DME Audits Explained: SMRC, CERT, TPE, RAC & UPIC
Compare Medicare review contractors, prepayment and postpayment audits, the complete SMRC timeline, recurring DME documentation failures, appeal timing, and an audit-prevention system.
Quick answer
The acronyms are not interchangeable. CERT measures improper payments through sampled claims; TPE is a MAC-led targeted review and education process; SMRC performs CMS-directed nationwide medical reviews; RAC identifies post-payment overpayments and underpayments; and UPIC investigates potential fraud, waste, and abuse. Read the letter, identify the contractor and authority, preserve the record, and respond to the exact request by its stated deadline.
Rules to know
- SMRC conducts CMS-directed nationwide reviews of Medicare Part A/B and DMEPOS claims for coverage, coding, payment, billing, and documentation compliance.
- CERT uses a statistically valid sample to estimate the Medicare FFS improper-payment rate; a CERT error is not automatically a finding of fraud.
- TPE is run by a MAC and generally combines a targeted claim probe with one-on-one education; traditional rounds usually review 20 to 40 claims and may repeat up to three times.
- RAC performs post-payment automated or complex reviews to identify and correct overpayments and underpayments; the nationwide Region 5 RAC covers DMEPOS, home health, and hospice.
- UPIC prevents, detects, and investigates suspected fraud, waste, and abuse and may support payment suspension, revocation, overpayment, or law-enforcement referral actions.
- An Additional Documentation Request is the mechanism for obtaining records, not the name of a single audit program; the sender determines the review context.
- The response should prove the billed claim as it existed for the date of service, including eligibility, order, medical necessity, coding, modifiers, delivery, and continued-need or use evidence when applicable.
- Appeal rights, rebuttal options, escalation paths, and deadlines depend on the contractor, review result, and subsequent MAC action; never assume one program's process applies to another.
- Review selection may involve national or local vulnerabilities, high-error services, unusual utilization or billing patterns, prior findings, complaints, referrals, and data analysis. A review does not by itself establish wrongdoing, and an SMRC project may target a service nationally rather than one supplier individually.
- Prepayment review holds or denies payment before funds are released. Postpayment review examines an already paid claim and may lead the MAC to adjust the claim, issue an overpayment demand, accrue interest, and recoup from future payments, creating a larger operational cash-flow risk.
- The current SMRC Provider Compliance Group flow starts with an ADR and generally allows 45 calendar days from the ADR date for records. After timely records arrive, SMRC generally reviews them within 30 calendar days and sends a Final Review Results letter.
- A supplier generally has 14 calendar days from the Final Review Results letter to request Discussion and Education and/or notify SMRC of intent to submit additional documentation. The current flowchart provides different submission and review periods depending on the chosen path, so the actual letter controls.
- The SMRC does not collect the resulting debt itself. It reports improper-payment findings; the MAC adjusts claims and issues the overpayment or underpayment notice, after which standard MAC recovery and appeal procedures apply.
- A first-level redetermination is generally due within 120 days of the demand letter, but filing by day 30 may be necessary to prevent recoupment beginning around day 41 for overpayments subject to recoupment limitation. Interest timing and the demand letter require immediate review.
- KX is an attestation that requirements specified in the applicable medical policy are met. It is not a routine formatting modifier, and unsupported KX use can turn a documentation weakness into a broader compliance concern.
- CMS eliminated remaining CMNs and DIFs for dates of service on or after January 1, 2023. The underlying medical-necessity and coverage evidence did not disappear; the information must be supported by the claim, order, treating record, and other required documentation.
- Audit-ready means each document proves its own fact without silent assumptions: who, what, when, where, why, author, signature, date, item, quantity, and relationship to the billed claim must be internally clear and consistent with the rest of the record.
Operational workflow
- 01Date-stamp the notice and verify the sender, contractor type, claim list, dates of service, requested records, submission channel, and deadline.
- 02Confirm the request is authentic using official contractor contact information, especially before disclosing beneficiary records.
- 03Assign one response owner and preserve the complete request, envelope or portal notice, claim image, remittance, communications, and submission evidence.
- 04Build a claim-by-claim index that maps every requested element to the exact page or file where the reviewer can find it.
- 05Reconcile the order, treating record, coverage criteria, HCPCS, modifiers, units, delivery, refill, continued need or use, and date-specific policy without altering the historical record.
- 06Submit through an approved channel before the stated deadline and retain proof of receipt; use esMD when supported by the contractor and workflow.
- 07Track findings by root cause, assess appeal or other response rights, and correct systemic controls across similar claims without automatically rebilling or refunding unrelated claims.
- 08Escalate suspected UPIC matters, large extrapolations, payment suspensions, subpoenas, or potential self-disclosure issues to qualified healthcare counsel and compliance leadership.
- 09For an SMRC response, calendar the 45-day ADR period, create a separate indexed packet for each claim, validate secure delivery, and retain acceptance evidence; request good-cause relief promptly if an extraordinary event prevents timely response.
- 10When the Final Review Results letter arrives, compare every finding to the submitted index and policy, then calendar the 14-day D&E or re-review election period and the applicable additional-document submission deadline stated in the letter.
- 11Use D&E to understand rationale and prevention, and use re-review when additional contemporaneous evidence can support the claim. Do not create, alter, backdate, or mischaracterize records after the fact.
- 12When the MAC demand arrives, reconcile claim adjustments and interest, notify finance and leadership, preserve appeal rights, and target day 30 for redetermination when recoupment limitation applies rather than treating day 120 as the operating deadline.
- 13Prevent recurrence with a pre-billing QA gate, date-specific coverage verification, item-level policy checklist, signed-order control, delivery reconciliation, refill and continued-use monitoring, modifier validation, monthly denial review, and risk-based internal sample audits.
Common failure modes
- Assuming every ADR is routine and missing the significance of the contractor named in the notice.
- Sending an unindexed document dump that does not connect evidence to coverage criteria or individual claims.
- Submitting only supplier-created forms when the request also requires contemporaneous treating-practitioner records.
- Changing, recreating, or backdating historical documentation instead of supplying an accurate record and a clearly labeled explanation when appropriate.
- Missing a deadline, failing to retain delivery confirmation, or sending protected information through an unapproved channel.
- Treating an improper-payment finding as synonymous with fraud, or treating a UPIC inquiry as an ordinary educational review.
- Order failure: missing, incomplete, unsigned, late, or inconsistent order elements, including item description, quantity, practitioner identity, signature, or date.
- Medical-record failure: treating notes do not independently establish the condition, functional limitation, test result, or item-specific coverage criterion for the date of service.
- Delivery failure: proof does not identify the beneficiary, item, quantity, delivery date, address or method, recipient, or link to the exact billed equipment and accessories.
- Continued-need, continued-use, or refill failure: recurring claims lack timely beneficiary contact, affirmative refill request, usage evidence, or policy-specific follow-up.
- Coding and modifier failure: product, HCPCS, units, accessories, rental or purchase, laterality, replacement, or KX and liability modifiers do not match the facts and policy.
- Eligibility and supplier failure: beneficiary coverage, place of service, ordering practitioner, supplier enrollment, accreditation, licensing, same-or-similar history, or payer jurisdiction is unsupported.
- Record-integrity failure: conflicting dates, templated language, unexplained corrections, unsigned entries, illegible records, supplier-generated conclusions, or missing provenance prevent the reviewer from trusting the file.
Knowledge check
Official sources
Continue this track
Education only. Verify the current code set, payer contract, coverage policy, implementation guide, and claim-specific facts. Do not enter protected health information into this site.