What Are Credit Balances in the Revenue Cycle?
Skillfully managing the revenue cycle of a healthcare organization requires oversight of several components. Most health entities are considered creditors—organizations that offer or extend credit or services, which results in debt.[3] Each patient account may be assessed by several departments within revenue management until the debt is settled. When settling a debt, one significant risk within the healthcare revenue cycle is a “credit balance,” which is defined as an excess of payment on an account. Credit balances can exist for many reasons, including, for example, failure to correct coordination of benefits (COB), improper billing, and duplicate payments. Though credit balances may occur during the normal course of business, they require consistent attention, monitoring, and ongoing resolution to prevent accumulation; overpayments not returned can result in penalties. To accurately assess the compliance risks of credit balances, an investigation of the account and payment analysis will be required. Many possible reasons exist for an account to present a negative balance; however, the most common types of credit balances are classified based on the payer source.
Patient credit balances can occur by accepting improper payments from patients. In most cases, patient overpayments result from a miscalculation of out-of-pocket costs or insurance benefits. Collection of a presumed contractual co-pay, deductible, or co-insurance without an in-depth understanding of the insurance benefits may produce a negative balance on the account after claims are processed.
Apart from patient credit balances, organizations may need to review negative account balances related to third-party payers. Commercial-payer credit balances may transpire in the happenstance that a private insurer makes an overpayment. These credit balances are often caused by systematic or contract issues. Government-payer credit balances are simply excessive or improper payments made by government entities such as Medicaid or Medicare. Overpayments from these payer sources often present the highest liability for healthcare organizations, as failure to comply with their respective guidelines may result in a violation of the False Claims Act.
Institutional providers are obligated to submit Medicare Credit Balance Reports (see CMS-838 Form), which are required under the authority of sections of the Social Security Protection Act.[4][5] Failure to submit this report may result in a suspension of payments under the Medicare program and may affect eligibility to participate in the Medicare program. Clinics and individual providers do not have to submit credit balance reports to the various federal and state agencies but are still at risk of retaining an overpayment and may potentially violate the False Claims Act[6] if they do not refund credit balances to federal payers in a timely manner and exercise due diligence in monitoring and identifying accounts.
Proper management of credit balances is essential to ensuring compliance with Medicare and Medicaid regulations, meeting contractual expectations, providing timely refunds, and reducing the risk of misappropriation of funds and False Claims Act violations.
Risk Area Governance
Ultimately, the prompt resolution of a credit balance is the most desirable outcome. Overpayments are subject to federal regulations as well as protocols further defined by states. It is recommended to review these guidelines since these entities provide specific timelines regarding how a credit balance must be handled and when the overpayment needs to be released.
State Laws
After identifying a patient credit balance, many healthcare practices hold funds with the intent to apply the credit to any future balances a patient may owe. Unfortunately, this may not always be the best course of action. Organizations may have reporting obligations to return funds to their state controller’s office. States have enacted escheat or unclaimed property laws that involve an organization needing to be proactive in returning property, including credit balances, to the rightful owner. This may require written notices to the reported owner and, in the event the patient cannot be located, the credit balance may be considered unclaimed property and sent to the state controller. The time allotted for returning a patient or private-insurer overpayment to the state controller varies from jurisdiction to jurisdiction. It is recommended to review state laws to determine the designated workflow needed to properly resolve the overpayments.
Theft or Embezzlement in Connection with Health Care, 18 U.S.C. § 669
Third-party payers also have guidelines for creditors in the event of an overpayment. Commercial insurance plans are governed first by the terms of the contract and then by state statutes. While state statutes and contracts will apply, a federal statute also obligates a healthcare entity to return credits to a private insurer. The “Theft or embezzlement in connection with health care” section details penalties in cases in which a person or organization “knowingly and willfully embezzles, steals, or otherwise without authority converts to the use of any person other than the rightful owner, or intentionally misapplies any of the moneys, funds, securities, premiums, credits, property, or other assets of a health care benefit program.”[7] The term “health care benefit program” is defined (in 18 U.S.C § 24) as any public or private plan.[8] In this context, it is understood that withholding overpayments from commercial insurance plans may also carry serious legal repercussions.
Fraud Enforcement and Recovery Act of 2009, Pub. Law 111–21
Overpayments made by any government payer, such as Medicaid and Medicare, must be returned under strict time limits. Prior to the Affordable Care Act (ACA), the U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) addressed provider responsibility to return the credit balance under its Compliance Program Guidance for Third Party Billing Companies.[9] Ultimately, the guidance states, “failure to repay overpayments within a reasonable period of time could be interpreted as an intentional attempt to conceal the overpayment from the government, establishing an independent basis for a criminal violation.”[10] In 2009, passage of the Fraud Enforcement and Recovery Act (FERA) provided further clarification on potential liability of accounts that had credit balances. This act was passed to aid in healthcare fraud enforcement and to made it clear that retention of an overpayment resulted in a liability under the False Claims Act.[11][12]
Patient Protection and Affordable Care Act, 42 U.S.C. § 1320a-7k(d)
Though prior statutes confirmed that healthcare providers are responsible for making refunds to Medicaid and Medicare in the event of an overpayment, it wasn’t until passage of the Patient Protection and Affordable Care Act (ACA)[13] that specific deadlines were established. In 2010, enactment of the ACA provided Americans more access to healthcare through affordable options with third-party payers. The ACA stipulated that healthcare organizations identify overpayments received, report them, and repay the rightful owner within 60 days of identification. The act also provided an in-depth description of what it means to identify a credit balance: “[A] person has identified an overpayment when the person has, or should have, through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment. Creating this standard for identification provides needed clarity, processes, and procedures for providers and suppliers on the actions they need to take to comply with requirements for reporting and returning of self-identified overpayments.”[14] The statute continues by evaluating the allotment of time a provider may need for a good faith investigation.
In the 2016, “Medicare Program; Reporting and Returning of Overpayments, Final Rule,” Centers for Medicare & Medicaid Services (CMS) required “providers and suppliers receiving funds under the Medicare program to report and return overpayments by the later of the date that is 60 days after the date on which the overpayment was identified; or the date any corresponding cost report is due, if applicable”.[15] The rule further clarifies that:
-
A person that has received an overpayment must not only report and return the overpayment in the form and manner set forth in the rule; but also that
-
A person has identified an overpayment when the person has, or should have through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment.
A person should have determined that the person received an overpayment and quantified the amount of the overpayment if the person fails to exercise reasonable diligence and the person in fact received an overpayment. Therefore, one may conclude that there is a clear expectation of applying a good faith and diligent effort to identify overpayments¸ i.e., by conducting compliance monitoring for overpayments. It is important that compliance officers know the time frame and parameters the Final Rule sets:
We choose 6 months as the benchmark for timely investigation because we believe that providers and suppliers should prioritize these investigations and also to recognize that completing these investigations may require the devotion of resources and time. Receiving overpayments from Medicare is sufficiently important that providers and suppliers should devote appropriate attention to resolving these matters. A total of 8 months (6 months for timely investigation and 2 months for reporting and returning) is a reasonable amount of time, absent extraordinary circumstances affecting the provider, supplier, or their community. What constitutes extraordinary circumstances is a facts specific question. Extraordinary circumstances may include unusually complex investigations that the provider or supplier reasonably anticipates will require more than six months to investigate, such as physician self-referral law violations that are referred to the CMS Voluntary Self-Referral Disclosure Protocol (SRDP). Specific examples of other types of extraordinary circumstances include natural disasters or a state of emergency.[16]
Common Compliance Risks
Credit balances can arise in many ways. Medicare credit balances include instances where a provider is:
-
Paid twice for the same service either by Medicare or by Medicare and another insurer;
-
Paid for services planned but not performed or for noncovered services;
-
Overpaid because of errors made in calculating beneficiary deductible and coinsurance amounts; or
-
A hospital that bills and is paid for outpatient services included in a beneficiary’s inpatient claim.[17]
While there are various ways a credit balance can occur, it is important to note as far as federal payers are concerned, no de minimis exception exists; even small amounts such as one dollar and five dollars need to be returned to federal payers if they are overpaid.
Though credit balances will exist within a healthcare organization’s accounts, several risks are involved that may need to be resolved. The complexities of overpayments, state laws, and liability of contract terms can yield errors or increase compliance risks for the organization. Unfortunately, there are times when credit balances are left undiscovered until there is an audit. Audits by regulatory agencies may result in the high cost of remediation and increased reputational risks.
Common areas that may result in a credit balance could include errors from the payers or within internal billing teams. Internally, there could be manual- or system-posting errors present that would have an account appear to have a credit balance. For example, incorrect postings of allowable rates or adjustments may result in a negative balance on the account. This would not be a true credit but rather an error that can be resolved. Such errors could occur due to human error, but others could be a result of a computerized payment posting issue. Most organizations post utilizing Electronic Data Exchange (EDI) 835 files; however, it is possible that these files may contain a miscalculation. Another example of possible credit balances would be a true overpayment from a payer due to system errors. Payers often rely on claim systems to process payments, and there are times that the system may not be configured properly and may issue an overpayment. Timely management of credit balances would allow for an organization to promptly identify internal or external errors and correct the possible overpayment issue.
Addressing Compliance Risks
As organizations begin the daunting task of assessing compliance risks involved with credit balances, they begin to learn the depths of the regulatory issues at hand. A regular monitoring routine will make this less intimidating through modern billing systems that allow for data extraction and reports to facilitate internal monitoring. In order to sufficiently address negative account balances, organizations may consider using the following approaches.
Assess Data and Analytic Methods
Assessment involves reviewing reports and data models responsible for detailing credit balances on accounts. It is imperative that providers can first utilize their records to identify a credit balance.
Identify Payer Source
Due to different guidelines applied for each payment source, it is beneficial to stratify balances by payer. After identification, it is helpful to evaluate aging balances. The lookback period for Medicaid, commercial payers, and patients varies by state. The review period for Medicare balances is six years. However, it does not have to come to a lookback if credit balances are monitored regularly (e.g., monthly) and corrective action is taken promptly.
Perform a Root-Cause Analysis
After a data review, it would be valuable to determine if credit balances are truly the result of an overpayment. It is possible that a negative account balance may occur due to a posting or systematic error, and not necessarily from an overpayment. A root-cause analysis also assists in determining staff areas within an organization that need education, for example, if the overpayment results from over-collecting or a misunderstanding of insurance benefits.
Implement Ongoing Monitoring Efforts
To mitigate future risks, an organization may find it useful to have written policies and procedures in place to monitor credit balances. This requires an understanding of the internal controls the healthcare entity must use to perform reasonable diligence for identifying and quantifying overpayments. It also provides assurance that the provider is taking proper steps to meet state and federal guidelines and timelines. Though additional staff resources may be necessary for ongoing monitoring, it is a step that must be taken to ensure compliance. Leveraging sophisticated electronic health record (EHR) systems can aide in account reviews by creating alerts or reports.
Perform Random Audits
Aside from routine monitoring and running credit balance reports for various payers as part of the provider’s business practices, the compliance department may want to conduct periodic independent audits. These can ensure that credit balances are being reviewed according to policy and procedure and, especially, that identified credit balances constituting overpayments have been returned to federal payers within 60 days. Compliance may also check that patient refunds occur consistent with internal procedures and state law. Organizations may want to review internal controls regarding credit balances. Ensuring that procedures addressing the identification process and policy on refunds will prove to be critical in determining compliance with regulations. An understanding of payment posting procedures and current claim issues may assist in identifying possible areas of risk.
Regular audits on credit balances are recommended and can easily be reviewed with the accounts receivable department. Sample selection may include credits in various stages of timelines. Reviewing credits that have been identified to be pending anywhere between 1 to 90 days could reveal weakness within internal controls that will need to be addressed to be compliant.
Provide Education and Training
Revenue cycle compliance training should include federal and state guidelines regarding credit-balance timelines. Training for the revenue team also should include payment posting reconciliation for both manual and computer-assisted posting. Since a possibility of an account incurring a credit could be a result of posting errors, staff may need to be trained to diligently watch and identify possible credit on accounts.
Compliance and billing staff need to be aware that credit balances constituting ioverpayments require timely refunding and that the 60-day rule applies for identified overpayments by federal payers. Institutional providers, such as hospitals, are quite accustomed to reviewing their credit balances, extracting data reports from their patient accounting and billing systems, and submitting their Medicare Credit Balance Reports. Smaller providers and physician practices, however, may be less familiar with the False Claims Act risk associated with lack of timely return of credit balances constituting overpayments. The compliance officer should ensure there is sufficient training and education on the matter, including deadlines and an understanding that no automatic write-offs of very small amounts are permissible either.
Possible Penalties
Not only do providers have to worry about False Claims Act lawsuits for hanging onto overpayments, they may also be fined by the OIG with a civil monetary penalty for knowingly retaining an overpayment. Once oversight agencies are aware of mishaps with account balances, they may begin to perform regular audits and impose penalties and demand refunds.
A worst-case scenario could occur if enforcement agencies pursue a corporate integrity agreement (CIA) due to False Claims Act allegations. CIAs are negotiated with providers by the OIG as part of the settlement addressing civil false claim statute violations. Entities agree to the obligations listed in a CIA and, in exchange, the OIG agrees not to seek the entities’ exclusion from participation in Medicare, Medicaid, or other federal healthcare programs.
Ultimately, negative account balances require organizations to adhere to the terms of payer contracts, state regulations, and federal guidelines. Violations can carry strict penalties, such the possibility of criminal penalties, including imprisonment and criminal fines.[18] In one recent case, a healthcare organization was found to have willfully delayed repayment of more than $800,000 Medicaid overpayments. Along with the stress of the deteriorating reputation of the health system, the financial penalties totaled nearly $3 million.[19] In another case, the U.S. Department of Justice (DOJ) fined a provider more than $400,000 for failing to correct credit balances and repay overpayments to federal healthcare programs.[20]
Compliance Resources
Centers for Medicare & Medicaid Services
Medicare Credit Balance Report
https://www.cms.gov/Medicare/CMS-Forms/CMS-Forms/downloads/cms838.pdf
Federal Register
Medicare Program; Reporting and Returning of Overpayments
This final rule will provide clarification on requirements for reporting and returning overpayments.
https://www.federalregister.gov/d/2016-02789
https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-A/part-401/subpart-D/section-401.305
United States Treasury
Unclaimed Assets
This publication includes resources for locating state guidelines for unclaimed property.
https://www.fiscal.treasury.gov/unclaimed-assets.html
Risk Takeaways
Main points of interest:
-
Actively review and monitor accounts for credit balances and to see if they constitute overpayments.
-
Identify source payer of each overpayment.
-
The rules for reporting and returning an overpayment may vary per payer source.
-
The 60-day rule applies to refund credit balances of federal payers.
Areas to watch:
-
Review accounts for systematic or posting errors.
-
Monitor accounts with overpayments for a possible training opportunities and procedure updates.
Laws that apply:
-
State laws
-
Theft or Embezzlement in Connection with Health Care, 18 U.S.C. § 669
-
Fraud Enforcement and Recovery Act of 2009, Pub. Law 111-21
-
False Claims Act, 31 U.S.C. §§ 3729–3733
-
Patient Protection and Affordable Care Act, 42 U.S.C. § 1320a-7k(d)
-
42 U.S.C. §§ 1302, 1395hh ,1395w-5
-
Requirements for Reporting and Returning of Overpayments, 42 C.F.R. § 401.305
Addressing credit balance compliance risks:
-
Review reporting capability as most EHRs can detect a credit balance issue.
-
Perform root-cause analysis on accounts to determine the direct source of overpayment.
-
Implement ongoing monitoring practices.
-
Perform random audits and report findings to ensure proper monitoring and corrective action.