Medicare Audits of Skin Substitutes (CTPs): Who Reviews Claims—and What Triggers an Audit

Cellular and/or tissue-based products (CTPs) have historically sat at the intersection of high clinical stakes and high reimbursement, making them perennial targets for Medicare program integrity review. Here’s a quick guide to the major audit entities and the data-driven red flags that most often trigger scrutiny. 

Key Takeaways 

• Different contractors, different goals: RACs focus on improper payments, SMRC performs CMS-directed national medical reviews, UPICs/ZPICs investigate suspected fraud/abuse, and CERT samples claims randomly to measure error rates. 
• Most reviews start with data: Medicare program integrity relies on analytics to spot outliers and suspicious patterns before requesting records. 
• CTP audits hinge on documentation + alignment: The most common red flags involve incomplete medical necessity support, weak wound measurement/progress tracking, and billing that doesn’t match LCD parameters or the medical record. 

For wound care teams, an “audit” can mean anything from a routine documentation request to an investigation focused on suspected fraud. The important point: multiple Medicare contractors have authority to review skin substitute/CTP claims, and most reviews begin because claims data suggest a pattern that doesn’t match coverage, coding, or payment rules.^1-5 

The Main Audit Players (and What They Do) 

Recovery Audit Contractors (RACs) are Medicare Fee-for-Service (FFS) compliance contractors focused on identifying and correcting improper payments; both overpayments and underpayments.¹ RAC issues are vetted through CMS’s “new issue” process and typically concentrate on payment errors, documentation insufficiency, or noncompliance with coverage/coding requirements.^1,2

The Supplemental Medical Review Contractor (SMRC) performs nationwide medical reviews as directed by CMS to help reduce improper payments and protect the Medicare Trust Fund.³ SMRC topics are selected by CMS and often reflect areas where utilization, cost, or billing patterns suggest elevated risk.³

Unified Program Integrity Contractors (UPICs) are the major program-integrity contractors tasked with identifying suspected fraud, waste, and abuse and developing cases for administrative actions and law enforcement referral when appropriate.⁴ CMS’s Program Integrity Manual emphasizes that UPIC activity includes medical review and program integrity work intended to prevent inappropriate payment.⁴ UPICs represent a consolidation of earlier structures; in many regions, Zone Program Integrity Contractors (ZPICs) are legacy terminology for functions now performed under UPIC contracts, but the practical concept remains: these contractors conduct investigations, medical review support, and data analysis tied to suspected fraud or abuse.^4,5 

The Comprehensive Error Rate Testing (CERT) program is different: it measures Medicare FFS improper payment rates by reviewing a statistically valid random sample of claims each year.² CERT is not “targeting” you because of a pattern; you can be selected at random; yet the documentation expectations are real, and CERT findings can spotlight service lines that later become targeted by other reviewers.²

How Targeting Works: Audits are Usually Data-Driven 

CMS explicitly describes data analysis as an essential first step in identifying potential billing or payment problems, including finding statistical outliers or patterns within claims that suggest improper billing.⁶ In practice, contractors may look for utilization spikes, outlier payment amounts, unusually high frequency compared with peers, atypical combinations of codes, or patterns concentrated in certain sites of service that then signal a need for medical record review.⁶

CTP-specific Red Flags that Commonly Trigger Scrutiny 

While each MAC’s local coverage determinations (LCDs) differ, Medicare’s coverage framework for skin substitute applications to chronic lower extremity wounds illustrates the types of requirements auditors test: clear indications, documentation of wound characteristics over time, and compliance with defined parameters.⁷ Common audit vulnerabilities for CTPs include: 

Medical necessity not fully supported in the record. Auditors look for baseline wound assessment, chronicity, comorbidities, and evidence that conservative/standard care was attempted and that the wound remained nonhealing before the CTP episode.⁷

Inadequate objective wound documentation over time. Missing or inconsistent measurements (length/width/depth), lack of progress tracking, or failure to document response at required intervals can undermine coverage.⁷

Product/quantity mismatches. Billing patterns that suggest excessive wastage, repeated large-size units for small wounds, or frequent high-cost products can appear as outliers in data analytics and trigger review.^6,7 

Exceeding LCD-like limits or not meeting episode parameters. Repeated applications beyond typical frequency/episode boundaries (or without clear rationale for continued use) are classic denial drivers.⁷

Coding/billing inconsistencies. Misaligned HCPCS, units, modifiers, site-of-service expectations, or documentation that doesn’t match what was billed can look like an improper payment scenario—exactly what RACs and medical reviewers are designed to identify.^{1-3, 7} 

Final Thoughts 

The cast of reviewers stays largely constant—and the triggers do, too: outlier patterns, incomplete medical necessity documentation, and nonadherence to coverage/billing rules.^3,6 A defensible CTP claim tells a coherent clinical story (why this patient, why now, why this product, and how the wound responded) and matches that story precisely to what was billed.^1-7 

References 

1. Centers for Medicare & Medicaid Services. Medicare Fee-for-Service Recovery Audit Program. Accessed February 9, 2026. (Centers for Medicare & Medicaid Services) 
2. Centers for Medicare & Medicaid Services. Comprehensive Error Rate Testing (CERT). Accessed February 9, 2026. (Centers for Medicare & Medicaid Services) 
3. Centers for Medicare & Medicaid Services. Supplemental Medical Review Contractor (SMRC). Last modified September 10, 2024. Accessed February 9, 2026. (Centers for Medicare & Medicaid Services) 
4. Centers for Medicare & Medicaid Services. Medicare Program Integrity Manual (PIM), Chapter 4 (UPIC program integrity functions). Accessed February 9, 2026. (Centers for Medicare & Medicaid Services) 
5. US Department of Health & Human Services. Zoned Program Integrity Contractors (ZPICs) and UPIC (Jurisdiction 1) system description (PIA/supporting document). Accessed February 9, 2026. (HHS.gov) 
6. Centers for Medicare & Medicaid Services. Medicare Program Integrity Manual (PIM), Chapter 2 (data analysis; outlier identification). Accessed February 9, 2026. (Centers for Medicare & Medicaid Services) 
7. Centers for Medicare & Medicaid Services. Medicare Coverage Database. LCD: Application of Bioengineered Skin Substitutes to Lower Extremity Chronic Non-Healing Wounds (L35041). Accessed February 9, 2026. (Centers for Medicare & Medicaid Services)