Medicare Audit Preparation for CPAP Providers
Medicare audits aren't a matter of if, but when.
CMS contractors are increasing CPAP-related audits. Recovery Audit Contractors (RACs), Unified Program Integrity Contractors (UPICs), and Zone Program Integrity Contractors (ZPICs) are all targeting DME.
Being prepared isn't optional.
Types of Medicare Audits
Pre-Payment Review
What it is: Claims held for documentation review before payment.
Trigger: High claim volume, unusual billing patterns, geographic targeting.
Timeline: Documents requested within 30-45 days.
Impact: Delayed payment until documentation approved.
Post-Payment Review
What it is: Review of already-paid claims. Overpayments recovered.
Trigger: Data analysis, whistleblower complaints, random sampling.
Timeline: Can look back 3-6 years of claims.
Impact: Repayment demanded plus potential penalties.
RAC (Recovery Audit Contractor) Review
What it is: Contingency-based auditors reviewing for overpayments.
Trigger: Data mining identifies potential issues.
Timeline: 45 days to respond to document requests.
Impact: Overpayments demanded with interest.
UPIC/ZPIC Review
What it is: Fraud investigation contractors.
Trigger: Suspected fraud, abuse, or unusual patterns.
Timeline: Unpredictable, can include unannounced site visits.
Impact: Payment suspension, exclusion, criminal referral possible.
Documentation Requirements
For every CPAP claim, maintain these documents:
1. Sleep Study/Diagnosis
Required elements:
- Qualifying sleep study (Type I, II, III, or IV)
- AHI/RDI meeting diagnostic criteria (≥5 for Medicare)
- Date of study
- Interpreting physician signature
- Facility identification
Common deficiencies:
- Missing physician signature
- AHI below threshold
- Study conducted at non-approved facility
2. Face-to-Face Evaluation
Required elements:
- Conducted by treating physician
- Documents symptoms, examination findings
- Establishes diagnosis of obstructive sleep apnea
- Recommends CPAP therapy
Common deficiencies:
- Evaluation by non-physician
- No documented recommendation for CPAP
- Date not within required timeframe
3. Prescription/Order
Required elements:
- Written order signed by treating physician
- Specific device type (CPAP, Auto, BiPAP)
- Pressure settings or range
- Date of order
- Physician NPI
Common deficiencies:
- Verbal order not co-signed
- Missing device specifications
- Order predates face-to-face
4. Proof of Delivery
Required elements:
- Delivery date
- Items delivered (specific HCPCS)
- Patient or caregiver signature
- Delivery method (if shipped)
Common deficiencies:
- Missing signature
- Generic item descriptions
- Date discrepancies
5. Compliance Data (after 90 days)
Required elements:
- Usage data covering 90-day period
- Average hours per night
- Percentage of nights ≥4 hours
- Data source identified
Common deficiencies:
- Data from wrong time period
- Missing compliance calculation
- Unsigned data reports
Building an Audit-Ready File
File Organization
Create standardized patient file structure:
Section 1: Demographics
- Patient identification
- Insurance cards (copies)
- Eligibility verification
Section 2: Diagnosis
- Sleep study report
- Interpretation
- Referring physician documentation
Section 3: Orders
- Prescriptions
- Face-to-face evaluation
- Refill orders
Section 4: Service Documentation
- Delivery tickets
- Setup notes
- Equipment serial numbers
Section 5: Compliance
- 90-day compliance data
- Coaching call notes
- Patient communications
Section 6: Billing
- Claims submitted
- Remittances
- Adjustments
Documentation Checklist
Before claiming initial equipment:
- [ ] Sleep study with qualifying AHI
- [ ] Face-to-face evaluation complete
- [ ] Written order with specifications
- [ ] Eligibility verified
- [ ] Prior authorization (if required)
Before claiming 90-day continuation:
- [ ] Compliance data extracted
- [ ] 70%/4-hour criteria met
- [ ] Data report in file
- [ ] Face-to-face re-evaluation (if required)
Responding to Audit Requests
Timeline Management
Day 1: Receive ADR (Additional Documentation Request)
Day 5: Assign staff member, locate patient file
Day 15: Gather all documentation
Day 30: Prepare cover letter and summary
Day 45: Submit response (deadline)
Response Package Contents
- Cover letter: Claim information, patient details, summary of documentation
- Index/table of contents: Easy reference for reviewer
- Documentation: Organized per their request
- Highlight key elements: Don't make reviewers search
Common Mistakes in Responses
Sending incomplete documentation: If you don't have it, better to acknowledge than ignore.
Missing deadlines: Extensions possible but must be requested in writing.
Disorganized submission: Reviewers deny unclear files.
Argumentative tone: Professional, factual responses perform better.
When You Receive an Adverse Decision
Appeal Levels (Medicare)
Level 1 - Redetermination:
- File within 120 days
- Written request with additional documentation
- Decided by Medicare contractor
Level 2 - Reconsideration:
- File within 180 days of Level 1 decision
- Reviewed by Qualified Independent Contractor (QIC)
- Can request telephone or video hearing
Level 3 - Administrative Law Judge:
- Amount in controversy must exceed threshold ($180 in 2026)
- More formal hearing process
- Success rates improve at this level
Level 4 and 5:
- Medicare Appeals Council
- Federal District Court
- Rarely reached
Appeal Success Factors
Success rate improves when:
- Missing documentation found and submitted
- Coding error identified and corrected
- Medical necessity clearly established
- Procedural errors in initial review
Appeal unlikely to succeed when:
- Documentation genuinely missing
- Requirements truly not met
- Service not covered
Proactive Audit Prevention
Self-Audit Program
Quarterly, review random sample (5-10%) of claims:
- Does documentation meet all requirements?
- Would this survive external audit?
- What patterns of deficiency exist?
Staff Training
Annual training on:
- Documentation requirements
- Common deficiencies
- Audit response procedures
- Updates to Medicare rules
External Review
Consider annual compliance audit by outside consultant:
- Fresh eyes identify issues
- Demonstrates compliance commitment
- Identifies training needs
Drift maintains audit-ready compliance documentation. Data reports formatted for Medicare requirements. [See compliance features →](/support)