Jun 26
2025
What Rehab Therapists Need to Know About the Rise in CMS and Commercial Audits
By John Wallace, PT, MS, FAPTA, chief compliance officer, WebPT.
Federal audits targeting Centers for Medicare & Medicaid Services (CMS) reimbursements are intensifying, and rehab therapists are already feeling the impact. In the wake of public announcements about increased efforts to eliminate fraud, waste, and abuse in federal healthcare programs, both Medicare and commercial payers have significantly ramped up their auditing activities.
Historically, audits of this kind disproportionately affected large practices. Today, however, even small and mid-sized clinics are receiving record requests from both CMS and commercial insurers. For providers billing Medicare or Medicaid—even those with a long history of compliance—this shift signals the need for heightened awareness, tighter documentation, and proactive internal oversight.
The Changing Landscape of Rehab Audits
The rise in CMS audits is not occurring in isolation. As Medicare strengthens its oversight through contractors like Medicare Administrative Contractors (MACs) and program integrity auditors, commercial payers are quickly following suit.
While CMS is transparent in publishing documentation expectations and typically approaches audits as educational, commercial payers often take a more punitive stance. Some conduct takeback audits based on small samples, then extrapolate error rates across years of claims to justify large recoupment demands.
This dynamic poses an especially difficult challenge for smaller practices. Commercial insurers, despite often paying significantly less than Medicare (e.g., sometimes 10% to 40% lower), are applying similar levels of scrutiny. And they’re not offering education. They’re demanding repayment.
Where Rehab Providers Are Most Vulnerable
The most frequent audit failures do not stem from fraud, but from insufficient or inconsistent documentation. Many rehab therapists rely heavily on electronic medical records (EMRs) to generate compliant records, but EMR systems alone cannot ensure accuracy. While structured fields and templates are helpful, providers must still input the correct clinical details to meet payer requirements.
One of the biggest vulnerabilities is the lack of regular internal compliance review. Large organizations may employ dedicated compliance staff, but small and medium-sized practices often operate without any formal chart review process. Unfortunately, this reactive model leaves providers exposed. Audits arrive without warning, and without a clear understanding of where documentation falls short, even well-meaning clinics may struggle to defend their claims.