What Are Credit Balances in the Revenue Cycle?
Skillfully managing the revenue cycle of a healthcare organization requires oversight of several components. Most health entities are considered creditors—organizations that offer or extend credit or services, which results in debt. Each patient account may be assessed by several departments within revenue management until the debt is settled. When settling a debt, one significant risk within the healthcare revenue cycle is a “credit balance,” which is defined as an excess of payment on an account. Credit balances can exist for many reasons, including, for example, failure to correct coordination of benefits (COB), improper billing, and duplicate payments. Though credit balances may occur during the normal course of business, they require consistent attention, monitoring, and ongoing resolution to prevent accumulation; overpayments not returned can result in penalties. To accurately assess the compliance risks of credit balances, an investigation of the account and payment analysis will be required. Many possible reasons exist for an account to present a negative balance; however, the most common types of credit balances are classified based on the payer source.
Patient credit balances can occur by accepting improper payments from patients. In most cases, patient overpayments result from a miscalculation of out-of-pocket costs or insurance benefits. Collection of a presumed contractual co-pay, deductible, or co-insurance without an in-depth understanding of the insurance benefits may produce a negative balance on the account after claims are processed.
Apart from patient credit balances, organizations may need to review negative account balances related to third-party payers. Commercial-payer credit balances may transpire in the happenstance that a private insurer makes an overpayment. These credit balances are often caused by systematic or contract issues. Government-payer credit balances are simply excessive or improper payments made by government entities such as Medicaid or Medicare. Overpayments from these payer sources often present the highest liability for healthcare organizations, as failure to comply with their respective guidelines may result in a violation of the False Claims Act.
Institutional providers are obligated to submit Medicare Credit Balance Reports (see CMS-838 Form), which are required under the authority of sections of the Social Security Protection Act. Failure to submit this report may result in a suspension of payments under the Medicare program and may affect eligibility to participate in the Medicare program. Clinics and individual providers do not have to submit credit balance reports to the various federal and state agencies but are still at risk of retaining an overpayment and may potentially violate the False Claims Act if they do not refund credit balances to federal payers in a timely manner and exercise due diligence in monitoring and identifying accounts.
Proper management of credit balances is essential to ensuring compliance with Medicare and Medicaid regulations, meeting contractual expectations, providing timely refunds, and reducing the risk of misappropriation of funds and False Claims Act violations.
Risk Area Governance
Ultimately, the prompt resolution of a credit balance is the most desirable outcome. Overpayments are subject to federal regulations as well as protocols further defined by states. It is recommended to review these guidelines since these entities provide specific timelines regarding how a credit balance must be handled and when the overpayment needs to be released.
After identifying a patient credit balance, many healthcare practices hold funds with the intent to apply the credit to any future balances a patient may owe. Unfortunately, this may not always be the best course of action. Organizations may have reporting obligations to return funds to their state controller’s office. States have enacted escheat or unclaimed property laws that involve an organization needing to be proactive in returning property, including credit balances, to the rightful owner. This may require written notices to the reported owner and, in the event the patient cannot be located, the credit balance may be considered unclaimed property and sent to the state controller. The time allotted for returning a patient or private-insurer overpayment to the state controller varies from jurisdiction to jurisdiction. It is recommended to review state laws to determine the designated workflow needed to properly resolve the overpayments.
Theft or Embezzlement in Connection with Health Care, 18 U.S.C. § 669
Third-party payers also have guidelines for creditors in the event of an overpayment. Commercial insurance plans are governed first by the terms of the contract and then by state statutes. While state statutes and contracts will apply, a federal statute also obligates a healthcare entity to return credits to a private insurer. The “Theft or embezzlement in connection with health care” section details penalties in cases in which a person or organization “knowingly and willfully embezzles, steals, or otherwise without authority converts to the use of any person other than the rightful owner, or intentionally misapplies any of the moneys, funds, securities, premiums, credits, property, or other assets of a health care benefit program.” The term “health care benefit program” is defined (in 18 U.S.C § 24) as any public or private plan. In this context, it is understood that withholding overpayments from commercial insurance plans may also carry serious legal repercussions.
Fraud Enforcement and Recovery Act of 2009, Pub. Law 111–21
Overpayments made by any government payer, such as Medicaid and Medicare, must be returned under strict time limits. Prior to the Affordable Care Act (ACA), the U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) addressed provider responsibility to return the credit balance under its Compliance Program Guidance for Third Party Billing Companies. Ultimately, the guidance states, “failure to repay overpayments within a reasonable period of time could be interpreted as an intentional attempt to conceal the overpayment from the government, establishing an independent basis for a criminal violation.” In 2009, passage of the Fraud Enforcement and Recovery Act (FERA) provided further clarification on potential liability of accounts that had credit balances. This act was passed to aid in healthcare fraud enforcement and to made it clear that retention of an overpayment resulted in a liability under the False Claims Act.
Patient Protection and Affordable Care Act, 42 U.S.C. § 1320a-7k(d)
Though prior statutes confirmed that healthcare providers are responsible for making refunds to Medicaid and Medicare in the event of an overpayment, it wasn’t until passage of the Patient Protection and Affordable Care Act (ACA) that specific deadlines were established. In 2010, enactment of the ACA provided Americans more access to healthcare through affordable options with third-party payers. The ACA stipulated that healthcare organizations identify overpayments received, report them, and repay the rightful owner within 60 days of identification. The act also provided an in-depth description of what it means to identify a credit balance: “[A] person has identified an overpayment when the person has, or should have, through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment. Creating this standard for identification provides needed clarity, processes, and procedures for providers and suppliers on the actions they need to take to comply with requirements for reporting and returning of self-identified overpayments.” The statute continues by evaluating the allotment of time a provider may need for a good faith investigation.
In the 2016, “Medicare Program; Reporting and Returning of Overpayments, Final Rule”, Centers for Medicare & Medicaid Services (CMS) required “providers and suppliers receiving funds under the Medicare program to report and return overpayments by the later of the date that is 60 days after the date on which the overpayment was identified; or the date any corresponding cost report is due, if applicable”. The rule further clarifies that:
A person that has received an overpayment must not only report and return the overpayment in the form and manner set forth in the rule; but also that
A person has identified an overpayment when the person has, or should have through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment.
A person should have determined that the person received an overpayment and quantified the amount of the overpayment if the person fails to exercise reasonable diligence and the person in fact received an overpayment. Therefore, one may conclude that there is a clear expectation of applying a good faith and diligent effort to identify overpayments¸ i.e., by conducting compliance monitoring for overpayments. It is important that compliance officers know the time frame and parameters the Final Rule sets:
We choose 6 months as the benchmark for timely investigation because we believe that providers and suppliers should prioritize these investigations and also to recognize that completing these investigations may require the devotion of resources and time. Receiving overpayments from Medicare is sufficiently important that providers and suppliers should devote appropriate attention to resolving these matters. A total of 8 months (6 months for timely investigation and 2 months for reporting and returning) is a reasonable amount of time, absent extraordinary circumstances affecting the provider, supplier, or their community. What constitutes extraordinary circumstances is a facts specific question. Extraordinary circumstances may include unusually complex investigations that the provider or supplier reasonably anticipates will require more than six months to investigate, such as physician self-referral law violations that are referred to the CMS Voluntary Self-Referral Disclosure Protocol (SRDP). Specific examples of other types of extraordinary circumstances include natural disasters or a state of emergency.