there is misalignment, what are the proposed plans to bring them into alignment?

 Cybersecurity controls

  • Do the organization’s policies and procedures demonstrate management’s commitment to sustaining appropriate cybersecurity maturity levels?
  • What is the ongoing practice for gathering, monitoring, analyzing, and reporting risks?
  • How effective are the organization’s risk management activities and controls identified in the assessment?
  • Are there more efficient or effective means for achieving or improving the organization’s risk management and control objectives?
  • Are there controls in place to ensure adequate, accurate and timely reporting of cybersecurity related content?
  • How does the company remain apprised of laws and regulations and ensure compliance?
  • What cloud services does our organization use and how risky are they?
  • How are we protecting sensitive data?

Threat intelligence and collaboration

  • What is the process for gathering and validating inherent risk profile and cybersecurity maturity information?
  • Does our organization share threat intelligence with law enforcement?
  • What third parties does the organization rely on to support critical activities and does the organization regularly audit their level of access?
  • What is the process to oversee third parties and understand their inherent risks and cybersecurity maturity?

Cybersecurity metrics

  • Have we defined appropriate cybersecurity metrics, the format, and who should be reporting to the board?
  • How regularly should a board obtain IT metric information?
  • Is the information meaningful in a way that invokes a reaction and provides a clear understanding of the level of risk willing to be accepted, transferred, or mitigated?
  • How is the board actively monitoring progress or lack of progress and holding management accountable?

Cyber incident management and resilience

  • How does management validate the type and volume of cyber-attacks?
  • Does the organization have a comprehensive cyber incident response and recovery plan? Does it involve all key stakeholders—both internal and external? Does it include a business disaster recovery communication process?
  • How does an incident response and recovery plan fit into the overall cybersecurity strategy?
  • Is the board’s response role clearly defined?
  • Is the cyber incident response reviewed and rehearsed at least annually? Do rehearsals include cyber incident exercises?
  • Is there a culture of cyber awareness and reporting at all levels of the company?
  • Is the company adequately insured and is coverage reviewed at least annually?

Cybersecurity education

  • How does the board remain current on cybersecurity developments in the market and the regulatory environment?
  • Currently, how does the board evaluate directors' knowledge of the current cyber environment and cybersecurity issues impacting their organizations?
  • Do boards currently have the skill sets necessary to adequately oversee cybersecurity? How is the board identifying and evaluating the necessary director skills and experience in this area?
  • Are directors provided with educational opportunities in this area?
  • Is regular cybersecurity education provided to the entire organization?

Cybersecurity disclosure

  • Has oversight of cybersecurity reporting been defined for management and the board?
  • Are company policies and procedures to identify and manage cybersecurity risk, management’s role in implementing cybersecurity policies and procedures, board of directors’ cybersecurity expertise and its oversight of cybersecurity risk, being included within the financial statement and proxy disclosures?
  • Does the company have a mechanism for timely reporting of material cybersecurity incidents?
  • Have updates about previously reported material cybersecurity threats and incidents been included in the financial statements?

If you have any questions about cybersecurity programs, communicating with your board about cybersecurity, or have a specific question about your company or organization, please contact our IT security experts. We're here to help. 

Article
Board oversight of cybersecurity: Questions to ask

Read this if you think your organization may have to prepare an HRSA audit.

Many healthcare providers who have never done an audit before may be required by the Health Resources and Services Administration (HRSA) agency to do so this year because they received Provider Relief Funding (PRF). We’re helping you prepare by answering some common queries about the PRF audit:

Will my organization have to complete a PRF audit?

The HRSA requires organizations to complete a federal single audit when they expend more than $750,000 of federal funding in one year, regardless of whether those federally sourced funds came directly from the federal government or were passed from a state or local government. Healthcare providers who received $10,000 or more from the PRF during a given period must report on usage.

For many providers, this is the first time they’ve received over $750,000 in federal funding. As a result, these providers will need to complete the single audit for the first time.

Other providers, especially physician practices, may not meet the single audit expense threshold, but that doesn’t mean they’re free from audit obligations. While they may not have to complete a single audit, if they received funding from the PRF, they may need to complete a HRSA-required audit—and the data requests for these audits are, in some cases, more involved than those for the single audit.

What will the HRSA’s PRF audit look like?

The audit will address the data used by the providers to report on their usage of PRF money. That means they will need to provide support for lost revenue and expenses that justify the use of the funds that they received.

The HRSA is going to drill down on the revenue numbers, specifically looking at the general ledger (GL) and other select revenue tests. On the expenses side, they’re going to look at the GL, invoice dates, payments and more.

To complete this audit, HRSA will require a significant amount of supporting documentation. Ideally, most of these documents should already have been copied and set aside as support in anticipation of financial reporting requirements. Below is a partial list of items that could be requested during the audit:

  • General Ledger details
  • Listing of expenses reimbursed with PRF payments grouped into specified categories
  • Listing of patient care revenue by payer
  • Listing of other sources of assistance
  • Listing of expenses reimbursed with the other assistance received
  • Detailed inventory listing of IT supplies
  • Budget attestation from CEO or CFO and board minutes showing ratification of the budget before March 27, 2020
  • Documentation of lost revenue methodologies
  • Audit financial statements
  • CMS cost reports for Medicare and Medicaid
  • Other supporting documentation

If certain documentation isn’t available, providers will need to request copies from their vendors. Missing documentation may make it difficult to justify the use of funds, in which case, providers may have to repay a portion or all of their provider relief funding.

It’s possible that certain expenses were not allowable under PRF. However, that doesn’t necessarily mean providers will have to repay their funds. Providers may have other lost revenue or expenses that would be allowed under PRF—but only if they have the documentation to prove it. That’s why it’s crucial that providers have all relevant documentation for expenses and lost revenue over the periods they received provider relief funding.

What challenges should I anticipate when it comes to completing the audit?

According to the 2022 BDO Healthcare CFO Outlook Survey, 35% of respondents identified CARES Act/PRF reporting as a regulatory concern.

Much of this concern likely stems from a lack of resources as well as audit inexperience. Many providers who will have to complete an HRSA audit don’t have the necessary resources to dedicate to navigating the process. In addition, they may not know the type, scope, or time frame of documentation they need to pull. They may also struggle to locate certain documentation, especially documentation that’s more than two years old.

Finding the right people to sift through the information to ensure its accuracy can be extremely difficult, especially if the documents are not filed electronically. This problem is even greater right now, given the professional services labor shortage that makes it difficult to hire the right people for the job if they aren’t already employed at your organization.

What should my next steps be?

To get ready for a potential HRSA audit, there are at least three immediate steps you should take:

  1. Select a responsible point person. One person should be responsible for coordinating the process to ensure that nothing falls through the cracks or is overlooked.
  2. Keep your PRF filing reports on hand. Pull any related supporting documentation and collate it into one place if it isn’t already.
  3. Identify what support is needed by doing a gap analysis. Determine where you need additional support or expertise and seek to close these gaps before the notification of any audit process.

Insufficient documentation may result in the recapture of provider relief funding by the HRSA. Fortunately, a lack of documentation is preventable with the right support and resources in place.

Article
HRSA audit preparation: All you need to know